LDAP Directory Service
A directory service provides authorized users and services on the network with an integrated source of data regardless of where or how the data is stored. LDAP, which stands for Lightweight Directory Access Protocol, refers to a set of software protocols and an information model for accessing data within directories.
Several disparate sources of directory information have existed across campus, each maintaining a slightly different cross-section of authoritative and semi-authoritative information. LDAP is an effort to help resolve these problems by diminishing redundancy and minimizing the probability of searches returning outdated or conflicting information. Further, implementing LDAP increases the practicality of deploying applications that leverage directory services.
The central LDAP service (ldap.ucdavis.edu) is being implemented in several phases. The first phase, completed March 2004, entailed:
- a reliable hardware and software configuration,
- service-level accounts having extended data access for directory-enabled applications,
- fully-populating the directory with information on people known to the central Computing Accounts service, and
- an access control model for the protection of sensitive information.
For additional information about the rollout, see the Campus LDAP Directory Service Description in the IT Express Knowledge Base. For information and instructions on configuring LDAP for use with Eudora, Outlook, Outlook Express or Mail, visit http://xbase.ucdavis.edu/itexpress/search.cfm?criteria=LDAP.
The second phase, which is in the early planning stages, involves group management and aspects of identity management. This will make it possible, for example, to group personnel by department, role or other logical category, and to determine how much access is granted to a particular group or person. The model will also allow for fine-grained, delegated/distributed administration. For example, it could answer the questions, "who is Joe's supervisor?" or "give me the email addresses of staff in department X for a departmental mailing." This phase of the implementation project is expected to be complete by spring 2005.
- UC Davis LDAP Attribute Schema.
- Introduction to LDAP.
- Basic LDAP Search Options.
- OpenLDAP Administrator’s Guide.
- Instructions for establishing a secure SSL connection to LDAP with ColdFusion.
- Instructions for establishing a secure SSL connection to LDAP with Java.
- Instructions for establishing an LDAP connection with PHP.
- Resource for LDAP with perl.
- For information on establishing LDAP service-level accounts, or assistance with LDAP services, contact firstname.lastname@example.org.
- For general questions or comments regarding the LDAP project, contact the IET Middleware team at .
- For help on configuring email client software with LDAP, contact IT Help at email@example.com.