Project

General

Profile

Task #7500

Story #7499: Support non-DN Subject identifiers

Ensure LDAP schema supports non-DN Subjects

Added by Ben Leinfelder about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
d1_identity_manager
Start date:
2015-11-23
Due date:
% Done:

100%

Estimated time:
0.00 h
Story Points:
Sprint:

Description

I believe we can just use UID to store the Subject and then construct a DN using uid and a dc=dataone,dc=org subtree.

History

#1 Updated by Ben Leinfelder about 6 years ago

  • translation missing: en.field_remaining_hours set to 0.0
  • Status changed from New to Closed
  • % Done changed from 0 to 100

In the (pending) v2.0.0 release, these fields were loosened to allow any string (not just DNs): equivalentIdentity, equivalentIdentityRequest.

The non-DN subject is stored in the uid under the dc=dataone,dc=org subtree.

Group members are managed internally by their DNs (using uid and subtree) but the API only exposes original Subject values, as it should.

#2 Updated by Ben Leinfelder about 6 years ago

  • % Done changed from 100 to 30
  • Status changed from Closed to In Progress
  • Estimated time set to 0.00

Need to evaluate id reservation and node registry fields

#3 Updated by Ben Leinfelder about 6 years ago

Node registry and id reservation fields in the LDAP schema have been updated.

#4 Updated by Ben Leinfelder about 6 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 30 to 100

All the outward-facing subject fields have been converted to use strings instead of DN types.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)