Project

General

Profile

Actions
Copy link

Bug #272

closed

install production root LDAP server

Added by Matt Jones over 22 years ago. Updated about 22 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Matt Jones
Category:
metacat
Target version:
Release1.0
Start date:
08/31/2001
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
272

Description

Need to install the 'production' root LDAP server on ecoinfo so that it can be
used by the production metacat server. The hostname will be
'ldap.ecoinformatics.org'. It should be accessible via SSL.

This new LDAP server will use the DN convention that bojilova has worked out. It
will be of the form:
uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
uid=oeddins,o=LTER,dc=ecoinformatics,dc=org

The organization component (o=NCEAS) will be used to determine referrals from
one LDAP server to another. By default, all queries will be handled by the
ecoinfo root LDAP server, unless the organization is handled by referral (e.g.,
o=LTER), in which case it will be referred.

Need to coordinate this with installation of an LDAP interface on the LTER
personell database.

Related issues

Blocked by Metacat - Bug #271: production metacat installResolvedChad Berkley08/31/2001

Actions
Blocked by Metacat - Bug #278: Install production o=LTER LDAP ServerResolvedDavid Blankman09/04/2001

Actions
Actions
Copy link
 #1

Updated by Matt Jones over 22 years ago

Installed and configured openldap 2.0.11 on ldap.ecoinformatics.org, and
configured it for both ldap and ldaps operation. It currently contains the root
tree for ecoinformatics.org ("dc=ecoinformatics,dc=org"), and a tree for the
NCEAS subtree ("o=NCEAS,dc=ecoinformatics,dc=org"). Added the KNB developers at
NCEAS to the user list -- need to flesh this out further, but many existing
users will be added through the LTER subtree, so will wait for it to be available.

Server must currently be started from the command line (rather than using the
"init.d/ldap start") because slapd interactively prompts for the certificate key
password. So... from the command line on ecoinfo run:

slapd -u ldap -h "ldap:/// ldaps:///"

to start the server.

TODO:
1) Add referral to LTER ldap server
2) Set up web-based gateway for adding and modifying user accounts, which will
be a way to register for the KNB. This will need to deal with new, previously
unknown organizations on the fly, and refer new requests from LTER people to the
LTER personell db.

Actions
Copy link
 #2

Updated by Matt Jones over 22 years ago

Referral to LTER server now works.

Created web-based system for creating new accounts and changing a user's
password. See the ldapweb.cgi script in the CVS webmdentry module.

DONE.

Actions
Copy link
 #3

Updated by David Blankman about 22 years ago

Because of problems with the server space.lternet.edu, a new production LDAP server needs to be
setup. It is possible that this may not hve to be done if the metacat/ldap problems can be fixed.

Actions
Copy link
 #4

Updated by Matt Jones about 22 years ago

The root ldap server works fine. This bug need not have been reopened. The
referral to the lter server has been changed to point to their new host
(knb.lternet.edu).

Actions
Copy link
 #5

Updated by Redmine Admin about 11 years ago

Original Bugzilla ID was 272

Actions
Copy link

Also available in: Atom PDF