[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap vs 389

To: openldap-technical@openldap.org
Subject: Re: Openldap vs 389
From: Achilleas Mantzios <achill@matrix.gatewaynet.com>
Date: Wed, 20 Apr 2016 11:56:10 +0300
In-reply-to: <0904ABCE-4467-496B-A0E4-EC083CEAB0DE@symas.com>
References: <mailman.1.1461067201.607.openldap-technical@openldap.org> <0904ABCE-4467-496B-A0E4-EC083CEAB0DE@symas.com>
User-agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0

On 19/04/2016 19:22, Shawn McKinney wrote:

On Apr 19, 2016, at 16:34:27,Achilleas Mantzios wrote:

I admit I haven’t done my homework regarding the standards (the literature is just huge), maybe I was hasty in using the term RBAC above, but anyway what does Fortress/RBAC give out of the box that our solution wouldn’t, I mean you wouldn’t mind giving a very rough overview ?

Not knowing what your solution provides it's not possible for me to give you a comparison and in any case that’s a question for you to decide.

Hello Shawn, nice seeing you again! We had talked back in 2014, but didn't have a chance to move on with our goals back then.
Let me repeat our needs, having to do mostly with SOX compliance :

"
we have an inhouse application running on Java EE, which we have been developing for the last 16 years. We use mostly classic form-based j2ee declarative security. We have been using IBM Lotus Notes Domino Server and its bundled LDAP server, by writing our own login module for Jboss. But lotus's LDAP is of limited potential. Now we need to have the following features :
- support password strength and also communicate relevant error codes/messages back to the calling client (e.g. jboss login module)
- handle correctly while in period of passwd expiration warning (error codes/messages)
- handle correctly after period of passwd expiration, but within the grace limit (error codes/messages)
- support password history (error codes/messages)
- handle correctly after period of passwd expiration, and also after grace limit (error codes/messages)
- account explicitly locked (error codes/messages)
- handle pwdMustChange & pwdReset (error codes/messages)
- account explicitly locked after pwdMaxFailure (error codes/messages)
"


If you want to understand fortress, first understand its apis, there are links to javadoc descs at the bottom of this page:

https://directory.apache.org/fortress/overview.html

If after that you are still interested, checkout the tutorials:

- http://github.com/shawnmckinney/apache-fortress-demo
- http://github.com/shawnmckinney/role-engineering-sample
- http://github.com/shawnmckinney/wicket-sample
- http://github.com/shawnmckinney/fortress-saml-demo

or some of the collateral that is here:

- http://iamfortress.net/2015/06/11/what-is-delegated-administration/
- http://iamfortress.net/2015/03/13/enabling-java-ee-and-fortress-security-inside-an-apache-wicket-web-app/
- http://iamfortress.net/2015/03/05/the-seven-steps-of-role-engineering/
- http://iamfortress.net/2015/02/16/apache-fortress-end-to-end-security-tutorial/
- http://iamfortress.net/2014/11/24/using-role-for-access-control-is-not-rbac/

Thanks, I surely must read those.

Shawn

-- 
Achilleas Mantzios
IT DEV Lead
IT DEPT
Dynacom Tankers Mgmt

References:
- Re: Openldap vs 389
  - From: Shawn McKinney <smckinney@symas.com>

Prev by Date: Re: memberuid value should be DN or RDN or both woks
Next by Date: How to enable search using wildcard characters
Index(es):
- Chronological
- Thread