USM Middleware Workgroup

Key Steps to Implement Directory Services

  1. Define the objective for your Directory Service.
  2. Get buy-in and support from senior administration. Try to get a VP-level administrator as the project champion.
  3. Analyze the applications that will be your data feeds and the systems that will interface with the directory.
  4. Get approval from appropriate data owners.
  5. Decide on the GUID to be used to access records in the directory. (GUID- globally unique identifier. SSN's were commonly used in the past and should not be used.)
  6. Design a registry system for people data. This is the process of assigning each faculty, staff, student, and affiliates a unique identifier in the system. The most common approach is to use a database like Oracle to merge data together and assign unique IDs.
  7. Decide on an authentication mechanism. Passwords are most common!
  8. Develop the schema for your identified data fields. inetOrgPerson and eduPerson should be used as well as a MYORG_eduPerson for locally defined data.
  9. Use the already available USM OID or apply for an OID from IANA www.ianna.org. Develop an OID assignment table. Available USM OID assignments are as follows:
  10. 19212.00 System-wide Objects

    19212.01 University of Maryland, College Park

    19212.02 University of Maryland, Baltimore

    19212.03 University of Maryland Biotechnology Institute

    19212.04 University of Maryland Eastern Shore

    19212.05 University of Maryland, Baltimore County

    19212.06 University of Maryland University College

    19212.07 University of Maryland Center for Environmental Science

    19212.08 University System of Maryland Office

    19212.09 Bowie State University

    19212.10 Coppin State College

    19212.11 Frostburg State University

    19212.12 Salisbury University

    19212.13 Towson University

    19212.14 University of Baltimore

  11. Design the physical infrastructure. The design should take into account redundancy and the need for 24x7 uptime.
  12. Decide on LDAP server software. Some of the most common servers are: Novell eDirectory, SunOne Directory, LDAP, MS Active Directory server, IBM Secureway LDAP
  13. Setup physical hardware and software for the LDAP server.
  14. Design the LDAP structure. Design should be very flat and should contain a People OU and make use of Domain Component Naming.
    1. Example: OU=People, DC=umaryland, DC=edu
  15. Extend the schema to include: inetOrgPerson, eduPerson, MYORG_eduPerson.
  16. Develop connectors or data load programs and decide on frequency of updates.
  17. Develop policies on the following:
    1. Who can access what data?
    2. How often will data be updated?
    3. What sources are authoritative and what data sources are to be updated?
    4. What data will be stored in the directory? What are the criteria?
    5. Will data be accessed securely or in clear text?
    6. What is the policy on passwords? Format? Expiration?
  18. Develop/modify applications in a test environment.
  19. Test! Go live!

Important reference information on developing middleware in the higher education environment:

Internet2 Middleware

http://middleware.internet2.edu

Metadirectory Practices for Enterprise Directories in Higher Education

http://middleware.internet2.edu/dir/metadirectories/internet2-mace-dir-metadirectories-practices-200210.htm

LDAP Recipe

http://www.georgetown.edu/giia/internet2/ldap-recipe

Enterprise Directory Implementation Roadmap

http://www.nmi-edit.org/roadmap/directories.html

eduPerson

http://www.educause.edu/eduperson