Task #179
create redundant LDAP servers for CN metacats
100%
Description
The CNs will use metacat for some services, which relies on LDAP to authenticate admins, etc. Right now in cn-dev I have metacat pointing at ldap.ecoinformatics.org, but this would be a single point of failure for the coordinating nodes. So, need to work on creating a geographically distributed replica of LDAP.
Given that neither authentication nor failover are part of our 0.3 release goals, this can probably be deferred to a later release -- I'll target it at 0.4 for now, but it could even be later than that.
History
#1 Updated by Matthew Jones over 13 years ago
We may or may not decide to do this, depending on whether we continue to use LDAP in production -- for the prototype it is fine. Await recommendations from the FedSec meeting in Sep 2010 to make a decision.
#2 Updated by Dave Vieglais over 13 years ago
- Project changed from Operations to Infrastructure
#3 Updated by Dave Vieglais over 13 years ago
- Category changed from 233 to d1_cn_service
#4 Updated by Matthew Jones almost 12 years ago
- Priority changed from High to Normal
- Milestone set to CCI-1.0.0
We are now running replicated LDAP servers ont he 3 DataONE CN nodes. Metacat should use an admin account from those LDAP servers, and transition to using those rather than the ecoinfo ldap for the admin account. Not a high priority, because the admin account is only used during web-based configuration, which DataONE bypasses via cn-buildout. Reassigning to Ben who is reworking LDAP now.
#5 Updated by Matthew Jones almost 12 years ago
- Assignee changed from Matthew Jones to Ben Leinfelder
#6 Updated by Matthew Jones almost 12 years ago
- Target version set to Sprint-2012.23-Block.3.4
- % Done changed from 0 to 100
- Status changed from New to Closed
Chris and Robert configured the CNs to use the new LDAP servers for the admin account for Metacat. All tasks completed.
