sun identity management open directory
play

Sun Identity Management & Open Directory Jennifer - PowerPoint PPT Presentation

Jan 01, 2024 •227 likes •555 views

Sun Identity Management & Open Directory Jennifer Walbank/Pascal Grosvenor, LDAP Guru from the server group :) & Berry Mak University of Technology,

  2. Sun ¡Identity ¡ Management ¡& ¡Open ¡ Directory Jennifer ¡Walbank/Pascal ¡Grosvenor, ¡LDAP ¡ Guru ¡from ¡the ¡server ¡group ¡:) ¡& ¡Berry ¡Mak University ¡of ¡Technology, ¡Sydney XW11

  3. Why and how? • Why? • Centralising systems • Desktop Architecture Project • Same sign on • How? • Design • Demonstration • Did we succeed? XW11

  4. Centralising Systems • Only centralise what it makes sense to... • Authentication • Authorisation • Software updating • Proper housing of servers • bandwidth • backup • Providing a robust and sustainable computing environment XW11

  5. Desktop Architecture Project • Project designed for Windows environment • provisioning of the centralised model • no Mac OSX planning • Birth of the MOE (would you believe Mac Operating Environment) - quickly renamed Managed Operating Environment for Mac OSX in September last year. XW11

  6. Same Sign On • Anywhere up to five different passwords depending on what services you had access to • new Email project prompting the opportunity to enable a consistent “UTS” username and password • Birth of Identity Management at UTS XW11

  7. Identity Management • the idea of account creation with a role assigned that enables a user ʼ s access to services automatically, across what had been many incompatible systems. • AD • OD • at the time NDS • LDAP enabled • so why Sun? XW11

  8. Different types of IDM • pre-coded connectors (eg CA and Novell) • require data cleansing at the source • pre-determined logical layout of the underlying systems • Sun or even OpenLDAP • mutable - allows for us to code for each instance as we need it - the scripting matches the data sources as well as the underlying existing layout - we were a train already on the tracks XW11

  9. Current roles at UTS Staff : Accounts for Staff, or contractors in staff positions Students : For any type of student Alumni : *Alumni only receive an email forwarding account, not access to the labs, and cannot use webmail. General : Accounts created for systems, or groups of people (i.e. accounts not for a particular person). XW11

  10. CASS NEO DIRSYNC/ADMINTOOL LDAP OTHER OPEN DIRECTORIES - DIRECTORY ACTIVE, NDS, MASTER ENGINEERING (APPLE) ETC OPEN OPEN OPEN OPEN DIRECTORY DIRECTORY DIRECTORY DIRECTORY REPLICA REPLICA REPLICA REPLICA (BLD1) (K'GAI) (DAB) (BLD10) PROVISION OF MANAGED OPERATING ENVIRONMENT CLIENT CLIENT CLIENT CLIENT

  11. CASS NEO DIRSYNC/ADMINTOOL LDAP OTHER OPEN DIRECTORIES - DIRECTORY ACTIVE, NDS, MASTER ENGINEERING (APPLE) ETC OPEN OPEN OPEN OPEN DIRECTORY DIRECTORY DIRECTORY DIRECTORY REPLICA REPLICA REPLICA REPLICA (BLD1) (K'GAI) (DAB) (BLD10) PROVISION OF MANAGED OPERATING ENVIRONMENT CLIENT CLIENT CLIENT CLIENT

  12. How ¡does ¡it ¡work ¡? XW11

  13. CASS NEO DIRSYNC/ADMINTOOL LDAP OTHER OPEN DIRECTORIES - DIRECTORY ACTIVE, NDS, MASTER ENGINEERING (APPLE) ETC OPEN OPEN OPEN OPEN DIRECTORY DIRECTORY DIRECTORY DIRECTORY REPLICA REPLICA REPLICA REPLICA (BLD1) (K'GAI) (DAB) (BLD10) PROVISION OF MANAGED OPERATING ENVIRONMENT CLIENT CLIENT CLIENT CLIENT

  14. CASS NEO DIRSYNC/ADMINTOOL LDAP

  15. Data Sources Dirsync automatically creates and maintains all accounts. CASS (Student Admin) Neo (HR) Dirsync Admintool Insearch CADS (Switchboard)

  16. Account Lifecycle Typical account states and movements Account Creation Stray Active Extended Expired “Active Until” Deleted

  17. Dirsync • Dirsync is a set of custom written Perl modules and scripts that connects Sun LDAP with all the other systems • Updates from data sources are recorded to Sun LDAP by Dirsync • Dirsync then writes from Sun LDAP to other directory systems (eg. Active Directory, OS X Open Directory) XW11

  18. Admintool • Web-based interface to examine and modify accounts within UTS ʼ authentication and mail systems • Front end to Dirsync • Restricted use - IT staff only XW11

  19. Admintool Menus Account : Email : • Search • Aliases • Details • Vacation • Create • Forwarding • Extend/ Expire • Broadcast • Change Password • Directory Listing • Rename • Lock/ Unlock • Owned Accounts XW11

