LDAP Services

A LDAP directory (the acronym stands for Lightweight Directory Access Protocol) is a hierarchical collection of attributes tuned to accommodate extremely fast searches and high throughput (along the order of 100,000 searches per second). HUIT’s LDAP directory acts as an official University attribute authority for anyone who has an Harvard University ID (HUID) or an Extended ID (XID).

The Harvard LDAP Service offers a range of attribute data which vary accordingly by populations.  Available data on XID holders is limited to name, email, login ID, and expiration date. However, data on HUID holders includes multiple variations on their name, all core indicative and contact data, privacy data, and job and/or student status information.  Note that the set of attributes for Alumni is more limited. Current uses of LDAP include:

  • Authorization of application users to restrict access to an intranet
  • Enhancement of applications with data, such as pre-populating forms to reduce user data entry
  • Enabling access to administrative data for use by a billing system
  • Providing an in-app directory reflecting individuals’ directory privacy preferences

 

Requesting Access to LDAP

  1. Contact IAM_help@harvard.edu to start the conversation about gaining access to Harvard LDAP.
  2. The IAM Product team will review your specific requirements with you and then broker any approval for access to data with data owners (when needed).
  3. Access will be first be granted to non-production instance, for development and testing, followed by a planned cutover to production.
  4. Please allow a minimum of one month for administrative review of your request for access to LDAP data.

 

Report LDAP Issues

To contact the IAM Product team with questions or to report an issue, email: IAM_help@harvard.edu.

 

Harvard LDAP Service Details

Highly Available

LDAP services are up and running around the clock.  These services provide one foundation for Authentication and Authorization services.

Continuously Updated

The HUIT Identity Registry is the source of data for the Harvard LDAP.  The Registry is updated daily from several source systems of record: the University Human Resource application, my.harvard (the student information system), the Division of Continuing Education's student information system, the Alumni application.  Other updates are made using MIDAS - the source system for person of interest (POI) identities and Library Borrowers.  The HUIT Provisioning Service continuously updates the LDAP as data is updated in the Registry.

In 2018, previously separate directory instances were combined into a single instance.  This ‘Harvard LDAP’ enables applications to integrate with a single instance for both authentication and authorization.  

 

Reference Materials

Please note that aside from the first item in this list, all materials require you to login with your HarvardKey before viewing or downloading.

LDAP Release Notes August 1 202032 KB