Skip to content Skip to site navigation

Directory Service

In September 2021, rates will change for some of the technology services provided by University IT. To view the majority of our planned rate changes for services that are broadly available to our community, please visit this page. For more information, please visit the rates section of our website.

The central LDAP Directory Service is a network-accessible database that provides information about people, applications, and workgroups. The most common use of the Directory Service is to protect web pages (in conjunction with WebAuth and Shibboleth) and to support workgroup integration into applications.

Features

 

The service is based on a set of Debian Linux servers running OpenLDAP software. The servers are integrated into the Stanford Kerberos realm and directory access controls depend on Kerberos principals for all but anonymous access.

The current Directory Service requirements exceed the capacity of a single server. The Directory Service is load balanced using a combination of hardware and DNS load balancers. This architecture allows the Directory Service to be deployed across geographically diverse locations. This ensures that the service is highly available and will continue to be available even in the event of a major campus outage.

There are several benefits to using the Directory Service including:

  • High speed — supports a high number of concurrent reads.
  • Routes the Stanford.EDU domain email for the central SMTP service.
  • Routes email for the  Email Virtual Domain service.
  • Stores PosixAccount information for Stanford Users.
  • Stores PosixGroup information for Stanford Workgroups.
  • Provides white pages services for Stanford users that have marked their information as world visible in StanfordYou.
  • Stores data for StanfordWho, the web application for searching for people and organizations.
  • Stores the workgroups used by WebAuth to control access to web pages.

 

Designed for

Faculty, staff, and students; guest accounts.

Requirements

Access to personal information requires Kerberos authentication.

Data security

May be used to store Low and Moderate Risk Data, as defined by the Information Security Office.

Rates

Free of charge

Get started

For accessing the directory information, see Requesting Access.

Get help

For assistance, please submit a Help request.

Learn more

Last modified November 17, 2020