Bug #272
closedinstall production root LDAP server
0%
Description
Need to install the 'production' root LDAP server on ecoinfo so that it can be
used by the production metacat server. The hostname will be
'ldap.ecoinformatics.org'. It should be accessible via SSL.
This new LDAP server will use the DN convention that bojilova has worked out. It
will be of the form:
uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
uid=oeddins,o=LTER,dc=ecoinformatics,dc=org
The organization component (o=NCEAS) will be used to determine referrals from
one LDAP server to another. By default, all queries will be handled by the
ecoinfo root LDAP server, unless the organization is handled by referral (e.g.,
o=LTER), in which case it will be referred.
Need to coordinate this with installation of an LDAP interface on the LTER
personell database.
Related issues
Updated by Matt Jones about 23 years ago
Installed and configured openldap 2.0.11 on ldap.ecoinformatics.org, and
configured it for both ldap and ldaps operation. It currently contains the root
tree for ecoinformatics.org ("dc=ecoinformatics,dc=org"), and a tree for the
NCEAS subtree ("o=NCEAS,dc=ecoinformatics,dc=org"). Added the KNB developers at
NCEAS to the user list -- need to flesh this out further, but many existing
users will be added through the LTER subtree, so will wait for it to be available.
Server must currently be started from the command line (rather than using the
"init.d/ldap start") because slapd interactively prompts for the certificate key
password. So... from the command line on ecoinfo run:
slapd -u ldap -h "ldap:/// ldaps:///"
to start the server.
TODO:
1) Add referral to LTER ldap server
2) Set up web-based gateway for adding and modifying user accounts, which will
be a way to register for the KNB. This will need to deal with new, previously
unknown organizations on the fly, and refer new requests from LTER people to the
LTER personell db.
Updated by Matt Jones almost 23 years ago
Referral to LTER server now works.
Created web-based system for creating new accounts and changing a user's
password. See the ldapweb.cgi script in the CVS webmdentry module.
DONE.
Updated by David Blankman over 22 years ago
Because of problems with the server space.lternet.edu, a new production LDAP server needs to be
setup. It is possible that this may not hve to be done if the metacat/ldap problems can be fixed.
Updated by Matt Jones over 22 years ago
The root ldap server works fine. This bug need not have been reopened. The
referral to the lter server has been changed to point to their new host
(knb.lternet.edu).