© GT/SAPP/USIT University of Oslo, Norway User-administration system (BAS) at the University of Oslo Creating of a single user-administration system for University of Oslo By Bård Henry Moum Jakobsen
© GT/SAPP/USIT University of Oslo, Norway University of Oslo (UoO), Norway students fac. & staff other! users in one user-management system UREG2000 Ca computers for students –Win*, MacOS, Linux, mm almost computers…
© GT/SAPP/USIT University of Oslo, Norway What is an User administration system (BAS) Student registry Student registry Personal registery BAS Persons Users
© GT/SAPP/USIT University of Oslo, Norway FEIDE
© GT/SAPP/USIT University of Oslo, Norway BAS SR (FS/MSTAS) OtherHR AT (LDAP)
© GT/SAPP/USIT University of Oslo, Norway User administration system (BAS) Person - unique ID - Name - Address - Affiliation Group - Group ID (GID) - Comment - Members - users - other Groups User - Username (UID) - Password - Mail address - Home dir
© GT/SAPP/USIT University of Oslo, Norway UoOs BAS, UREG2000 A SQL (Oracle) database API in Perl5 A collection of programs (mostly Perl5) for managing users and attributes Procedures for extracting information from LT (UoOs HR-system) and FS (UoOs Student registry) Printer accounting!
© GT/SAPP/USIT University of Oslo, Norway More… Creates: –NIS (2 domains) –AD (win2k) –LDIF –IMS Enterprise –Domino Directory –Tivoli –Remedy ARS –Exim (mail) –Mailman (mail-lists) –etc
© GT/SAPP/USIT University of Oslo, Norway LT – HR-system (i) Gives UREG: –Organizational units »SKO – unit number Made national by our national Student registry system 4 parts Institution (‘\d{4}’) Faculty (‘\d{2}’) Department (‘\d{2}’) Group (‘\d{2}’) »Organization unit Name »Phone, fax, URL, (for the unit) »Addresses (Snail-mail and physical address)
© GT/SAPP/USIT University of Oslo, Norway LT – HR-system (ii) Gives UREG –Person »National id-number (Social security number) »Name »Org.unit »Type (Faculty, Staff, other) »Problem: It takes time to register a person, to much time… Gets from UREG – -addresses
© GT/SAPP/USIT University of Oslo, Norway FS – Student registry Gives UREG: –Persons »National id-number (Social security number) »Name »addresses »Curriculum Gets from UREG – -addresses
© GT/SAPP/USIT University of Oslo, Norway Ureg2000 FSLT NIS (UiO) NT AD (W2K) Notes ARS Tivoli BOFH Radius UA (Adgangskontroll) PRISS Exim/Mailman NIS (IfI) LDAP LMS (CF)
© GT/SAPP/USIT University of Oslo, Norway UREG (or BAS) creates Userid/shortname ’baardj’ (unix-username) –Username in NIS –Loginname in AD –UID in LDAP (for MacOS X) Groups, general group basic –Creating Filegroups –Creating netgroups –Creating AD groups –Creating Notes groups –Creating mailinglists
© GT/SAPP/USIT University of Oslo, Norway Is this a PKI? No! But it is a requirement for a functional PKI. We are not a CA (to much work) But we need certificates for persons, roles, organizations, units and servers. External CA for persons, internal for all others. We need a map from ID in persons certificates to an uniq id at the University, which CA is secondary
© GT/SAPP/USIT University of Oslo, Norway More? Contact us! Foils: eng.ppt
© GT/SAPP/USIT University of Oslo, Norway Coming Structure of LDAP at UoO