LDAP design and configuration

From NCEAS Knowledge Base

Jump to: navigation, search

This page is a discussion of the design goals, requirements, and configuration of the new LDAP server system to support NCEAS and the broader ecoinformatics community.

LDAP configuration

LDAP is installed on ceres. Several DN subtrees are amintained there:

  • dc=ecoinformatics,dc=org
    • Accounts for KNB/Morpho/wiki access
  • ou=Acount,dc=ecoinformatics,dc=org
    • restricted shell accounts for cvs access
  • o=NCEAS,c=US
    • The original NCEAS subtree, still used for web authentication
  • dc=nceas,dc=ucsb,dc=edu
    • The new NCEAS subtree, to be reconfigured for all local services

For ecoinformatics.org, some useful links include:

LDAP System design

The LDAP system will be used for the following services.

National services

  • Authenticate KNB and EcoGrid users via Morpho, Metacat, Kepler, and other clients
    • Authenticate ESA data registry users
  • Authenticate wiki users for the SEEK and Kepler wikis
  • Authenticate shell access via SSH for CVS access
  • Authenticate Bugzilla users (future)


Local NCEAS Services

  • Authenticate wiki users for the NCEAS Help wikis
  • Authenticate NCEAS web site Working Group users (collab areas and eventual wiki)
  • Shell access to selected NCEAS machines?
  • Email accounts and aliases


Background Who maintains data, what organizations are involved

Requirements availability requirements, maintenance and accoutn creation, features supported (e.g., X.509)

Relationship to EcoGrid/GAMA

Proposed design of LDAP DN conventions, referrals, how searching will work, how replication will work, who needs to be trusted for this stuff to work, etc.

Retrieved from "http://help.nceas.ucsb.edu/LDAP_design_and_configuration"
Personal tools