LDAP
| Case Computer Help |
|---|
| Help Desk |
|
The Lightweight Directory Access Protocol (LDAP) provides access to a shared "address book" on a network.
- Instructions for configuring your email client or contacts application to connect to Case's LDAP server are at /Desktop use
- There are instructions for configuring your web server or application to authenticate against LDAP at LDAP authentication; though, you may want to consider using CAS, Case's Single Sign On service.
- Documentation for the LDAP schema is located at LDAP schema.
- For a quick primer on LDAP terminology, see /Terminology
Contents |
[edit] What LDAP does
LDAP is phonebook on steroids. It stores the following information:
- Information about people
- Personal details such as name, address, phone number, etc
- Role information such as affiliation with university
- Network services options (such as e-mail mailbox size, VPN access, etc)
- Group membership
- Application access (can user X access application Y)
- Membership access (e.g. list of people who work for ITS, members of Undergraduate Student Government, etc)
[edit] Case LDAP Deployment
There are three primary servers used to process client requests. These servers are replicas of a master server, which is not directly accessible. The hostname ldap.case.edu is a round-robin for all three of these servers. That is, a connection to ldap.case.edu will randomly select a LDAP server to which to connect. However, if you wish to securely connect to an LDAP server, you must directly initiate a request to one of the the replicas. Their hostnames are ldap-replica1.case.edu, ldap-replica2.case.edu, and ldap-replica3.case.edu.
[edit] General layout
- The primary scope of the Case LDAP directory is o=cwru.edu,o=isp
- Entries for people are contained in ou=People,o=cwru.edu,o=isp
- Entries for group definitions are in ou=Groups,o=cwru.edu,o=isp
[edit] Security considerations
The LDAP directory contains personal information about people. Access to this information is controlled by complex access rules. Anonymous browsers of the LDAP directory have access to a very limited amount of information (mainly what is available on http://phonebook.case.edu). It is possible to have information FERPA-supressed in LDAP. If this is the case, a normal search won't even reveal your existence. Special accounts to access more fields are available upon request. Because of the importance of information security, accounts will only be given if there is a legitimate need.
Categories: Computer Help | LDAP
Computers > Computer Help
Computers > Computer Networks
Computers > Directory Services > LDAP
Departments > ITS
Services > IT Services > ITS Services
Help
Case Referrers
Blog Entries
- Gregory Szorc's blog - Fostering PHP Development at Case (17 referral)
- Gregory Szorc's blog - Thoughts on Establishing a Wiki Farm (11 referral)
- http://blog.case.edu/topics/ldap (1 referral)
- http://blog.case.edu/topics/cas (1 referral)
- http://blog.case.edu/topics/casewiki (2 referral)
- Gregory Szorc's blog - Single Sign-On Eases Headaches, Especially on February 15 (5 referral)
- Gregory Szorc's blog - Case Needs Course Data in LDAP (10 referral)
- Jeremy Smith's blog: Opt-Out Mass Email Lists (1 referral)
Other Sites
- http://start.case.edu/ (3 referral)
- http://www.case.edu/its (1 referral)