1
|
<!--
|
2
|
* ldap.html
|
3
|
*
|
4
|
* Authors: Jivka Bojilova
|
5
|
* Copyright: 2000 Regents of the University of California and the
|
6
|
* National Center for Ecological Analysis and Synthesis
|
7
|
* For Details: http://www.nceas.ucsb.edu/
|
8
|
* Created: 2000 April 5
|
9
|
* Version: 0.01
|
10
|
* File Info: '$Id: ldap.html 881 2001-12-18 19:50:12Z berkley $'
|
11
|
*
|
12
|
* October Meeting SDSC, 2000
|
13
|
-->
|
14
|
<HTML>
|
15
|
<HEAD>
|
16
|
<TITLE>Metacat</TITLE>
|
17
|
<link rel="stylesheet" type="text/css" href="@docrooturl@default.css">
|
18
|
</HEAD>
|
19
|
<BODY>
|
20
|
<table width="100%">
|
21
|
<tr>
|
22
|
<td class="tablehead" colspan="2"><p class="label">LDAP for User
|
23
|
Authentication in Metacat</p></td>
|
24
|
<td class="tablehead" colspan="2" align="right">
|
25
|
<a href="./xmlindex.html">Back</a> |
|
26
|
<a href="./metacattour.html">Home</a> |
|
27
|
<a href="./metacatout.html">Next</a>
|
28
|
</td>
|
29
|
</tr>
|
30
|
</table>
|
31
|
<p><b>Network of LDAP servers</b></p>
|
32
|
<p>In the distributed network of Metacat servers, network of LDAP servers
|
33
|
is implemented as a distributed storage of Metacat's users.
|
34
|
Any Metacat instance running on particular site is configured to use
|
35
|
certain LDAP instance both usually running on the same host.
|
36
|
Several Metacat instances can use one LDAP instance. </p>
|
37
|
|
38
|
<P> <img src="KNB-LDAP-system-small.gif"> </p>
|
39
|
|
40
|
<p>
|
41
|
The distributed scheme of LDAP servers represents a hierarchy of nodes
|
42
|
where in the leaves are the particular users used by the Metacat servers
|
43
|
for authentication.
|
44
|
<br>
|
45
|
The LDAP tree starts from the root context for the Knowledge
|
46
|
Network of Biocomplexity.:
|
47
|
<pre> dc=ecoinformatics,dc=org </pre>
|
48
|
The nodes on the second level represent the subtrees of the major Metacat
|
49
|
sites such as NCEAS, LTER, etc.: </p>
|
50
|
<pre>
|
51
|
o=NCEAS,dc=ecoinformatics,dc=org <br>
|
52
|
or <br>
|
53
|
o=LTER,dc=ecoinformatics,dc=org </pre>
|
54
|
|
55
|
Look at the example for the
|
56
|
<a target="_top" href="entries-init.ldif">initial entries of KNB main tree</a>
|
57
|
. <br><br>
|
58
|
|
59
|
The third level contains the nodes of the particular users and groups.
|
60
|
Users can be organized in groups. This allow Metacat to control access
|
61
|
to a group of users.
|
62
|
|
63
|
<pre>Definition of KNB development group at NCEAS:
|
64
|
dn: cn=knb-dev,o=NCEAS,dc=ecoinformatics,dc=org
|
65
|
objectClass: top
|
66
|
objectclass: groupOfUniqueNames
|
67
|
cn: knb-dev
|
68
|
uniqueMember: uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
|
69
|
uniqueMember: uid=bojilova,o=NCEAS,dc=ecoinformatics,dc=org
|
70
|
uniqueMember: uid=berkley,o=NCEAS,dc=ecoinformatics,dc=org
|
71
|
uniqueMember: uid=higgins,o=NCEAS,dc=ecoinformatics,dc=org
|
72
|
uniqueMember: uid=harris,o=NCEAS,dc=ecoinformatics,dc=org
|
73
|
description: KNB development group at NCEAS </pre>
|
74
|
|
75
|
Look at the example for a
|
76
|
<a target="_top" href="entries-groups.ldif">group entry in KNB</a>.
|
77
|
<br><br>
|
78
|
|
79
|
<pre>Definition of a user from NCEAS subtree:
|
80
|
dn: uid=bojilova,o=NCEAS,dc=ecoinformatics,dc=org
|
81
|
objectClass: top
|
82
|
objectclass: person
|
83
|
objectClass: organizationalPerson
|
84
|
objectClass: inetOrgPerson
|
85
|
objectclass: uidObject
|
86
|
uid: bojilova
|
87
|
cn: Jivka Bojilova
|
88
|
sn: Bojilova
|
89
|
givenName: Jivka Bojilova
|
90
|
title: Data Integration Developer </pre>
|
91
|
|
92
|
Look at the example for <a target="_top" href="entries-users.ldif">
|
93
|
user entries in KNB</a>.<br><br>
|
94
|
|
95
|
Any LDAP subtree can reside on remote site. In that case the main tree holds
|
96
|
referrals to all remotely running LDAP servers.
|
97
|
<br><br>
|
98
|
|
99
|
Look at the example for <a target="_top" href="entries-refs.ldif">
|
100
|
referral entries in KNB</a>.<br><br>
|
101
|
</p>
|
102
|
|
103
|
<br>
|
104
|
<a href="./acontrol.html">Back</a> | <a href="./metacattour.html">Home</a> |
|
105
|
<a href="./metacatout.html">Next</a>
|
106
|
</BODY>
|
107
|
</HTML>
|
108
|
|