FSUID - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

FSUID

Description:

Auto-syncs value changes across ring. FSUID Schema ... Once in place it's 'hands-free' and can be easily tweaked ... Windows-based auto-account management needs, ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 17
Provided by: acnswebde
Category:
Tags: fsuid | autofree

less

Transcript and Presenter's Notes

Title: FSUID


1
FSUID AD Integration
  • Partnering with the College of Human Sciences
  • Jeff Bauer, AIS
  • http//fsuid.fsu.edu/admin

2
FSUIDs Quick Overview
  • Combined identity from CARS, OTI Win, etc.
  • FSUID authentication used to access PeopleSoft
    Financials and HR (i.e. your paycheck
    information!)
  • FSUID authentication used to log into Secure
    Login
  • FSUID authentication used to log into Blackboard
  • FSUID authentication used for other projects in
    OTI VPN access, BlueSocket, RADIUS, PAM/LDAP
    UNIX logins
  • FSUID used to access FSUID personal and Helpdesk
  • FSUID used to build CAS ring

3
FSUID Architecture
  • Novells eDirectory 8.7.3.3 housed on RedHat
    servers
  • Five servers in three physical locations
  • Same schema, local databases
  • Auto-syncs value changes across ring

4
FSUID Schema
  • Expressed in standard LDAP terms as a set of
    attributes and values.
  • Combination of a new class called fsuEduPerson
    and existing standard classes (such as
    inetOrgPerson, Person and organizationPerson
    )
  • Attributes are updated from various sources
    (PeopleSoft HR feed, DB2 tables on NWRDC,
    existing LDAPs, etc.)
  • One attribute exists to handle associations
    with known Windows servers (fsuEduAdSamaAccountNam
    e)

5
Associate a Windows Account
  • Creates a link between an FSUID and a Windows
    account
  • Used for one-way password sync and directory
    attribute updating on the OTI-managed Exchange
    domains
  • WinAD communication is through LDAPS LDAP
    protocol over an SSL connection using a single
    proxy administrative Win account (no
    requirement for a department to have an official
    Windows trust relationship, with all that
    entails)

6
FSUIDs and CHS
  • CHS approached us interested in doing
    quasi-automated account management
  • Established a Windows administrator proxy account
    punched firewall hole for port 636 (ldapssl)
    traffic to their server
  • Worked over account creation updating details
    and who would be responsible for which attributes
    for which types of users

7
FSUIDs and CHS
  • Arrived at this
  • New employees and new grad students are created
    by an FSUID daily script using a first initial
    last name algorithm for SAM account name
  • Many attributes are set and the association
    between the faculty/staff FSUID and SAM account
    is made (for future updates of attributes)
  • Daily email is sent to CHS systems staff, telling
    them what happened (updates creates)

8
FSUIDs and CHS
  • Arrived at this
  • Accounts are created in a CHS-specified
    container, depending on type of person and which
    department they are in CHS is free to move the
    account around
  • Account is disabled, with a random password
  • CHS will enable account and perform some other
    initialization (home directory, ACLs, etc.) and
    handle informing end user
  • End user will be told to go to their FSUID web
    page to set their Win AD password

9
FSUIDs and CHS
  • Arrived at this
  • An FSUID script is being developed that will scan
    daily for former CHS employees or students if
    found, the Win account will be disabled and the
    Win systems staff emailed
  • Push password management to end user using FSUID
    web page, CHS FSUID helpdesk and User Services
    helpdesk staff
  • End result is a nice blend of grunt work done
    by automatically central IT, with full autonomy
    retained by the College (either side can pull
    the plug in case of emergency)

10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
Win-win for CHS Win!
  • FSUID project got a boost from Colleges requests
    for refinements (Helpdesk advanced search
    Courtesy attribute)
  • CHS Win staff didnt have to manually create some
    200 Win accounts after bringing up a new AD
  • Once in place its hands-free and can be easily
    tweaked
  • Heavy lifting done with a 600 line Perl script ?
  • A departmental Perl script does local-side
    tasks, too

15
Future Directions
  • Interested in developing more custom Win or even
    non-Win account management for departments (e.g.,
    College of Medicine, etc.)
  • A Blackboard as university Portal project is
    starting up
  • Attempt to tie in more university enterprise data
    (e.g., FSUCard door security system)
  • Bring more systems under native FSUID
    authentication (CARS, mailer, garnet, etc.)

16
Thanks!
  • OTI is ready to assist other departments with
    their own Windows-based auto-account management
    needs, tailored to your specific department rules
  • Thanks to the eDir Team Ethan Kromhout,
    Dongmei Gao, Donny Shrum others
  • Special thanks to Jeanne Pecha, College of Human
    Sciences for trusting central IT ?
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com