Overview: Oak LDAP service
Oak LDAP is a directory service that supports authorisation and access control for IT services
Oak LDAP is a directory of information about people and their University association(s) that can be used to make authorisation decisions by IT service providers in the University.
Key data available through the service includes:
- People, including basic details such as name, unique identifiers, email addresses and University membership type
- Unit affiliations between people and departments, faculties and colleges, including basic details for those units
- Membership of key ITSS groups
Where textual attributes are provided, such as names of people or units, these are only intended to be used for display purposes. Oak LDAP is not intended to be used as a source of data for import into other systems. If you are looking for a source of people data then look at the Core User Directory, and for managing groups look at Group Store.
Examples of use
The following authorisation policies could be implemented using data in Oak LDAP:
- Only people affiliated with department D can access service S
- Only ITSS can access service T
- Only members of the University can access service U
The directory contains entries for all University members, and some non-members such as virtual access card holders.
Oak LDAP is normally accessible on four IP addresses spread across two or more data centres. DNS records for ldap.oak.ox.ac.uk contain current details. Clients can use failover methods to ensure continuity in the event of service maintenance or partial outages.
Oak LDAP community
The Oak LDAP mailing list (email@example.com) is open to all University members. It is used for service announcements (schema changes, technology-related changes) and for general discussion relevant to Oak LDAP.
If you cannot find the solution you need here then we have other ways to get IT support