Prerequisites

Before you can connect your application you will need a couple items.

• Service User/Account: This is an AD account you or your department controls, but is not your own NetID account. It will be used to connect to AD and perform searches needed for authentication and authorization. If you are not certain how to create a service user, then you will need to contact your department IT professional.
• MemberOf Access: Some applications use the "memberOf" attribute to determine group membership. Access to this attribute is restricted on the campus AD. To gain access you will need to follow the instructions for  MemberOf Access at Active Directory, MemberOf Access .
• Documentation or Plugins for your application: Please carefully review the documentation for your application. Additional plugins may be required to use AD for authentication and authorization.

LDAP Connection Information

When connecting from the cPanel service you will use the campus AD controllers hosted in AWS.

• URL: ldap://ldap-ad-aws.ldap.illinois.edu:389/
• Host: ldap-ad-aws.ldap.illinois.edu
• Port: 389
• Security: StartTLS, START_TLS, or TLS. We do not support using LDAPS or LDAP SSL at this time.
• Certificate File: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
• Bind Username/Password: the service account for your application. You specify this one of these ways:
  • Domain prefix: UOFI\MyServiceAccount
  • Domain scoped: MyServiceAccount@ad.uillinois.edu
  • Full Distinguished Name: CN=MyServiceAccount,OU=MyOU,OU=Urbana,DC=ad,DC=uillinois,DC=edu
• User/Search Base: DC=ad,DC=uillinois,DC=edu
  • For only NetID access use "OU=People,DC=ad,DC=uillinois,DC=edu".
• Group Base: OU=Urbana,DC=ad,DC=uillinois,DC=edu
  • You might get better performance if you narrow this base to be only your OU.