Today’s Talk
Download
Report
Transcript Today’s Talk
A Campus Perspective on
Directory Services
NMI Testbed Workshop
April 8, 2003
Landy Manderson
Lead Software/Network Specialist
User Services, UAB Telecommunications
University of Alabama at Birmingham
[email protected]
Today’s Talk
•
•
•
•
•
History/Evolution of our campus directory
How Middleware efforts helped us
Directory Service overview
Future plans
Closing thoughts
“Stone Age” (ca. 1982-1995)
• “User Register” created to support ACF2
security system on mainframe
• Interfaced with employee and student
records databases
• Same ID’s used for e-mail after joining
BITNET and later Internet
• Campus printed directory assembled by
yearly “census”
“Bronze Age” (ca. 1995-2000)
• UAB Electronic Phonebook goes online for
web searching, @uab.edu forwarding,
printed directory
• Users set up their own aliases (accounts)
• LDAP configured as mirror, for address
book use only
• Some apps (mostly internal) use EP for
authentication
Dawn of our “Iron Age”
(ca. 2000-2002)
• Original impetus for LDAP migration was
to support PKI
• Chose to enhance mirroring of LDAP from
qi rather than replacement
• First testing was with pre-NMI eduPerson
schema – finally, some guidance!
• “LDAP Committee” gave us direction on
useful attributes, continuums of association
• Active Directory enters the picture
“Iron Age” (ca. 2002-now)
• Implemented recommendations of “LDAP
committee”
• LDAP migrated to eduPerson schema
• BlazerIDs/passwords sync’d among
different directories (qi, LDAP, AD,
Novell), allowing consolidation
• Number of apps exploding
• Working with and contributing to NMI
Schema Guidance = Good Thing
• Existing UAB schema was arbitrary, terribly
out-of-date
• Really too much flexibility in LDAP
• Standard schema lacking important
attributes useful to Educational institutions
• Opportunity to bring over additional data to
support new apps
Continuums of association
Employees
Students
Job applicant
Admissions applicant
Job offer extended
Accepted for enrollment
Hired
Enrolled
On leave
Not taking classes
Terminated
Dropped out
Retired
Graduated
The Numbers
•
•
•
•
•
26,000+ employees (four different orgs)
56,000+ students (15,500 enrolled)
54,000+ alumni
115,000+ persons in directory
1,500 entities (schools, departments,
services, offices, centers, etc.)
Official
Sources
Libraries
The Diagram
Printed
Phonebook
ResNet
VPN
Call Center
For people and entities alike!
www.uab.edu/phonebook
@uab.edu forwarding
SMTP
relay
“Official sources”
Employees
“User-input”
Org listings (“bluepages”)
‘Unofficial’ entities
Personal info update
(HURS, HSF, VIVA, EFH)
Students
qi
Organizational Hierarchy
Course info (stu/instr)
Alias/BlazerID/password
Wi-Fi
WebCT
Admin
Email clients
Student apps
portals
PAM
dirXML
LDAP
NMI
AD
Exchange
CEDS
Computer labs
DFS
Desktop
The Applications
For everyone at UAB:
· @uab.edu e-mail addresses
· free UAB e-mail and Web site (WWW) accounts
· Lister Hill Library (LHL) Virtual Desktop
· download of certain UAB site-licensed software
· access to the UAB Virtual Private Network (VPN)
For employees:
· e-mail alerts from various online administrative
applications (e.g., purchase order queue
notifications)
· update of departmental information in the UAB
Electronic Phonebook
· login access to some departmental networks and services
(with more on the way)
· to receive important information e-mailed from your
department, school and designated UAB support
areas (some of this is already being done, with more
applications being discussed)
· inter- and intracampus videoconferencing access (under
development)
· numerous other online administrative and employee
portal applications (e.g., Data Warehouse, STEPS)
which are currently being deployed, tested, procured,
or developed
For students:
· access to the ResNet residence hall network
· some departmental computer labs (with more on the way)
· WebCT online courses
· DARS Degree Audit system (when it comes online)
· class mailing lists, and to receive important information
e-mailed from your department, school, and
designated UAB support areas
· other student online portals which are currently in testing
or under development
For faculty/researchers, in addition to the employee
services listed above:
· WebCT online course shell management (tentatively for
Fall semester)
· automatically generated/managed class mailing lists
· grant information/submission (under development)
· online grade posting (under development)
· DARS Degree Audit system (when it comes online)
What’s Next?
•
•
•
•
Continue bringing new apps, resources on board
CampusCards, BlazerID education
New HR/Finance systems coming online
NMI R2 eval just finished, R3 soon
– Push for more continuum, student, entity attributes in
eduPerson
– Middleware roadmap, validation tools
– Do some inter-institutional stuff!
• “LDAP Committee” still needs to fully address
continuum, privacy granularity, workflow
• What about PKI?
Closing Thoughts
• Really helps to have a couple of decades of
experience with identity management and resource
security!
• Right place, right time
• At any given time, any given technology has a
bleeding, leading and very long trailing edge
– This is true for feeder systems, Internet protocols,
server software, user interfaces
– Middleware can help
More Closing Thoughts
• Great to finally have some guidelines for attribute
schema and population
• But … more work needs to be done
• That said, technical considerations are just the tip
of the iceberg:
–
–
–
–
–
–
Privacy
Ongoing management, education
Who owns the data?
Continuums of association
Who can vouch for X?
Beware the L-word when committees involved!
Links
UAB Electronic Phonebook:
http://www.uab.edu/phonebook
ldap://ldap.uab.edu
BlazerID Resources:
http://www.uab.edu/blazerid
http://www.dpo.uab.edu/BlazerID.htm
Schema descriptions:
http://www.dpo.uab.edu/US/qifields.html
http://www.dpo.uab.edu/US/ldapfields.html