Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

New LDAP server LSP Announcment

sent on February 4, 2005

This is a follow up to the email sent on January 20th regarding Penn's new Online Directory. At the time the new Online Directory goes live on February 7th, ISC Networking & Telecommunications will activate a new LDAP server.

This email will provide additional detail about the relationship between the new Online Directory and Penn's new LDAP server along with information about how supported email clients will interact with the new LDAP server.

Who's affected?

Changes to how information is displayed and managed in the new Directory and the new LDAP server will primarily affect any individual with a student, faculty, or staff affiliation at Penn.

What's changing?

1) The new LDAP server will provide Public View and Penn View data sets:

The new LDAP server will provide information in the same way that information is presented in the new Online Directory. Without any changes to email client configuration, the server will deliver Public View data to users' email clients

However, if a user wishes to see the richer set of data available in the Directory's Penn View, some email clients will permit configuration changes to facilitate a PennKey-authenticated query of the server.

Please be aware, however, that limitations in email client features may limit which elements of both the Penn View and Public View data sets are displayed.

2) PH and Whois protocols will be retired:

Since the new server will afford a more complete set of contact information via a PennKey authenticated view, PH and Whois lookup capabilities will be retired at the time the new Directory goes live.  For the past several weeks, ISC Networking Services has been sending notices to LSPs listing users of those protocols. Whois acts as the basis for Directory lookups for some host-based email applications like Elm.  Please be aware that this feature will no longer work on those applications once Whois is retired.

When are LDAP changes occurring?

The new LDAP server will be put into production on Monday February 7th, when the preview period for updating listings ends and the new Online Directory is made available to the general public for searching.

What might users notice?

1) There is a lag between Directory updates and LDAP updates :

Just as with the old LDAP server, changes made by users in the new Online Directory are fed to the new LDAP server via a nightly process.  With this in mind, queries made to the new LDAP server via email clients will not reflect changes made in the new Directory until the next day.

2) Some email client configuration changes may be needed to see Penn View data :

The new LDAP server will provide the same information presented in the Public View of the new Online Directory without any configuration change to supported email clients.

Only some supported email clients permit configuration changes to facilitate a PennKey-authenticated query of the server, and limitations in email client features may limit which elements of both the Penn View and Public View data sets are displayed.

Mozilla and Apple & Address Book for OS X 10.3.x support authenticated access to Penn's new LDAP server. Users of these supported email clients who wish to gain access to the Penn View data can update their client configurations to do so. Feature limitations of some email clients may limit the Penn View data that is displayed via the PennKey authenticated configurations.

Users will continue to have access to the Public View data even if no changes are made to their current, legacy configurations.

Eudora and Apple Mail & Address Book for OS X 10.2.x do not support authenticated querying of the LDAP server. However, users of these applications will continue to have access to Public View data via their current, legacy configurations. ISC is working closely with Qualcomm to incorporate authenticated LDAP query support into a future version of Eudora.

Outlook 2003 is primarily designed for use with MS Exchange servers. With that in mind, its ability to access Penn's current LDAP server has been inconsistent, and this behavior will continue with the new LDAP server.

A revised set of email client configuration instructions is available at:

http://www.upenn.edu/computing/help/doc/email/directory.html

3) Over time, less information may appear in unauthenticated LDAP queries :

While it is not necessary to make changes to legacy email client configurations immediately, over time it is likely that less information will be available via legacy configurations than via the new authenticated configurations as people take advantage of the privacy settings in the new Online Directory. This spring's email client evaluation effort will take this into consideration, and ISC expects to include authenticated configurations into future installers for supported email clients.

How do I report problems with the application?

You can report problems with the new Online Directory application to the Provider Desk by writing to prodesk AT isc.upenn.edu , or by calling 3-4017.

Where can I learn more?

You can learn more about the new Online Directory and the new LDAP server by visiting the Online Directory transition page available via the link off the Provider Web:

http://www.upenn.edu/computing/provider/nod/

 
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania