UServ is a name referring to a conglomeration of directory and file services as well as shell/compute access to Unix servers.
Your UServ login is also known as FBI or department account.
Your UServ home directory is available to you upon logging in on all lab computers within the department.
All UServ users can log in to the machine at
userv.fbi.h-da.de using SSH.
This may be used for accessing your UServ home directory remotely.
The directory hierarchies at
/home/groups/LabDisk/pub are available on all lab computers as well as served
…/LabDisk/pubis available at https://userv.fbi.h-da.de/pub and is accesible by the public at large
…/LabDiskis available at https://userv.fbi.h-da.de/LabDisk and requires authentication (any department account is ok)
These can be used for distributing files to students.
Authenticating users within your own applications
Within the department network you can outsource user authentication to the UServ LDAP servers.
- host name: ldap-rr.fbi.h-da.de
- port: 389 (when using STARTTLS) or 636 (with SSL/TLS from the start)
- base DN:
- bind DN: leave empty for anonymous bind
- bind password: leave empty, too
- user name attribute: uid
The general process for authenticating a user against an LDAP service is as follows, starting from a username/password pair entered into your application:
- perform anonymous bind against the LDAP server
- do an LDAP search request to retrieve the DN corresponding to user name (using a filter expression like
(&(objectClass=posixAccount)(uid=$USERNAME))) Take care to properly encode/escape the $USERNAME part for use in an LDAP filter expression.
- if the search yields exactly one result, proceed, otherwise deny access
- using the retrieved DN and the user-provided password, try to re-bind against the LDAP server
- if the re-bind succeeded, the user provided the correct password, otherwise deny access
- enforce application-specific policy
- switch back to the anonymous user by re-binding using empty credentials
NOTE: prefer using a battle-tested authentication library that performs this song-and-dance for you.
As an alternative, consider using GitLab as an OAuth2 authentication provider.