David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park

Slides:

Advertisements

Similar presentations

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Advertisements

1 Collaborators at the Gates of Troy: Extending eServices at USC.

Provisioning of Services Authentication Requirements David Henry Office of Information Technology University of Maryland

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

Subject Librarian’s Meeting Feb 14, 2011 Mike Bell and Sue Cardinal.

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

Middleware & Enterprise Services at College Park David Henry Office of Information Technology November 16, 2001.

UCB Enterprise Directory Services. Directory Services – Project History  Requirements defined  Project commission & goals articulated  Project teams.

Colorado State University’s Active Directory Environment Presented by the ACNS Windows Group Windows Administrators Advisory Group Meeting Feb

System Architecture University of Maryland David Henry Office of Information Technology December 6, 2002.

SIMI: ISO Perspective Al ISO CSU Northridge

Understanding Active Directory

Understanding Active Directory

Baylor University and Xythos EduCause Southwest 2007 Dr. Sandra Bennett Program Manager Online Teaching and Learning System Copyright Sandra Bennett 2007.

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory Lecture 3 – Domain Services Primer.

Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.

NERCOMP Managing Campus Affiliates Managing Campus Affiliates Faculty? Student? Faculty? Student? Staff? Criss Laidlaw Director of Administrative.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

University of Michigan MCommunity Project Liz Salley Product Manager, Michigan Administrative Information Services Luke Tracy

Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.

The UF Directory Project Project Leader: Warren Curry, Information Systems Project Project Web Site:

15 February Directories in a Multi-Campus Environment Melissa Wauford, Jeanne Hermann University of Tennessee.

Who’s Who and What’s What in the University Directory at Georgetown Common Solutions Group Spring Meeting University of Chicago May 9, 2002 Charles F.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

9/16/1998CSG - Chicago E- 1 Collaboration Services Group (CSG) Systems And Networking Computing & Information.

Information Technologies Jeremy Mortis 1 hi LDAP The Online Directory.

NMI-EDIT CAMP Synopsis, ISCSI Storage Solution, Linux Blade Cluster, And Current State Of NetID By Jonathan Higgins Presentation Template available from.

SERVER I SLIDE: 6. SERVER I Topics: Objective 4.3: Deploy and configure the DNS service Objective 5.1: Install domain controllers.

University of Michigan Enterprise Directory Services Appendix A Conceptual Architecture.

Extending OpenLDAP Luke Howard PADL Software Pty Ltd Copyright © 2003 PADL Software Pty Ltd. All rights reserved. PADL is a registered trademark of PADL.

GatorLink Password Management Policy March 31, 2004.

UNITED STATES. Understanding NDS for Directory- Enabled Solutions Ed Shropshire, NDS Developer Program Manager Novell, Inc.

Implementing LDAP Client/Server System for Directory Service By Maochun Sun Project Advisor: Dr. Chung-E Wang Department of Computer Science California.

University of Michigan Directory Services Ellen Vaughan Mike La Haye

Sonoma State White Pages Implementation Barry Blackburn Andru Luvisi Brian Biggs.

LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

March 15, 19991Matt Bishop Recommendations for One- Time Instructional Technology Funds Usage Instructional Technology Infrastructure Subcommittee, Academic.

Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.

Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.

FAST STUDENT Your Chance to Learn!. Objectives for today’s course Show you what we think is new & exciting in FAST Student Demo of some new functionality.

Windows Role-Based Access Control Longhorn Update

The HEP White Pages Project Ray Jackson CERN / IT - Internet Services Group 23rd April HEPiX/HEPNT Conference, LAL-Orsay, France.

Institutional Data Flows at MIT Paul B. Hill CSG, May 1999.

Authentication at Penn State: The Present State of Affairs and Future Directions James A. Vuccolo, Manager, Software Technologies Group Phil Pishioneri,

Directory Services at Texas Instruments Jim May Senior Member Technical Staff

GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.

LDAP- Protocol and Applications. Role of LDAP Allow clients to access a directory service Directories hold hierarchical structured information Clients.

Planning the Portal Project Overview of the Plan Presentation to ALL-IT-Managers April 3, 2002 Gould Auditorium.

May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

The Pennsylvania State University © 2007 Web-Based Access Control for ITS Web Services, Present and Future Jeffrey C. D’Angelo, Programmer/Analyst, Enabling.

