Skip to end of metadata
Go to start of metadata

LDAP Integration with Vista

Several NAU affiliated populations will automatically have Vista accounts built on their behalf, as well as dynamic updating of those accounts.  Code which manages this integration reside on the Vista nodes:  prd1 and prd2, in account "ldap."  There are 4 separate jobs, each with a specific responsiblity:  account_build, account_update, account_build_affiliates, and account_build_overrides.  Each job is called by crontab, and runs once every hour,  except Thursday mornings, between 2AM and 8AM.  This is the predesignated Vista maintenance window with a 2 hour buffer added in cases of prolonged outages.

The 2 main jobs:  account_build and account_update; handle the following LDAP affiliations:  student, staff, faculty, instructor, future faculty, future instructor, future staff, and admitted.  "LDAP affiliation" is the LDAP attribute fetched from "naueduprimaryaffiliation", but any "secondary" affiliation is also covered by checking LDAP attribute "edupersonaffiliation."

Other affiliations needing Vista accounts are covered by jobs:  "account_build_affiliates" and "account_build_overrides."  The primary function of "account_build_affiliates" is to build Vista accounts for LDAP affiliations of "affiliate".  The primary function of "account_build_overrides" is to build Vista accounts for all other affiliations, such as "degree completed",  "recent student",  "previous faculty", etc.

Both account builds and updates are triggered by spool files, "scp"ed by LDAP to the Vista nodes, which are zero byte length files copied to the /spool directory.  Naming of these spool files designates which job will pick up and process the account.  Spool files named with an emplid (EG:  5194711) are assumed to be account builds and thus handled by "account_build".  Spool files named with a uid (EG: jmh42) are assumed to be account updates and are handled by "account_update".  Both processes will recognize a build versus an update and write back a uid or an emplid to the /spool subdirectory if necessary.  Spool files with a format of <uid>_override or <uid>_affiliate are handled by jobs account_build_override and account_build_affiliate respectively.  These spool files are written to the /spool subdirectory via the "VistaWebTools" web tool at:  Thus, both of these types of account builds are triggered by human intervention and not the automated process of LDAP triggering transactions.  Both of these jobs do reference LDAP for personal information.

All programs build and update Vista accounts by writing XML files which contain pertinent personal information and then push the XML files into Vista using the Vista API, "" which can be found in "$VISTA_HOME".  All account builds are verified by querying the Vista backend DB for confirmation.  XML files are achived at:  /home/ldap/accounts/xml/import/archive, but are cleaned out after 90 days. 

Several subdirectories in the /spool directory contain processed spool files.  These directories are:  ".goodbld", which holds IDs indicating a successful transaction; ".badbld", holds IDs indicating a failed transaction; ".noupdate", holds uids which the program determined did not need updating; ".nobld", which holds emplids of NAU users whose affiliation is not currently being processed.  Such affiliations are:  "applicant" and no LDAP affiliation.

Besides building and updating Vista accounts, these programs add records to override DB table "vista_member_info" if one doesn't already exist for a given user.  They also will build LDAP host accounts for host "" if one has not yet been built.

 Common code (subroutines and constants) are stored in Perl module "".

  • No labels