110 likes | 227 Views
LDAP Status Report. Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr. Outlines. LDAP coordination group goals LDAP different usage LDAP general and HEP specific issues LDAP coordination future. LDAP Coordination Group. Unofficial group formed at Zeuten Arnaud Taddei and me as leaders
E N D
LDAP Status Report Michel Jouvin LAL / IN2P3 jouvin@lal.in2p3.fr LDAP Status Report - HEPix - JLab 2000
Outlines • LDAP coordination group goals • LDAP different usage • LDAP general and HEP specific issues • LDAP coordination future LDAP Status Report - HEPix - JLab 2000
LDAP Coordination Group • Unofficial group formed at Zeuten • Arnaud Taddei and me as leaders • Goals • LDAP white pages deployment coordination • Capitalize on IN2P3 / CERN experience • A lot of work has been done but : • Arnaud left CERN in September • Hélène Jamet (IN2P3) is leaving IN2P3 LDAP Status Report - HEPix - JLab 2000
LDAP Is Everywhere... • White Pages service • LDAP has emerged as the technology of choice • All email clients LDAP capable • Windows 2000 : AD is based on LDAP • Resources management relies on ActiveDirectory LDAP Status Report - HEPix - JLab 2000
… LDAP Is Everywhere • Public Key Infrastructure (PKI) • Required by all the certificate/public key based security protocols • LDAP is a strong candidate for certificate distribution • GRID uses LDAP as a core technology • Security relies on certificates • Metadirectory used for resources location LDAP Status Report - HEPix - JLab 2000
What is LDAP ? • An access protocol • Originally designed for X500 access • 2 "incompatible" versions • V2 : first production version. Most used • V3 : all servers now v3 but not all clients • Several server infrastructures possible • Standalone / Distributed • Proprietary / Standard (X500) LDAP Status Report - HEPix - JLab 2000
Issues with Standalone LDAP • No chaining, referrals only in v3 • Popular mail clients like Pine or Netscape < 4.7 are v2 • Knowledge about servers inside the v2 client : difficult to maintain when infrastructure changes • Strong authentication not available • Can be overcome by SSL • No shadowing protocol • Proprietary solutions (incompatible) LDAP Status Report - HEPix - JLab 2000
HEP Specific issues… • HEP is a "virtual" organization • International • No central control • Every organization/lab has national and/or non HEP constraints • Naming constraints • No common root for HEP information tree • Non HEP groups requirements LDAP Status Report - HEPix - JLab 2000
… HEP Specific issues • Windows 2000 • Goal (still) unclear : do we need a unified W2000 infrastructure (forest ?) ? • Do we need to unify with non W2000 use ? • PKI • Still advanced project for HEP • CERN is quite active (Denise) • Interference between GRID and local projects LDAP Status Report - HEPix - JLab 2000
HEP Wide White Pages • Goal : create a "virtual" HEP root • Proposal : create 1 HEP tree per country • Contains aliases to real sites (CERN, IN2P3, …) • Still problems with alias derefencing for some clients (ex: Netscape) • This tree could be an international org but who will maintain it ? • Tested but who is using it ? • Not specific to white pages • Should be possible to extend to every part of the DIT requiring an HEP wide viewing LDAP Status Report - HEPix - JLab 2000
LDAP Coordination Future • HEP CCC / HTASC still advocating the need for an LDAP meeting • Originally planned during this meeting • Project : have an LDAP meeting in March • Discuss all LDAP issues, particularly GRID • Questions remaining • Who is interested ? US interest ? • Should we co-locate with another meeting • Grid ? Hepix ? LDAP Status Report - HEPix - JLab 2000