Description

A directory service provides authorized users and services on the network with an integrated source of data regardless of where or how the data is stored. LDAP, which stands for Lightweight Directory Access Protocol, refers to a set of software protocols and an information model for accessing data within directories.

Several disparate sources of directory information have existed across campus, each maintaining a slightly different cross-section of authoritative and semi-authoritative information. LDAP is an effort to help resolve these problems by diminishing redundancy and minimizing the probability of searches returning outdated or conflicting information. Further, implementing LDAP increases the practicality of deploying applications that leverage directory services.

Availability

The central LDAP service (ldap.ucdavis.edu) is being implemented in several phases. The first phase, completed March 2004, entailed:

• a reliable hardware and software configuration,
• service-level accounts having extended data access for directory-enabled applications,
• fully-populating the directory with information on people known to the central Computing Accounts service, and
• an access control model for the protection of sensitive information.

For additional information about the rollout, see the Campus LDAP Directory Service Description in the IT Express Knowledge Base. For information and instructions on configuring LDAP for use with Eudora, Outlook, Outlook Express or Mail, visit http://xbase.ucdavis.edu/itexpress/search.cfm?criteria=LDAP.

In Development

The second phase, which is in the early planning stages, involves group management and aspects of identity management. This will make it possible, for example, to group personnel by department, role or other logical category, and to determine how much access is granted to a particular group or person. The model will also allow for fine-grained, delegated/distributed administration. For example, it could answer the questions, “who is Joe’s supervisor?” or “give me the email addresses of staff in department X for a departmental mailing.” This phase of the implementation project is expected to be complete by spring 2005.

Technical Documentation

• UC Davis LDAP Attribute Schema.
• Introduction to LDAP.
• OpenLDAP Administrator’s Guide.
• Instructions for establishing a secure SSL connection to LDAP with ColdFusion.
• Instructions for establishing a secure SSL connection to LDAP with Java.
• Instructions for establishing an LDAP connection with PHP.
• Resource for LDAP with perl.

Contact Information

• For information on establishing LDAP service-level accounts, or assistance with LDAP services, contact ldapadmin@ucdavis.edu.
• For general questions or comments regarding the LDAP project, contact the IET Middleware team at .
• For help on configuring email client software with LDAP, contact IT Help at ithelp@ucdavis.edu.

Related Resources

• Configuring LDAP in Eudora for Macintosh
• Configuring LDAP in Eudora for Windows
• Configuring LDAP for Mail on Mac OS X
• Configuring LDAP in Outlook Express and Outlook 2000
• Configuring LDAP in Outlook XP/2002
• Eudora LDAP Configuration Deployment
• Campus LDAP Directory Service Description