.

The Symas Blog

Apache Fortress SAML Demo

Overview The aim of this tutorial is to connect Apache Fortress with Spring Security SAML and a common Identity Provider – SSO Circle.com. It’s not intended to highlight all of the possible locations in code where security checks may be applied.  For that take a look...

read more

Understanding LMDB Database File Sizes and Memory Utilization

The Lightning Memory-mapped Database (LMDB) is designed around the virtual memory facilities found in modern operating systems, Multi-version Concurrency Control (MVCC), and Single-Level Store (SLS) concepts. This design is quite different than those of more traditional databases and, in operation, it can mimic behaviors that system administrators have been trained to recognize as signs of trouble. With LMDB, though, the behaviors are normal, but nonetheless this leads to the following questions:

read more

ApacheDS & Fortress QUICKSTART

As engineers, we are often encouraged to use the right tool for the job. Maybe that is because we tend to grow too attached to the familiar. When we’ve got a hammer, everything looks like a nail.

read more

Apache Fortress 1.0-RC42 Released

Announced just this week: Apache Fortress 1.0-RC42 released. What, is this some kind of joke? Why would a project go thru 42 iterations of release candidates just for a 1.0 designation? No joke here unless you find our efforts to create a simple, useful and robust access management solution funny. Before that 1.0 label gets used, we’re going to make sure it’s deserving.

read more

DROWN Vulnerability with Remediation

Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.

read more

The Sad State of C Strings

Character strings are an essential component of any programming language, but C Strings were a bit unusual in not defining an explicit string type. The C standard specifies some standard library functions for operating on C strings, which gives them a de-facto type and standard methods, but the standard library functions were horrible when first invented in the 1970s, and nothing sane has replaced them yet. In honor of the Chinese Lunar New Year, and the 30th anniversary of this rant, I delve once more into these problems.

read more

Anticipating the Future With LMDB

As we've noted before, LMDB was designed to be a data storage solution for both today and especially for tomorrow, not to keep warming over yesterday's problems today. That's why our focus from the beginning was on Solid State storage. While still considered too risky...

read more

Announcement: New Symas Download Site

A new download site is available for our products: https://symas.com/downloads What's new? Better organization and navigation We have redesigned the download page to make what you're looking for faster and easier.  Downloads are clearly organized by product, edition,...

read more

Carrier-Grade Stability and Performance

Early last year our client Acision ran a torture test on Symas OpenLDAP as part of acceptance testing for their telco offerings. These tests were performed on a directory consisting of one master replicating to two consumers, and included a number of crash/recovery tests as well as performance measurements. The short summary of the results: after two weeks of continuous testing, no problems.

read more

How Joshua Tree and Symas Joined Forces

when Shawn McKinney was the security architect at a major financial services company, he developed an efficient RBAC security solution which, when paired with the cost-effective functionality of OpenLDAP, exceeded expectations.

read more

Thoughts on Translucency

Our EMC Partner’s Senior Architect has been out preaching the magic of translucency. When I mention that to folks, I get kind of a technical blank-stare. I guess its magic is too subtle to be obvious.

read more

Getting Down and Dirty with LMDB: Q&A with Symas Corporation’s Howard Chu About Symas’s Lightning Memory-Mapped Database

Howard Chu, the Chief Architect for the OpenLDAP Project and CTO of Symas Corporation, discusses Symas’s Lightning Memory-Mapped Database (LMDB), the memory-mapped database that was developed and contributed to the OpenLDAP Project by Symas. In this interview we discuss the nitty gritty of the database and why it’s “not just another new database”.

read more

This is Not Your Father’s Directory Server

In the mid 1990s I was working on a project to develop a large-scale user and access management system. Because this system had to be able to scale to large numbers of users, it seemed a good idea to use an X.500 directory to store the user data.

read more

RBAC and ABAC

Symas Corporation recently merged with Joshua Tree Software, developers of the Fortress Role-Based Access Control (RBAC) Open Source Software suite. Fortress is based on OpenLDAP and has been shown to work well with Apache Directory Server (ApacheDS) as well. Fortress is the only production-ready implementation of the ANSI INCITS 359-2004 RBAC Standard available today.

read more

Is LMDB a LevelDB Killer?

Was pointed at this blog post via twitter about LevelDB, and decided to write a more complete response here. (Sorry, it’s just really hard to carry on a deep discussion or analysis only 140 characters at a time.)

read more