Oak LDAP is designed to support user
authorisation and the lookup of basic attributes such as unique identifiers by IT service
providers within the University. It is part of the Oak access management suite, and takes
the form of a highly available directory service offering data about people, groups, and
Oak LDAP is accessed using the lightweight
directory access protocol. The structure and availability of data is defined by the Schema and Attribute Release Policy.
The service has been designed to be particularly suitable for use in conjunction with the
Kerberos/Webauth authentication services and the preferred means of authenticating to the
Oak LDAP service is Kerberos.
ITSS are entitled to
register services for access to Oak LDAP.
This service is owned by the Systems Development and Support Section Manager and was
released for general use in 2008.
A full service description is available from http://www.oucs.ox.ac.uk/services/oak/sp/ldap/
1.1. User Support
This service is provided to organisational units of the University of Oxford via
ITSS may always contact OUCS about any aspect of the service.
The initial point of contact for ITSS support at OUCS is the Systems Development and
Support Section, by email to firstname.lastname@example.org.
2. Summary of OUCS’s responsibilities
Hours of Service
2.1 The service is offered as follows:
- 9am - 5pm on weekdays: the service operates with full technical support.
- All other times: the service operates without technical support. Automated service
monitoring will take place, and informal arrangements exist for staff to be notified of
exceptions, however no funding is provided for contractual cover or guaranteed
- Exclusions: service maintenance carried out during the JANET maintenance period (7am
- 9am every Tuesday).
2.2 OUCS will commence investigation of reported faults within one hour when full
technical support is available (provided that no similar fault is already being handled by
the same team).
Service Level Targets
2.3 It is intended, as far as is possible, to maintain service availability at all times
apart from exclusions listed under 2.1, however there are no formal targets.
2.4 This service is classified as "critical" to University mission and will be recovered
as a first priority, and within 4 hours when full technical support is available.
2.5 Recovery will restore directory functionality using data retrived
from backup (less than 1 day old). Recovery may not include other functions such as
the ability to add or change clients or process source data changes.
2.6 There is no alternative service, however some individual systems may support
alternative authorisation configurations such as the creation of local user data to
enable access in the event of an extended outage.
Administration and Support
2.7 All support (operations and 1st/2nd/3rd line support for ITSS) for the service is
provided by OUCS as described above.
2.8 Notification of scheduled maintenance, outages, and other information of general
interest in relation to the service will be circulated on the itss-announce and oak-ldap mailing lists.
2.9 Service requests and fault reports relating to the service should be sent to the
OUCS Help Desk.
2.10 Requests to
register a service for access to Oak LDAP should be sent by email to email@example.com and will normally be
fulfilled within one working day.
2.11 Information for departmental and college system administrators is given at
http://www.oucs.ox.ac.uk/services/oak/sp/ldap/. OUCS also manages an email list,
open discussion about the service.
Management of Change
2.12 Requests for change to the service should be sent by email to firstname.lastname@example.org.
Reporting and Review
2.13 Service usage information will be reported annually in the OUCS Annual Report.
2.14 The service will be reviewed annually. The review will provide input to the service
level description review, normally carried out in May of each year.
3. Summary of client’s responsibilities
3.1 Users are responsible for ensuring that this service is suitable for their needs.
3.2 Use of this service is subject to, and implies, acceptance of any applicable
regulations, including but not limited to:
3.3 All use of the service must be in compliance with with the Terms of
3.4 Service providers wishing to use Oak LDAP must
register their services as Oak LDAP data consumers.
3.5 Users should report any defect, malfunction, or performance degradation of the
service promptly to enable remedial action to be taken.
3.6 Managers of services which depend on Oak LDAP are responsible for the suitability,
correct configuration, and maintenance of any client software used to interact with this
service. In particular this includes ensuring that LDAP clients have a suitable fail-over
configuration where required.