ESciDoc MPDL LDAP/Single LDAP Server

Single LDAP Server[edit]

• A Single eSciDoc LDAP Server will be installed to support the MPDL productive instances of eSciDoc core services and solutions
• Configuration used as described at LocalDirectoryService, see image below

http://www.openldap.org/doc/admin24/config_local.png

The Client in this case is actually the eSciDoc login form.

Configuration with eSciDoc[edit]

• see Login configuration for eSciDoc- Part: Login via LDAP server

Design checklist[edit]

Directory needs and applications that will use the directory[edit]

• Applications that will use MPDL LDAP
  • escidoc-core services (must have)
  • escidoc-based-solutions (must have)
  • CoNE and evtl. other additional services independent of escidoc-core (must have)

• Oranizational structure to be considered for MPDL-based LDAP

• Geographical location: Institutes (sometimes their departments?) are located throughout Germany and several institutes are outside of Germany
• NIMS (Japan): if it stays with current PubMan repository, additional effort of exchange with NIMS LDAP might be needed

• Performance
  • Latency- refers to the elapsed time between when an application makes an LDAP request and when it receives a response.
  • Throughput- refers to the total sustainable operation load that the directory can handle

• Level of service - expected availability 99,98% (according PubMan expected availability)

Data needs[edit]

• MPDL-eSciDoc LDAP shall cover the following data:
  • Users (People)
    • username
    • email
    • CoNe Person ID (to clarify if in LDAP or in User attributes of eSciDoc) ?
    • Organization
  • Organizations (Institutes, departments)
    • name, id
    • eSciDoc ID
  • Potentially User Groups
    • user group name
    • user group members

Schema[edit]

• Person
  • EduPerson Schema
  • Core attributes to be supported from the EduPerson schema:
    • eduPersonOrgDN-single
      • NOTE: if the value of this attribute should be resolved via OU level privileges in eSciDoc, then the value must be the id of the organizational unit in eSciDoc.
      • shall point to the organization class object. The organization object must contain "o" attribute for Organization name.
    • cn-Common Name, multivalued
      • the Common name (usually the full name of the user). There can be several values, recommended a single value
      • todo: check if multivalues are needed in case of e.g. another script (Japanese)
    • sn-Surname, multivalued
      • the surname of the user. Recommended multiple values if user surname has several components to get best search results.

• • other attributes to be supported
    • eduPersonOrgUnitDN
      • motivation: evtl. user groups based on departments or organizational units
      • should point to the organization class object. In this case, "o" attribute is not required, but "ou" attribute (e.g. name of the department) is required
    • eduPersonPrincipalName
      • motivation: evtl. further implementation of Shibboleth, defines the scope of the user between institutions
      • form: user-name@scope

• Organization
  • EduPerson Schema

• • • Cn (common name),
    • sn (surname, family name)
    • o (name of the organization)

• Design your schema
• Design your namespace
• Design the topology of your directory
• Design your directory replication scheme
• Design your directory for security and privacy

Single core-service, multiple solutions[edit]

Multiple core-services, multiple solutions[edit]