install production root LDAP server
Need to install the 'production' root LDAP server on ecoinfo so that it can be
used by the production metacat server. The hostname will be
'ldap.ecoinformatics.org'. It should be accessible via SSL.
This new LDAP server will use the DN convention that bojilova has worked out. It
will be of the form:
The organization component (o=NCEAS) will be used to determine referrals from
one LDAP server to another. By default, all queries will be handled by the
ecoinfo root LDAP server, unless the organization is handled by referral (e.g.,
o=LTER), in which case it will be referred.
Need to coordinate this with installation of an LDAP interface on the LTER
#1 Updated by Matt Jones over 20 years ago
Installed and configured openldap 2.0.11 on ldap.ecoinformatics.org, and
configured it for both ldap and ldaps operation. It currently contains the root
tree for ecoinformatics.org ("dc=ecoinformatics,dc=org"), and a tree for the
NCEAS subtree ("o=NCEAS,dc=ecoinformatics,dc=org"). Added the KNB developers at
NCEAS to the user list -- need to flesh this out further, but many existing
users will be added through the LTER subtree, so will wait for it to be available.
Server must currently be started from the command line (rather than using the
"init.d/ldap start") because slapd interactively prompts for the certificate key
password. So... from the command line on ecoinfo run:
slapd -u ldap -h "ldap:/// ldaps:///"
to start the server.
1) Add referral to LTER ldap server
2) Set up web-based gateway for adding and modifying user accounts, which will
be a way to register for the KNB. This will need to deal with new, previously
unknown organizations on the fly, and refer new requests from LTER people to the
LTER personell db.