Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

(info) What can LDAP do?

  • Check lockout status for customers

  • Determine if customer is active (employee or student)

  • Identify a customer's account status and affiliation with SJSU

  • Determine if customer is in any DUO group/Adobe group

On this page

Table of Contents
minLevel1
maxLevel7
Info

PLEASE NOTE:

You will need to configure you LDAP browser on each PC that you use. Please do so ASAP.
In case you are using LDAP on a non-institutional network, connect to VPN in order to use LDAP.

🔍 Important Fields

Info

Formatting the Filter

Softerra LDAP browser uses the standard LDAP query format.

  • (attribute=value)

---The parentheses are necessary.

You may also use wildcard filters by using an asterisk

  • (attribute=val*)

Panel
bgColor#DEEBFF

📋 Glossary

Expand
titleView

accountExpires

Either Never or date

badPasswordTime

Timestamp

badPwdCount

count

cn

common name=givenName middleName sn

department

department name

departmentNumber

department number

displayName

same as cn (?)

distinguishedName

x.500 name, long and ugly

employeeID

employee id or SJSU ID#

employeeNumber

employee id

employeeType

always Employee if true (?)

givenName

first name

homeDirectory

UNC path to home directory

homeDrive

drive letter assigned for home directory

ipPhone

Cisco 5-digit extension

lastLogon

timestamp

lastLogonTimestamp

timestamp (but not same as lastLogon?)

lockoutTime

unspecified or time

logonCount

count

mail

email address

memberOf

group memberships, may be more than one

middleName

middle initial

name

same as cn (?)

objectCategory

always “CN=Person,CN=Schema,CN=Configuration,DC=SJSUAD,DC=SJSU,DC=EDU”

ou

Applicants, Employees, Students or Vendors

physicalDeliveryOfficeName

always “C” until it’s fixed

pwdLastSet

timestamp

sAMAccountName

employee id for login purposes

sjsuIsEmployee

TRUE or FALSE

sjsuPersonAffiliation

Employee Faculty, Employee Staff, Student Applicant, Student

sn

surname (last name)

telephoneNumber

full phone number

title

title

userPrincipalName

email address style login name

whenCreated

account creation timestamp


Panel
bgColor#F4F5F7

(question) Tutorials

🔧 Set up LDAP (Configure SJSUAD Profile)

Expand
titleView
  1. Check your Scope Pane (the left-hand column) for an SJSUAD profile. If it’s there, you’re done.

  2. Click the New Profile option under the New button pull-down.

  3. Set SJSUAD as the profile name and click Next

    Profile Creation Wizard step 1
Entering SJSUAD in the Profile Name field
  4. Set sjsuad.sjsu.edu as the Host

  5. Set the Port as 636

  6. Click the Fetch Base DNs, and select DC=SJSUAD,DC=SJSU,DC=EDU

  7. Check the Use secure connection (SSL) the click Next

  8. Select Currently logged on user(Active Directory only) (Other Credentials)

Needs to be updated (CN=Display Name (OU Admin),OU=Resource,OU=Users,OU=Enterprise Support,DC=SJSUAD,DC=SJSU,DC=EDU)

9. Click Finish

The scope pane should fill in with the AD tree information.

Scope pane
SJSUAD Active Directory
List of OUs

🔍 Search LDAP

Expand
titleView Steps
  1. Open Softerra LDAP Browser; Double-Click the icon

  2. Click the '+' sign next to SJSUADin the scope pane

    Scope Pane
Softerra LDAP browser
Listing of servers
  3. Right-click 'sjsuPeople' in the scope pane

  4. Pick “Directory Search” from the context menu

  5. Enter your search criteria in the “Filter” line. (employeeid=xxxxxxxxx)

  6. Click 'Search' button at bottom of window

  7. Double-click on the person in the results area to show all account attributes in the main window.

Expand
titleShow Instructional Video
LDAP Search Caption.mp4