Bug #272

install production root LDAP server

Added by Matt Jones about 21 years ago. Updated over 20 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Need to install the 'production' root LDAP server on ecoinfo so that it can be
used by the production metacat server. The hostname will be
''. It should be accessible via SSL.

This new LDAP server will use the DN convention that bojilova has worked out. It
will be of the form:

The organization component (o=NCEAS) will be used to determine referrals from
one LDAP server to another. By default, all queries will be handled by the
ecoinfo root LDAP server, unless the organization is handled by referral (e.g.,
o=LTER), in which case it will be referred.

Need to coordinate this with installation of an LDAP interface on the LTER
personell database.

Related issues

Blocked by Metacat - Bug #271: production metacat installResolved08/31/2001

Blocked by Metacat - Bug #278: Install production o=LTER LDAP ServerResolved09/04/2001


#1 Updated by Matt Jones almost 21 years ago

Installed and configured openldap 2.0.11 on, and
configured it for both ldap and ldaps operation. It currently contains the root
tree for ("dc=ecoinformatics,dc=org"), and a tree for the
NCEAS subtree ("o=NCEAS,dc=ecoinformatics,dc=org"). Added the KNB developers at
NCEAS to the user list -- need to flesh this out further, but many existing
users will be added through the LTER subtree, so will wait for it to be available.

Server must currently be started from the command line (rather than using the
"init.d/ldap start") because slapd interactively prompts for the certificate key
password. So... from the command line on ecoinfo run:

slapd -u ldap -h "ldap:/// ldaps:///"

to start the server.

1) Add referral to LTER ldap server
2) Set up web-based gateway for adding and modifying user accounts, which will
be a way to register for the KNB. This will need to deal with new, previously
unknown organizations on the fly, and refer new requests from LTER people to the
LTER personell db.

#2 Updated by Matt Jones almost 21 years ago

Referral to LTER server now works.

Created web-based system for creating new accounts and changing a user's
password. See the ldapweb.cgi script in the CVS webmdentry module.


#3 Updated by David Blankman over 20 years ago

Because of problems with the server, a new production LDAP server needs to be
setup. It is possible that this may not hve to be done if the metacat/ldap problems can be fixed.

#4 Updated by Matt Jones over 20 years ago

The root ldap server works fine. This bug need not have been reopened. The
referral to the lter server has been changed to point to their new host

#5 Updated by Redmine Admin over 9 years ago

Original Bugzilla ID was 272

Also available in: Atom PDF