Common Solutions Group January 9, 2001 CorporateTime Calendaring.

V 0.1Slide 1  send – Send How to send in WebSAMS? Access Control Other Information Configuration Customization  manage.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.

Justin Scheitlin Daisey Fahringer

IRT: Your Student’s Technology Partner at Rowan University

Identity Management (IdM)

Dartmouth College Status Report

CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN

ACTIVE DIRECTORY An Overview.. By Karan Oberoi.

Provisioning of Services Authentication Requirements

Technical Issues with Establishing Levels of Assurance

Presentation transcript:

David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park

David Henry, CSG - May, 2000 University of Maryland Stats Land Grant University 13 Colleges, 1 Campus ~35,000 Undergrad ~15,000 Grad ~8,500 Faculty ~5,200 Staff

David Henry, CSG - May, 2000 U of MD History 1988 – Rollout of system with integrated directory for faculty and staff (aka umail) –Faculty/Staff only –Finger, whois servers – forwarding service 1993 – CSO name server –Faculty/staff only –Used by Web directory page 1997 – installed Esys/Simeon X.500/LDAP server (based on ISODE/Quipu) –Decommissioned in Feb – installed IBM Secureway LDAP directory –Faculty/Staff + Students + Affiliates –~60,000 DN’s

David Henry, CSG - May, 2000 How we got where we are Extemporize… –Reorg –LDAP committee –Data feeds Savings argument

David Henry, CSG - May, 2000 The DN DN –Employeenumber=,dc=people,dc=umd.edu –Sample : Qualities of uid –NOT SSN –Can be public –Never will change –Contains a check digit –Everyone gets one (even unadmitted student applicants)

David Henry, CSG - May, 2000 Some of our local attributes Major, department,etc. umID (aka SSN, not public) umIDhash –sha1 hash of umID –Read/search for authenticated access Set of Booleans –umFaculty, umStaff, umEmployee, umStudent, umAffiliate, umAlumni, umBuckleyflag Also umPINhash and UMParentPINhash –Sha1 has of student and parent PINs

David Henry, CSG - May, 2000 IBM Secureway LDAP Issues ACL Support –Object Level Only Each attribute within an object is assigned to an access level (normal, sensitive, critical) We want to fully populate all attributes and control access by ACL –IBM says ACL support is fixed in next release (GA July) Attribute level ACL support consistent with proposed standard LDIF syntax for ACL NOT consistent with proposed standard

David Henry, CSG - May, 2000 IBM Secureway LDAP Issues Bulkload – disaster recovery –60,000 entries takes ~24 hours to load ACL processing (23.75 hours) –IBM is looking at problem – no solution Kerberos Support –K5 authentication supported in the next release –No support for K4… maybe through Transarc Next release GA July 2000 –We received early release yesterday

David Henry, CSG - May, 2000 Anticipated Uses of Directory Authentication/authorization for modem pool, central mail drop, student records, etc. Lost card digit Place holder for students who are “admitted, letter sent” Dynamic lists (major, course, student status) Door swipe access Library patron authorization Userid reserve list Tie in to NDS? W2K?

David Henry, CSG - May, 2000 Current Uses of Directory forwarding client searches Web directory searches Authentication services for web pages Corporatetime

David Henry, CSG - May, 2000 Corporatetime vs. LDAP CT only supports Netscape DS and Control Data Systems Global DS –Schema/ACL syntax fixes for IBM LDAP ACL Issues – separate server for CT until attribute level ACL support No support for multivalue attributes It is not possible to create CT user w/o being in LDAP Meeting related data is stored on CT server not in LDAP server

David Henry, CSG - May, 2000 Corporatetime vs. LDAP Defined ctCalUser, ctCalAdmin, ctCalResource object classes Attributes specific to CT stored in CT specific part of the tree –cn=ctserv,dc=ct Example attributes –ctCalAccess, ctCalFlags, ctCalHost

David Henry, CSG - May, 2000 Some Policy Issues Student information is accessible only after authenticated to LDAP Who gets to be added? –Students, Faculty, Staff, Affiliates –Admitted students, letter sent Removed after they decline –Affiliates Volunteers, collaborating faculty, business partners Alumni? (not so far at UMD) Who gets the rights to add affiliates? Currently, one year duration.

David Henry, CSG - May, 2000 That’s it! David Henry Office of Information technology Universty of Maryland College Park