User Provisioning System:
All Skidmore employees and academic-year students are eligible for a Skidmore username which provides access to many campus electronic resources including email and the ability to login to the campus network. When an employee is hired or a student matriculates in a program information is stored in the provisioning system to allow the person to register for a Skidmore username and to create a password. The registration process creates a unique username of 8 characters or less based on the person’s first initial and last name. It also creates an email account, enters the person into Skidmore’s LDAP directories, and creates an Oracle account in the ERP system. Details on the registration process can be found here.
While the username generally stays with the person throughout their association with Skidmore, Enterprise Systems has the ability to change a username in the event of a legal name change. To promote data security Enterprise Systems enforces strong password rules when creating a password, and enforces a password change at least once in a calendar year. Click here for information on setting and changing passwords.
LDAP is an acronym for “Lightweight Directory Access Protocol”. As the name suggests, it is a protocol for accessing directories. In this context a “Protocol” is an agreed upon format for transmitting data between devices and a “directory” is a specialized database (a data repository). An LDAP directory can be compared to a telephone directory or a library card catalog.
Although LDAP refers to a protocol and not an actual device, servers that use the LDAP protocol to provide clients access to the LDAP directory information are often called LDAP servers. For instance, Skidmore uses OID (Oracle Internet Directory) and AD (Active Directory) which are loosely called LDAP servers because clients can communicate with them using the LDAP protocol.
One use of LDAP at Skidmore is for authentication and authorization. For instance, the Oracle Calendar in use at Skidmore uses the OID LDAP server. When a user logs into a calendar client, the username entered is used to locate the directory entry for that user name. The password entered is compared to the password found in their directory entry, and if it matches then the user is “authenticated”. Being “authenticated” in this case means that “they are who they say they are because they provided the right password”. Also found in the directory entry is the Calendar ID, which indicates which Calendar the user is “authorized” to access. The combined authentication and authorization gives the user access to their calendar. The LDAP protocol is used for all the communications between the Calendar client and the LDAP server.
Skidmore Web Directories:
Skidmore College maintains searchable on-line directories of students, faculty, and staff. Access to the student directory is limited to on-campus access only or to users with a valid Skidmore College username and password. Employee directory searches are open to all, but both the number of records returned and the information contained are restricted based on login status and on/off campus requests.