Metadirectory Technical Status Meeting

http://fsuid.fsu.edu/admin

11/15/2005

  • Project Status
    • Have upgraded three of the five production eDir servers from 8.7.3.7 to 8.8.  Will do mdsoti & mdsacns1 last (involves a cert change, alas)
    • New nightly Perl script now manages values of fsuEduWebApps if somebody is no longer an active employee or switches departments (sends email saying manual intervention required).  Cleans up leaving people with inappropriate “powers” (helpdesk app, etc.).
    • Multi-valued the following HR-fed attributes based on the actual appointments within the PS extract: Fire2Postal, PSHRdeptName, Fire2PhoneNumber, Fire2FaxNumber, Fire2RoomNumber, Fire2Title, departmentNumber.  Also multivalued the equivalent attrs on directory.fsu.edu’s iPlanet instance.  [ Have we updated all uses of these values to read any possible multi-values?  Ex: public employee search, Helpdesk search, personal identity, helpdesk identity, etc.).
    • Added fsuEduPSHRReportsTo and populated it.  Helpdesk & personal pages allow showing a person’s “org chart”.
    • Added fsuEduHomePage support – only active employees are allowed to edit.  Results added to public employee directory search.
    • Modified behavior of renaming FSUIDs at CARS activation – will preserve original FSUID for current employees to preserve their PeopleSoft permissions.  Waiting for a better “identity change” process before allowing “free for all” FSUID renames.
    • Split out more of the load-mods functions into separate scripts: updating images
    • Set up a second RADIUS server on mdsacns1 for FSU VPN failover auth.
    • Published Java/Perl/ColdFusion CAS handoff sample code
    • Moved free dialup access from CARS web site to FSUID web site.  What’s left: vacation notification?  Removal of FSUCard CARS load process and replacement with “native” FSUID management of CARS identities (SSN renames, etc.)?
    • Moved FSUID People Search module into production in Bb.
    • Need a way to allow email clients the ability to LDAP search for student email addresses for FSUID-authenticated users.
    • FSUID ßà Win AD identity management work: Still need to follow up with FAMU identity management stuff for COE.  Activity with Microsoft’s MIIS product in WSG.  Experimented with pGina as a native LDAP auth for Windows desktop login (need to do more filter/group work).
    • Mailer.fsu.edu:  Status of moving to native FSUID auth?  Deferred for now
    • Shibboleth:  Experimenting on hold; will get back to it when time permits.
    • ERP VPN/eDir Project: On hold until OTI develops a more mature VPN support strategy