LDAP Services

An LDAP directory is a hierarchical collection of attributes tuned to accommodate extremely fast searches and high throughput (along the order of 100,000 searches per second). HUIT’s LDAP directory (the acronym stands for Lightweight Directory Access Protocol) acts as an official University attribute authority for Harvard University ID (HUID) holders and Extended ID (XID) holders.

The University LDAP Service offers a range of attribute data which vary according by populations.  Available data on XID holders is limited to name, email, login, and expiration date. However, data on HUID holders extends to multiple variations on name, all more core indicative and contact data, privacy data, job and/or student status information, and limited set of attributes for Alumni. Current uses of LDAP include:

  • Authorization of application users to restrict access to an intranet
  • Enhancement of applications with data, such as pre-populating forms to reduce user data entry
  • Enabling access to administrative data for use by a billing system
  • Serving up an online whitepages-type directory reflecting individuals’ directory privacy preferences

 

Requesting Access to LDAP

  1. Contact IAM_help@harvard.edu to start the conversation about gaining access to University LDAP.
  2. The IAM product team will discuss your project-specific requirements with you and broker approval for access to data with data owners when needed.
  3. Access will be granted to a test instance, for development and testing, followed by cutover to production.
  4. Please allow a minimum of one month for administrative review of your request for access to LDAP data.

 

Report LDAP Issues

To contact the IAM Product team with questions or to report an issue, email: IAM_help@harvard.edu.

 

University LDAP Service Details

Highly Available

LDAP services are up and running around the clock.  These services provide the foundation for Authentication and Authorization services.

Continuously Updated

The HUIT Identity Registry is the source of data for University LDAP.  The Registry is updated daily from several source systems of record: the University Human Resource Management System, the my.harvard student information system, the Division of Continuing Education student information system, the Alumni system.  Other updates are made using MIDAS (non-employee, non-student person of interest (POI) identities and Library Borrowers.  The HUIT Provisioning Service continuously updates LDAP as identity related data is updated in the Registry.

In 2018, previously separate directory instances were combined into a single instance.  This ‘Unified LDAP’ enables applications to integrate with a single instance for both authentication and attributes.  

 

Reference Materials

Please note that aside from the first item in this list, all materials require you to login with your HUID and password before viewing or downloading.