Versions Compared

Old Version 7

changes.mady.by.user Etan Weintraub (johnshopkins.edu)

Saved on

compared with

New Version 8

changes.mady.by.user Nathan Dors (washington.edu)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. What directory product or product(s) are you using?
  2. If you are using more than one product, are you synchronizing them, and if so, how?
  3. Are the standard object classes sufficient for your needs?
  4. Are you using static groups, dynamic groups (groups who's membership changes based on data in the directory), or a mixture of both? Why?
  5. If you are using static groups, how do you go about generating them? Are they on an as-needed basis? Are they created by hand? Is there an automatic tool that creates the base structure for you?
  6. If you are using dynamic groups, how do you go about generating them? Are they created dynamically, or just populated dynamically? Are they created/populated from basic LDAP filters, or is more complex coding required?
  7. Do you use groups for authorization, base authorization on attributes, or release attributes to applications for the applications to determine if a user is authorized?
  8. If you use groups for roles, then how, if you do, do you address exceptions to the roles/group membership?
  9. How many groups do you have in LDAP?
  10. Do your group memberships include "external" people? ("external people" meaning people that do not exist in your local authentication management system.) If so, how do you link them to the group?
  11. Are your end users able to create groups directly or do they need to request to have one created by central IT staff?
  12. How do you handle removing deleted users from a group?
  13. How many members does your largest static group have? How is this large membership maintained?
  14. Do you have groups that mirror affiliations - such as an alum affiliation and an alum group?
  15. Do you maintain group memberships based on data provisioned from other systems of record (e.g. course groups or student major groups from your student information system, or employee groups from your HR/Payroll system)? If so, please describe.
  16. Do you support protected group memberships (where not everyone can view the membership)? If so, what are the security and/or compliance drivers for protecting them (e.g. FERPA)? have protected groups (one's that not everyone can see the membership)?
  17. How do you handle group naming policy? Do you allow special characters, alpha-numerics alphanumeric characters only, spaces? How many characters do you allow the group name to be?
  18. Are users allowed to choose their own group names (via delegated naming authority), or are they assigned by a central authority (such as your help desk)?
  19. Are users able to manage and change their group membership on their own?
  20. Are people allowed to create groups that they are not members of?
  21. What are the top 3 tools you would like to see available for group management?
  22. What other issues do you currently have with group management?
  23. Do you encourage group reuse where applicable, for example - two groups have identical memberships based on similar or identical membership rules such that only one of the groups is actually necessary? If so, how do you detect the similarities?