Project

General

Profile

1
<!--
2
  * ldap.html
3
  *
4
  *      Authors: Jivka Bojilova
5
  *    Copyright: 2000 Regents of the University of California and the
6
  *               National Center for Ecological Analysis and Synthesis
7
  *  For Details: http://www.nceas.ucsb.edu/
8
  *      Created: 2000 April 5
9
  *      Version: 0.01
10
  *    File Info: '$Id: ldap.html 3780 2008-04-02 23:28:31Z daigle $'
11
  * 
12
  * October Meeting SDSC, 2000
13
-->
14
<HTML>
15
<HEAD>
16
<TITLE>Metacat</TITLE>
17
<link rel="stylesheet" type="text/css" href="./default.css">
18
</HEAD> 
19
<BODY>
20
  <table width="100%">
21
    <tr>
22
      <td class="tablehead" colspan="2"><p class="label">LDAP for User
23
      Authentication in Metacat</p></td>
24
      <td class="tablehead" colspan="2" align="right">
25
        <a href="./acontrol.html">Back</a> | 
26
        <a href="./metacattour.html">Home</a> | 
27
        <a href="./metacatout.html">Next</a>
28
      </td>
29
    </tr>
30
  </table>
31
  <p><b>Network of LDAP servers</b></p>
32
    <p>In the distributed network of Metacat servers, network of LDAP servers
33
      is implemented as a distributed storage of Metacat's users.
34
      Any Metacat instance running on particular site is configured to use 
35
      certain LDAP instance both usually running on the same host.
36
      Several Metacat instances can use one LDAP instance. </p>
37

    
38
    <P> <img src="KNB-LDAP-system-small.gif"> </p>
39

    
40
    <p>
41
      The distributed scheme of LDAP servers represents a hierarchy of nodes
42
      where in the leaves are the particular users used by the Metacat servers 
43
      for authentication.
44
      <br>
45
      The LDAP tree starts from the root context for the Knowledge 
46
      Network of Biocomplexity.:
47
      <pre>      dc=ecoinformatics,dc=org </pre>
48
      The nodes on the second level represent the subtrees of the major Metacat
49
      sites such as NCEAS, LTER, etc.:  </p>
50
<pre>
51
      o=NCEAS,dc=ecoinformatics,dc=org <br>
52
      or <br>
53
      o=LTER,dc=ecoinformatics,dc=org </pre>
54

    
55
      Look at the example for the
56
<a target="_top" href="entries-init.ldif">initial entries of KNB main tree</a>
57
      . <br><br>
58

    
59
      The third level contains the nodes of the particular users and groups.
60
      Users can be organized in groups. This allow Metacat to control access 
61
      to a group of users.
62

    
63
<pre>Definition of KNB development group at NCEAS:
64
      dn: cn=knb-dev,o=NCEAS,dc=ecoinformatics,dc=org
65
      objectClass: top
66
      objectclass: groupOfUniqueNames
67
      cn: knb-dev
68
      uniqueMember: uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
69
      uniqueMember: uid=bojilova,o=NCEAS,dc=ecoinformatics,dc=org
70
      uniqueMember: uid=berkley,o=NCEAS,dc=ecoinformatics,dc=org
71
      uniqueMember: uid=higgins,o=NCEAS,dc=ecoinformatics,dc=org
72
      uniqueMember: uid=harris,o=NCEAS,dc=ecoinformatics,dc=org
73
      description: KNB development group at NCEAS </pre>
74

    
75
      Look at the example for a 
76
      <a target="_top" href="entries-groups.ldif">group entry in KNB</a>.
77
      <br><br>
78

    
79
<pre>Definition of a user from NCEAS subtree:
80
      dn: uid=bojilova,o=NCEAS,dc=ecoinformatics,dc=org
81
      objectClass: top
82
      objectclass: person
83
      objectClass: organizationalPerson
84
      objectClass: inetOrgPerson
85
      objectclass: uidObject
86
      uid: bojilova
87
      cn: Jivka Bojilova
88
      sn: Bojilova
89
      givenName: Jivka Bojilova
90
      title: Data Integration Developer </pre>
91

    
92
      Look at the example for <a target="_top" href="entries-users.ldif">
93
      user entries in KNB</a>.<br><br>
94

    
95
      Any LDAP subtree can reside on remote site. In that case the main tree holds
96
      referrals to all remotely running LDAP servers.
97
      <br><br>
98

    
99
      Look at the example for <a target="_top" href="entries-refs.ldif">
100
      referral entries in KNB</a>.<br><br>
101
    </p>
102
    
103
  <br>
104
  <a href="./acontrol.html">Back</a> | <a href="./metacattour.html">Home</a> | 
105
  <a href="./metacatout.html">Next</a>
106
</BODY>
107
</HTML>
108

    
(20-20/60)