Query ADS using LDAP

To use the following instructions, you must be connected to the Indiana University campus network. If you are off-campus, you need to establish an IU VPN connection.

All Indiana University accounts (excluding Guest accounts) can query ADS using LDAP to get additional information about users. This can be useful in cases where, for example, you would like to restrict access to your service to a few users based on a specific ADS group, or if you need a user's email address. LDAP is compatible with most programming languages; use the information below in your code to query ADS using LDAP.

  • Server: ads.iu.edu
  • Port: 636 (SSL) or 3269 (Global Catalog SSL)

Bind using your ADS username (for example, username@iu.edu) and passphrase. If you plan to add this to an application, it's a good idea to create a service account to use for this.

After establishing a bind, you can perform an ADS query. Use a Base Dn of ou=Accounts,dc=ads,dc=iu,dc=edu, and create an LDAP filter that will return the information you would like. Some examples include:

  • (sAMAccountName=jsmith)

    Returns all attributes for the user "jsmith".

  • (memberOf=CN=IU-UITS-MANAGED-BL-UNDERGRADUATE,OU=Campus,OU=Groups,OU=Managed,DC=ads,DC=iu,DC=edu)

    Returns all BL undergraduates.

This is document bdcm in the Knowledge Base.
Last modified on 2023-07-17 14:52:45.