Educause Security Discussion mailing list archives
Re: Question on LDAP
From: "Drews, Jane E" <jane-drews () UIOWA EDU>
Date: Wed, 5 Oct 2005 15:18:39 -0500
Michael, We have a fairly mature identity management and service provisioning architecture, that closely binds our metadirectory (LDAP) with our authentication engine (AD). The ldap houses person data that is used in business rules for provisioning services. This is a highly controlled environment. We have a governance structure for change management & control (for everything from integrating/adding services, to specifying and approving schema extensions) and it has been pretty successful for us. I have to say that this isn't for the faint of heart - it's complicated and tricky, both technically and politically. Let me know if you have specific questions. Jane Drews The University of Iowa -----Original Message----- From: Krassos, Michael [mailto:mkrassos () MIAMI EDU] Sent: Tuesday, September 27, 2005 10:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Question on LDAP We are pondering whether or not to implement an LDAP architecture to support authorization attributes. This would be used to store attributes for different applications for use upon successful authentication against our Active Directory environment. Does anyone have any experience with this, or doing something similar? Is this the general direction people are taking or feel they should be taking? Any feedback appreciated.
Attachment:
smime.p7s
Description:
Current thread:
- Re: Question on LDAP Krassos, Michael (Oct 05)
- <Possible follow-ups>
- Re: Question on LDAP Gary Flynn (Oct 05)
- Re: Question on LDAP Drews, Jane E (Oct 05)
- Re: Question on LDAP Tom Barton (Oct 07)