University of Oslo, Norway Cerebrum, Uo. O new UAS Developing a 2 nd generatione of a single useradministration system for University of Oslo By Bård H. M. Jakobsen © GT/SAPP/USIT
University of Oslo, Norway University of Oslo (Uo. O), Norway • • 32 000 students 6 000 fac. & staff 8 000 others! 52 000 users in one user-management system UREG 2000 • 29 881 opened accounts after 15. nov • Ca 2000 computers for students – Win*, Mac. OS (OS 9 and OSX), Linux, mm • almost 10 000 end-user computers… © GT/SAPP/USIT
University of Oslo, Norway What is an User administration system (BAS) Student registry Persons Personal registery © GT/SAPP/USIT BAS Users
LT University of Oslo, Norway BOFH FS Ureg 2000 LDAP UA (Adgangskontroll) Notes Exim/Mailman LMS (CF) NIS (Ui. O) ARS © GT/SAPP/USIT Radius NT Tivoli NIS (If. I) PRISS AD (W 2 K)
University of Oslo, Norway FEIDE © GT/SAPP/USIT
University of Oslo, Norway What is Cerebrum • a Open. Source User administration system • build by modules around a kernel • Written in Python, using Oracle or postgres. SQL as backend • Sourcecode on http: //sourceforge. net/projects/cerebrum/ • Now in alpha-code, pilots running • Pre-production in January © GT/SAPP/USIT
University of Oslo, Norway User administration system (BAS) User Person - Username (UID) - Password - Mail address - Home dir - unique ID - Name - Address - Affiliation Group - Group ID (GID) - Comment - Members - users - other Groups © GT/SAPP/USIT
University of Oslo, Norway User administration system (BAS) Person Group Affiliation User OU © GT/SAPP/USIT
University of Oslo, Norway Cerebrum v. s our current system • Ureg 2000, developed by evolution • hard to emigrate to other institutions (FEIDE) • new needs at our institutions – – LMS Portals other services event-driven updates • Uo. O to get a new HR • Cerebrum is TDBt. CE © GT/SAPP/USIT
University of Oslo, Norway Kernel • Person – ID » internal » External » SSN » From other sources – Name • OU – Name/ID – Structure © GT/SAPP/USIT
University of Oslo, Norway Affiliation • • • Faculty Staff Students member affiliate employee © GT/SAPP/USIT
University of Oslo, Norway Users • ID for identification authentication • Could have ID in different namespace • Data on authentication – Passwd (Crypt, MD 5) – Certificate © GT/SAPP/USIT
University of Oslo, Norway Source-system • Most of the data in Cerebrum has one or more sources which are authoritative Cerebrum HR © GT/SAPP/USIT Other SR
University of Oslo, Norway Modules • Interface to Systems – having authoritative information on entities at the campus – needing » authentication » information © GT/SAPP/USIT
University of Oslo, Norway What modules? • • • FS, MSTAS (2 national SR of Norway) (MSTAS – 2003 -01 -15) SATS (school system in Norway) (2003 -12 -15) LT (HR at Uo. O) SAP (HR) (Spring 2003) LDAP (2003 -12 -15) NIS (POSIX) AD (2003 -12 -15) Admin client LMS (IMS E. 1. 01, 2003 -12 -15) Email (2003 -12 -15) UA (Spring 2003) NDS (Maybe spring 2003) © GT/SAPP/USIT
University of Oslo, Norway More? Contact us! • cerebrum-developers@usit. uio. no • Foils: http: //folk. uio. no/baardj/pres/GNOMIS 2002. p pt © GT/SAPP/USIT
University of Oslo, Norway End/Fine/Slut/Finito/Slutt! © GT/SAPP/USIT
University of Oslo, Norway LDAP-Structure at Uo. O © GT/SAPP/USIT
University of Oslo, Norway Is this a PKI? No! • But it is a requirement for a functional PKI. • We are not a CA (to much work) • But we need certificates for persons, roles, organizations, units and servers. • External CA for persons, internal for all others. • We need a map from ID in persons certificates to an uniq id at the University, which CA is secondary © GT/SAPP/USIT
Скачать презентацию University of Oslo Norway Cerebrum Uo O new
d8efc356128710279822ce67e5f3dc21.ppt