Project

General

Profile

Story #1791

Create secure configuration for LDAP replication across various deployment Environments

Added by Robert Waltz over 13 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
d1_cn_buildout
Start date:
2012-05-07
Due date:
% Done:

100%

Story Points:
Sprint:

Description

ldap replication is not secure on port 389.

Hey Matt, you said you volunteered to help out on this one :)


Subtasks

Task #2707: Modify CN client code to StartTLS in LDAP connectionsClosedBen Leinfelder

Task #2706: Set up TLS for CN LDAP serversClosedBen Leinfelder

Task #2708: Edit syncrepl configuration in cn-buildout to use TLSClosedBen Leinfelder

Task #2710: Edit ldap.conf to include CA cert location for TLSClosedBen Leinfelder

Task #2717: Generate dev-testing.dataone.org certificate using DataONETestCAClosedMatthew Jones

Task #2718: Configure DataONE CA per deployment environmentClosedBen Leinfelder

Task #2772: Use CN hostname, not IP in the syncrepl configurationClosedBen Leinfelder


Related issues

Related to Infrastructure - Story #1189: Secure transport for all DataONE services Closed

History

#1 Updated by Robert Waltz about 13 years ago

  • Tracker changed from Task to Story
  • Subject changed from Create secure configuration for LDAP replication to Create secure configuration for LDAP replication across various deployment Environments
  • Category set to d1_cn_buildout
  • Assignee set to Matthew Jones
  • Target version set to Sprint-2011.45-Block.6

#2 Updated by Dave Vieglais about 13 years ago

  • Position set to 1
  • Target version changed from Sprint-2011.45-Block.6 to Sprint-2011.48-Block.6

#3 Updated by Dave Vieglais about 13 years ago

  • Position set to 1
  • Target version changed from Sprint-2011.48-Block.6 to Sprint-2011.50-Block.6
  • Position deleted (27)

#4 Updated by Dave Vieglais about 13 years ago

  • Position set to 2
  • Target version changed from Sprint-2011.50-Block.6 to Sprint-2012.01-Block.1.1
  • Position deleted (21)

#5 Updated by Dave Vieglais almost 13 years ago

  • Position set to 1
  • Target version changed from Sprint-2012.01-Block.1.1 to Sprint-2012.03-Block.1.2
  • Position deleted (42)

#6 Updated by Dave Vieglais almost 13 years ago

  • Position set to 22
  • Target version changed from Sprint-2012.03-Block.1.2 to Sprint-2012.05-Block.1.3
  • Position deleted (19)

#7 Updated by Dave Vieglais almost 13 years ago

  • Target version changed from Sprint-2012.05-Block.1.3 to Sprint-2012.07-Block.1.4
  • Position deleted (38)
  • Position set to 1

#8 Updated by Dave Vieglais almost 13 years ago

  • Position set to 23
  • Target version changed from Sprint-2012.07-Block.1.4 to Sprint-2012.09-Block.2.1
  • Position deleted (25)

#9 Updated by Dave Vieglais almost 13 years ago

  • Position deleted (65)
  • Target version changed from Sprint-2012.09-Block.2.1 to Sprint-2012.11-Block.2.2
  • Position set to 7

#10 Updated by Dave Vieglais over 12 years ago

  • Target version deleted (Sprint-2012.11-Block.2.2)
  • Milestone changed from CCI-0.6.4 to CCI-1.0.0

Moving to backlog.

This will need to be addressed in the near future and may be resolved simply by running all inter-CN traffic over a VPN. For now, we have IP address restrictions that provide sufficient control.

#11 Updated by Matthew Jones over 12 years ago

  • Target version set to Sprint-2012.17-Block.3.1

#12 Updated by Dave Vieglais over 12 years ago

  • Target version changed from Sprint-2012.17-Block.3.1 to Sprint-2012.19-Block.3.2
  • Position set to 10
  • Position deleted (41)

#13 Updated by Ben Leinfelder over 12 years ago

  • Status changed from New to In Progress
  • Assignee changed from Matthew Jones to Ben Leinfelder

Need to use hostname, not IP in the syncrepl LDAP config

#14 Updated by Ben Leinfelder over 12 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)