Project

General

Profile

Bug #5128

access list does not show all dns in the LTER LDAP tree

Added by Margaret O'Brien over 10 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
morpho - general
Target version:
Start date:
08/04/2010
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
5128

Description

When adding access rules for individuals, not all the people in the LTER tree are available. It appears that missing folks are the relatively recent additions, eg, since about 2008, but I cannot be sure of that.
this might be related to bug 3596.


Related issues

Has duplicate Metacat - Bug #3360: Many LDAP users not showing up in 'getprincipals' searchIn Progress06/03/2008

History

#1 Updated by ben leinfelder over 10 years ago

see related bug for probable solution on the LTER ldap server:
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=3360

#2 Updated by Margaret O'Brien about 10 years ago

The LTER network has increased the number of entries its LDAP returns, per Ben's suggestion. However, they had an additional request, which might represent a better long-term solution:

From: http://rt.lternet.edu/Ticket/Display.html?id=13676
I want a IP# or space from which the knb
referrals will come as a temporary solution - and I want a metacat to
support authenticated queries from LDAP as the real solution. I don't
want to keep streaming our records out across the planet to spammers.

#3 Updated by ben leinfelder almost 8 years ago

Link the the ticket is dead.
We can't really provide a complete list of all the IP addresses that might follow the ldap referral to LTER. Sure, the KNB is one Metacat that utilizes this feature, but so is my laptop where I have a test instance of Metacat.

We are in the process of changing how we do user authentication (to use certificates and InCommon/CILogon) so I think of this as a low priority. Moreover, Morpho 2.0.0 pulls it's users from the CN account listing rather than from the MN so this will not be a Morpho issue for much longer. (We do, however, want Metacat to continue to retrieve the full list of usernames from the LTER referral as we support moth the Metacat and DataONE MN apis during this transition time.)

#4 Updated by ben leinfelder almost 8 years ago

This is a symptom of a server-side issue -- defer to that bug.

#5 Updated by Redmine Admin over 7 years ago

Original Bugzilla ID was 5128

Also available in: Atom PDF