Wie funktioniert die LRZ-Benutzerverwaltung technisch?
In principle, four types of records are recorded in the LRZ user administration:
- Institutions - see What is an institution?
- Projects - see What is a LRZ project?
- Users - see What does the field "User name" mean?
- Accounts - see What ist an LRZ-account?
An institution can have any number of projects; each user belongs to one or more institutions and can have any number of accounts.
The entry of institutions and projects is done by the LRZ advisors - see What does an LRZ advisor do?
Master users maintain the contact information of users and can create and delete accounts - see Why do I have to enter the user's personal data when creating or editing an account?
Users can, for example, configure their own e-mail addresses and find out about their current disk space usage.
LRZ advisors, master users and users use the IDM portal as a web-based interface to LRZ user administration.
The data is stored internally at the LRZ in a so-called directory service, which, unlike a relational database such as MySQL, is not accessed via the SQL language, but via the LDAP protocol. This has the advantage that a number of LRZ services such as VPN can access the central database directly (since the services are "LDAP-enabled") and do not require their own user administration. Only a few LRZ services are still not directly connected to the directory service, but are regularly supplied with the user and account data relevant to them. For this reason, there may be short delays before new accounts can be used - see How long does it take before a newly created account can be used?
The use of directory services also has the advantage that selected data from directory services of other institutions can be transferred to the LRZ database relatively easily; corresponding procedures are used, for example, for accounts of the LMU, the TUM and the Munich University of Applied Sciences.