UWA Directory Services

David Glance

Strategic Projects

Agenda

RequirementsArchitectureClient RequirementsTimeline

Requirements

System provides user information for: Authorisation/Authentication

Users Students Staff

Groups UnitOfferings CourseOfferings Roles BusinessUnits

Data comes from defined sources SRS/Callista HR Visitor Information (Library) UCS

Requirements (cont…)

User accounts created Password management controlled

centrally through Account Management System (AMS)

Initial password generated

Requirements (cont…)

Data passed to designated client systems SSL and/or IPSec Client needs to be authorised to receive data

Permission to access data from data custodians: Student Services Library Campus Card UCS

Architecture (data import)

SRS

HR

SRSDownload

HRDownload

Active Directory

UserManager

Contacts

Visitors

Campus Card

VisitorDownload

CCDownload

Exported ldif

Imported ldif

MSMQ

Architecture (data export)

Active DirectoryUserManager

Exported ldif

Imported ldif

MSMQ

Q Processor

FNAS Q

CSSE Q

ARTS Q

LDAP Client

SOAP Client

File Client

ClientActive Directory

Synch Manager

AMS LDAP Directory

SOAP Server

LDAP Directory

NIS+

Scripts/Programs

SOAP Client

Architecture (schema)

AD.UWA.EDU.AU

BusinessUnits group uwaOrganisationalUnit

Users

Students

Staff

InactiveStudents

InactiveStaff

Teaching

UnitOfferings

CourseOfferings group uwaCourseOffering

group uwaUnitOffering

inetOrgPerson uwaPerson

inetOrgPerson uwaPerson

inetOrgPerson uwaPerson

inetOrgPerson uwaPerson

Roles group uwaRole

Architecture (AMS)

Account Management System Prime requirement for web based interaction No PIN?

May allow PIN as initial password

Use student number or username as account name.

User component Initial password, change password,

Help desk Reset password, disable, lock account

Architecture (AMS)

UserCreate initial password

Provide details (Birth date, Student/Staff Number)

Provide challenge question and answerChange password

Supply the challenge/responseChange details

Architecture (AMS)

HelpdeskSearch for usersReset password

User provides answer to challengeDisable/Lock account

Client Systems

Can choose: Ignore system altogether Just get files (ldif changes or unprocessed

atrribute/value files) Elect to get static data but ignore password changes

Use SOAP server (C# or Python) Use file changes LDAP update Setup Active Directory to synchronize off of central

AD

Client Systems

Critical ClientsSIMS

Validating using LDAP authenticationUCS

Obtaining user names and password information.

Client Systems

RequirementsChoose method of accessGet permission for data being usedAllocate a server for communication

Use SSL or IPSecAll local mechanisms for password

changing needs to be disabledUpdate all user documentation, web pages,

etc. for the new system

Timeframe

Equipment purchase and provisioning Mon 11/10/04 Test system for clients Mon 25/10/04 Production systems Mon 25/10/04 Help desk operational Mon 17/01/05 UCS operational Wed 1/12/04 Callista operational Wed 8/12/04* Callista/SRS changeover Fri 8/4/05 First Round Student Offers Wed 19/01/05 Documentation for Client Systems Mon 7/02/05

Information

uwads@maillists.uwa.edu.au directory services mailing list

http://www.uwa.edu.au/it/itpo/it_projects/directory_services public project page

David.Glance@uwa.edu.au