1 / 15

Directory Design & Operations at Princeton University

Common Solutions Group Directory Service/Schema Design Workshop May, 1999. Directory Design & Operations at Princeton University. Michael R. Gettes Collaboration Services Group (CSG) Enterprise Services Directorate, CIT. Problems to solve. Multiple Name Spaces

kenyon-green
Download Presentation

Directory Design & Operations at Princeton University

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Common Solutions GroupDirectory Service/Schema Design WorkshopMay, 1999 Directory Design & Operationsat Princeton University Michael R. Gettes Collaboration Services Group (CSG) Enterprise Services Directorate, CIT Common Solutions Group, DS Workshop

  2. Problems to solve • Multiple Name Spaces • Operational Data vs. Phonebook • Modern Apps Directory Enabled • Schema Design and Data Mapping • Proper Schema Usage vs. Reality • Operations: Replication, Access, Application Reqs, Performance, Etc. Common Solutions Group, DS Workshop

  3. Multiple Name Spaces • Unix, Novell, NT, VM/MVS, E-Mail/Lists • Need to Unify Name Space before really able to leverage a central directory • Unified 3/99; took 4 months to do • Includes 2100 ListProc list addresses • LDAP went “production” 3/98, install 6/97 • Now looking at central userid mgmt with LDAP instead of homegrown glue. Common Solutions Group, DS Workshop

  4. Operational vs. View Only • Operational • E-mail access & Routing, Web Auth, Proxy Svcs, Certificates - a wee bit • View Only • CSO before, CSO2LDAP now • View Only - NOT • No Rules, No Control • Fight the Future? Common Solutions Group, DS Workshop

  5. Schema Design @ Princeton • Keep CSO attributes alive, how far? • Use what popular apps expect • Netscape, IE/Outlook • Make LDAP enabled apps work • Netscape Messaging Server only, at the time • NIS & NT user management? These schemas are not well defined. Sun v. padl • How did we do? Quite well, of course! Common Solutions Group, DS Workshop

  6. Schema Design @ Princeton • Proper Schema vs. Reality • E-mail routing (Sendmail) vs. NSMS • attribute function overload • objectclass: puPerson (superior is inetorgperson) • like, can you relate? • universityid/ref to solve multi-ids • Tracking: Why a DN exists, who did last Common Solutions Group, DS Workshop

  7. Schema Design @ Princeton • Princeton Attributes defined to Netscape Directory Server • Netscape Search and Sample LDIF • What’s in a DN? • Cn=name (addr),o=,c= • no OU! But ou defined. Multiple locations? • DN’s are just that, not to be parsed. • Wouldn’t that be nice? Common Solutions Group, DS Workshop

  8. Resources • Michael Gettes and Lee Varian • little if any interaction with others given data control sensitivities and most issues worked out previously because Lee generated the printed campus phonebook, permission not needed. • no $$, no formal plan, no new policy • Almost invisible, therefore successful Common Solutions Group, DS Workshop

  9. Operations • Mainframe (VM/CMS) bulk mgmt • 1 supplier + 3 consumers • Last user visible failure - CSG 1/99 • Netscape DS 3.12 Solaris • PerLDAP scripting very powerful • All ops on-line, NO DOWNTIME!!! FOR MORE INFO... Web interface to LDAP https://directory.Princeton.EDU Common Solutions Group, DS Workshop

  10. Operations: NSMS & Sendmail • E-Mail Replica • pbind to single cpu, nice to high priority • 4000 ops per minute - NSMS inefficient • 100MB memory cache for 9000 users • Failover works for online repairs • Replica Monitoring and Notification FOR MORE INFO... NSDIRSECUG Mailing List: dirsec-request@nsdirsecug.org Common Solutions Group, DS Workshop

  11. Operations: General • 28,000 DNs - 80MB DB, 22MB ldif • Communicator configured for multiple servers • Backups - On-line LDIF dumps 1/hr • no good solution for backing up LDAP • Few Directory Managers (5) • Help Desk has some privs for quick support to users - access lists Common Solutions Group, DS Workshop

  12. Operations: General • Access Lists • What can users change? • What do Dir Mgrs change? • Audit • Limits • 500 max entries returned (not dumper) • near 0 look-through limit (values that have ‘*’ in them cause problems). Common Solutions Group, DS Workshop

  13. Operations: Mailing Lists • 2100 Listproc Lists defined to LDAP for sendmail routing, automatically • Sendmail routes using DN which can see the lists • Would like to have Listproc keep list subscribers or obtain lists from group definitions in LDAP (merged groups). Common Solutions Group, DS Workshop

  14. Operations: Sendmail 8.9.3/8.10 • Based on work by Stanford • Princeton extended support for looking up multiple attrs and returning multiple addresses. • Princeton changes available in 8.10 • May 4, 1999: Moved all .forward files into LDAP, implementation by • Curt Hillegas <curt@Princeton.EDU> Common Solutions Group, DS Workshop

  15. Online Demo: IF Possible • Https://directory.Princeton.EDU • Manage Mail Account • Replica Monitoring • Kerberos Backend Authentication • let the firestorm begin! Common Solutions Group, DS Workshop

More Related