[Date Prev][Date Next]
FW: Greatest value
Thanks, Weston, for the honest feedback. We're working to clarify the
message and I see we still need to do more work. No offense
taken- you have my gratitude.
To answer your first (implied) question:
Connexitor helps administrators efficiently manage access to the resources
their systems provide to users.
In a nutshell, we've developed a collection of commercial-strength secure
LDAP backends (agents) that directly manage the security systems or
databases for a number of different operating systems and
of like OpenLDAP's back-passwd, only we expose the entire security system,
not just the password file. We've also developed an LDAP-based management
and automation system that drives these agents and provides the following
* Person Abstraction- Resource access capabilities and accounts
are related to a person. You always know where someone
has accounts and what they can access. You can also store
your own company-specific information in the person objects.
* Group/Role/Profile (GRP) Abstraction - People can be placed into
various GRPs to set their access capabilities across multiple
* Automation - You can define a set of rules that apply to
individuals or GRPs. These rules are invoked to cause settings
to be made to target security systems and allow or deny access to
* Secure Delegation - You can safely delegate certain capabilities
to others without compromising the security of the systems you
manage. HR staff can safely be allowed to vet employees into the
systems without interrupting you, yet you always know what's going
* Single search into multiple security systems - You can issue a
single LDAP search and look into many different LDAP directories.
This helps you easily and quickly see the current state of those
* LDAP Interface - You can talk to our management layer using LDAP
calls. This helps preserve any investment you may have in your own
* Integration with PAM_LDAP authentication - PAMLDAP works well for
local clusters of machines that are not mission-critical. We can
show you how Connexitor's automation layer can manage the LDAP
directories that serve as a foundation for PAM_LDAP-based
authentication, while simultaneously managing access to mission-
critical systems and applications. When you are ready to move up
to finer-grained access control and improved fault-tolerance you
can switch to our backends with very little effort.
Now to your second question:
How does this solve Matthew Hoskins' problem?
The Connexitor agent that manages UNIX security systems (UnixAuth) can
create accounts using a standard LDAP Add operation. The agent can
automatically assign the next available numeric User ID during the
LDAP Add. So if Matthew uses Connexitor to manage all of his systems,
it becomes a non-issue.
If Matthew doesn't want to use the rest of Connexitor he can install our
UnixAuth agent on any of his UNIX systems that he chooses as the user ID
master, or he can even set up a UnixAuth agent to use a dummy set of
security files. He can then place an LDAP Add request to the agent
to create an account. Querying the agent for that account will return the
ID the agent assigned to that account.
I hope this helps.
> From: email@example.com [mailto:firstname.lastname@example.org]
> Sent: Wednesday, November 22, 2000 6:40 PM
> To: Matthew Hardin
> Cc: openldap-software@OpenLDAP.org
> Subject: RE: Greatest value
> No offense, but your site is one of the more buzzword-laden sites I have
> seen. I have yet to figure out what your software actually does. Care to
> explain, sans market-speak, how it addresses Matthew's problem with LDAP?
> Quoting Matthew Hardin <email@example.com>:
> > Hi Matthew,
> > The function you are asking for is a characteristic of Connexitor's UNIX
> > authorization agent. If you are interested in a directory-based
> > authentication management system that won't have your pager going off at
> > hours, give Connexitor a try.
> > Sincerely,
> > Matthew Hardin
> > Symas Corporation
> > http://www.symas.com
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matthew
> > Hoskins
> > Sent: Wednesday, November 22, 2000 2:43 PM
> > To: openldap-software@OpenLDAP.org
> > Subject: Greatest value
> > This might be off topic, and if it is, I'd be happy to repost in the
> > list.
> > Is there a way to search the directory for a maximum value?
> > Example:
> > My LDAP stores UIDnumbers for users on the UNIX systems we
> > create a new user, I need the next available UID (which is the
> highest UID
> > 1).
> > In a standard sql database, I could just set this value as a
> key and have
> > auto-increment with each new record. Is there a similar
> feature in LDAP,
> > a search filter that will give me the greatest value of an attribute?
> > Thank you for any support. And again, I will be happy to repost in an
> > appropriate place.
> > Matthew Hoskins -- Cisco Certified Network Associate
> > Ponyexpress.net / MagicCablePC / NPGCO
> > Systems Administrator
> This mail sent through IMP: http://horde.org/imp/