Transcript LDAP User Management with PeopleSoft Campus Directory Interface Session #10562

LDAP User Management
with PeopleSoft Campus
Directory Interface
Session #10562
March 23, 2005
HEUG 2005 Conference
Las Vegas, Nevada
Today’s Presenters
Jim Gallamo
Director
Carol Schaffer
Associate Director
Suman Rustagi
Senior Developer
Overview
Catholic University is changing their
current user account management
practices and implementing PeopleSoft’s
Campus Directory Interface (CDI) to
support this initiative.
This presentation highlights our plans and
experience with CDI.
Agenda
• CUA and PeopleSoft
• Account management processes
• Desired goals
• Campus Directory Interface
• Wrap-up
Catholic University of America
• Located in Washington, DC
• Founded in 1887
• 5800 students
• 1500 faculty and staff
• 18,000 + user accounts
• Windows and Solaris systems
5
Catholic University and PeopleSoft
• Financials v8.4
• Enterprise Performance Management v8.8
• Enterprise Portal v8.8
• Student Administration v8.0
• Human Resource Management Systems v8.0
6
Current Account Management
Student Data
Manual/Automated Processes
PeopleSoft
Student
Administration
System (SAS)
Manual Process
Faculty/Staff
Data
Manual
Process
Account
Management
System
Manual Process
Active Directory
Manual
Microsoft Exchange
Process
Campus Network
Future Account Management
Student/Staff/
Faculty Data
Manual/Automated Processes
PeopleSoft
SA/HRMS
Campus Directory
Interface
Automated Process
Active Directory
Automated
Microsoft Exchange
Process
Campus Network
Phase I Goals
• Replace legacy account management system
• Improve account generation turnaround
• Facilitate data movement between systems
• Introduce OPRIDs as primary identifier
• Expand information in Active Directory (AD)
9
Phase I Goals (cont’d)
• Minimize manual processes
• Create standard account structure
• Provide increased audit functionality
10
Phase II Goals
• Automatically populate all AD-based services
• Restructure account naming conventions
• Introduce real-time synchronization
• Add custom graphical user interface to
supplement AD
11
PeopleSoft Campus Directory Interface
• Sold separately from SA/HRMS system
• Cloned from existing HRMS PDI
• Integrates PeopleSoft security with AD
• Shares SA/HRMS data with AD
• Supports MS ADS, Novell eDirectory and
iPlanet Directory Server
What is Active Directory?
• A distributed hierarchical database
• Comprised of the Directory Information Tree
(DIT) and the Schema
• Each Entry in the DIT is keyed by its
Distinguished Name (DN)
• A DN is a string of attributes which uniquely
identifies an entry in the AD
What is Active Directory? (cont’d)
• A Schema is a set of rules that defines DIT
attributes
• Microsoft provides a Lightweight Directory
Access Protocol (LDAP) interface to AD
Active Directory Structure
Campus Directory Interface Set-up
CDI Directory Setup
CDI Directory Setup (cont’d)
CDI Directory Setup (cont’d)
Defining AD within PeopleSoft
• Load AD schema to PeopleSoft cache
• Active Directory schema enables selection of
data elements by CDI
• Required for directory map creation
CDI Directory Schema Cache
CDI Mapping Setup
CDI DN Details
CDI Attribute Mapping
CDI Attribute Mapping (cont’d)
Transform the value
Transform the Value
Sample Function for Transformation
Criteria for Selecting Students
• Based on PERSONAL_DATA, CX_SEC_TBL,
and PERS_INST_REL tables
• CX_SEC_TBL, custom table, includes OPRIDs
for all the students
• View selects record where STUDENT_CUR is
marked as ‘Y’
Run File Load Process
29
File Load Process (cont’d)
• LDIF File option creates a data file
• File gets created in folder
PS_HOME\appsrvr\Database Name\Files
• File gets loaded into Active Directory
• Run Option updates the Active Directory
Resulting Output File
dn: cn=Griffintest\, Carter H. GRIF0046,cn=users,dc=cua,dc=edu
changetype: add
objectClass: top
objectClass: user
accountExpires: 0
cn: Griffintest, Carter H. GRIF0046
company: CUA
displayName: Griffintest, Carter H. GRIF0046
givenName: Carter
mail: [email protected]
name: Griffintest, Carter H. GRIF0046
sAMAccountName: GRIF0046
scriptPath: Login.bat
sn: Griffintest
title: Student
Progress to Date
• Set up complete CDI/AD test environment
• Generated LDIF with correct data
• Loaded file in AD with new accounts
Next Steps
• Update Directory in Real-time
• Automate AD changes and deletes
• Build consensus on new naming
conventions
• Automatically populate other services (e.g.,
Exchange)
Directory Search Tools
AD search using CDI
CDI Search Results
AD Search using LDAP Search Utility
• LDAP command line executable
• ldapsearch.exe
• Provided outside of system
• Useful in understanding AD structure
LDAP Search Utility Result
ldap_open( 192.168.0.1, 389 )
filter pattern: cn=Tucktest, Karlton E.
returning: ALL
filter is: (cn=Tucktest, Karlton E.)
CN=Tucktest\, Karlton E.,CN=Users,DC=cua,DC=edu
cn=Tucktest, Karlton E.
company=CUA
department=Housing & Residential Life
description=STAFF
displayName=Tucktest, Karlton E.
[email protected]
givenName=Karlton
distinguishedName=CN=Tucktest\, Karlton
E.,CN=Users,DC=cua,DC=edu
Considerations
• Separate network environment to test
• No additional hardware requirements
• Requires coordination between developers
and network staff
• Create sample directory mappings using
delivered script - DIRMAPIN.DMS
Considerations (cont’d)
• Limited knowledge in Global Support
• Not many end users of product
• Learned through trial and error
QUESTIONS?
CONTACTS
Jim Gallamo
[email protected]
Carol Schaffer
[email protected]
Suman Rustagi
[email protected]