Download
1 / 11
110 likes | 232 Views
This report outlines the status of the LDAP (Lightweight Directory Access Protocol) coordination group within the High Energy Physics (HEP) community, highlighting key goals and various usages. It discusses both general issues and HEP-specific challenges, emphasizing the importance of LDAP in resource management, security protocols, and international collaboration. The report identifies notable developments, coordination efforts, and the need for future meetings to address ongoing LDAP issues, particularly concerning GRID technologies and the unification of infrastructure across HEP laboratories.
E N D
LDAP Status Report Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr LDAP Status Report - HEPix - JLab 2000
Outlines • LDAP coordination group goals • LDAP different usage • LDAP general and HEP specific issues • LDAP coordination future LDAP Status Report - HEPix - JLab 2000
LDAP Coordination Group • Unofficial group formed at Zeuten • Arnaud Taddei and me as leaders • Goals • LDAP white pages deployment coordination • Capitalize on IN2P3 / CERN experience • A lot of work has been done but : • Arnaud left CERN in September • Hélène Jamet (IN2P3) is leaving IN2P3 LDAP Status Report - HEPix - JLab 2000
LDAP Is Everywhere... • White Pages service • LDAP has emerged as the technology of choice • All email clients LDAP capable • Windows 2000 : AD is based on LDAP • Resources management relies on ActiveDirectory LDAP Status Report - HEPix - JLab 2000
… LDAP Is Everywhere • Public Key Infrastructure (PKI) • Required by all the certificate/public key based security protocols • LDAP is a strong candidate for certificate distribution • GRID uses LDAP as a core technology • Security relies on certificates • Metadirectory used for resources location LDAP Status Report - HEPix - JLab 2000
What is LDAP ? • An access protocol • Originally designed for X500 access • 2 "incompatible" versions • V2 : first production version. Most used • V3 : all servers now v3 but not all clients • Several server infrastructures possible • Standalone / Distributed • Proprietary / Standard (X500) LDAP Status Report - HEPix - JLab 2000
Issues with Standalone LDAP • No chaining, referrals only in v3 • Popular mail clients like Pine or Netscape < 4.7 are v2 • Knowledge about servers inside the v2 client : difficult to maintain when infrastructure changes • Strong authentication not available • Can be overcome by SSL • No shadowing protocol • Proprietary solutions (incompatible) LDAP Status Report - HEPix - JLab 2000
HEP Specific issues… • HEP is a "virtual" organization • International • No central control • Every organization/lab has national and/or non HEP constraints • Naming constraints • No common root for HEP information tree • Non HEP groups requirements LDAP Status Report - HEPix - JLab 2000
… HEP Specific issues • Windows 2000 • Goal (still) unclear : do we need a unified W2000 infrastructure (forest ?) ? • Do we need to unify with non W2000 use ? • PKI • Still advanced project for HEP • CERN is quite active (Denise) • Interference between GRID and local projects LDAP Status Report - HEPix - JLab 2000
HEP Wide White Pages • Goal : create a "virtual" HEP root • Proposal : create 1 HEP tree per country • Contains aliases to real sites (CERN, IN2P3, …) • Still problems with alias derefencing for some clients (ex: Netscape) • This tree could be an international org but who will maintain it ? • Tested but who is using it ? • Not specific to white pages • Should be possible to extend to every part of the DIT requiring an HEP wide viewing LDAP Status Report - HEPix - JLab 2000
LDAP Coordination Future • HEP CCC / HTASC still advocating the need for an LDAP meeting • Originally planned during this meeting • Project : have an LDAP meeting in March • Discuss all LDAP issues, particularly GRID • Questions remaining • Who is interested ? US interest ? • Should we co-locate with another meeting • Grid ? Hepix ? LDAP Status Report - HEPix - JLab 2000
