What is LDAP?

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP. Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it. This will enable your users to use their current university username/password to log into TutorTrac, with minimal setup.

There are two methods for authenticating a user in TutorTrac using LDAP: Single Bind and Double Bind.

Single Bind:

The most common use of LDAP is to perform single (simple) binds. A user enters a user name and password in the log-in fields on the Trac login page. The system takes those values and attempts to log into the campus domain. If the user name and password are correct, we will get back a positive response, if not, we'll receive an error. From that information, we will know if the password was correct or not. We then search the local accounts for a user matching the user name provided on the log in form. Once found, they are permitted into the system.

Double Bind:

Some directory servers do not allow users to bind with just a user name. In those cases, your system performs a “double bind”. The steps for this process are as follows:

1. A lookup account provided by your system administrators performs a query against the LDAP database. Example: if the user jdoe was attempting to log in, the lookup account would perform a query where uid=jdoe. The system receives a response that typically includes a dn, or distinguished name.
2. Your system takes the information received and substitutes it for the username, and then attempts to bind.
3. If the response is good, the system logs the user in.

For information on setting up LDAP, please see How To: Set Up LDAP