1 / 15

A Campus Perspective on Directory Services NMI Testbed Workshop April 8, 2003

A Campus Perspective on Directory Services NMI Testbed Workshop April 8, 2003. Landy Manderson Lead Software/Network Specialist User Services, UAB Telecommunications University of Alabama at Birmingham landy@uab.edu. Today’s Talk. History/Evolution of our campus directory

mizell
Download Presentation

A Campus Perspective on Directory Services NMI Testbed Workshop April 8, 2003

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Campus Perspective onDirectory ServicesNMI Testbed WorkshopApril 8, 2003 Landy Manderson Lead Software/Network Specialist User Services, UAB Telecommunications University of Alabama at Birmingham landy@uab.edu

  2. Today’s Talk • History/Evolution of our campus directory • How Middleware efforts helped us • Directory Service overview • Future plans • Closing thoughts

  3. “Stone Age” (ca. 1982-1995) • “User Register” created to support ACF2 security system on mainframe • Interfaced with employee and student records databases • Same ID’s used for e-mail after joining BITNET and later Internet • Campus printed directory assembled by yearly “census”

  4. “Bronze Age” (ca. 1995-2000) • UAB Electronic Phonebook goes online for web searching, @uab.edu forwarding, printed directory • Users set up their own aliases (accounts) • LDAP configured as mirror, for address book use only • Some apps (mostly internal) use EP for authentication

  5. Dawn of our “Iron Age”(ca. 2000-2002) • Original impetus for LDAP migration was to support PKI • Chose to enhance mirroring of LDAP from qi rather than replacement • First testing was with pre-NMI eduPerson schema – finally, some guidance! • “LDAP Committee” gave us direction on useful attributes, continuums of association • Active Directory enters the picture

  6. “Iron Age” (ca. 2002-now) • Implemented recommendations of “LDAP committee” • LDAP migrated to eduPerson schema • BlazerIDs/passwords sync’d among different directories (qi, LDAP, AD, Novell), allowing consolidation • Number of apps exploding • Working with and contributing to NMI

  7. Schema Guidance = Good Thing • Existing UAB schema was arbitrary, terribly out-of-date • Really too much flexibility in LDAP • Standard schema lacking important attributes useful to Educational institutions • Opportunity to bring over additional data to support new apps

  8. Continuums of association

  9. The Numbers • 26,000+ employees (four different orgs) • 56,000+ students (15,500 enrolled) • 54,000+ alumni • 115,000+ persons in directory • 1,500 entities (schools, departments, services, offices, centers, etc.)

  10. SMTP relay www.uab.edu/phonebook @uab.edu forwarding Call Center “Official sources” “User-input” Employees Org listings (“bluepages”) (HURS, HSF, VIVA, EFH) ‘Unofficial’ entities Students Organizational Hierarchy Personal info update Course info (stu/instr) Alias/BlazerID/password LDAP AD Exchange Email clients CEDS The Diagram Official Sources Printed Phonebook ResNet For people and entities alike! VPN Libraries qi Wi-Fi NMI WebCT Admin apps DFS Student portals Computer labs Desktop PAM dirXML

  11. For everyone at UAB: · @uab.edu e-mail addresses · free UAB e-mail and Web site (WWW) accounts · Lister Hill Library (LHL) Virtual Desktop · download of certain UAB site-licensed software · access to the UAB Virtual Private Network (VPN) For employees: · e-mail alerts from various online administrative applications (e.g., purchase order queue notifications) · update of departmental information in the UAB Electronic Phonebook · login access to some departmental networks and services (with more on the way) · to receive important information e-mailed from your department, school and designated UAB support areas (some of this is already being done, with more applications being discussed) · inter- and intracampus videoconferencing access (under development) · numerous other online administrative and employee portal applications (e.g., Data Warehouse, STEPS) which are currently being deployed, tested, procured, or developed For students: · access to the ResNet residence hall network · some departmental computer labs (with more on the way) · WebCT online courses · DARS Degree Audit system (when it comes online) · class mailing lists, and to receive important information e-mailed from your department, school, and designated UAB support areas · other student online portals which are currently in testing or under development For faculty/researchers, in addition to the employee services listed above: · WebCT online course shell management (tentatively for Fall semester) · automatically generated/managed class mailing lists · grant information/submission (under development) · online grade posting (under development) · DARS Degree Audit system (when it comes online) The Applications

  12. What’s Next? • Continue bringing new apps, resources on board • CampusCards, BlazerID education • New HR/Finance systems coming online • NMI R2 eval just finished, R3 soon • Push for more continuum, student, entity attributes in eduPerson • Middleware roadmap, validation tools • Do some inter-institutional stuff! • “LDAP Committee” still needs to fully address continuum, privacy granularity, workflow • What about PKI?

  13. Closing Thoughts • Really helps to have a couple of decades of experience with identity management and resource security! • Right place, right time • At any given time, any given technology has a bleeding, leading and very long trailing edge • This is true for feeder systems, Internet protocols, server software, user interfaces • Middleware can help

  14. More Closing Thoughts • Great to finally have some guidelines for attribute schema and population • But … more work needs to be done • That said, technical considerations are just the tip of the iceberg: • Privacy • Ongoing management, education • Who owns the data? • Continuums of association • Who can vouch for X? • Beware the L-word when committees involved!

  15. Links UAB Electronic Phonebook: http://www.uab.edu/phonebook ldap://ldap.uab.edu BlazerID Resources: http://www.uab.edu/blazerid http://www.dpo.uab.edu/BlazerID.htm Schema descriptions: http://www.dpo.uab.edu/US/qifields.html http://www.dpo.uab.edu/US/ldapfields.html

More Related