• Search site
• A-Z
• Directory
• myUVM

• UVM Home
• Computing & Information Technology: LDAP Project
  • Project Definition
  • LDAP Background Information
  • Requirements
  • Evaluation Criteria
  • Comparison Matrix
  • General Object Classes
  • UVM Object Classes
  • Who Can See My Information?
  • CSO to LDAP mapping
  • Schema Files
  • Example Entries
  • Comments
  • Submit Comments

Evaluation Criteria

All LDAP products will be evaluated on how well they meet the requirements. This page will discuss what each of the requirements means so it can be evaluated.

1. Be the corporate directory for UVM
1. Support 100,000 entries
2. Have an entry for every person affiliated with UVM
1. This is covered by 1.
3. Directory lookups
1. Have an interface that can be used by email clients for finding addresses
2. Have a human interface (ph command replacement)
3. Have a web search interface
4. Have a mass mailing extraction tool:
   • The ability to do an ad-hoc query to collect a group of email addresses (like all Senior English students) and then send them an email message.
   • This needs to be locked down so not everyone in the world can do it...
4. List every affiliation a person has with UVM
1. Multiple instances of the "affiliation" field per record
5. Private entries
1. Ability to flag entries in such a way that the only information that can be found is the email alias or aliases of the entry for general access (full access for administrators)
6. Web interface (a.k.a. UVM White Pages)
1. Have a web interface that allows people to update their own entries
7. Aliases that expand to multiple email addresses
1. Allow the creation of a departmental mail alias record which will cause the mail to be sent to multiple real email addresses (example today's CIT@uvm.edu without the necessity of having a cit@zoo.uvm.edu account to actually forward to the three people)
8. Provide the "network id" for every person affiliated with UVM
1. Have a field in the database designated "network id"
9. Provide authentication services by deferring to DCE security server
1. Kerberos 5 integration must be available and implemented
10. Provide a method for people to change their DCE password via the LDAP server
1. Kerberos 5 integration must be complete
11. Kerberos/DCE password strength/validity requirements enforcement
1. The LDAP interface must enforce the password requirements of the Kerberos server
2. The LDAP interface must inform the user their password has expired and force them to change it
12. Not cost a fortune
1. Cheaper that does the same function is better.
13. Allow people to update the same fields in their LDAP entry they can update in their CSO entry today
1. Define the schema to allow just those fields to be updated and make sure it works.

Last modified April 27 2001 11:26 AM