1 |
878
|
berkley
|
<!--
|
2 |
|
|
* ldap.html
|
3 |
|
|
*
|
4 |
|
|
* Authors: Jivka Bojilova
|
5 |
|
|
* Copyright: 2000 Regents of the University of California and the
|
6 |
|
|
* National Center for Ecological Analysis and Synthesis
|
7 |
|
|
* For Details: http://www.nceas.ucsb.edu/
|
8 |
|
|
* Created: 2000 April 5
|
9 |
|
|
* Version: 0.01
|
10 |
|
|
* File Info: '$Id$'
|
11 |
|
|
*
|
12 |
|
|
* October Meeting SDSC, 2000
|
13 |
|
|
-->
|
14 |
|
|
<HTML>
|
15 |
|
|
<HEAD>
|
16 |
|
|
<TITLE>Metacat</TITLE>
|
17 |
3780
|
daigle
|
<link rel="stylesheet" type="text/css" href="./default.css">
|
18 |
878
|
berkley
|
</HEAD>
|
19 |
|
|
<BODY>
|
20 |
|
|
<table width="100%">
|
21 |
|
|
<tr>
|
22 |
|
|
<td class="tablehead" colspan="2"><p class="label">LDAP for User
|
23 |
|
|
Authentication in Metacat</p></td>
|
24 |
|
|
<td class="tablehead" colspan="2" align="right">
|
25 |
3569
|
berkley
|
<a href="./acontrol.html">Back</a> |
|
26 |
878
|
berkley
|
<a href="./metacattour.html">Home</a> |
|
27 |
|
|
<a href="./metacatout.html">Next</a>
|
28 |
|
|
</td>
|
29 |
|
|
</tr>
|
30 |
|
|
</table>
|
31 |
|
|
<p><b>Network of LDAP servers</b></p>
|
32 |
|
|
<p>In the distributed network of Metacat servers, network of LDAP servers
|
33 |
|
|
is implemented as a distributed storage of Metacat's users.
|
34 |
|
|
Any Metacat instance running on particular site is configured to use
|
35 |
|
|
certain LDAP instance both usually running on the same host.
|
36 |
|
|
Several Metacat instances can use one LDAP instance. </p>
|
37 |
|
|
|
38 |
|
|
<P> <img src="KNB-LDAP-system-small.gif"> </p>
|
39 |
|
|
|
40 |
|
|
<p>
|
41 |
|
|
The distributed scheme of LDAP servers represents a hierarchy of nodes
|
42 |
|
|
where in the leaves are the particular users used by the Metacat servers
|
43 |
|
|
for authentication.
|
44 |
|
|
<br>
|
45 |
|
|
The LDAP tree starts from the root context for the Knowledge
|
46 |
|
|
Network of Biocomplexity.:
|
47 |
|
|
<pre> dc=ecoinformatics,dc=org </pre>
|
48 |
|
|
The nodes on the second level represent the subtrees of the major Metacat
|
49 |
|
|
sites such as NCEAS, LTER, etc.: </p>
|
50 |
|
|
<pre>
|
51 |
|
|
o=NCEAS,dc=ecoinformatics,dc=org <br>
|
52 |
|
|
or <br>
|
53 |
|
|
o=LTER,dc=ecoinformatics,dc=org </pre>
|
54 |
|
|
|
55 |
|
|
Look at the example for the
|
56 |
|
|
<a target="_top" href="entries-init.ldif">initial entries of KNB main tree</a>
|
57 |
|
|
. <br><br>
|
58 |
|
|
|
59 |
|
|
The third level contains the nodes of the particular users and groups.
|
60 |
|
|
Users can be organized in groups. This allow Metacat to control access
|
61 |
|
|
to a group of users.
|
62 |
|
|
|
63 |
|
|
<pre>Definition of KNB development group at NCEAS:
|
64 |
|
|
dn: cn=knb-dev,o=NCEAS,dc=ecoinformatics,dc=org
|
65 |
|
|
objectClass: top
|
66 |
|
|
objectclass: groupOfUniqueNames
|
67 |
|
|
cn: knb-dev
|
68 |
|
|
uniqueMember: uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
|
69 |
|
|
uniqueMember: uid=bojilova,o=NCEAS,dc=ecoinformatics,dc=org
|
70 |
|
|
uniqueMember: uid=berkley,o=NCEAS,dc=ecoinformatics,dc=org
|
71 |
|
|
uniqueMember: uid=higgins,o=NCEAS,dc=ecoinformatics,dc=org
|
72 |
|
|
uniqueMember: uid=harris,o=NCEAS,dc=ecoinformatics,dc=org
|
73 |
|
|
description: KNB development group at NCEAS </pre>
|
74 |
|
|
|
75 |
|
|
Look at the example for a
|
76 |
|
|
<a target="_top" href="entries-groups.ldif">group entry in KNB</a>.
|
77 |
|
|
<br><br>
|
78 |
|
|
|
79 |
|
|
<pre>Definition of a user from NCEAS subtree:
|
80 |
|
|
dn: uid=bojilova,o=NCEAS,dc=ecoinformatics,dc=org
|
81 |
|
|
objectClass: top
|
82 |
|
|
objectclass: person
|
83 |
|
|
objectClass: organizationalPerson
|
84 |
|
|
objectClass: inetOrgPerson
|
85 |
|
|
objectclass: uidObject
|
86 |
|
|
uid: bojilova
|
87 |
|
|
cn: Jivka Bojilova
|
88 |
|
|
sn: Bojilova
|
89 |
|
|
givenName: Jivka Bojilova
|
90 |
|
|
title: Data Integration Developer </pre>
|
91 |
|
|
|
92 |
|
|
Look at the example for <a target="_top" href="entries-users.ldif">
|
93 |
|
|
user entries in KNB</a>.<br><br>
|
94 |
|
|
|
95 |
|
|
Any LDAP subtree can reside on remote site. In that case the main tree holds
|
96 |
|
|
referrals to all remotely running LDAP servers.
|
97 |
|
|
<br><br>
|
98 |
|
|
|
99 |
|
|
Look at the example for <a target="_top" href="entries-refs.ldif">
|
100 |
|
|
referral entries in KNB</a>.<br><br>
|
101 |
|
|
</p>
|
102 |
|
|
|
103 |
|
|
<br>
|
104 |
881
|
berkley
|
<a href="./acontrol.html">Back</a> | <a href="./metacattour.html">Home</a> |
|
105 |
878
|
berkley
|
<a href="./metacatout.html">Next</a>
|
106 |
|
|
</BODY>
|
107 |
|
|
</HTML>
|