  20. CASS NEO DIRSYNC/ADMINTOOL LDAP OTHER OPEN DIRECTORIES - DIRECTORY ACTIVE, NDS, MASTER ENGINEERING (APPLE) ETC

  21. Dirsync & Open Directory • Dirsync takes record/ object attributes from Sun LDAP and matches them to corresponding attributes in OD • Most record attributes are added to OD using standard LDAP commands • Main exception - user passwords XW11

  22. OD Password Server • OD stores user passwords in a separate secure database to the OS X server ʼ s LDAP database • Single purpose account and shell script developed to interact with OD password server • Dirsync sends a remote SSH command to ODM to trigger password change in password server database XW11

  23. OD Master security • Secure LDAP (using SSL) for communications between Dirsync and OD master • Login window and SSH access to ODM restricted to only a few accounts • Customised Firewall rules • Physical security XW11

  24. CASS NEO DIRSYNC/ADMINTOOL LDAP OTHER OPEN DIRECTORIES - DIRECTORY ACTIVE, NDS, MASTER ENGINEERING (APPLE) ETC OPEN OPEN OPEN OPEN DIRECTORY DIRECTORY DIRECTORY DIRECTORY REPLICA REPLICA REPLICA REPLICA (BLD1) (K'GAI) (DAB) (BLD10) PROVISION OF MANAGED OPERATING ENVIRONMENT

  25. OD Master and replicas • Five OD replicas distributed across uni - share traffic load, redundancy • OD system uses Apple ʼ s own secured method for replicating data between ODM and replicas • Replicas also have Firewalls configured • OD servers do not run any other services XW11

  26. Authorisation/ Workgroup Mgt • IT managers of each faculty/ area have directory administrator access to OD (but not server admin access to OD master) • Collegial work approach and knowledge sharing • Logs record access, no problems to date :-) XW11

  27. CASS NEO DIRSYNC/ADMINTOOL LDAP ARD/ Deploystudio/ Casper SOFTWARE OTHER OPEN UPDATE DIRECTORIES - DIRECTORY SERVER ACTIVE, NDS, MASTER (APPLE) ENGINEERING (APPLE) ETC NETRESTORE OPEN OPEN OPEN OPEN DIRECTORY DIRECTORY DIRECTORY DIRECTORY REPLICA REPLICA REPLICA REPLICA (BLD1) (K'GAI) (DAB) (BLD10) PROVISION OF MANAGED OPERATING ENVIRONMENT CLIENT CLIENT CLIENT CLIENT

  28. Managed Operating Environment • Apple Netrestore and DeployStudio Server • Centralised Software Update Server - access managed thru Workgroup Manager • Apple Remote Desktop • Working on base SOE for all macs at UTS XW11

  29. Demonstration Much ¡more ¡fun ¡to ¡watch ¡than ¡talk ¡about ¡:) XW11

  30. Is ¡this ¡the ¡end? XW11

  31. Questions ¡??? XW11

Recommend

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity

UCSB Identity and LDAP The central campus directory and authentication system UCSB Identity System UCSBnetID authentication UCSB-wide student and employee info http://www.identity.ucsb.edu/ LDAP Overview Lightweight Directory Access Protocol

604 views • 24 slides
Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase

Identity and Access Management Using Identity Management and Identity Governance to increase Automation and Security. Identity Management (IAM, IdM) defining and managing the roles and access privileges of individual network users, and the

2.89k views • 13 slides
Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity

Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity

Could SCIM become lingua franca of Identity Provisioning (Un)conference on Open Source Identity and Access Management, Vienna 18.02.2020 Peter Gietz, DAASI International Agenda Why Standards in Open Source Short Introduction into SCIM

460 views • 18 slides
Identity management in the European Grid Infrastructure Established solutions, new needs, open

Identity management in the European Grid Infrastructure Established solutions, new needs, open

EGI InSPIRE Identity management in the European Grid Infrastructure Established solutions, new needs, open questions Gergely Sipos Technical Outreach Manager EGI.eu, Amsterdam gergely.sipos@egi.eu Identity Management for research and

452 views • 28 slides
Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software

Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software

Enhancements to FreeIPA Replication Topology Management Jan Pazdziora Sr. Principal Software Engineer Identity Management Special Projects, Red Hat 6 th October 2015 FreeIPA Integration of multiple identity-management tools. directory

352 views • 17 slides
How I Built an Access Management System Using Apache Directory Fortress Shawn McKinney Nov 18,

How I Built an Access Management System Using Apache Directory Fortress Shawn McKinney Nov 18,

How I Built an Access Management System Using Apache Directory Fortress Shawn McKinney Nov 18, 2016 ApacheCon EU, Seville Session Objectives Learn about some access management specifications Take an unflinching look at an open source

1.32k views • 102 slides
Apache Directory Studio A new Open Source LDAP & Directory Tooling Platform Stefan Seelmann

