...
The NORDUnet LDAP service (ldap.nordu.net) is the enterprise directory for NORDUnet. The primary purpose of the service is to function as a primary authoritative identity store for NORDUnet IT services.
Terminology
The following terminology is used in this documentwords MUST, SHOULD, MAY have the following meaning:
MUST NOT | Absolutely no exceptions. |
---|---|
SHOULD NOT | Use extreme caution. Breakage will have severe security implications. |
MAY | Use your own judgement. |
Change control
Any change to this policy MUST be approved by the NORDUnet security officer.
Applications
Applications that only need authenticated identity information (authentication and attributes) SHOULD NOT use the directory service directly. Instead any of the SSO services (eg SAML, crowd SSO) SHOULD be used. Exceptions to this rule must be approved by the NORDUnet security officer. Applications that only need non-authenticated information about objects in the directory MAY search the directory, however care MUST be taken not to expose sensitive information. All communications with the directory service SHOULD be done over a secure transport (eg TLS).
Directory structure
The structure of the Directory Information Tree (DIT) is as follows (relative to the base DN):
...