Transcript Cerebrum, UoO new UAS

University of Oslo,
Norway
Cerebrum, UoO new UAS
Developing a 2nd generatione of a single useradministration system for University of Oslo
By
Bård H.M. Jakobsen
© GT/SAPP/USIT
University of Oslo,
Norway
University of Oslo (UoO),
Norway
•
•
•
•
32 000 students
6 000 fac. & staff
8 000 others!
52 000 users in one user-management
system UREG2000
• 29 881 opened accounts after 15. nov 
• Ca 2000 computers for students
– Win*, MacOS (OS9 and OSX), Linux, mm
• almost 10 000 end-user computers…
© GT/SAPP/USIT
University of Oslo,
Norway
What is an User administration system
(BAS)
Student
registry
Persons
Personal
registery
© GT/SAPP/USIT
BAS
Users
LT
University of Oslo,
Norway
BOFH
FS
Ureg2000
LDAP
UA (Adgangskontroll)
Notes
Exim/Mailman
LMS
(CF)
NT
Tivoli
NIS (UiO)
ARS
Radius
© GT/SAPP/USIT
NIS (IfI)
PRISS
AD (W2K)
University of Oslo,
Norway
FEIDE
© GT/SAPP/USIT
University of Oslo,
Norway
What is Cerebrum
• a OpenSource User administration system
• build by modules around a kernel
• Written in Python, using Oracle or
postgresSQL as backend
• Sourcecode on
http://sourceforge.net/projects/cerebrum/
• Now in alpha-code, pilots running
• Pre-production in January
© GT/SAPP/USIT
University of Oslo,
Norway
User administration system (BAS)
User
Person
- Username (UID)
- Password
- Mail address
- Home dir
- unique ID
- Name
- Address
- Affiliation
Group
- Group ID (GID)
- Comment
- Members
- users
- other Groups
© GT/SAPP/USIT
University of Oslo,
Norway
User administration system (BAS)
Person
Group
Affiliation
User
OU
© GT/SAPP/USIT
University of Oslo,
Norway
Cerebrum v.s our current
system
• Ureg2000, developed by evolution
• hard to emigrate to other institutions (FEIDE)
• new needs at our institutions
–
–
–
–
LMS
Portals
other services
event-driven updates
• UoO to get a new HR
• Cerebrum is TDBtCE 
© GT/SAPP/USIT
University of Oslo,
Norway
Kernel
• Person
– ID
» internal
» External
» SSN
» From other sources
– Name
• OU
– Name/ID
– Structure
© GT/SAPP/USIT
University of Oslo,
Norway
Affiliation
•
•
•
•
•
•
Faculty
Staff
Students
member
affiliate
employee
© GT/SAPP/USIT
University of Oslo,
Norway
Users
• ID for identification authentication
• Could have ID in different namespace
• Data on authentication
– Passwd (Crypt, MD5)
– Certificate
© GT/SAPP/USIT
University of Oslo,
Norway
Source-system
• Most of the data in Cerebrum has one or
more sources which are authoritative
Cerebrum
HR
© GT/SAPP/USIT
Other
SR
University of Oslo,
Norway
Modules
• Interface to Systems
– having authoritative information on entities at the campus
– needing
» authentication
» information
© GT/SAPP/USIT
University of Oslo,
Norway
What modules?
•
•
•
•
•
•
•
•
•
•
•
•
FS, MSTAS (2 national SR of Norway) (MSTAS – 2003-01-15)
SATS (school system in Norway) (2003-12-15)
LT (HR at UoO)
SAP (HR) (Spring 2003)
LDAP (2003-12-15)
NIS (POSIX)
AD (2003-12-15)
Admin client
LMS (IMS E. 1.01, 2003-12-15)
Email (2003-12-15)
UA (Spring 2003)
NDS (Maybe spring 2003)
© GT/SAPP/USIT
University of Oslo,
Norway
More? Contact us!
• [email protected]
• Foils:
http://folk.uio.no/baardj/pres/GNOMIS2002.pp
t
© GT/SAPP/USIT
University of Oslo,
Norway
End/Fine/Slut/Finito/Slutt!
© GT/SAPP/USIT
University of Oslo,
Norway
LDAP-Structure at UoO
ldap.uio.no
dc=uio, dc=no
people
Users
Groups
Organization
cn=Arne Laukholm
uid=kborge
cn=usit
cn=Knut Borge
uid=larso
cn=hfstud
ou=Sadm
ou=Universitetsdir.
OPA
cn=Lars Inge Oftedal
cn=Vemund Blomkvist
ou=ØPA
cn=Trygve Falch
ou=USIT
ou=SAPP
© GT/SAPP/USIT
GT
BSD
MG
DBA
ou=SUF
ou=SAUS
ou=JF
Admin
ou=TF
ou=Fagseksjonen TF
University of Oslo,
Norway
Is this a PKI? No!
• But it is a requirement for a functional PKI.
• We are not a CA (to much work)
• But we need certificates for persons, roles,
organizations, units and servers.
• External CA for persons, internal for all
others.
• We need a map from ID in persons
certificates to an uniq id at the University,
which CA is secondary
© GT/SAPP/USIT