Real-Time Provisioning Beta-Testing
Sources
Institution |
Subject Source |
Number of Subjects |
Subject ID |
---|---|---|---|
LIGO |
LDAP |
1,000 |
dn: employeeNumber=882,ou=people,dc=ligo,dc=org |
Penn State |
LDAP |
165,000 |
dn:uid=xyx123,dc=psu,dc=edu |
UCLA |
LDAP |
40,000 |
|
UMontreal |
LDAP |
120,000 |
sAMAccountName (value same as cn) |
UVienna |
Undecided |
155,000 |
cn, uid |
UWMadison |
|
|
|
Targets
Institution |
Target |
Implementation |
---|---|---|
LIGO |
LDAP |
OpenLDAP 2.4.x |
Penn State |
LDAP |
IBM Tivoli Directory Server |
UCLA |
LDAP |
Sun Java System Directory Server Enterprise Edition 6.3.1 |
UMontreal |
LDAP |
Active Directory |
UVienna |
LDAP |
Active Directory, OpenLDAP |
UWMadison |
|
|
Provisioning memberOf
The groups that a member is a member of may be provisioned to the memberOf attribute. Some LDAP implementations, such as Active Directory, automatically maintain the memberOf attribute. OpenLDAP maintains the memberOf attribute via the memberOf overlay.
Institution |
memberOf |
---|---|
LIGO |
|
Penn State |
|
UCLA |
|
UMontreal |
|
UVienna |
automatic (Active Directory), OpenLDAP ? |
Provisioning Structure
The group provisioning structure may be either flat
or bushy
. A flat
structure provisions all groups into a single container. A bushy
structure provisions groups hierarchically.
For example, the DN of a group with name 'edu:stem:group' in a flat
structure looks like :
dn: cn=edu:stem:group,ou=groups,dc=example,dc=edu
while the DN of a group with name 'edu:stem:group' in a bushy
structure looks like :
dn: cn=group,ou=stem,ou=edu,ou=groups,dc=example,dc=edu
Institution |
Structure (flat or bushy) |
---|---|
LIGO |
|
Penn State |
|
UCLA |
|
UMontreal |
|
UVienna |
|
UWMadison |
|