May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG)

Slides:



Advertisements
Similar presentations
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Advertisements

January 6, 1999Common Solutions Group1 X.509 University Michael R. Gettes Princeton University Computing & Information Technology.
Innosoft international inc. Ó 1999 Innosoft International, Inc. Using LDAPv3 for Directory-Enabled Applications & Networking Greg Lavender Director of.
Princeton University The Cast Dan Oberst, Director of OIT Enterprise Services…………Big Hat: No Cattle Donna Tatro, Manager of Collaboration Services………….Makes.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Active Directory: Final Solution to Enterprise System Integration
Oracle Beehive Vivek Pavle Orabyte LLC Orabyte.
Presented by: Mark Hendricks
Directory & Naming Services CS-328 Dick Steflik. A Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
By Karan Oberoi.  A directory service (DS) is a software application- or a set of applications - that stores and organizes information about a computer.
Middleware Directories Application Specific Issues Michael R. Gettes Principal Technologist Georgetown University Copyright.
CIT 470: Advanced Network and System Administration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
David Henry, CSG - May, 2000 University of Maryland LDAP Directory David Henry Office of Information Technology University of Maryland College Park
I2-MI Middleware 2011 CSG WORKSHOP OPERATIONAL AND DYS-FUNCTIONAL DIRECTORIES Agenda Georgetown, Stanford, Burton Group, iPlanet, Michigan, Minnesota,
Windows 2000 and Active Directory Services at UQ Scott Sinclair Senior Systems Programmer Software Infrastructure Group
Brian Arkills Software Engineer, LDAP geek, AD bum, Senior Heckler, and Associate Troublemaking Officer State of Windows Services at the UW.
Managing Client Access
Module 1: Installing Active Directory Domain Services
Lesson 17. Domains and Active Directory. Objectives At the end of this Presentation, you will be able to:
Chapter 11: Directory Services. Directory Services A directory service is a database that contains information about all objects on the network. Directory.
Directory services Unit objectives
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Windows interoperability with Unix/Linux. Introduction to Active Directory Integration for Unix and Linux Systems Unix/Linux interoperability components.
Implementing Secure Shared File Access
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Working with domains and Active Directory
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
23/4/2001LDAP Overview - HEPix - LAL 2001 LDAP Overview HEPix – LAL Apr Michel Jouvin
GRID Centralized management of the Globus grid-mapfile Carlo Rocca INFN, Catania.
Survey of Identity Repository Security Models JSR 351, Sep 2012.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
USM Regional PeopleSoft Conference
9/16/1998CSG - Chicago E- 1 Collaboration Services Group (CSG) Systems And Networking Computing & Information.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Using Novell iChain ® 2 to Deliver Internal Network Access without a VPN Brian Six Technical Account Manager Novell, Inc.
Extending OpenLDAP Luke Howard PADL Software Pty Ltd Copyright © 2003 PADL Software Pty Ltd. All rights reserved. PADL is a registered trademark of PADL.
UNITED STATES. Understanding NDS for Directory- Enabled Solutions Ed Shropshire, NDS Developer Program Manager Novell, Inc.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
University of Michigan Directory Services Ellen Vaughan Mike La Haye
ArcGIS Server for Administrators
John Douglass, Developer Ron Hutchins, Dir. Engineering Herbert Baines, Dir. InfoSec.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
FSU Metadirectory Project The Issue of Identity Management Executive Overview.
Technical Topics for Deployed Campuses: Web SSO Will Norris University of Southern California.
The HEP White Pages Project Ray Jackson CERN / IT - Internet Services Group 23rd April HEPiX/HEPNT Conference, LAL-Orsay, France.
Institutional Data Flows at MIT Paul B. Hill CSG, May 1999.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
LDAP (Lightweight Directory Access Protocol)
GRID Centralized Management of the Globus grid-mapfile Carlo Rocca, INFN Catania.
AliEn central services Costin Grigoras. Hardware overview  27 machines  Mix of SLC4, SLC5, Ubuntu 8.04, 8.10, 9.04  100 cores  20 KVA UPSs  2 * 1Gbps.
Review on Active Directory. Aim Enable users to find network resources easily Central and easy administration of users and resources in a domain Improve.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Active Directory.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
1 Introduction to Active Directory Directory Services Uniquely identify users and resources on a network Provide a single point of network management.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
LDAP Overview Kevin Moseley Server Team Manager Walgreen Co.
Windows interoperability with Unix/Linux
(ITI310) SESSIONS 6-7-8: Active Directory.
Design and Implement Cloud Data Platform Solutions
Implementation and configuration of LDAP
Advanced Operating Systems
Operational Issues in Directories (selected)
Presentation transcript:

May 12, 1999Common Solutions Group, DS Workshop1 Directory Design & Operations at Princeton University Michael R. Gettes Collaboration Services Group (CSG) Enterprise Services Directorate, CIT Common Solutions Group Directory Service/Schema Design Workshop May, 1999

May 12, 1999Common Solutions Group, DS Workshop2 Problems to solve Multiple Name Spaces Operational Data vs. Phonebook Modern Apps Directory Enabled Schema Design and Data Mapping Proper Schema Usage vs. Reality Operations: Replication, Access, Application Reqs, Performance, Etc.

