Oak LDAP is designed to support user authorisation and the lookup of basic attributes such as unique identifiers by IT service providers within the University. It is part of the Oak access management suite, and takes the form of a highly available directory service offering data about people, groups, and units.
Oak LDAP is accessed using the lightweight directory access protocol. The structure and availability of data is defined by the Schema and Attribute Release Policy. The service has been designed to be particularly suitable for use in conjunction with the Kerberos/Webauth authentication services and the preferred means of authenticating to the Oak LDAP service is Kerberos.
A full service description is available from http://www.oucs.ox.ac.uk/services/oak/sp/ldap/
The initial point of contact for ITSS support at OUCS is the Systems Development and Support Section, by email to firstname.lastname@example.org.
- 9am - 5pm on weekdays: the service operates with full technical support.
- All other times: the service operates without technical support. Automated service monitoring will take place, and informal arrangements exist for staff to be notified of exceptions, however no funding is provided for contractual cover or guaranteed response.
- Exclusions: service maintenance carried out during the JANET maintenance period (7am - 9am every Tuesday).
2.5 Recovery will restore directory functionality using data retrived from backup (less than 1 day old). Recovery may not include other functions such as the ability to add or change clients or process source data changes.
2.6 There is no alternative service, however some individual systems may support alternative authorisation configurations such as the creation of local user data to enable access in the event of an extended outage.
2.9 Service requests and fault reports relating to the service should be sent to the OUCS Help Desk.
2.11 Information for departmental and college system administrators is given at http://www.oucs.ox.ac.uk/services/oak/sp/ldap/. OUCS also manages an email list, email@example.com for open discussion about the service.
2.12 Requests for change to the service should be sent by email to firstname.lastname@example.org.
- Regulations Relating to the use of Information Technology Facilities
- JANET(UK) Statement of JANET acceptable use policy
- CHEST Code of Conduct for Site Licensed Software and Datasets
- University Policy on Data Protection
- Any local policy defined by the unit from which you use this service
3.3 All use of the service must be in compliance with with the Terms of Usage.
3.4 Service providers wishing to use Oak LDAP must register their services as Oak LDAP data consumers.
3.6 Managers of services which depend on Oak LDAP are responsible for the suitability, correct configuration, and maintenance of any client software used to interact with this service. In particular this includes ensuring that LDAP clients have a suitable fail-over configuration where required.