|
LDAP deployment in Polish academic network
Directory services deployment - short history
Directory services in the Polish academic community
started in 1992 by joining the X.500 Paradise project.
Thanks to regular financial support from the Polish State Committee for
Scientific Research, by 1996 we had 11 servers which covered the main
university centers in Poland.
The popularity of the X.500 service has grown significantly after
we developed the Polish X.500-LDAP-HTTP gateway. This user interface
based on the web500gw from the Technical University in
Chemnitz, was extensively modified to support Polish language specifics.
The Polish directory service, as a part of the international service,
had to comply with the general service rules, while at the same time a
Polish user was to be given a Polish-only presentation of data, including
correct accented spelling. The design and solution were quite unique within the
Paradise project [1]. The implementation avoided changes in the core X.500 software.
Instead the directory schema was extended to represent Polish data in
the directory and new object classes and attributes to keep Polish
versions of names were introduced. The Polish gateway was build
first for user access, then the version for data administration was prepared.
The directory was also used as the base infrastructure in another project,
which goal was the support for PGP certificates.
Since 1997 no more funding was available and the Polish directory,
intended mainly to maintain data about organizations,
organizational units and people, lost attractiveness because the
information was becoming stale step by step.
After the new privacy law was
introduced in Poland in 1997 legal problems emerged and some servers
were closed. Now we have only seven X.500 servers in the Polish academic
community, most of them are running LDAP service as well to support the
front-end for X.500 service and to provide popular LDAP based interfaces.
New challenges
Currently many modern network applications use directory services as
the middleware to support easy access to different kinds of information
which is indispensable or useful for network programs.
The directory service is still one of the best solutions as the white pages
service, maintaining the
information about the organizational structure and people.
Approaches based on LDAP are more and more popular and there is the free
software implementing this protocol, while the last open
implementation of the X.500 standard came from 1992.
Polish academic network community is strongly
interested in migration from X.500 to LDAP.
Our X.500 experience is quite extensive and we hope to switch the
directory service to LDAP shortly.
LDAP services in the new Polish PIONIER program
In Poland a project PIONIER has started,
which goal is to develop advanced optical network
infrastructure and advanced network applications, e.g. grid services, digital
libraries, remote teaching applications, group work applications and so on. There
is full conviction that all these applications cannot exist
without the middleware. In summer 2001
a consortium for this work was set up. Four academic institutions
become involved: Poznan Supercomputing and Networking Centre, Wroclaw
Technical University, NASK from Warsaw (the former academic network
organization, now an Internet provider) and
Nicholas Copernicus University,
Torun (NCU). NCU coordinates all activities, as it was in
the X.500 project. In December 2001 the
LDAP deployment proposal was successfully evaluated by
the State Committee for Scientific
Research, which means that there is additional financial support.
The Polish LDAP objectives
The Polish LDAP project consists of a large number of tasks, e.g.:
- schema adaptation to support majority of
current and planned needs,
- designing of the global directory service in the Polish academic community,
- LDAP gateway deployment to give a comfortable access to white pages
service,
- integration of LDAP with network applications,
- integration of the Polish LDAP directory with global, pan-European service
At the very beginning of our LDAP project we
have to decide how to represent the Polish academic world directory information
tree. Besides the organizational tree used in the X.500 project
(X.521 naming schema), a domain tree
(DC naming schema) is needed. As was said, in the Polish X.500 service
a few local schema extensions were used
to support language specific descriptions. The distinguished
names of entries in the Polish X.500 subtree are stripped of Polish accents. To facilitate
Polish names resolution each entry has the single-valued
PolishRDN attribute. This solution is not effective, because we have to read all
the entries above the given entry to build the full Polish distinguished name.
It was
the reason for adding a special cache to our web gateway. LDAP supports usage
of language specific values of
attributes and Polish sub-types of attributes can be introduced now.
Thanks to such a functionality all inconveniences of the
approach used in the X.500 project can be probably overcome now.
Another problem of the white pages service are legal issues. A special
expert opinion is planned at the very beginning of the project.
After that a set of regulations for the Polish directory service will be set.
The directory database has to use various access control lists to
fine-grain access to particular data.
The main work of the project is focused on integration of LDAP with
most popular network applications.
The overall goal is to simplify access to network services, network devices,
to support users authentication and authorization, to automate the
process of gathering various statistics, to support portals and single sign-on systems.
The cooperation with work groups developing GRID systems is planned
and the global directory system will include the components needed to support
distributed computing.
The full integration of the Polish LDAP directory service with European LDAP
activities is planned, especially within the frame of TERENA work group and
The NameFLOW Index Exchange service provided by Dante.
Another goal of the project is to collect procedures, guides, recipes,
documents and build Web sites which will be helpful for new users: new
sites joining the LDAP service and passive clients interested only in using
LDAP resources.
The LDAP project started officially in December 2001 and will be finished
by the end of August 2003.
In the meantime we plan to deploy Public Key Infrastructure environment
in the academic community as well as to integrate and adapt LDAP activities to PKI
requirements and needs. In summer 2001 an IST project
NASTEC was started.
One of the LDAP project participants, the Wroclaw Technical University
is a principal contractor there.
Our PKI deployment proposal is ready. It is oriented not only into
building the trusted environment to issue certificates for the academic
world. The different aspects of PKI integration with modern network
applications will be also investigated.
The proposal is now waiting for an evaluation by
the State Committee for Scientific Research.
[1] M. Gorecka, T. Wolniewicz, Use of national languages in X.500 Directory,
the CEN/TC304 workshop on Providing Multilingual Support in Middleware,
Bled 11-12 November 1996.
|
|
