...
One OID (Oracle Internet Directory) instance is run by NIST to support PDA synchronization to MIT's TechTime. This is used purely as an LDAP authentication system to support the PDAs and mobile devices. It is not offered as a general LDAP authentication service to the MIT developer community.
The server runs on the same box that hosts the TechTime calendar server. It will not accept connections from other servers or clients. A user's password reaches the calendar server over TLS. The calendar server then passes the username and password to the OID instance. The OID instance then verifies the username and password correctness using the KDC.
5.3. OID - run by SAIS
SAIS runs two instances of OID. One instance is used in support of the insideMIT portal. It receives feeds from the MIT Data Warehouse for Kerberos ID and other user data, from SAP for various HR data and portal "profiles", and from the MIT Roles database for authorization data. The second instance of OID is used for the MITSIS system. Plans call for the later system to receive feeds from SIS systems regarding student data.
...
- Looking up email addresses of people from various email clients including Outlook, Apple Mail, and Thunderbird
- The ability to look up many of the Moira group membershipsup Moira group memberships for Moira lists that are of type visible. Type visible within Moira indictes that non-members may view the membership.
Wiki Markup Used to provide SIP.edu functionality with OpenSER for MIT VoIP pilot and MIT Personal SIP service \[?\]
- Used by the core MIT Touchstone Shibboleth IdP to generate Shibboleth attribute assertions.
6. Proposed initiatives and tasks
...
8.1. LDAP authentication - This should not be confused with the LDAP bind operation. LDAP authentication is often used to indicate that an application is passing a username and password over TLS to an LDAP server and the LDAP server then evaluates the username/password pair to determine if the user should be successfully authenticated. It may do this by storing the password in the ldap directory, or it may forward the information on to another back end system such as Kerberos to perform the evaluation.
8.2. OID (Oracle Internet Directory) - http://www.oracle.com/technology/products/oid/index.html
9. Proposed responsibilities
NIST will be responsible for operating ldap.mit.edu this includes
- system administration of ldap.mit.edu inclduing normal maintenance of the server hardward and applying security patches
- modification of configuration or updates in response to operational situations, e.g. disabling the update of student data in order to prevent unintended disclosure of cell phone numbers due to miscommunications amongst other groups
- notification of changes to configuraiton or updates in repsonse to operational situations in a reasonable period of time
- coordination planning with ISDA for tested and planned changes, e.g. schema changes, or maintenance of feeds
- providing ISDA with staging machines which adequately reflect the operational machines (the assumption is that ISDA will bear the cost of the hardware for the staging machines)
ISDA will be responsible for
- maintenance of the data feeds from Moira
- creation and maintenance of data feeds from Roles DB
- maintainenance of data feeds from DW (if necessary)
- testing feeds
- coordinating and testing schema changes
- creating sample source code for developers interested in integrating applications with ldap.mit.edu services
- creating documentation for developers interested in integrating applications with ldap.mit.edu
- developing improved monitoring tools to ensure that ldap.mit.edu is available and providing consistent responses
- provide 2nd teir support to determine problem solution when a user or developer complains about availability, data consistency, or other data issues