[SAC] Fw: [GeoNetwork-devel] LDAP planning: a sample
implementation?
John Graham
johng at telascience.org
Sat Mar 10 18:55:41 EST 2007
Jo
This sounds great .. I will upgrade my geonetwork install
John
Jo Walsh wrote:
> this LDAP+geonetwork hookup sounds exciting, i would be interested in
> trying it out at some more restful time, connecting the OSGeo LDAP to
> the geonetwork installation at telascience so people can... er
> contribute geodata ...
>
> ----- Forwarded message from Simon Pigot <p76corty at tpg.com.au> -----
>
> Date: Sat, 10 Mar 2007 13:33:19 +1100
> From: Simon Pigot <p76corty at tpg.com.au>
> To: geonetwork-devel at lists.sourceforge.net
>
> Hi Everyone,
>
> We've implemented an OpenLDAP solution with geonetwork 2.0.2/3 that
> might be of interest to the community.
>
> The basics are:
>
> 1. Uses the intrinsic JNDI interface
> 2. Integrates existing directories into a specific geonetwork directory:
>
> - using an OU or organizationalUnit with children that are referrals
> to existing LDAP directories for authentication (can be any number)
>
> eg. ou=authentication in our geonetwork directory has three referrals to
> remote ldap servers:
>
> - ou=adpeople (active directory people) slurped from Windows domain A/D
> - ou=extpeople (external people)
> - ou=ftp (people from our ftp server)
>
> 3. Admin overhead is removed by authenticating against each child of
> ou=authentication and then adding users from those existing LDAP
> directories to an ou=geonetworkusers and groups in ou=geonetworkgroups.
> Specifically:
>
> - new user to a child ou of ou=geonetworkusers eg. a user geoff
> authenticated against ou=adpeople would be added as
> uid=geoff,ou=adpeople,ou=geonetworkusers,..... - given a profile of
> RegisteredUser and a generated userid
>
> - a group representing the ou they logged in from is created if not
> present and/or the user is added as a member
>
> - an invisible group with just the new user as the only member for use
> when creating new metadata records
>
> 4. I've removed the user admin interface (coz ldap users do these kinds
> of things elsewhere and we don't need the userPassword field in the
> geonetwork directory) and changed the groups interface to just a show
> and list (still need to add a group mod interface)
>
> 5. You can have a group as a member of a group eg. my registeredusers
> group has three group members: adpeople, extpeople and ftp
>
> 6. ldap replaces users, groups and usergroups tables in geonetwork
> database implementation - rest of the geonetwork db implementation
> remains the same
>
> It's kind of a minimalist approach but it works well and draws on some
> of the strengths of the ldap hierarchy. But I think the lack of an admin
> overhead is helpful - the geonetwork user and group stuff is built from
> existing directories.
>
> Anyways its a suggestion about how an LDAP implementation could be done.
> I did add some simple schema objectclasses (geonetworkUser and
> geonetworkGroup) which use built in ldap attributes (eg uidNumber and
> gidNumber) and use OIDs from the experimental range.
>
> Cheers,
> Simon
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> GeoNetwork-devel mailing list
> GeoNetwork-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geonetwork-devel
> GeoNetwork OpenSource is maintained at http://sourceforge.net/projects/geonetwork
>
> ----- End forwarded message -----
>
>
More information about the Sac
mailing list