OpenLDAP is a distributed directory containing various attributes which comprise a digital identity (NetID). Examples of attributes include affiliation, name, and postal information. Values of these attributes can be used to supply applications with required user data and authorization information. LDAP can also perform user authentications through the use of Kerberos and works in support of other authentication platforms, such as CAS.
The University’s current OpenLDAP implementation is a multi-tiered replicated infrastructure. Data is replicated between all nodes, which are distributed among multiple data centers. The OpenLDAP infrastructure has been designed with performance, data integrity and high availability as its core tenants.
Write operations are received by the master LDAP servers, and the data is then replicated to the rest of the OpenLDAP nodes. The replica nodes are the nodes that data is read from. They hold the LDAP data in memory at all times to increase the speed in which they can service requests for data. The nodes are distributed between our two data centers and Azure. Under nominal conditions all LDAP requests will be pointing at one of the replica nodes. We have a high-availability pair of load-balancers that will forward requests to the least busy, non-Azure node. The name spaces (i.e. master.ldap.uconn.edu and ldap.uconn.edu) are controlled by our Infoblox system. In cases of a disaster, one of the Infoblox nodes, either on campus or in Hartford will automatically re-point the workload to Azure.
The IAM team can provide reports of LDAP data upon request.