Upload
ami-nicholson
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Information Technologies
Jeremy Mortis1hi
LDAP
The Online Directory
Information Technologies
Jeremy Mortis2hi
LDAP
• What is it
• What do we use it for
• How is it loaded
• How to use it
• Current challenges
• Futures
Information Technologies
Jeremy Mortis3hi
What is LDAP?
Our web-based directory of
students, faculty, and staff
Information Technologies
Jeremy Mortis4hi
What is LDAP?
Lightweight
Directory
Access
Protocol
Information Technologies
Jeremy Mortis5hi
What is LDAP?
• An object database
• An access protocol
• Based on X.500/DAP
• Optimized for searching
• High availability
Information Technologies
Jeremy Mortis6hi
LDAP Usage at U of C
• Campus E-mail directory
• Authentication & authorization> Web> Calendar> News
Information Technologies
Jeremy Mortis7hi
Example Uses
Directory search• www.ucalgary.ca/directory• Netscape Address Book
Restricting web content• https://www.ucalgary.ca/it/SMG/minutes
Information Technologies
Jeremy Mortis8hi
LDAP Structure
o=ucalgary.ca
ou=People
uid=twhite
directory.ucalgary.ca
cn=Administrators
Information Technologies
Jeremy Mortis9hi
Objectclass: uofcpersondn: uid=twhite,ou=People,o=ucalgary.ca
sn: White givennames: Terrance mail: [email protected] mail: [email protected] department: President’s Office
LDAP Objects
Information Technologies
Jeremy Mortis10hi
Objectclass: groupofuniquenamesdn: cn=Administrators,o=ucalgary.ca
owner: uid=kozlowsk,ou=... uniquemember: uid=kozlowsk,ou=… uniquemember: uid=rogjohns,ou=… uniquemember: uid=admin,ou=...
LDAP Objects
Information Technologies
Jeremy Mortis11hi
LDAP Objects
• Distinguished namee.g. uid=twhite,ou=people,o=ucalgary.ca
• Attributescan be inherited
• Valuescan occur multiple times
Information Technologies
Jeremy Mortis12hi
Available Attributes
uid IT username
sn Surname from UCID system
officialname Given name from UCID system
givenname Preferred given name
cn Common name (givenname + sn)
Information Technologies
Jeremy Mortis13hi
Available Attributes
faculty (for students)
departmentnumber (e.g. U4705)
department Department Name
telephonenumber
facsimiletelephonenumber
roomnumber
mail E-mail address
labeleduri Web home page
Information Technologies
Jeremy Mortis14hi
Available Attributes
userclass UCID category type(s)
course Current courses (not published)
employeenumber UofC ID Number (restricted)
publish Public display flag
locked Active indicator
Other stuff could be added!
Information Technologies
Jeremy Mortis15hi
Potential Attributes
• User Comments
• Alternate departments
• Departmental phone number
• Digital certificates
• Calendar preferences
Information Technologies
Jeremy Mortis16hi
Sources of Data
AuthentUCID
SIS HR
UCIDAIX
AccountsPersonalUpdates
LDAPusername
Information Technologies
Jeremy Mortis17hi
Why am I not listed?
• Must have a UCID
• Must have an IT Username
• Username must be connected to UCID
• Username must be primary
• Publish flag must be set
• Wait for update to happen
Information Technologies
Jeremy Mortis18hi
Update Schedule
• Web update - every hour
• UCID updates - every hour
• AIX updates - daily
• HR/SIS data changes - weekly
Information Technologies
Jeremy Mortis19hi
Historical Artifacts
• LDAP keyed by username; authent keyed by UCID
• Loaded all UCIDS w/data on Aug 1, 98
• Fake usernames if one didn’t exist
• Username required after that date
• Students not published after Aug 1,99
Information Technologies
Jeremy Mortis20hi
.ucaccess
A facility for restricting access to web
pages by any combination of LDAP data
(e.g., IT meeting minutes)
Information Technologies
Jeremy Mortis21hi
.ucaccess
Place rules in content directory:
[ldap]
uid:mortis
uid:rogjohns
uid:kozlowsk
Information Technologies
Jeremy Mortis22hi
.ucaccess
[ldap]
course:*MATH211*
course:*MATH213*
Course data format: W2000MATH211L01B03T01
Information Technologies
Jeremy Mortis23hi
.ucaccess
Attributes are ‘or’ed together:
[ldap]
department:UCS*
uid:fritsp
course:W2000*
Information Technologies
Jeremy Mortis24hi
API’s
• Web access ldap://directory.ucalgary.ca
/o=ucalgary.ca??sub?cn=*morven*
• AIX command line ldapsearch -b o=ucalgary.ca cn=*morven*
• C, Perl, Java, etc.
Information Technologies
Jeremy Mortis25hi
Binding
• Another name for ‘logging on’
• Interface to AIX cluster password
• Required for:* view access to UCID and courses* updating LDAP directly* viewing ‘locked’ entries
Information Technologies
Jeremy Mortis26hi
Mainframe Calls
• DASAUTHSAIX password authentication
• DASMAILAE-mail address lookup
Information Technologies
Jeremy Mortis27hi
Current Problems
• No Yellow Pages
• Stale phone numbers
• Single faculty & department
• No checking of e-mail addresses
• No departmental administration
• Update time lag
Information Technologies
Jeremy Mortis28hi
Ideas for the Future
• End users update LDAP directly
• Interface with TeleWeb system
• Separate staff list
• Digital Certificates
• Calendar integration
• Hot failover
Information Technologies
Jeremy Mortis29hi
Support
• Admin Help Desk
• Leigh Schroth (account problems)
• Roger Johnson (data loads)
• Don Kozlowski (LDAP itself)
Information Technologies
Jeremy Mortis30hi
Coordination Committee
• Bob Revak (chair)
• Roger Johnson
• Don Kozlowski
• Jeremy Mortis
• Paul Starling
Information Technologies
Jeremy Mortis31hi
More Information
LDAP in general
http://developer.netscape.com/docs/
.ucaccess
http://www.ucalgary.ca
/it/itf/general/web/web-02.html