Welcome Services Getting Started Support and Tools Documentation  
 
 

CalNetAD Planning Committee

September 16, 2004

Room 60, Barrows Hall, 2-2:45 PM

Data Center, 3-3:30 PM

Updated: 10/08/2004

 

Agenda

 

  1. New Staff Introductions (Mike)

  2. Upgrade to Server 2003 (John Weber)

  3. New Synchronization Process (Karl)

  4. Other Business

Notes

 

New Staff Introductions

Welcome to John Weber and Michael Leefers.

 

Upgrade to Server 2003

Powerpoint presentation on CalNetAD's upgrade to Server 2003

 

New Synchronization Process

A new version (version 3) of the synchronization process between the CalNet Directory and CalNetAD is ready to move into production.

The new version has three major enhancements:

  1. Changes in CalNet are now read from the LDAP change log and are fed to CalNetAD using a Java Message Service (JMS)-based message queue. The net effect of this new 'real-time' process is to eliminate the 12-24 hour delay inherent in the current batch process.

  2. The synchronization process now supports having multiple values in the AD "altSecurityIdentities" attribute which holds mappings for X.509 certificates and external Kerberos user principals. ...However, this new support will break any existing private (non-CalNetID-based) account which has an identical Kerberos name mapping configured. Since two accounts with mappings to the same external Kerberos principal causes an ambiguity, authentication using the external Kerberos account will fail. To avoid this, please make sure that any private (non-CalNetID-based, usually named starting with "!") accounts that you administer do not have a mapping to a valid CalNet Kerberos principal once the new synchronization process begins.

  3. Synchronization of the email address (mail) attribute for Faculty and Staff has been added to the process. Unfortunately, we have not been able to add this feature to our student accounts at the present time because of FERPA restrictions. If you would like to ensure that a specific e-mail address appears in a CAMPUS domain user's account information, please make sure that the e-mail address is currently present in the CalNet Directory information for that faculty or staff person.

The CalNetAD team is planning to move the new process into production on Monday, September 20, 2004 unless you identify any major issues with this new version.

 

Other Business

 

 

  
Contact Us