LDAP on UGCS

UGCS uses LDAP, the Lightweight Directory Access Protocol, to store basic "directory information". This includes the contents of /etc/passwd for most users, as well as additional settings for mail and other services. See the Wikipedia page on LDAP for more information.

Our LDAP servers are ldap-head.ugcs.caltech.edu and ldap-backup.ugcs.caltech.edu. They support SSL (you will need our CA certificate) as well as kerberos authentication, and can be used from outside UGCS if you wish.

Below we have a description of the most common (and some uncommon) ldap entries for a UGCS user. These entries can be easily edited with ldapedit. If you run ldapedit without any arguments, it will print a list of ldap entries for your user.

You can look at any ldap entry using "ldapsearch". This command takes a ldap search filter. You will probably want to use

ldapsearch uid=<username>

to look for a given user's entry. Some of the fields may be base64 encoded. If you see a field that looks like a bunch of gibberish, try running it through base64 decode. For example, if a user's gecos field was "Sm9zaHVhIEh1dGNoaW5zLCwsIA==", you could run

echo "Sm9zaHVhIEh1dGNoaW5zLCwsIA==" | base64 -d

which would print out "Joshua Hutchins,,,"- the correct text. ldapedit does this automatically for you.

If you wish to edit your settings from a non-UGCS computer, your computer needs to be set up for Kerberos authentication. You also need to install MIT Kerberos SASL packages so that LDAP can authenticate (on Debian and derivatives, this package is libsasl2-modules-gssapi-mit).

How to edit settings

You can edit settings using ldapedit

ldapedit -modify <attribute> <value>
ldapedit -modify roomNumber 'MyRoom 123'
ldapedit -add <attribute> <value>

User Information

cn: Common name, usually your full name
sn: Surname (your last name)
givenName: Your first name
gecos: The gecos information field. Traditionally contains your name, phone number, address, etc
mobile: Your cell phone number
homePhone: Your home phone number
homePostalAddress: Your mailing address
roomNumber: Your current room number (can include your building too)

Account information

With the exception of loginShell, you can't change these.

uidNumber: Your UNIX uid
uid: Your UNIX username
loginShell: Your login shell (use chsh to change it)
homeDirectory: Your home directory

Mail settings

Spam settings

amavisSpamKillLevel: A decimal number. If an email scores above this threshold (from spamassassin), it will be silently discarded. Most mail with scores about 2 or 3 are definitely spam. Our default kill level is 4.5
amavisSpamTag2Level: A decimal like spamKillLevel. Mail that scores above this will have ***SPAM*** added to its subject line.
amavisWhitelistSender: An email address to whitelist. If you have an address that consistently gets marked as spam but is not, please let us know .
amavisBlacklistSender: An email address to blacklist.

There are other less relevant amavis settings- almost any amavis setting can be configured through ldap.

Website Directory

These settings control your listing in our user directory

listWebsite: TRUE or FALSE, whether or not your site will appear.
cn: The script uses your CN ("Common Name") for the link text. If it is set to your username, you can change it to your name if you want that to show instead.
websiteShortDesc: An optional string with a short description of your website. If you leave it blank (the default), it will use your name
websiteURL: An optional URL to point to. If left blank, it defaults to your UGCS website ( ~username/)