1 / 11

LDAP Status Report

LDAP Status Report. Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr. Outlines. LDAP coordination group goals LDAP different usage LDAP general and HEP specific issues LDAP coordination future. LDAP Coordination Group. Unofficial group formed at Zeuten Arnaud Taddei and me as leaders

kamana
Download Presentation

LDAP Status Report

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LDAP Status Report Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr LDAP Status Report - HEPix - JLab 2000

  2. Outlines • LDAP coordination group goals • LDAP different usage • LDAP general and HEP specific issues • LDAP coordination future LDAP Status Report - HEPix - JLab 2000

  3. LDAP Coordination Group • Unofficial group formed at Zeuten • Arnaud Taddei and me as leaders • Goals • LDAP white pages deployment coordination • Capitalize on IN2P3 / CERN experience • A lot of work has been done but : • Arnaud left CERN in September • Hélène Jamet (IN2P3) is leaving IN2P3 LDAP Status Report - HEPix - JLab 2000

  4. LDAP Is Everywhere... • White Pages service • LDAP has emerged as the technology of choice • All email clients LDAP capable • Windows 2000 : AD is based on LDAP • Resources management relies on ActiveDirectory LDAP Status Report - HEPix - JLab 2000

  5. … LDAP Is Everywhere • Public Key Infrastructure (PKI) • Required by all the certificate/public key based security protocols • LDAP is a strong candidate for certificate distribution • GRID uses LDAP as a core technology • Security relies on certificates • Metadirectory used for resources location LDAP Status Report - HEPix - JLab 2000

  6. What is LDAP ? • An access protocol • Originally designed for X500 access • 2 "incompatible" versions • V2 : first production version. Most used • V3 : all servers now v3 but not all clients • Several server infrastructures possible • Standalone / Distributed • Proprietary / Standard (X500) LDAP Status Report - HEPix - JLab 2000

  7. Issues with Standalone LDAP • No chaining, referrals only in v3 • Popular mail clients like Pine or Netscape < 4.7 are v2 • Knowledge about servers inside the v2 client : difficult to maintain when infrastructure changes • Strong authentication not available • Can be overcome by SSL • No shadowing protocol • Proprietary solutions (incompatible) LDAP Status Report - HEPix - JLab 2000

  8. HEP Specific issues… • HEP is a "virtual" organization • International • No central control • Every organization/lab has national and/or non HEP constraints • Naming constraints • No common root for HEP information tree • Non HEP groups requirements LDAP Status Report - HEPix - JLab 2000

  9. … HEP Specific issues • Windows 2000 • Goal (still) unclear : do we need a unified W2000 infrastructure (forest ?) ? • Do we need to unify with non W2000 use ? • PKI • Still advanced project for HEP • CERN is quite active (Denise) • Interference between GRID and local projects LDAP Status Report - HEPix - JLab 2000

  10. HEP Wide White Pages • Goal : create a "virtual" HEP root • Proposal : create 1 HEP tree per country • Contains aliases to real sites (CERN, IN2P3, …) • Still problems with alias derefencing for some clients (ex: Netscape) • This tree could be an international org but who will maintain it ? • Tested but who is using it ? • Not specific to white pages • Should be possible to extend to every part of the DIT requiring an HEP wide viewing LDAP Status Report - HEPix - JLab 2000

  11. LDAP Coordination Future • HEP CCC / HTASC still advocating the need for an LDAP meeting • Originally planned during this meeting • Project : have an LDAP meeting in March • Discuss all LDAP issues, particularly GRID • Questions remaining • Who is interested ? US interest ? • Should we co-locate with another meeting • Grid ? Hepix ? LDAP Status Report - HEPix - JLab 2000

More Related