The Oak LDAP service is intended to enable authorisation decisions to be taken by service providers in the University. Data on unit affiliations (departments and colleges), and the nature of people's relationships with the University (student, staff, etc) are provided. The directory information in Oak LDAP can also be used to map between people's different identifiers (SSO username, barcode, etc), and to retrieve contact data and names for people and units.
It is possible to look up people by their card's barcode number, by their email address, or by their Oak single sign-on (SSO) username. This ability to look someone up by their Oak SSO username makes the service especially useful in conjunction with the Oak Kerberos and Webauth Authentication Services.
An example of the type of policy that can be implemented with data from the Oak LDAP service is "only people affiliated with Department X can use Service Y". Another example is "only members of the University can use Service Z".
The directory contains entries about all University members, and some non-members, such as virtual access card holders. In principle, it could contain entries about anyone whose relationship with the University justifies inclusion.