UCSB Identity hosts and maintains a directory farm, on campus and in the cloud. Many campus services authenticate directly against it. However, a new policy going forward is to use campus Single Sign-On (SSO) for all authentication and authorization, providing a layer that simplifies application deployment and improves security.
LDAP
The LDAP represents a consolidation of data for people at UCSB, and certain applications may require a data extract to update their data store.
Host: ldap.ucsb.edu
Port: 636
Directory Tree & Objectclasses
o=ucsb
ou=people
person
organizationalPerson
inetOrgPerson
eduPerson
ucEduPerson
ucsbPerson
dn: uid=netid,ou=people,o=ucsb
ou=applications
person
inetOrgPerson
dn: uid=netid,ou=applications,o=ucsb
LDIF Example
dn: uid=netidexample,ou=People,o=UCSB objectClass: ucEduPerson objectClass: eduPerson objectClass: ucsbPerson objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: Ken Ldif sn: Ldif departmentNumber: STSP displayName: Ldif, Ken eduPersonPrincipalName: netidexample@ucsb.edu eduPersonScopedAffiliation: employee@ucsb.edu eduPersonScopedAffiliation: member@ucsb.edu eduPersonScopedAffiliation: student@ucsb.edu employeeNumber: 99999999 givenName: Ken initials: J mail: netidexample@umail.ucsb.edu UCEmployeeID: 99999999 UCnetID: 8888888 ucsbAdmID: 77777777 ucsbAffiliation: employee ucsbAffiliation: student ucsbAffiliation: umail ucsbCampusID: CEBB11EA-3E3A-11EB-905A-4316F7583846 ucsbCufn: Kenny ucsbDisplayDept1: STSP ucsbDOB: 01/01/1920 ucsbEmailBusiness1: netidexample@umail.ucsb.edu ucsbEmailStudent: netidexample@umail.ucsb.edu ucsbEmpStatus: A ucsbEmpType: 4 ucsbHomeDepartment: STSP ucsbMailCode: 3070 ucsbMiddleName: Jay ucsbPPSID: 666666666 ucsbRelease: public ucsbReleaseStudent: Y ucsbReleaseStuEmail: N ucsbStuPerm: 5555555 ucsbStuRegStat: R ucsbStuType: U ucsbTitle: STDT VOLUNTEER ucsbTitleCode: 009920 UCTrustAssurance: bronze UCTrustCampusIDShort: SB0000999999 uid: netidexample
Active Directory
Netid.ucsb.edu: One-way trust is up-and-running!
- Request a one-way trust to netid.ucsb.edu through UCSB ServiceNow>IT Service Catalog>Advanced Technical Services>Identity and Access.
- Netid is ‘read-only’; UCSB Identity is the source of truth for all user objects.
- Three successful trust relationships with netid.ucsb.edu include Life Science, College of Engineering and the Library
What are the Process and Prerequisites?
Reasons to Join the One-Way Trust:
- Departments can make use of Identity provisioned user accounts using a one-way trust with netid.ucsb.edu.
- Less administrative overhead due to account provisioning means fewer headaches for administrators and fewer credentials for a user to remember and secure.
What’s next?
- Over the next six months, the Campus Active Directory technical team will be creating three development environments (netid, Resource Domain, Azure Tenant) to develop additional features for the service, which may include: two-way trusts, single forests and delegated management. This will be Phase III.
Questions?
- For more information, please visit https://www.identity.ucsb.edu/services/directory-services
- Or submit an IT Support Ticket: Other Identity/Access Management Request
About Campus Active Directory
With campus Active Directory, we will leverage campus Identity & Access Management (IAM) solution(s) to provide a compelling campus service; offering efficient and supportable campus Active Directory services through standardization, application of best practices, and the reduction of unnecessary duplication. This project focuses on the Active Directory lifecycle, management of resources, and service access management by analyzing current directory services and support structure on campus. The project end-state is to create a future model that achieves cost savings through greater efficiency.