| Version 1 (modified by lttoth@…, 10 years ago) (diff) |
|---|
Overview of Enterprise Directory Architecture
Original author: Beth Merce - 20081031
The University of Alaska Enterprise Directory and Authentication Service are comprised of the following:
iPlanet Directories (EDIR directory)
iplanet UNIX account
source of information for web gateways source of identity for authentication service enforces uniqueness
(BannerID, UASystemID, UASystemLegacyID, UID and mailAlternateAddress)
enforces limited password logic
(age, length, composition, reuse)
contains plugin for kerberos authentication
3 instances; Test, Prep, Prod on 4 servers; eklutna, egegik, edgar, elias (soon to be 5th server; elfin)
Oracle Databases (EDIR "registry")
sxldap UNIX account and OPS$SXLDAP schema
superset of directory data reconciliation of entities from various systems of origin
(primarily Banner)
enforces business logic
3 instances; RPTT, RPTQ, RPTS on 1 server; summit
Web Gateways
ldapgw UNIX account for EDIR/AUTHSERV
AUTHSERV: web authentication service and interface to security related functions; also interface to kerberos password/account management for kerberized directory records (e.g. password changes/resets, locking/unlocking accounts, creating guest accounts, etc.)
EDIR: white pages and interface to self service updates
iplanet UNIX account for UPDATE
UPDATE: interface called by both EDIR and AUTHSERV to perform directory updates
3 instances each; Test, Prep, PROD on 4 servers; eklutna, egegik, edgar, elias (soon to be 5th server; elfin)
Equalizer
load balancing for DNS names
edirtest.alaska.edu edirprep.alaska.edu edir.alaska.edu
authservtest.alaska.edu authservprep.alaska.edu authserv.alaska.edu
email-lookup.alaska.edu
for http/https ports for ldap/ldaps ports
Kerberos Realm
oitsynch UNIX account
password store behind iPlanet Directory directory plugin implements kerberos authentication during directory bind UPDATE interface behind AUTHSERV implements kerberos password reset/change/lock/unlock functionality
3 realms: test.alaska.edu, prep.alaska.edu, prod.alaska.edu 1 each on 3 servers: cisca, cobalt, cupola
####################### DOCUMENT CHANGE HISTORY
20081031 elm corrected typos
(eof)
