Skip to content

"A Common Weakness in all Identity Management Products", but not OpenLDAP

OpenLDAPSuretec A few comments on A Common Weakness in all Identity Management Products:

Consider for a moment, how many Fortune enterprises have Active Directory in a production environment. Out of the Fortune 500, Sun is the only hold out. You would think that if Active Directory were so pervasively implemented that software vendors would want to deeply integrate with it, but nothing could be further from the truth.

I would disagree. OpenLDAP is right up there, in fact most enterprises don't use AD[?] for true Directory requirements. Speak to Suretec and Symas for more information.

I would urge the author to read the ADAM[?] vs. LDAP[?] White Paper, an evaluation of Microsoft's ADAM to LDAP, written by our friends and partners Symas

There are several directory services products available in the marketplace including Active Directory Application Mode (ADAM[?]), Sun One Directory Server, OpenLDAP, and Oracle OID. Do you think that the identity management products from Sun, BMC and Oracle support all of them? Do you think that bloggers from these companies will share their roadmaps or will hide deficiencies?

The OpenLDAP Project shares everything and can integrate with all of them. Some are even based on OpenLDAP...

Within the Active Directory product family there is an intriguing product called ADAM which provides high quality but cheap directory services capabilities within an enterprise setting. An enterprise deploying this product can setup multiple instances of directory services to be used within an application specific context while keeping the security aspects centralized.

Again, I would urge the author to read the ADAM vs. LDAP[?] White Paper, an evaluation of Microsoft's ADAM to LDAP. It will open your eyes.....

One specific feature that every security person would want to take advantage of is the notion of bind redirection. The idea behind this says that you can connect to an instance of ADAM and perform normal LDAP queries but when it comes to authentication, you are in essence redirected to a domain controller.

OpenLDAP has been able to proxy authentication for years (about 8 years).

The usage scenario says that attributes such as my preferences for food at the company picnic would be stored in ADAM while my password would be stored in AD[?]. In today's tools, there is no good way of specifying interoperability with any of the identity management tools. Hopefully, the likes of Pat Patterson, Jeff Bohren, Nishant Kaushik, Gerry Gebel, Jackson Shaw and Bob Blakely will start having a public conversation on how to gain interoperability in the world of identity management.

Whose tools?


The Suretec Blog on : In reply to "A common weakness in OpenLDAP"

Show preview
This was posted in reply to our post A Common Weakness in all Identity Management Products", but not OpenLDAP: It is interesting to see how a thread on how identity provisioning tools and their lack of true interoperability with Active Directory gets


Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
Form options

Warning: Use of undefined constant CHARSET_NATIVE - assumed 'CHARSET_NATIVE' (this will throw an Error in a future version of PHP) in /home/suretecsystems/www/blog/ on line 182