This page is a discussion of the design goals, requirements, and configuration of the new LDAP server system to support NCEAS and the broader ecoinformatics community.
LDAP is installed on Triana and replicated on Dean. Several DN subtrees are maintained there:
For ecoinformatics.org, some useful links include:
The Shibboleth Identity Provider (IdP v2.3.8) software is deployed on identity.nceas.ucsb.edu (“frey”) and configured to authenticate and provide attributes for accounts in the following subtrees of the ldap.ecoinformatics.org LDAP server:
The following attributes will be released to InCommon service providers:
CILogon will construct subject DNs for our identities using the following form:
Note that this is different from their normal subject scheme that uses the full name and random alphanumeric string in the CN:
This will allow use to know the CILogon DN before any users actually attempt to authenticate with the service provider so that we can map the legacy LDAP DNs to the new CILogon certificate subject DNs. For example, my two legacy accounts will both map to the new CILogon account
The LDAP system will be used for the following services.
Who maintains data, what organizations are involved
availability requirements, maintenance and account creation, features supported (e.g., X.509)
DN conventions, referrals, how searching will work, how replication will work, who needs to be trusted for this stuff to work, etc.
The following trees were removed 2/17/09:
The original data directories and LDIF dumps (with slapcat) are stored in /var/lib/ldap/backups on ceres.