Task #7500
Story #7499: Support non-DN Subject identifiers
Ensure LDAP schema supports non-DN Subjects
100%
Description
I believe we can just use UID to store the Subject and then construct a DN using uid and a dc=dataone,dc=org subtree.
History
#1 Updated by Ben Leinfelder almost 9 years ago
- translation missing: en.field_remaining_hours set to 0.0
- Status changed from New to Closed
- % Done changed from 0 to 100
In the (pending) v2.0.0 release, these fields were loosened to allow any string (not just DNs): equivalentIdentity, equivalentIdentityRequest.
The non-DN subject is stored in the uid under the dc=dataone,dc=org subtree.
Group members are managed internally by their DNs (using uid and subtree) but the API only exposes original Subject values, as it should.
#2 Updated by Ben Leinfelder almost 9 years ago
- % Done changed from 100 to 30
- Status changed from Closed to In Progress
- Estimated time set to 0.00
Need to evaluate id reservation and node registry fields
#3 Updated by Ben Leinfelder almost 9 years ago
Node registry and id reservation fields in the LDAP schema have been updated.
#4 Updated by Ben Leinfelder almost 9 years ago
- Status changed from In Progress to Closed
- % Done changed from 30 to 100
All the outward-facing subject fields have been converted to use strings instead of DN types.
