Lightweight Directory Access Protocol (LDAP)

(Portions adapted from an OIT KnowledgeBase page.)

Lightweight Directory Access Protocol, or LDAP, is a networking protocol for querying and modifying directory services running over TCP/IP. An LDAP directory usually follows the X.500 model: it is a tree of entries, each of which consists of a set of named attributes with values. The CS department uses LDAP for authentication to the portal machines, email, and many other services.

Integrating LDAP with email clients

Some applications can be integrated with LDAP to provide a better user experience. For example, many email clients can integrate to provide auto-complete support for the "To:" field, so you can quickly find email addresses of people in the department. Configurations for supported email applications are as follows:

Thunderbird(5.0)

• From the Tools menu, select Account Settings...
• On the left, in the Categories window, select Composition and Addressing
• On the right, find the Addressing settings
• Click Use a Different LDAP server so that Edit Directories... is available
• Click Edit Directories...
• In the LDAP Directory Servers window, click Add
• Within the Directory Server Properties window:
  • In the name field type: Computer Science
  • In the Hostname field type: ldap.cs.princeton.edu
  • In the Base DN field type: dc=cs,dc=princeton,dc=edu
• Click OK to close the Directory Server Properties window
• Click OK to close the LDAP Directory Server window
• You should be back at the Preferences window
• In the Directory Server field, pull down to Computer Science so that it is selected
• Click OK to close the Preferences window

Mac OS X Mail

• Open the Mail application
• From the Mail menu, select Preferences
• Select Composing from the buttons at the top of the window
• Check "automatically complete addresses," if it is not already checked and then click the Configure LDAP button.
• In the new window, click either the Add button or the + sign
• Edit the server information, double click in each field and change its contents. Set them as follows:
• Name: Computer Science
• Server: ldap.cs.princeton.edu
• Search Base: dc=cs,dc=princeton,dc=edu
• Leave default settings for Port, Scope, and Authentication (if you have those fields).
• Click Save, and then Done.
• Now the Mail client will attempt to auto-complete messages as you address them.

Microsoft Outlook 2003

1. Go to the Tools menu and choose Email Accounts, then choose Add a new directory or address book and click Next.
2. Choose Internet Directory Service (LDAP) and click Next
3. Fill in the Server Name ldap.cs.princeton.edu.
4. Click the More Settings button. Select the Connection tab and fill in The display name as it appears in the Address Book as Princeton University.
5. Select the Search tab and fill in the “Search base” with the following string:
   dc=cs,dc=princeton,dc=edu
6. Click OK, then click Next and Finish.

To Search: While composing a new message, type a person's name in the To: Field, then click the 'Check Names' icon (which looks like a head with a check mark). If you prefer you can use the keyboard combination of Ctrl + K.

A list of possible email addresses will be shown. Note that in Outlook 2002 you can only search by last name, whereas Outlook 2003 allows first name searches as well.

Microsoft provides an extensive online tutorial and assistance web site for Outlook 2003 that is extremely helpful. For questions about customizing your Outlook application, see Microsoft Outlook 2003 Assistance.

To Search: While composing a new message, type the last name only of a person's name in the To: Field, then click the 'Check Names' icon (which looks like a head with a check mark).  If you prefer you can use the keyboard combination of Ctrl + K. A list of possible email addresses will be shown.

Querying LDAP from a Unix machine

When using the central departmental servers (cycles), you can query the department's online directory using the ldapsearch command.

As an example, suppose you want to look up the telephone number of a person whose netID is "foobar".

1. Using SSH, log on to cycles.cs.princeton.edu

2. At the Unix system prompt, enter

ldapsearch -x -h ldap.cs.princeton.edu -b "dc=cs,dc=princeton,dc=edu" uid=foobar dn telephoneNumber