LDAP Status Report

1
LDAP Status Report

• Michel Jouvin
• LAL / IN2P3
• jouvin_at_lal.in2p3.fr

2
Outlines

• LDAP coordination group goals
• LDAP different usage
• LDAP general and HEP specific issues
• LDAP coordination future

3
LDAP Coordination Group

• Unofficial group formed at Zeuten
• Arnaud Taddei and me as leaders
• Goals
• LDAP white pages deployment coordination
• Capitalize on IN2P3 / CERN experience
• A lot of work has been done but
• Arnaud left CERN in September
• Hélène Jamet (IN2P3) is leaving IN2P3

4
LDAP Is Everywhere...

• White Pages service
• LDAP has emerged as the technology of choice
• All email clients LDAP capable
• Windows 2000 AD is based on LDAP
• Resources management relies on ActiveDirectory

5
LDAP Is Everywhere

• Public Key Infrastructure (PKI)
• Required by all the certificate/public key based
  security protocols
• LDAP is a strong candidate for certificate
  distribution
• GRID uses LDAP as a core technology
• Security relies on certificates
• Metadirectory used for resources location

6
What is LDAP ?

• An access protocol
• Originally designed for X500 access
• 2 "incompatible" versions
• V2 first production version. Most used
• V3 all servers now v3 but not all clients
• Several server infrastructures possible
• Standalone / Distributed
• Proprietary / Standard (X500)

7
Issues with Standalone LDAP

• No chaining, referrals only in v3
• Popular mail clients like Pine or Netscape lt 4.7
  are v2
• Knowledge about servers inside the v2 client
  difficult to maintain when infrastructure changes
• Strong authentication not available
• Can be overcome by SSL
• No shadowing protocol
• Proprietary solutions (incompatible)

8
HEP Specific issues

• HEP is a "virtual" organization
• International
• No central control
• Every organization/lab has national and/or non
  HEP constraints
• Naming constraints
• No common root for HEP information tree
• Non HEP groups requirements

9
HEP Specific issues

• Windows 2000
• Goal (still) unclear do we need a unified W2000
  infrastructure (forest ?) ?
• Do we need to unify with non W2000 use ?
• PKI
• Still advanced project for HEP
• CERN is quite active (Denise)
• Interference between GRID and local projects

10
HEP Wide White Pages

• Goal create a "virtual" HEP root
• Proposal create 1 HEP tree per country
• Contains aliases to real sites (CERN, IN2P3, )
• Still problems with alias derefencing for some
  clients (ex Netscape)
• This tree could be an international org but who
  will maintain it ?
• Tested but who is using it ?
• Not specific to white pages
• Should be possible to extend to every part of the
  DIT requiring an HEP wide viewing

11
LDAP Coordination Future

• HEP CCC / HTASC still advocating the need for an
  LDAP meeting
• Originally planned during this meeting
• Project have an LDAP meeting in March
• Discuss all LDAP issues, particularly GRID
• Questions remaining
• Who is interested ? US interest ?
• Should we co-locate with another meeting
• Grid ? Hepix ?