Skip to content Skip to navigation

Directory Service

The central LDAP Directory Service is a network-accessible database that provides information about people, applications, and workgroups. The most common use of the Directory Service is to protect web pages (in conjunction with WebAuth and Shibboleth) and to support workgroup integration into applications.

The service is based on a set of Debian Linux servers running OpenLDAP software. The servers are integrated into the Stanford Kerberos realm and directory access controls depend on Kerberos principals for all but anonymous access.

The current Directory Service requirements exceed the capacity of a single server. The Directory Service is load balanced using a combination of hardware and DNS load balancers. This architecture allows the Directory Service to be deployed across geographically diverse locations. This ensures that the service is highly available and will continue to be available even in the event of a major campus outage.

Features

  • Fast — supports a high number of concurrent reads.
  • Routes the Stanford.EDU domain email for the central SMTP service.
  • Routes email for the  Email Virtual Domain service.
  • Provides the data for the Guest Accounts authentication system.
  • Stores PosixAccount information for Stanford Users.
  • Stores PosixGroup information for Stanford Workgroups.
  • Provides white pages services for Stanford users that have marked their information as world visible in StanfordYou.
  • Stores data for StanfordWho, the web application for searching for people and organizations.
  • Stores the workgroups used by WebAuth to control access to web pages.

Getting started

For accessing the directory information, see Requesting Access.

Learn more

Last modified May 15, 2013