Using UNL's LDAP Service

Users that have access to the LDAP directory must connect securely using StartTLS or ldaps://. Below is information on how to configure specific operating systems and languages:

Linux/Unix/Mac OS X

You may need to install the AddTrust Root Certificate for the full chain to be verified. Download the AddTrustExternalRootCA certificate, and place it in a cacerts directory on your server, e.g. /etc/openldap/cacerts/. Once the necessary certificates are in place, you may need to configure LDAP to look in this directory by editing your /etc/openldap/ldap.conf file and adding:

TLS_CACERTDIR    /etc/openldap/cacerts

Perl

my $ldap = Net::LDAP->new("ldap.unl.edu") or die "ERROR: $!\n";
my $starttls_msg = $ldap->start_tls();
die $starttls_msg->error() if $starttls_msg->is_error;
$ldap->bind("uid=username,ou=service,dc=unl,dc=edu", password=>"password");

Java

Hashtable ldapEnv = new Hashtable(10);
ldapEnv.put(Context.INITIAL_

CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 ldapEnv.put(Context.PROVIDER_URL, "ldap://ldap.unl.edu");
 
 LdapContext ctx = null;
 
 try{
         ctx = new InitialLdapContext(ldapEnv, null);
 
         //initialize TLS
         StartTlsResponse tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
         SSLSession sess = tls.negotiate();
 
         ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
         ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, "uid=username,ou=service,dc=unl,dc=edu");
         ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, "password");
 
 }
 catch(Exception e){
         System.err.println("LDAP Client init error:");
         e.printStackTrace();

PHP

<?php // Simple LDAP example // For help debugging, details will be logged in your webserver error_log file ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); // Connect to ldap.unl.edu (primary) and failover to ldap-backup.unl.edu $link = ldap_connect('ldap.unl.edu ldap-backup.unl.edu'); // TLS is only available using version 3 ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3); // Begin communicating securely ldap_start_tls($link); // Bind using your service dn and password ldap_bind($link, $bind_dn, $bind_password);

Additional Code

Simple LDAP Search & Result Class in PHP (github.com)

VB.NET

        
    Public Shared Function GetNUIDFromLDAP(ByVal UID As String) As String
      Using LDAP As New LdapConnection(New LdapDirectoryIdentifier(New String() {"ldap.unl.edu", _
                   "ldap-backup.unl.edu"}, True, False))

            LDAP.SessionOptions.ProtocolVersion = 3
            LDAP.SessionOptions.VerifyServerCertificate = _
                          New VerifyServerCertificateCallback(AddressOf ServerCallback)
            Dim NUID As String = ""
            LDAP.AuthType = AuthType.Basic
            LDAP.SessionOptions.StartTransportLayerSecurity(New DirectoryControlCollection)
            LDAP.Bind(New NetworkCredential("username", "password"))

            Dim req As New SearchRequest("ou=people,dc=unl,dc=edu", "uid=" & _
                        UID, Protocols.SearchScope.OneLevel, New String() {"unlUNCWID"})
            req.SizeLimit = 500
            Dim resp As SearchResponse = LDAP.SendRequest(req)
            Dim col As SearchResultEntryCollection = resp.Entries

            For Each res As SearchResultEntry In col
                For Each att As DictionaryEntry In res.Attributes
                    If att.Key = "unluncwid" Then NUID = att.Value.item(0)
                Next
            Next
            LDAP.SessionOptions.StopTransportLayerSecurity()

            Return NUID
        End Using
    End Function

    Public Shared Function ServerCallback(connection As LdapConnection, _
                  certificate As X509Certificate) As Boolean
        Return True
    End Function

C#

public static string GetNUID(string ldapUserID)
{
    if (string.IsNullOrEmpty(ldapUserID))
    {
        return string.Empty;
    }

    string nuid = string.Empty;
    using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(new string[] { _ 
             "ldap.unl.edu", "ldap-backup.unl.edu" }, true, false))) 
    {
        ldap.AuthType = AuthType.Basic;
        ldap.SessionOptions.SecureSocketLayer = false;
        ldap.SessionOptions.ProtocolVersion = 3;
        ldap.SessionOptions.VerifyServerCertificate =
            new VerifyServerCertificateCallback((conn, cert) =>
            {
                X509Certificate2 c2 = new X509Certificate2(cert);
                return c2.Verify();
            });
        ldap.SessionOptions.StartTransportLayerSecurity(new DirectoryControlCollection());
        ldap.Bind(new System.Net.NetworkCredential("username", "Password"));
        SearchRequest req = new SearchRequest("ou=people,dc=unl,dc=edu", "uid=" + ldapUserID,
            System.DirectoryServices.Protocols.SearchScope.OneLevel, new string[] { "unlUNCWID" });
        req.SizeLimit = 5;
        SearchResponse resp = (SearchResponse)ldap.SendRequest(req);
        SearchResultEntryCollection col = resp.Entries;

        // We expect only one result in both of these collections
        foreach (SearchResultEntry entry in col)
        {
            foreach (DictionaryEntry att in entry.Attributes)
            {
                if (att.Key.ToString() == "unluncwid")
                {
                    nuid = ((DirectoryAttribute)(att.Value))[0].ToString();
                }
            }
        }
    }
    return nuid;
}

Additional Code

Simple LDAP Searcher Class in C# (github.unl.edu)

Classic ASP/VBScript

<%

Const ADS_USE_SSL = &H2
if (request.form("Submit") = "Submit") then
	'Read in the password and username from the form
	Dim strUserName, strPassword
	strUserName = trim(Replace(Request.form("uid"),"'","''"))
	strPassword = trim(Replace(Request.form("pwd"),"'","''"))

	'Establish a database connection...
	SQLStmt = "SELECT * " & _
			  "FROM 'LDAP://ldap.unl.edu/dc=unl,dc=edu' " & _
			  "WHERE uid='" & strUserName & "'"

	Set Conn = CreateObject("ADODB.Connection")
	Conn.Provider = "ADSDSOObject"
	Conn.Properties("User ID") = "NotUsed"
	Conn.Properties("Password") = "NotUsed"
	Conn.Properties("Encrypt Password") = False
	Conn.Properties("ADSI Flag") = ADS_USE_SSL

	on error resume next
	Conn.Open "ADs Provider", _
			  "uid=" & strUserName & ",ou=people,dc=unl,dc=edu", _
			  request.form("pwd")

	Set rs = Conn.Execute(SQLStmt)
	if rs.RecordCount = 0 then
		'probably bad password or login
		rs.close
		set rs=nothing
		Conn.close
		set Conn=nothing
		session("Status") = "error"
		Response.Redirect("login.asp?" & request.form("URL"))
	end if

	'If the recordset is not empty, the user is validated
	If Not rs.EOF Then
		'We need to set bolAuthenticated as True!
		Session("bolAuthenticated") = True
		Session("Login") = strUserName
		Response.Redirect("default.asp?auth=1")
	End If
end if
Session("Status") = "error"
'The user was not validated...
'Take them to a page which tells them they were not validated...
Response.Redirect "https://" & request.ServerVariables("SERVER_NAME") & "/login.asp"

%>

Quick Connection Info

REQUEST ACCESS FORM
Server: ldap.unl.edu
Backup: ldap-backup.unl.edu
Ports: 389, 636
Use StartTLS or ldaps:// for secure connections
Sample User Bind DN: uid=hhusker2,ou=people,dc=unl,dc=edu