Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)

Published byBrittney Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)"— Presentation transcript:

1 May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG) Enterprise Services Directorate, CIT Common Solutions Group Directory Service/Schema Design Workshop May, 1999

2 May 12, 1999Common Solutions Group, DS Workshop2 Problems to solve Multiple Name Spaces Operational Data vs. Phonebook Modern Apps Directory Enabled Schema Design and Data Mapping Proper Schema Usage vs. Reality Operations: Replication, Access, Application Reqs, Performance, Etc.

3 May 12, 1999Common Solutions Group, DS Workshop3 Multiple Name Spaces Unix, Novell, NT, VM/MVS, E-Mail/Lists Need to Unify Name Space before really able to leverage a central directory Unified 3/99; took 4 months to do –Includes 2100 ListProc list addresses LDAP went “production” 3/98, install 6/97 Now looking at central userid mgmt with LDAP instead of homegrown glue.

4 May 12, 1999Common Solutions Group, DS Workshop4 Operational vs. View Only Operational –E-mail access & Routing, Web Auth, Proxy Svcs, Certificates - a wee bit View Only –CSO before, CSO2LDAP now View Only - NOT –No Rules, No Control –Fight the Future?

5 May 12, 1999Common Solutions Group, DS Workshop5 Schema Design @ Princeton Keep CSO attributes alive, how far? Use what popular apps expect –Netscape, IE/Outlook Make LDAP enabled apps work –Netscape Messaging Server only, at the time NIS & NT user management? These schemas are not well defined. Sun v. padl How did we do? Quite well, of course!

6 May 12, 1999Common Solutions Group, DS Workshop6 Schema Design @ Princeton Proper Schema vs. Reality –E-mail routing (Sendmail) vs. NSMS attribute function overload –objectclass: puPerson (superior is inetorgperson) –like, can you relate? universityid/ref to solve multi-ids –Tracking: Why a DN exists, who did last

7 May 12, 1999Common Solutions Group, DS Workshop7 Schema Design @ Princeton Princeton Attributes defined to Netscape Directory Server Princeton Attributes Netscape Search and Sample LDIF Netscape SearchSample LDIF What’s in a DN? –Cn=name (addr),o=,c= no OU! But ou defined. Multiple locations? DN’s are just that, not to be parsed. –Wouldn’t that be nice?

8 May 12, 1999Common Solutions Group, DS Workshop8 Resources Michael Gettes and Lee Varian –little if any interaction with others given data control sensitivities and most issues worked out previously because Lee generated the printed campus phonebook, permission not needed. no $$, no formal plan, no new policy –Almost invisible, therefore successful

9 May 12, 1999Common Solutions Group, DS Workshop9 Operations Mainframe (VM/CMS) bulk mgmt 1 supplier + 3 consumers Last user visible failure - CSG 1/99 Netscape DS 3.12 Solaris PerLDAP scripting very powerful –All ops on-line, NO DOWNTIME!!! Web interface to LDAP https://directory.Princeton.EDU FOR MORE INFO...

10 May 12, 1999Common Solutions Group, DS Workshop10 Operations: NSMS & Sendmail E-Mail Replica –pbind to single cpu, nice to high priority –4000 ops per minute - NSMS inefficient –100MB memory cache for 9000 users –Failover works for online repairs –Replica Monitoring and Notification NSDIRSECUG Mailing List: dirsec-request@nsdirsecug.org FOR MORE INFO...

11 May 12, 1999Common Solutions Group, DS Workshop11 Operations: General 28,000 DNs - 80MB DB, 22MB ldif Communicator configured for multiple servers Backups - On-line LDIF dumps 1/hr –no good solution for backing up LDAP Few Directory Managers (5) Help Desk has some privs for quick support to users - access lists

12 May 12, 1999Common Solutions Group, DS Workshop12 Operations: General Access Lists –What can users change? –What do Dir Mgrs change? –Audit Limits –500 max entries returned (not dumper) –near 0 look-through limit (values that have ‘*’ in them cause problems).

13 May 12, 1999Common Solutions Group, DS Workshop13 Operations: Mailing Lists 2100 Listproc Lists defined to LDAP for sendmail routing, automatically Sendmail routes using DN which can see the lists Would like to have Listproc keep list subscribers or obtain lists from group definitions in LDAP (merged groups).

14 May 12, 1999Common Solutions Group, DS Workshop14 Operations: Sendmail 8.9.3/8.10 Based on work by Stanford Princeton extended support for looking up multiple attrs and returning multiple addresses. Princeton changes available in 8.10 May 4, 1999: Moved all.forward files into LDAP, implementation by Curt Hillegas

15 May 12, 1999Common Solutions Group, DS Workshop15 Online Demo: IF Possible Https://directory.Princeton.EDU Manage Mail Account Replica Monitoring Kerberos Backend Authentication let the firestorm begin!

Download ppt "May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)"

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
January 6, 1999Common Solutions Group1 X.509 University Michael R. Gettes Princeton University Computing & Information Technology.

January 6, 1999Common Solutions Group1 X.509 University Michael R. Gettes Princeton University Computing & Information Technology.
Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.

Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.
Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.

Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Oracle Beehive Vivek Pavle Orabyte LLC www.orabyte.com Orabyte.

Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.
Presented by: Mark Hendricks

Presented by: Mark Hendricks
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.

Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.

By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Middleware 201.5 Directories Application Specific Issues Michael R. Gettes Principal Technologist Georgetown University Copyright.

Middleware Directories Application Specific Issues Michael R. Gettes Principal Technologist Georgetown University Copyright.
CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park

David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park
I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,

I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group

Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

Similar presentations

Ads by Google