Lightweight Directory Access Protocol, or LDAP for short, is a tool to distribute "directory information" across a network of computers. Directory information can be anything from user names, computer names, passwords, phone numbers, network shares, or printers. If you are a Windows user, you may be familiar with the University's Active Directory system. Active Directory is actually Microsoft's custom implementation of LDAP.
We use LDAP to centralize authentication and authorization. Benefits of this approach are:
- Servers use the same account and password for a given user. This means you only need to remember one set of credentials.
- Network shares defined on file servers are available on all member servers. For example, an instructor who needs to distribute data files to her students can save them to a central location and students can use any one of our servers, or their personal machines, to run programs and analyze the data.
- Access to resources, such as servers and network shares, can be restricted and controlled easily. For example, a research study collecting sensitive data can restrict access to its project folders or servers to the members of a certain group. When a member leaves the study, removing them from the group ensures their access rights are revoked, without visiting each machine or configuring each share individually.
In our implementation of the protocol, we have chosen to use the University's Internet ID system for authentication. Access to our systems does not require a separate account so once your user ID is enabled in our LDAP system, you will be able to log in to our servers with your University account.