Project

General

Profile

Task #3396

Task #3394: Deploy Shibboleth provider for KNB LDAP accounts

Task #3395: Deploy Shibboleth instance at UCSB

Configure Shibboleth IdP for o=unaffiliated accounts

Added by Matthew Jones about 12 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Target version:
2013.10-Block.2.1
Start date:
2012-12-02
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

The KNB LDAP should be used to provide account data via Shibboleth. Ensure that new accounts are reflected in the provider automatically.

ecoinfo_duplicates.csv Magnifier (4.9 KB) Ben Leinfelder, 2013-03-05 00:29

History

#1 Updated by Chris Jones almost 12 years ago

  • Target version changed from Sprint-2012.50-Block.6.4 to 2013.2-Block.1.1

#2 Updated by Ben Leinfelder almost 12 years ago

  • Assignee changed from Matthew Jones to Ben Leinfelder
  • Subject changed from Populate shibboleth with KNB data to Set up Shibboleth IdP for ecoinformatics.org accounts

This should utilize our current o=unaffiliated subtree and will be a less-restricted set of users whom we may or may not know as verified.

#3 Updated by Ben Leinfelder almost 12 years ago

  • Parent task changed from #3394 to #3395

#4 Updated by Ben Leinfelder over 11 years ago

  • Target version changed from 2013.2-Block.1.1 to 2013.10-Block.2.1

#5 Updated by Ben Leinfelder over 11 years ago

In order to play nicely with a single IdP authenticating against two different LDAP subtrees (ou=Account and o=unaffiliated) we need to ensure that the UID is unique across them both.
I have found 106 duplicates that need to be resolved. See attached.

#6 Updated by Ben Leinfelder over 11 years ago

I exported the tree contents use Apache Directory Studio and then this script (postgres) to find the duplicates.

--DROP TABLE ecoinfo_dn;
CREATE TABLE ecoinfo_dn (dn text, uid text, givenName text, sn text, mail text);
COPY ecoinfo_dn (dn, givenName, sn, mail) FROM '/Users/leinfelder/ecoinfo_dn_new.csv' WITH CSV HEADER;
COPY ecoinfo_dn (dn, givenName, sn, mail) FROM '/Users/leinfelder/ecoinfo_unaffiliated_new.csv' WITH CSV HEADER;

-- split the UID out of the DN
UPDATE ecoinfo_dn
set uid = split_part(dn, ',', 1)
WHERE uid is null;

-- find the duplicates
COPY
(
SELECT distinct uid, givenName, sn, mail
FROM ecoinfo_dn WHERE uid in (
SELECT uid
FROM ecoinfo_dn
GROUP BY uid
HAVING count(*) > 1
ORDER by uid)
AND dn not like '%ou=Account%'
ORDER by uid
)
TO '/tmp/ecoinfo_duplicates.csv'
WITH CSV HEADER;

#7 Updated by Ben Leinfelder over 11 years ago

  • Subject changed from Set up Shibboleth IdP for ecoinformatics.org accounts to Set up Shibboleth IdP for o=unaffiliated accounts

#8 Updated by Ben Leinfelder over 11 years ago

  • % Done changed from 0 to 50
  • Subject changed from Set up Shibboleth IdP for o=unaffiliated accounts to Configure Shibboleth IdP for o=unaffiliated accounts

Still need to resolve the duplicate UIDs that exist in o=unaffiliated and also in ou=Account.

#9 Updated by Ben Leinfelder over 11 years ago

these accounts own documents:

uid=bbest,o=unaffiliated,dc=ecoinformatics,dc=org
uid=condit,o=unaffiliated,dc=ecoinformatics,dc=org
uid=condon,o=unaffiliated,dc=ecoinformatics,dc=org
uid=gardner,o=unaffiliated,dc=ecoinformatics,dc=org
uid=haddock,o=unaffiliated,dc=ecoinformatics,dc=org
uid=jhollister,o=unaffiliated,dc=ecoinformatics,dc=org
uid=kanderson,o=unaffiliated,dc=ecoinformatics,dc=org
uid=kepler,o=unaffiliated,dc=ecoinformatics,dc=org
uid=lebuhn,o=unaffiliated,dc=ecoinformatics,dc=org
uid=lhu,o=unaffiliated,dc=ecoinformatics,dc=org
uid=lwalters,o=unaffiliated,dc=ecoinformatics,dc=org
uid=newmang,o=unaffiliated,dc=ecoinformatics,dc=org
uid=ogurcak,o=unaffiliated,dc=ecoinformatics,dc=org
uid=pstango,o=unaffiliated,dc=ecoinformatics,dc=org
uid=rperez,o=unaffiliated,dc=ecoinformatics,dc=org
uid=rstevenson,o=unaffiliated,dc=ecoinformatics,dc=org
uid=saarenmaa,o=unaffiliated,dc=ecoinformatics,dc=org
uid=salomon,o=unaffiliated,dc=ecoinformatics,dc=org
uid=scheef,o=unaffiliated,dc=ecoinformatics,dc=org
uid=scw,o=unaffiliated,dc=ecoinformatics,dc=org
uid=txviet,o=unaffiliated,dc=ecoinformatics,dc=org
uid=vcuevasv,o=unaffiliated,dc=ecoinformatics,dc=org

and
uid=flaviapezzini,o=unaffiliated,dc=ecoinformatics,dc=org (from xml_revisions)

#10 Updated by Ben Leinfelder over 11 years ago

  • Target version set to 2013.10-Block.2.1

#11 Updated by Ben Leinfelder over 11 years ago

  • Target version deleted (2013.10-Block.2.1)

#12 Updated by Ben Leinfelder about 11 years ago

  • Status changed from New to Closed
  • translation missing: en.field_remaining_hours set to 0.0

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)