Upload
duongnga
View
240
Download
0
Embed Size (px)
Citation preview
LDAP for AuthenticationLDAP for Authenticationand Authorization @ UHand Authorization @ UH
Info. Tech. Svcs.
University of Hawaii
Russell Tokuyama 10/03/00University of Hawaii © 2000
What is LDAP?What is LDAP?
lLightweight directory accessprotocol
lClient-server protocol fordirectory service (e.g., X.500)
lSchema and transport
lStandards based
What is a directory What is a directory svcsvc??
lCentral information source, likewhite pages phone book
lPrimarily lookup, read often
l Infrequent writes
lNot a relational database
Why a central Why a central dirdir??
lM inimize duplication ofinformation
lReduce errors due to copyingand multiple sources
lSingle identifier (ID) for user
Why not central Why not central dirdir??
lFERPA (confidentiality ofstudent’s information)
l Don’t trust others with the datal Fear of big brother
l Fear of fall ing into wrong hands
l But managable with planning
Why central LDAP?Why central LDAP?
lMany roles at several campuses
lCommon source of informationfor users and applications
lEnables Web-based servicestailored to users’ needs
lStd protocol for client access
Why central LDAP? Why central LDAP? ((contcont))
lUser authentication
lAccess control (authorization)
lConfigurability
lCore services
lSingle, well-managed passwordimproves security (universal ID)
ITS UsernameITS Username
lStudents in credit classes
lOutreach students
lFaculty
lStaff
lClinical staff
ITS Username ITS Username ((contcont ))
lRCUH
lE W C
lVisiting faculty
lProfessor Emeritus
lSpecial programs with approval
UNISON UNISON (previous)(previous)
UNISON
A/R
OHR
R C U H
E W C
UHF
UHUNIX
ModemPool
PA`E
NIS
FTP
ID + passw
ord
Got LDAP?Got LDAP?
lStudent Employment andCooperative Education
lOHR’s Historical LeaveInformation
lmore to come...
What’s in LDAP?What’s in LDAP?
luid (ITS username)
lpassword (UNIX encrypted)
lname (last, first, middle)
l alternateID (SSN)
l affiliation (faculty, staff, student)
lhomeCampus
Central LDAP Central LDAP (current)(current)
UNISON
LDAP
Central
LDAP
WebMai l
UHUNIX
OHR Leave
SECE
Modem
Pool
ID + passw
ord
Central LDAP Central LDAP (future)(future)
UNISON Central
LDAP
WebMai l
UHUNIX
OHR Leave
SECE
Portals
Web Apps
Modem
Pool
What/who will use it?What/who will use it?
lWireless LAN access
lNew Web applications
lPortals
lRoaming profiles
What’s next?What’s next?
l Improve data collection andprocessing for UNISON
lUH Portal
lWeb registration for the CCs
lDigital signatures
lElectronic approvals
What’s I2 got do w/ it?What’s I2 got do w/ it?
lM iddleware infrastructure
lEarly Adopters program
lEduPerson
lDirectory of directories
lUniversal identifiers
Those other guys?Those other guys?
lLDAP allows any other backend
lActive Directory Service (ADS)
– tight Win2K integration
lNovell Directory Service (NDS)
– tight Novell integration
LinksLinks
lLDAP: Use as Directed– http://www.data.com/990207/ldap .html
l An LDAP Roadmap & FAQ– http:/ /www.kingsmountain .com/ldapRoadmap .
shtml
l Mark W ahl's LDAP FAQ– http:/ /www3.innosoft .com/ldapworld /ldapfaq .ht
m l
Links Links ((contcont))
l ITS Username– http:/ /www.hawaii.edu/infotech/yourusername.
h tml
lLDAP v2 (RFC 1777, 1778, 1779)
lLDAP v3 (RFC 2251, 2252, 2253)
l ITS LDAP Team– russ@ hawaii.edu