user-administration system (bas) at the university of oslo

© GT/SAPP/USIT

University of Oslo,Norway

User-administration system (BAS) at the University of Oslo

Creating of a single user-administration system for University of Oslo

By

Bård Henry Moum Jakobsen

© GT/SAPP/USIT


University of Oslo (UoO), Norway• 32 000 students• 6 000 fac. & staff• 4 000 other!• 35 431 users in one user-management

system UREG2000• Ca 1 600 computers for students

– Win*, MacOS, Linux, mm

• almost 9 000 computers…

© GT/SAPP/USIT


What is an User administration system (BAS)

Studentregistry

Studentregistry

Personal registery

Personal registery

BASBASPersons Users

© GT/SAPP/USIT


FEIDE

© GT/SAPP/USIT


BAS

BAS

SR (FS/MSTAS)

Other HR

AT(LDAP)

© GT/SAPP/USIT


User administration system (BAS)

Person- unique ID- Name- Address- Affiliation

Group- Group ID (GID)- Comment- Members - users - other Groups

User- Username (UID)- Password- Mail address- Home dir

© GT/SAPP/USIT


UoOs BAS, UREG2000• A SQL (Oracle) database• API in Perl5• A collection of programs (mostly Perl5)

for managing users and attributes• Procedures for extracting information

from LT (UoOs HR-system) and FS (UoOs Student registry)

• Printer accounting!

© GT/SAPP/USIT


More…• Creates:

– NIS (2 domains)– AD (win2k)– LDIF– IMS Enterprise – Domino Directory– Tivoli– Remedy ARS– Exim (mail)– Mailman (mail-lists)– etc

© GT/SAPP/USIT


LT – HR-system (i)• Gives UREG:

– Organizational units» SKO – unit number

• Made national by our national Student registry system• 4 parts• Institution (‘\d{4}’)• Faculty (‘\d{2}’)• Department (‘\d{2}’)• Group (‘\d{2}’)

» Organization unit Name» Phone, fax, URL, email (for the unit)» Addresses (Snail-mail and physical address)

© GT/SAPP/USIT


LT – HR-system (ii)• Gives UREG

– Person» National id-number (Social security number)» Name» Org.unit» Type (Faculty, Staff, other)» Problem: It takes time to register a person, to

much time…

• Gets from UREG– Email-addresses

© GT/SAPP/USIT


FS – Student registry• Gives UREG:

– Persons» National id-number (Social security number)» Name» addresses» Curriculum

• Gets from UREG– Email-addresses

© GT/SAPP/USIT


Ureg2000

FSLT

NIS (UiO)

NT

AD (W2K)

Notes

ARS

Tivoli

BOFH

Radius

UA (Adgangskontroll)

PRISS

Exim/Mailman

NIS (IfI)

LDAP

LMS(CF)

© GT/SAPP/USIT


UREG (or BAS) creates• Userid/shortname ’baardj’ (unix-

username)– Username in NIS– Loginname in AD– UID in LDAP (for MacOS X)

• Groups, general group basic– Creating Filegroups– Creating netgroups– Creating AD groups– Creating Notes groups– Creating mailinglists

© GT/SAPP/USIT


Is this a PKI? No!• But it is a requirement for a functional

PKI.• We are not a CA (to much work)• But we need certificates for persons,

roles, organizations, units and servers.• External CA for persons, internal for all

others.• We need a map from ID in persons

certificates to an uniq id at the University, which CA is secondary

© GT/SAPP/USIT


More? Contact us!• [email protected]• +47 22852778• Foils:

http://folk.uio.no/baardj/pres/GNOMIS-eng.ppt

© GT/SAPP/USIT


Coming Structure of LDAP at UoO

ld ap .u io .n o

ou=Fagseksjonen TF

ou=Teologisk fakultet ou=Juridiske fakultet

ou=ØPA

ou=Universitetsdir. OPA

ou=SYDR USIT ou=ODI seksjonen

ou=ADB-seksjonen USIT ADM -seksjonen USIT

ou=USIT

ou=Sentraladm in

cn=Arne Laukholm

cn=Knut Borge

cn=Lars Inge Oftedal

cn=Vem und Blom kvist

cn=Trygve Falch

Persons

uid=kborge

uid=larso

Users

cn=usit

cn=hfstud

Groups

0=Universitetet i Oslo, c=no

user-administration system (bas) at the university of oslo

Documents