The central LDAP Directory Service is a network-accessible database that provides information about people, applications, and workgroups. The most common use of the Directory Service is to protect web pages (in conjunction with WebAuth and Shibboleth) and to support workgroup integration into applications.
The service is based on a set of Debian Linux servers running OpenLDAP software. The servers are integrated into the Stanford Kerberos realm and directory access controls depend on Kerberos principals for all but anonymous access.
The current Directory Service requirements exceed the capacity of a single server. The Directory Service is load balanced using a combination of hardware and DNS load balancers. This architecture allows the Directory Service to be deployed across geographically diverse locations. This ensures that the service is highly available and will continue to be available even in the event of a major campus outage.
There are several benefits to using the Directory Service including:
- High speed — supports a high number of concurrent reads.
- Routes the Stanford.EDU domain email for the central SMTP service.
- Routes email for the Email Virtual Domain service.
- Stores PosixAccount information for Stanford Users.
- Stores PosixGroup information for Stanford Workgroups.
- Provides white pages services for Stanford users that have marked their information as world visible in StanfordYou.
- Stores data for StanfordWho, the web application for searching for people and organizations.
- Stores the workgroups used by WebAuth to control access to web pages.
Faculty, staff, and students; guest accounts.
Access to personal information requires Kerberos authentication.
May be used to store Low and Moderate Risk Data, as defined by the Information Security Office.
Free of charge
For accessing the directory information, see Requesting Access.
For assistance, please submit a Help request.