[Date Prev][Date Next] [Chronological] [Thread] [Top]
FW: Greatest value

To: <openldap-software@OpenLDAP.org>
Subject: FW: Greatest value
From: "Matthew Hardin" <mhardin@symas.com>
Date: Thu, 23 Nov 2000 20:40:56 -0800
Importance: Normal
Thanks, Weston, for the honest feedback. We're working to clarify the
message and I see we still need to do more work. No offense
taken- you have my gratitude.

To answer your first (implied) question:

Connexitor helps administrators efficiently manage access to the resources
their systems provide to users.

In a nutshell, we've developed a collection of commercial-strength secure
LDAP backends (agents) that directly manage the security systems or
databases for a number of different operating systems and
applications. Kind
of like OpenLDAP's back-passwd, only we expose the entire security system,
not just the password file. We've also developed an LDAP-based management
and automation system that drives these agents and provides the following
benefits:

      * Person Abstraction- Resource access capabilities and accounts
        are related to a person. You always know where someone
        has accounts and what they can access. You can also store
        your own company-specific information in the person objects.

      * Group/Role/Profile (GRP) Abstraction - People can be placed into
        various GRPs to set their access capabilities across multiple
        security systems.

      * Automation - You can define a set of rules that apply to
        individuals or GRPs. These rules are invoked to cause settings
        to be made to target security systems and allow or deny access to
        resources.

      * Secure Delegation - You can safely delegate certain capabilities
        to others without compromising the security of the systems you
        manage. HR staff can safely be allowed to vet employees into the
        systems without interrupting you, yet you always know what's going
        on.

      * Single search into multiple security systems - You can issue a
        single LDAP search and look into many different LDAP directories.
        This helps you easily and quickly see the current state of those
        security systems.

      * LDAP Interface - You can talk to our management layer using LDAP
        calls. This helps preserve any investment you may have in your own
        management tools.

      * Integration with PAM_LDAP authentication - PAMLDAP works well for
        local clusters of machines that are not mission-critical. We can
        show you how Connexitor's automation layer can manage the LDAP
        directories that serve as a foundation for PAM_LDAP-based
        authentication, while simultaneously managing access to mission-
        critical systems and applications. When you are ready to move up
        to finer-grained access control and improved fault-tolerance you
        can switch to our backends with very little effort.

Now to your second question:

How does this solve Matthew Hoskins' problem?

The Connexitor agent that manages UNIX security systems (UnixAuth) can
create accounts using a standard LDAP Add operation. The agent can
automatically assign the next available numeric User ID during the
LDAP Add. So if Matthew uses Connexitor to manage all of his systems,
it becomes a non-issue.

If Matthew doesn't want to use the rest of Connexitor he can install our
UnixAuth agent on any of his UNIX systems that he chooses as the user ID
master, or he can even set up a UnixAuth agent to use a dummy set of
security files. He can then place an LDAP Add request to the agent
to create an account. Querying the agent for that account will return the
ID the agent assigned to that account.

I hope this helps.

-Matt
HTTP://www.symas.com
mailto:matth@symas.com

-----Original Message-----
> From: weston@itdonline.net [mailto:weston@itdonline.net]
> Sent: Wednesday, November 22, 2000 6:40 PM
> To: Matthew Hardin
> Cc: openldap-software@OpenLDAP.org
> Subject: RE: Greatest value
>
>
> No offense, but your site is one of the more buzzword-laden sites I have
> ever
> seen. I have yet to figure out what your software actually does. Care to
> explain, sans market-speak, how it addresses Matthew's problem with LDAP?
>
> Quoting Matthew Hardin <mhardin@symas.com>:
>
> > Hi Matthew,
> >
> > The function you are asking for is a characteristic of Connexitor's UNIX
> > authorization agent. If you are interested in a directory-based
> > authentication management system that won't have your pager going off at
> all
> > hours, give Connexitor a try.
> >
> > Sincerely,
> >
> > Matthew Hardin
> > Symas Corporation
> > http://www.symas.com
> >
> >
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matthew
> > Hoskins
> > Sent: Wednesday, November 22, 2000 2:43 PM
> > To: openldap-software@OpenLDAP.org
> > Subject: Greatest value
> >
> >
> > This might be off topic, and if it is, I'd be happy to repost in the
> proper
> > list.
> >
> > Is there a way to search the directory for a maximum value?
> >
> > Example:
> >
> > 	My LDAP stores UIDnumbers for users on the UNIX systems we
> administer.
> To
> > create a new user, I need the next available UID (which is the
> highest UID
> +
> > 1).
> >
> > In a standard sql database, I could just set this value as a
> key and have
> it
> > auto-increment with each new record.  Is there a similar
> feature in LDAP,
> or
> > a search filter that will give me the greatest value of an attribute?
> >
> >
> > Thank you for any support. And again, I will be happy to repost in an
> > appropriate place.
> >
> > Matthew Hoskins -- Cisco Certified Network Associate
> > Ponyexpress.net / MagicCablePC / NPGCO
> > Systems Administrator
> >
> >
> >
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
Prev by Date: Indexing crash
Next by Date: the maximum number of entries
Index(es):
- Chronological
- Thread