UWA Directory Services David Glance Strategic Projects.
-
Upload
alvin-skinner -
Category
Documents
-
view
212 -
download
0
Transcript of UWA Directory Services David Glance Strategic Projects.
UWA Directory Services
David Glance
Strategic Projects
Agenda
RequirementsArchitectureClient RequirementsTimeline
Requirements
System provides user information for: Authorisation/Authentication
Users Students Staff
Groups UnitOfferings CourseOfferings Roles BusinessUnits
Data comes from defined sources SRS/Callista HR Visitor Information (Library) UCS
Requirements (cont…)
User accounts created Password management controlled
centrally through Account Management System (AMS)
Initial password generated
Requirements (cont…)
Data passed to designated client systems SSL and/or IPSec Client needs to be authorised to receive data
Permission to access data from data custodians: Student Services Library Campus Card UCS
Architecture (data import)
SRS
HR
SRSDownload
HRDownload
Active Directory
UserManager
Contacts
Visitors
Campus Card
VisitorDownload
CCDownload
Exported ldif
Imported ldif
MSMQ
Architecture (data export)
Active DirectoryUserManager
Exported ldif
Imported ldif
MSMQ
Q Processor
FNAS Q
CSSE Q
ARTS Q
LDAP Client
SOAP Client
File Client
ClientActive Directory
Synch Manager
AMS LDAP Directory
SOAP Server
LDAP Directory
NIS+
Scripts/Programs
SOAP Client
Architecture (schema)
AD.UWA.EDU.AU
BusinessUnits group uwaOrganisationalUnit
Users
Students
Staff
InactiveStudents
InactiveStaff
Teaching
UnitOfferings
CourseOfferings group uwaCourseOffering
group uwaUnitOffering
inetOrgPerson uwaPerson
inetOrgPerson uwaPerson
inetOrgPerson uwaPerson
inetOrgPerson uwaPerson
Roles group uwaRole
Architecture (AMS)
Account Management System Prime requirement for web based interaction No PIN?
May allow PIN as initial password
Use student number or username as account name.
User component Initial password, change password,
Help desk Reset password, disable, lock account
Architecture (AMS)
UserCreate initial password
Provide details (Birth date, Student/Staff Number)
Provide challenge question and answerChange password
Supply the challenge/responseChange details
Architecture (AMS)
HelpdeskSearch for usersReset password
User provides answer to challengeDisable/Lock account
Client Systems
Can choose: Ignore system altogether Just get files (ldif changes or unprocessed
atrribute/value files) Elect to get static data but ignore password changes
Use SOAP server (C# or Python) Use file changes LDAP update Setup Active Directory to synchronize off of central
AD
Client Systems
Critical ClientsSIMS
Validating using LDAP authenticationUCS
Obtaining user names and password information.
Client Systems
RequirementsChoose method of accessGet permission for data being usedAllocate a server for communication
Use SSL or IPSecAll local mechanisms for password
changing needs to be disabledUpdate all user documentation, web pages,
etc. for the new system
Timeframe
Equipment purchase and provisioning Mon 11/10/04 Test system for clients Mon 25/10/04 Production systems Mon 25/10/04 Help desk operational Mon 17/01/05 UCS operational Wed 1/12/04 Callista operational Wed 8/12/04* Callista/SRS changeover Fri 8/4/05 First Round Student Offers Wed 19/01/05 Documentation for Client Systems Mon 7/02/05
Information
[email protected] directory services mailing list
http://www.uwa.edu.au/it/itpo/it_projects/directory_services public project page