Metadirectory Technical Status Meeting

http://fsuid.fsu.edu/admin

7/26/2005

• Project Status
• Suggestion: go to once-a-month meetings from now on.
• Added “mdsacns1.fsu.edu” to eDir ring and removing dependencies on “radius1.acns.fsu.edu” so it can be removed from the ring as well.  Removed use of radius1 in: two ERP VPN RADIUS servers, mdsoti FSU VPN RADIUS server, FSUID Perl LDAP server failover function & CAS.  Any others?
• Department directory searched from www.fsu.edu info into an iPlanet container on directory.fsu.edu  – created “o=FSU Departments” on directory.fsu.edu; will populate & write web page to search.  Suggestion: Have the home page of http://directory.fsu.edu allow for all of our searches (employees, students, departments, ala http://www.fsu.edu/cgi-bin/search/new/sframes.  Be interesting to have a “search all” or at least build pages that cross search based on results?
• Did some minor tweaks to displaying of directory information in Bb “FSU People Search” and directory.fsu.edu/search, such as not bothering to show nickname when nickname == first name, highlighting the phone number, etc.  Also updated FSUID Helpdesk to use nickname, where available.
• “FSU People Search” Bb module now ready for production use; this should replace “FSU Student Email Search” module, as that function is a subset of the larger search module.
• Need a way to allow email clients the ability to LDAP search for student email addresses for FSUID-authenticated users.
• CARS ßà FSUID status:
• Create UUID method now in production; should result in fewer “human exception handling” of problems due to mismatch between what CARS thinks is a current employee/student and what other systems think.
• Still need:
• Mechanism for setting free dialup access
• Mechanism for vacation notification
• Mechanism for setting email forwarding
• Mechanism for setting email privacy flag
• FSUID ßà Win AD identity management work for Human Sci, UCS TEC, US WSG & College of Medicine.   Status?
• “Bb as Portal”: FSUID in Bb: Dongmei will work on putting the FSUID identity, Helpdesk and related web pages under Bb (except for account activation/creation & password reset).  I suggest we consider mod_perl’ing this Perl code to speed it up.
• Mailer.fsu.edu:  Status of moving to native FSUID auth?  Deferred for now
• Shibboleth:  Still experimenting; discussed with FAMU IT folks possible joint effort on Shib-enabled services between the Universities; have a host set up (shibtest.ais.fsu.edu) for “InQueue” testing (Internet2 test Federation); eventually would like to join InCommon (production Federation).
• VPN/eDir Project: Investigate the mapping of eDir and RADIUS attributes to achieve the ability of partitioning VPN permissions.  Good pilot case is ERP VPN authentication – Randy would like to create four assignable levels of VPN access:
• Admin Profile – Allows users to access all machines in ERP address space (my admin and dba folks use this one)
• Asset Profile – Allows a user/machine over in the Asset department to connect some third-party bar code scanning software to the OMNI database servers (this one is in the process of being replaced by a firewall rule)
• BO Profile – Allows BO developers and Universe admins to access the production Business Objects server
• HR Charter Profile – Allows a small set of users in the HR Classification group to connect a third-party organizational chart utility to the OMNI system