LDAP Directory Setup Instructions

 

LDAP Overview

The LDAP directory is used to store all sorts of information about members of the UNC-Chapel Hill community. Most importantly, it keeps contact information and when it is used in conjunction with your email addressbook, can become very useful. The following information will help you set up your email client to use the Campus LDAP server as an addressbook. Although the more client-specific instructions are listed at the end of this article, the following server settings should work for most any email client:

  • Hostname: ldap.unc.edu
  • Base DN: ou=people,dc=unc, dc=edu
  • Port number: 389 (the default port number).

*This information is not authorized for useĀ for any purpose other than connecting an email client to the campus address book.

LDAP Filters

Searches of an LDAP directory are submitted as text-based filters describing the desired result-set. Most directories store person-related data in standard objectclasses (or subclasses) such as inetOrgPerson so that addressbook applications can use preset filters that acquire contact info. For example, ‘sn’ is the standard attribute for surname (lastname). An addressbook may submit the search:sn=smith to acquire information about everyone in the directory with the lastname Smith (note: filters are not case-sensitive).

The UNC directory has defined objectclasses that provide contact information to standard applications and add useful information for campus organizations and developers. For example, to limit your search to UNC employees, use this filter:

objectclass=uncstaff. This yields a large list — filter constraints can be combined logically; this search returns all UNC employees named Smith:

(& (objectclass=uncstaff)(sn=smith) )

Similarly, employees with an affiliation to a particular department, eg. Biology – #3267, are returned using:

(& (objectclass=uncstaff)(departmentnumber=3267) )

This result set is not guaranteed to consist exclusively of employees of the Department of Biology. At this time, employees of other departments who are pursuing a degree in Biology will be returned by this query.

Please be advised that excluding students in the filter:

(& (objectclass=uncstaff)(departmentnumber=3267)(! (objectclass=uncstudent)) ) may erroneously exclude Biology staff members who are taking a class (in any department) This ambiguity can be avoided with compound searches that utilize position-specific subobjects. Please contact directory services for more information.

For more information on LDAP filters, see the LDAP Filter RFC.

Application-specific Configuration

The following sections describe the configuration of several common LDAP client applications.

Thunderbird

1. Open Thunderbird.

2. Open the Address Book by clicking on the Tools > Address Book menu item from the toolbar.

3. In the Address Book, click on the File > New > LDAP Directory menu item from the toolbar.

4. Fill in the fields with the information from the LDAP Overview above. The Bind Dn field should be left blank and the Use Secure Connection box should be left unchecked.

5. If you want to limit LDAP searches so that they only return information about employees, click the Advanced tab. In the Search filter: box, enter (objectclass=uncstaff).

6. Click OK to close each of the open windows.

Server: ldap.ad.unc.edu
SSL ON – Certificate, no validate
Port: 3269 (Default)
Base: OU=Users,OU=Identity,dc=ad,dc=unc,dc=edu

If you have further questions or encounter problems, please contact the ITS Service desk at 919-962-HELP (962-4357) or 1-866-962-4457 (US and Puerto Rico), or submit a help request at http://help.unc.edu for assistance.