LDAP @ UNCG
What is LDAP?
LDAP stands for Lightweight Directory Access Protocol and is an Internet standard protocol used by applications to access information in a directory. Many types of data can be stored in a LDAP directory. Typically, information about people such as directory information and account details make up the bulk of the data. However, anything that can be thought of as stored in a directory format can be stored in LDAP.
Many objects have standardized sets of rules created and approved by the internet community. This provides the ability to retrieve similar information from LDAP regardless of the owner of the LDAP directory or the architecture behind it. The majority of the elements in UNCG's LDAP directory conform to the standardized objects, but there are some specific objects that contain data specific to our needs.
The Next Generation LDAP Environment is comprised of two sub-environments, a brand new Active Directory Directory Services (AD DS) domain and an Active Directory Lightweight Domain Services (AD LDS) environment to serve as an LDAP directory hosting platform. The AD DS domain acts as an “identity vault” interfacing with Banner/CSAM to collect and consolidate account information and does not service end users directly. The LDS environment hosts multiple LDAP servers and directories to provide redundancy and scalability the clients will connect to. LDS uses a tool called AdamSync to populate each of its hosted directories from the AD DS domain.
Users will access the environment by pointing their application/client to a new URL, ldaps://ldap.uncg.edu. Network exceptions in place for the Legacy-GCN migration allow legacy datacenter and GCN datacenter to use this URL alike. In the future, when the migration is complete, we will use a 2nd URL, sldap://publdap.uncg.edu to redirect Legacy/ISP clients to a different LDS partition and split the service into a lighter weight offering for Legacy/ISP and a richer offering for the GCN.As part of the new LDAP environment, the LDAP schema has been modified to add some new fields. They are:
- EUID – unique number that is preserved throughout the lifetime of the account.
- Preferred Names (First, Middle, Last, Full) – centralized source of preferred names from Banner.
- Current Student – indicates if a student for the current term only (not future or previous two)
- Current Student Worker – indicates student is an active student worker.
- Current GTR – indicates a graduate assistant, teaching assistant, or researcher for the current term.
- Current Staff and Faculty – indicates whether individual is assigned to a job, not just an active employee.
- Suppress Home Contact and FERPA – One attribute to denote a student has invoked FERPA, the other, an employee has requested suppression of their home ddress and phone information.
- Departmental Org Information – attributes representing the 5 digit orgn code and 15 char shortname name in addition to the 3 char code and 30 char long textual description already provided.