LDAP and Shibboleth

Overview

There are two roles ldap and shibboleth-idp which are meant to be used together. In particular the ldap role can be used to deploy a standalone ldap server, but the role is specifically designed to install and configure an LDAP backend to a Shibboleth IDP. Keep this in mind when using these roles.

Furthermore, these playbooks are not intended for arbitrary scope, but for eventual integration into an identity federation at national or regional level. We make no statements on further fitness for use.

Deployment configuration considerations

The ldap and shibboleth roles support CentOS 6.x and Debian 'Squeeze'. Since there is reliance on system packages and defaults such as iptables, ldap, sysvinit, etc, the playbook may also be supported implicitly on other platforms such as Fedora, Ubuntu, etc. Please let us know if you want to test.

In order to deploy the services, you should have at least two machines, with separate IPs (they can be physical or virtual machines) - one for the ldap server and one for the IdP.

Minimum resource requirements

The services make minimal resource demands, so the machines can have similarly light specs:

10 GB hard drive
1 CPU core
1 GB RAM

for more information on what's going on, see the ROC webpage.

Quick Links

Monthly Ops Meetings
Site TODO lists
Campaigns
- CoreFailOver
- Accounting
- Argus
- CMVFS
Site Hardware
Playbooks
- LDAP-backed Shibboleth Identity Provider
- Liferay/SAGA based Science Gateway
Situation Reports
- Identity Situation Reports

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LDAP and Shibboleth

Overview

Deployment configuration considerations

Minimum resource requirements

Clone this wiki locally