The Symas Blog
Recent Improvements in Apache Fortress REST Delegated Administration
Before the latest changes using the DA checks was more complicated. In addition to the HTTP Basic Auth creds, callers had to pass the administrator’s session in the payload of the request. This made it harder to use and (worse) less secure.
read moreBetter Management for Directory (LDAP) Traffic
Many LDAP Directories have several servers handling requests from many clients. The load on each server varies. Redirecting traffic when a server goes away can be a challenge. There are companies offering “network load balancers.” They are usually pretty...
read moreNew Release: Symas OpenLDAP 2.4.47-2 Available
Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the latest Production Release of Symas OpenLDAP Gold, 2.4.47-2. Current customers, please visit https://downloads.symas.com to download...
read moreNew Release: Symas OpenLDAP 2.4.47-1 Available
Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the latest Production Release of Symas OpenLDAP Gold, 2.4.47-1.
read moreAdding Contextual Information to the RBAC Decision
We don’t have to throw the baby out with the bathwater. RBAC has many good aspects that we’d like to preserve. It’s standards-based, meaning various implementations should interoperate. It works, and is already in place, pretty much everywhere. But we’d like to be able to sprinkle in a bit of context, allowing us to fix the role explosion problem, without breaking its interoperability, or bringing in another implementation, with yet another protocol.
read moreThe Not-So-Bright Future of Directory Services in Red Hat Enterprise Linux
389-ds and Red Hat Directory Server are being touted as Red Hat’s LDAP server solutions on future versions of their OS, but the fine print has some surprises. Click to learn more.
read moreConfiguring Apache Fortress-OpenLDAP for High Availability
This post describes how Apache Fortress and OpenLDAP can be placed into a highly-available configuration. Apache Fortress provides Identity and Access Management APIs over HTTP using either JSON or REST formats. OpenLDAP is where the data is stored and maintained.
read moreYour Facebook Account is Worth 2FA But Your Own Network Isn’t?
50% of networks and websites that aren’t using 2FA are open to shared-password attacks. Is yours one of them? How many of the users in your network use the same password on external sites with questionable security? Ondrej Kuznik offers insight on how OpenLDAP users can implement 2FA today. Click to learn how.
read moreHow-To Guide: Two-Factor Authentication
Passwords, everyone loves to hate them and still, in the era of digital certificates, fingerprints, and voice recognition, we use them on a daily basis and want users to memorize tens of different complex passwords. So they cheat and passwords get reused, written down on a piece of paper, you name it. Not that service providers always get this right either.
read moreWho put ABAC in my RBAC?
Readers know that Attribute-based Access Control (ABAC) is a bit of an obsession with me. It stems from the want to have something like an ABAC system in my little bag of tricks. An authorization engine that scales to everyday usage, without proprietary, bloated or cumbersome baggage to weigh it down.
read moreOpenLDAP for Linux Support from Symas Corporation
Symas corporation to now offer OpenLDAP for Linux Support Packages for any 3rd party distribution. Click to learn more.
read moreLarge University Switches to Symas OpenLDAP, Sees Immediate Success
Through the years that followed, despite university staff turnover and other changes, they have retained Symas to provide “additional brain power,” staff training and software maintenance.
read moreThe Apache Directory Project announces the 8th release of Fortress
The Apache Directory Project announces version 2.0.1 of Apache Fortress Apache Fortress is a computer security access management facility written in Java. Other platforms use the Apache Fortress Rest component. Fortress provides a fine-grained authorization...
read more3 Turn Productions applauds service from Symas
In 2013 the president of Three Turn Productions, Judy Tyrer, reached out to the Symas Corporation for database help as she was preparing to launch her virtual roleplaying game, called Ever, Jane. The support she received then, and now, has been unrivaled. Click to learn how Symas helped her company.
read moreTowards an Attribute-Based Role-Based Access Control System
We’ve all heard the complaint, RBAC doesn’t work. It leads to Role Explosion, defined as an inordinate number of roles in a production environment. Nobody knows who must be assigned to what because there are hundreds if not thousands of them.
read moreHow I Built an Access Management System Using Apache Directory Fortress
Watching application teams struggle implementing access control systems brings me to a talk I gave at ApacheCon a couple of years ago.
read moreHoward Chu Shares What to Expect with OpenLDAP 2.5
Howard Chu is the Chief Technology Officer at Symas, the Chief Architect of the OpenLDAP Project, and an overall amazingly entertaining fiddle player (Google it.) This spring Howard spoke at FLOSS UK about the upcoming release of OpenLDAP 2.5. Tom Yates compiled a nice article summarizing these highlights. Click to read.
read moreOracle Lays off Mission Control Team after Open Sourcing Product
Earlier this week, Slashdot carried a story about Oracle Open Sourcing a product line as an opportunity to let the developers go. This is a story-line we have been watching for years.
read moreA message from our President regarding Red Hat and SuSE removing OpenLDAP from their Linux Distributions
A few weeks ago, one of our strategic partners—a large European government and defense contractor—requested a call to discuss a big concern: the OpenLDAP server was slated to be removed from upcoming releases of Red Hat’s Enterprise Linux distributions.
read moreNew Sheriff in Town
And it don’t need no stinking badges. Yeah, I’m mixing clichés, happens sometimes when coding long hours in a stretch.
read moreProgramming in Python using the py-fortress RBAC APIs
py-fortress implements standards-based RBAC in Python. There have been numerous postings lately here about it.
read moreTesting the py-fortress RBAC0 System
The Command Line Interpreter (CLI) may be used to drive the RBAC System APIs, to test, verify and understand a particular RBAC policy.
read moreUsing the py-fortress Command Line Interpreter
The Command Line Interpreter (CLI) drives the admin and review APIs, allowing ad-hoc RBAC setup and interrogation. More info in the README.
read moreIntroducing a pythonic RBAC API
py-fortress is a Python API implementing Role-Based Access Control level 0 – Core. It’s still pretty new so there’s going to be some rough edges that will need to be smoothed out in the coming weeks.
read more