Copy:
- users' folders
- root's folder
- /usr/local/apache-tomcat-5.5.23
- /usr/local/shibboleth-idp
- /usr/java/jdk1.5.0_11
- /var/www/http/*
- /etc/httpd/conf/
- /etc/httpd/conf.d/shib-idp.conf
- /etc/httpd/conf.d/ssl.conf
- /etc/httpd/conf.d/redirectToHTTPS.conf
Command:
- ln -s /usr/local/apache-tomcat-5.5.23 tomcat
- ln -s /usr/java/jdk1.5.0_11 java
Add into /etc/httpd/conf.d/proxy_ajp.conf
- ProxyPassReverse /shibboleth-idp/ ajp://localhost:8009/shibboleth-idp/
- ProxyPass /shibboleth-idp/ ajp://localhost:8009/shibboleth-idp/
Install LDAP:
- compat-openldap.i386
- openldap-clients.i386
- openldap-servers.i386
- openldap-servers-sql.i386
Copy LDAP Database:
- slapcat > idp.ldiff # old idp
- slapadd -v -l idp.ldiss # new idp
- start ldap
Edit shib-idp.conf:
AuthType Basic
AuthName "BeSTGRID Identity Provider"
AuthLDAPBindDN cn=shibboleth,dc=idp,dc=bestgrid,dc=org
AuthLDAPBindPassword "password"
AuthLDAPURL "ldap://idp.bestgrid.org:389/ou=people,dc=idp,dc=bestgrid,dc=org?cn"
AuthBasicProvider ldap
require valid-user
Require ldap-filter objectClass=*
AuthzLDAPAuthoritative on
Start/restart httpd:
Start Tomcat:
- /etc/init.d/tomcat stop
- /etc/init.d/tomcat start
Test:
- login from www.bestgrid.org
Cron Jobs
- /etc/cron.hourly/idp-aaL1-metadata
- /etc/cron.hourly/idp-bestgrid-test-metadata
No comments:
Post a Comment