Project

General

Profile

Bug #272

install production root LDAP server

Added by Matt Jones about 18 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
08/31/2001
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
272

Description

Need to install the 'production' root LDAP server on ecoinfo so that it can be
used by the production metacat server. The hostname will be
'ldap.ecoinformatics.org'. It should be accessible via SSL.

This new LDAP server will use the DN convention that bojilova has worked out. It
will be of the form:
uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
uid=oeddins,o=LTER,dc=ecoinformatics,dc=org

The organization component (o=NCEAS) will be used to determine referrals from
one LDAP server to another. By default, all queries will be handled by the
ecoinfo root LDAP server, unless the organization is handled by referral (e.g.,
o=LTER), in which case it will be referred.

Need to coordinate this with installation of an LDAP interface on the LTER
personell database.


Related issues

Blocked by Metacat - Bug #271: production metacat installResolved08/31/2001

Blocked by Metacat - Bug #278: Install production o=LTER LDAP ServerResolved09/04/2001

History

#1 Updated by Matt Jones almost 18 years ago

Installed and configured openldap 2.0.11 on ldap.ecoinformatics.org, and
configured it for both ldap and ldaps operation. It currently contains the root
tree for ecoinformatics.org ("dc=ecoinformatics,dc=org"), and a tree for the
NCEAS subtree ("o=NCEAS,dc=ecoinformatics,dc=org"). Added the KNB developers at
NCEAS to the user list -- need to flesh this out further, but many existing
users will be added through the LTER subtree, so will wait for it to be available.

Server must currently be started from the command line (rather than using the
"init.d/ldap start") because slapd interactively prompts for the certificate key
password. So... from the command line on ecoinfo run:

slapd -u ldap -h "ldap:/// ldaps:///"

to start the server.

TODO:
1) Add referral to LTER ldap server
2) Set up web-based gateway for adding and modifying user accounts, which will
be a way to register for the KNB. This will need to deal with new, previously
unknown organizations on the fly, and refer new requests from LTER people to the
LTER personell db.

#2 Updated by Matt Jones almost 18 years ago

Referral to LTER server now works.

Created web-based system for creating new accounts and changing a user's
password. See the ldapweb.cgi script in the CVS webmdentry module.

DONE.

#3 Updated by David Blankman over 17 years ago

Because of problems with the server space.lternet.edu, a new production LDAP server needs to be
setup. It is possible that this may not hve to be done if the metacat/ldap problems can be fixed.

#4 Updated by Matt Jones over 17 years ago

The root ldap server works fine. This bug need not have been reopened. The
referral to the lter server has been changed to point to their new host
(knb.lternet.edu).

#5 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 272

Also available in: Atom PDF