1 / 31

LDAP

LDAP. The Online Directory. LDAP. What is it What do we use it for How is it loaded How to use it Current challenges Futures. What is LDAP?. Our web-based directory of students, faculty, and staff. What is LDAP?. L ightweight D irectory A ccess P rotocol. What is LDAP?.

dustin
Télécharger la présentation

LDAP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LDAP The Online Directory 1

  2. LDAP • What is it • What do we use it for • How is it loaded • How to use it • Current challenges • Futures 2

  3. What is LDAP? Our web-based directory ofstudents, faculty, and staff 3

  4. What is LDAP? Lightweight Directory Access Protocol 4

  5. What is LDAP? • An object database • An access protocol • Based on X.500/DAP • Optimized for searching • High availability 5

  6. LDAP Usage at U of C • Campus E-mail directory • Authentication & authorization> Web> Calendar> News 6

  7. Example Uses Directory search • www.ucalgary.ca/directory • Netscape Address Book Restricting web content • https://www.ucalgary.ca/it/SMG/minutes 7

  8. LDAP Structure directory.ucalgary.ca o=ucalgary.ca cn=Administrators ou=People uid=twhite 8

  9. LDAP Objects Objectclass: uofcpersondn: uid=twhite,ou=People,o=ucalgary.ca sn: White givennames: Terrance mail: twhite@ucalgary.ca mail: theprez@ucalgary.ca department: President’s Office 9

  10. LDAP Objects Objectclass: groupofuniquenamesdn: cn=Administrators,o=ucalgary.ca owner: uid=kozlowsk,ou=... uniquemember: uid=kozlowsk,ou=… uniquemember: uid=rogjohns,ou=… uniquemember: uid=admin,ou=... 10

  11. LDAP Objects • Distinguished namee.g. uid=twhite,ou=people,o=ucalgary.ca • Attributescan be inherited • Valuescan occur multiple times 11

  12. Available Attributes uid IT username sn Surname from UCID system officialname Given name from UCID system givenname Preferred given name cn Common name (givenname + sn) 12

  13. Available Attributes faculty (for students) departmentnumber (e.g. U4705) department Department Name telephonenumber facsimiletelephonenumber roomnumber mail E-mail address labeleduri Web home page 13

  14. Available Attributes userclass UCID category type(s) course Current courses (not published) employeenumber UofC ID Number (restricted) publish Public display flag locked Active indicator Other stuff could be added! 14

  15. Potential Attributes • User Comments • Alternate departments • Departmental phone number • Digital certificates • Calendar preferences 15

  16. Sources of Data SIS HR UCID AIX Accounts Personal Updates AuthentUCID LDAPusername 16

  17. Why am I not listed? • Must have a UCID • Must have an IT Username • Username must be connected to UCID • Username must be primary • Publish flag must be set • Wait for update to happen 17

  18. Update Schedule • Web update - every hour • UCID updates - every hour • AIX updates - daily • HR/SIS data changes - weekly 18

  19. Historical Artifacts • LDAP keyed by username; authent keyed by UCID • Loaded all UCIDS w/data on Aug 1, 98 • Fake usernames if one didn’t exist • Username required after that date • Students not published after Aug 1,99 19

  20. .ucaccess A facility for restricting access to web pages by any combination of LDAP data (e.g., IT meeting minutes) 20

  21. .ucaccess Place rules in content directory: [ldap] uid:mortis uid:rogjohns uid:kozlowsk 21

  22. .ucaccess [ldap] course:*MATH211* course:*MATH213* Course data format: W2000MATH211L01B03T01 22

  23. .ucaccess Attributes are ‘or’ed together: [ldap] department:UCS* uid:fritsp course:W2000* 23

  24. API’s • AIX command line ldapsearch -b o=ucalgary.ca cn=*morven* • Web access ldap://directory.ucalgary.ca /o=ucalgary.ca??sub?cn=*morven* • C, Perl, Java, etc. 24

  25. Binding • Another name for ‘logging on’ • Interface to AIX cluster password • Required for:* view access to UCID and courses* updating LDAP directly* viewing ‘locked’ entries 25

  26. Mainframe Calls • DASAUTHSAIX password authentication • DASMAILAE-mail address lookup 26

  27. Current Problems • No Yellow Pages • Stale phone numbers • Single faculty & department • No checking of e-mail addresses • No departmental administration • Update time lag 27

  28. Ideas for the Future • End users update LDAP directly • Interface with TeleWeb system • Separate staff list • Digital Certificates • Calendar integration • Hot failover 28

  29. Support • Admin Help Desk • Leigh Schroth (account problems) • Roger Johnson (data loads) • Don Kozlowski (LDAP itself) 29

  30. Coordination Committee • Bob Revak (chair) • Roger Johnson • Don Kozlowski • Jeremy Mortis • Paul Starling 30

  31. More Information LDAP in general http://developer.netscape.com/docs/ .ucaccess http://www.ucalgary.ca /it/itf/general/web/web-02.html 31

More Related