Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park

Published byKevin Walters Modified over 8 years ago

Similar presentations

Presentation on theme: "David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park"— Presentation transcript:

1 David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park david_henry@umail.umd.edu

2 David Henry, CSG - May, 2000 University of Maryland Stats Land Grant University 13 Colleges, 1 Campus ~35,000 Undergrad ~15,000 Grad ~8,500 Faculty ~5,200 Staff

3 David Henry, CSG - May, 2000 U of MD History 1988 – Rollout of email system with integrated directory for faculty and staff (aka umail) –Faculty/Staff only –Finger, whois servers –Email forwarding service 1993 – CSO name server –Faculty/staff only –Used by Web directory page 1997 – installed Esys/Simeon X.500/LDAP server (based on ISODE/Quipu) –Decommissioned in Feb 2000 1999 – installed IBM Secureway LDAP directory –Faculty/Staff + Students + Affiliates –~60,000 DN’s

4 David Henry, CSG - May, 2000 How we got where we are Extemporize… –Reorg –LDAP committee –Data feeds Savings argument

5 David Henry, CSG - May, 2000 The DN DN –Employeenumber=,dc=people,dc=umd.edu –Sample : 103660231 Qualities of uid –NOT SSN –Can be public –Never will change –Contains a check digit –Everyone gets one (even unadmitted student applicants)

6 David Henry, CSG - May, 2000 Some of our local attributes Major, department,etc. umID (aka SSN, not public) umIDhash –sha1 hash of umID –Read/search for authenticated access Set of Booleans –umFaculty, umStaff, umEmployee, umStudent, umAffiliate, umAlumni, umBuckleyflag Also umPINhash and UMParentPINhash –Sha1 has of student and parent PINs

7 David Henry, CSG - May, 2000 IBM Secureway LDAP Issues ACL Support –Object Level Only Each attribute within an object is assigned to an access level (normal, sensitive, critical) We want to fully populate all attributes and control access by ACL –IBM says ACL support is fixed in next release (GA July) Attribute level ACL support consistent with proposed standard LDIF syntax for ACL NOT consistent with proposed standard

8 David Henry, CSG - May, 2000 IBM Secureway LDAP Issues Bulkload – disaster recovery –60,000 entries takes ~24 hours to load ACL processing (23.75 hours) –IBM is looking at problem – no solution Kerberos Support –K5 authentication supported in the next release –No support for K4… maybe through Transarc Next release GA July 2000 –We received early release yesterday

9 David Henry, CSG - May, 2000 Anticipated Uses of Directory Authentication/authorization for modem pool, central mail drop, student records, etc. Lost card digit Place holder for students who are “admitted, letter sent” Dynamic email lists (major, course, student status) Door swipe access Library patron authorization Userid reserve list Tie in to NDS? W2K?

10 David Henry, CSG - May, 2000 Current Uses of Directory Email forwarding service @umd.edu Email client searches Web directory searches Authentication services for web pages Corporatetime

11 David Henry, CSG - May, 2000 Corporatetime vs. LDAP CT only supports Netscape DS and Control Data Systems Global DS –Schema/ACL syntax fixes for IBM LDAP ACL Issues – separate server for CT until attribute level ACL support No support for multivalue attributes It is not possible to create CT user w/o being in LDAP Meeting related data is stored on CT server not in LDAP server

12 David Henry, CSG - May, 2000 Corporatetime vs. LDAP Defined ctCalUser, ctCalAdmin, ctCalResource object classes Attributes specific to CT stored in CT specific part of the tree –cn=ctserv,dc=ct Example attributes –ctCalAccess, ctCalFlags, ctCalHost

13 David Henry, CSG - May, 2000 Some Policy Issues Student information is accessible only after authenticated to LDAP Who gets to be added? –Students, Faculty, Staff, Affiliates –Admitted students, letter sent Removed after they decline –Affiliates Volunteers, collaborating faculty, business partners Alumni? (not so far at UMD) Who gets the rights to add affiliates? Currently, one year duration.

14 David Henry, CSG - May, 2000 That’s it! David Henry Office of Information technology Universty of Maryland College Park David_henry@umail.umd.edu

Download ppt "David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park"

Similar presentations

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
1 Collaborators at the Gates of Troy: Extending eServices at USC.

1 Collaborators at the Gates of Troy: Extending eServices at USC.
Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Subject Librarian’s Meeting Feb 14, 2011 Mike Bell and Sue Cardinal.

Subject Librarian’s Meeting Feb 14, 2011 Mike Bell and Sue Cardinal.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.
UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.
Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb 22 2011.

Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb
System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.
SIMI: ISO Perspective Al ISO CSU Northridge

SIMI: ISO Perspective Al ISO CSU Northridge
Understanding Active Directory

Understanding Active Directory
Understanding Active Directory

Understanding Active Directory
Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.

Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
Active Directory Lecture 3 – Domain Services Primer.

Active Directory Lecture 3 – Domain Services Primer.
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
NERCOMP 2007 - Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Similar presentations

Ads by Google