May 12, 1999Common Solutions Group, DS Workshop3 Multiple Name Spaces Unix, Novell, NT, VM/MVS, /Lists Need to Unify Name Space before really able to leverage a central directory Unified 3/99; took 4 months to do –Includes 2100 ListProc list addresses LDAP went “production” 3/98, install 6/97 Now looking at central userid mgmt with LDAP instead of homegrown glue.

May 12, 1999Common Solutions Group, DS Workshop4 Operational vs. View Only Operational – access & Routing, Web Auth, Proxy Svcs, Certificates - a wee bit View Only –CSO before, CSO2LDAP now View Only - NOT –No Rules, No Control –Fight the Future?

May 12, 1999Common Solutions Group, DS Workshop5 Schema Princeton Keep CSO attributes alive, how far? Use what popular apps expect –Netscape, IE/Outlook Make LDAP enabled apps work –Netscape Messaging Server only, at the time NIS & NT user management? These schemas are not well defined. Sun v. padl How did we do? Quite well, of course!

May 12, 1999Common Solutions Group, DS Workshop6 Schema Princeton Proper Schema vs. Reality – routing (Sendmail) vs. NSMS attribute function overload –objectclass: puPerson (superior is inetorgperson) –like, can you relate? universityid/ref to solve multi-ids –Tracking: Why a DN exists, who did last

May 12, 1999Common Solutions Group, DS Workshop7 Schema Princeton Princeton Attributes defined to Netscape Directory Server Princeton Attributes Netscape Search and Sample LDIF Netscape SearchSample LDIF What’s in a DN? –Cn=name (addr),o=,c= no OU! But ou defined. Multiple locations? DN’s are just that, not to be parsed. –Wouldn’t that be nice?

May 12, 1999Common Solutions Group, DS Workshop8 Resources Michael Gettes and Lee Varian –little if any interaction with others given data control sensitivities and most issues worked out previously because Lee generated the printed campus phonebook, permission not needed. no $$, no formal plan, no new policy –Almost invisible, therefore successful

May 12, 1999Common Solutions Group, DS Workshop9 Operations Mainframe (VM/CMS) bulk mgmt 1 supplier + 3 consumers Last user visible failure - CSG 1/99 Netscape DS 3.12 Solaris PerLDAP scripting very powerful –All ops on-line, NO DOWNTIME!!! Web interface to LDAP FOR MORE INFO...

May 12, 1999Common Solutions Group, DS Workshop10 Operations: NSMS & Sendmail Replica –pbind to single cpu, nice to high priority –4000 ops per minute - NSMS inefficient –100MB memory cache for 9000 users –Failover works for online repairs –Replica Monitoring and Notification NSDIRSECUG Mailing List: FOR MORE INFO...

May 12, 1999Common Solutions Group, DS Workshop11 Operations: General 28,000 DNs - 80MB DB, 22MB ldif Communicator configured for multiple servers Backups - On-line LDIF dumps 1/hr –no good solution for backing up LDAP Few Directory Managers (5) Help Desk has some privs for quick support to users - access lists

May 12, 1999Common Solutions Group, DS Workshop12 Operations: General Access Lists –What can users change? –What do Dir Mgrs change? –Audit Limits –500 max entries returned (not dumper) –near 0 look-through limit (values that have ‘*’ in them cause problems).

May 12, 1999Common Solutions Group, DS Workshop13 Operations: Mailing Lists 2100 Listproc Lists defined to LDAP for sendmail routing, automatically Sendmail routes using DN which can see the lists Would like to have Listproc keep list subscribers or obtain lists from group definitions in LDAP (merged groups).

May 12, 1999Common Solutions Group, DS Workshop14 Operations: Sendmail 8.9.3/8.10 Based on work by Stanford Princeton extended support for looking up multiple attrs and returning multiple addresses. Princeton changes available in 8.10 May 4, 1999: Moved all.forward files into LDAP, implementation by Curt Hillegas

May 12, 1999Common Solutions Group, DS Workshop15 Online Demo: IF Possible Manage Mail Account Replica Monitoring Kerberos Backend Authentication let the firestorm begin!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.