Apache Directory Studio A new Open Source LDAP & Directory Tooling Platform Stefan Seelmann

Apache Directory Studio A new Open Source LDAP & Directory Tooling Platform Stefan Seelmann & Pierre-Arnaud Marcelot seelmann@apache.org pamarcelot@apache.org Apache Directory Studio, a new Open Source LDAP & Directory Tooling

291 views • 18 slides
Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity

Identity Management Scaling Out and Up Jan Pazdziora Principal Software Engineer Identity Management Engineering, Red Hat jpazdziora@redhat.com 15 th October 2014 Identity Users; user groups. Hosts; host groups; services. Identities

700 views • 18 slides
all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering

all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering

Identity, Security and Collaboration, all at once with Azure Active Directory Etan Basseri Senior Program Manager Identity Engineering Microsoft 365 Enterprise Office 365 Windows 10 Enterprise Mobility Enterprise Enterprise + Security

503 views • 7 slides
Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage the objects. Source

438 views • 27 slides
Identity Management with midPoint Radovan Semank FOSDEM, January 2016 Radovan Semank

Identity Management with midPoint Radovan Semank FOSDEM, January 2016 Radovan Semank

Identity Management with midPoint Radovan Semank FOSDEM, January 2016 Radovan Semank Current: Software Architect at Evolveum Architect of Evolveum midPoint Contributor to ConnId and Apache Directory API Past: Sun LDAP and IDM

521 views • 31 slides
Samba as the default directory Rethinking our Identity Infrastructure William Brown Senior

Samba as the default directory Rethinking our Identity Infrastructure William Brown Senior

Samba as the default directory Rethinking our Identity Infrastructure William Brown Senior Software Engineer SUSE Labs Australia ldapwhoami -D CN=William displayName: Firstyear o: SUSE Labs c: Australia st: Queensland

590 views • 32 slides
Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and

Trust, Identity Management and GENI Dr. Ken Klingenstein, Senior Director, Middleware and Security, Internet2 Technologist, University of Colorado at Boulder Topics Internet identity update Technology updates ISOC, IETF Identity,

601 views • 23 slides
Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients &

Agenda Identity & Access management About company midPoint Clients & partners Conclusion Identity management System Requester Users admin Approver Application Application Provisioning system Identity A

826 views • 45 slides
Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team /

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team /

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team / Red Hat, Inc. Directory Services Centralize: management of users management of machines control of security settings configuration management

280 views • 16 slides
Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 Feng Cao

Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 Feng Cao

Response Identity in Session Initiation Protocol draft-cao-sip-response-identity-00 Feng Cao Cullen Jennings 1 Agenda Introduction Scope Requirements SIP Response Identity Overview Open Issues Summary 2

205 views • 9 slides
IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg

IDENTITY MANAGEMENT Presentation at EuroCAMP 2009-05-17 by Roland Hedberg <roland.hedberg@adm.umu.se> Tuesday, May 19, 2009 WHAT IS IDM ? Identity management is the management of the identity life cycle of entities. --- wikipedia

534 views • 26 slides
Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core Coherence Socrates Demetriades and Sangyeun Cho 20 th Interna+onal Symposium On High Performance

782 views • 31 slides
Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll

Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll

Towards an Open Identity Infrastructure with OpenSSO RMLL Nantes July 10 2009 Fulup Ar Foll Master Architect fulup@sun.com 1 1 Towards an Open Identity Infrastructure with OpenSSO OpenSSO Overview > Integration with open source

290 views • 25 slides
Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online

Online Identity & Social Media by: Nicole Santarsiero What is Online Identity? -Online identity management (OIM) - Online personal/business branding also known as personal reputation management -The created presence of a person on the

471 views • 8 slides
Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls, Active Directory is based on standard

557 views • 27 slides
Conceptual Clustering Using Lingo Algorithm: Evaluation on Open Directory Project Data Stanis

Conceptual Clustering Using Lingo Algorithm: Evaluation on Open Directory Project Data Stanis

Conceptual Clustering Using Lingo Algorithm: Evaluation on Open Directory Project Data Stanis law Osi nski Dawid Weiss Institute of Computing Science Pozna n University of Technology May 20th, 2004 Some background: how to evaluate

722 views • 24 slides
How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15

How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15

How to impress your management when you are an Active Directory noob? Vincent LE TOUX 15:15 -> 16:00 #RomHack2019 28th of September 2019 in Rome Whoami Vincent LE TOUX https://www.pingcastle.com / @mysmartlogon Management (Architect,

584 views • 35 slides
Certificate Directory for SIP Cullen Jennings fluffy@cisco.com SIP Security & SMIME SIP

Certificate Directory for SIP Cullen Jennings fluffy@cisco.com SIP Security & SMIME SIP

Certificate Directory for SIP Cullen Jennings fluffy@cisco.com SIP Security & SMIME SIP Security depends on S/MIME with user certificates Encryption of SDP (and keys for SRTP) Refer Identity Request History End to

275 views • 5 slides

More recommend