Skip to content

Increase in enquiries for migrations from Sun Directory and other directory servers to OpenLDAP

LinuxOpenLDAPOpen SourceSuretec Hi all,

Everyone involved in the directory sector and OpenLDAP has been seeing lots more enquiries to migrate from Sun Directory to OpenLDAP as the future of Sun Directory, now Oracle owns Sun is becoming a concern, as is their new pricing model. We obviously have experience doing this and migration from any other directory server.

If you want to convert your enterprise directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution please do contact us.

Our partners Symas also have a Directory Services Upgrade Program that we can do for you in the UK:

Convert your Enterprise Directory from a proprietary and expensive closed-source supplier to OpenLDAP, a modern, more efficient, and less expensive Open Source software solution. Typically, enterprises dramatically reduce their annual cost converting to OpenLDAP from Sun, Oracle, Netscape, or iPlanet Directory Services products. The workload requires half or less the power and capacity for substantially improved performance. This is a relatively easy transition to make because LDAPv3 is highly standardized and OpenLDAP conforms to the most demanding requirements of the Internet Standards (RFC[?] 4511 and related RFCs)..

Symas Corporation will be glad to consult with your team and offer you a fixed-price, fixed schedule offer for conversion of your Enterprise Directory technology. This service includes:

- A complete evaluation of your present Directory Services servers
- A Detailed plan for implementation of the new technology
- A roadmap for conversion of existing LDAP[?] applications and data feeds
- Conversion of schema definitions
- Access Control conversions/implementation
- Database transfer and clean-up
- OpenLDAP deployment, tuning and configuration
- SSL Certificate Conversion
- Database reload
- Assistance with application testing
- Operational team training (LDAP University)
- One year of standard Gold
- level Symas OpenLDAP technical support


Please do contact us.

Thanks,

Gavin.

OpenLDAP News: openldap-software mailing list, cURL, libcurl, and LDAP

OpenLDAPOpen Source Hi all,

Two bits of important news today:

"For those of you who use libcurl in your own applications, you may be interested to know that I've written a new LDAP[?] implementation for libcurl." - Howard Chu from Symas

and

Shutdown of the OpenLDAP-Software list in favor of the OpenLDAP-Technical list

So when you post to openldap-software@openldap.org don't get scared, nothing has happened to OpenLDAP!

Thanks,

Gavin.

Yubico key has arrived!

AsteriskCatalystJabber/XMPPOpenLDAPOpenSIPSOpen SourcePerlPostgreSQLSquidSuretec It's taken us a while to get round to ordering one of these Yubikeys from Yubico, but they do look great and have lots of documentation via the wiki.

We're going to be testing them via the pam module for SSH access (and of course using pam_ldap).

So, users in LDAP[?] via pam, and a Yubikey, let's see how it goes!

(will be interesting for logging in a SIP handset via Asterisk or FreeSWITCH that needs one too and all the others technologies Suretec use and support (Catalyst, Perl, PostgresSQL, Squid and more....). We'll see....

Monitoring your LDAP directory

OpenLDAPOpen Source Hi all,

Andreas Andersson posted this on the openldap technical list last week about CN=Montior:


My name is Andreas and I want to inform you about a little project I've been working on called CN=Monitor.
It's about monitoring and verifying directory servers with focus on open source LDAP[?] servers. From single installed servers to large scaled deployments.

Its a webbased application where you can:
- Verify availability, compare load and performance between servers
- Collect historical events for long term analysis (and get weekly reports by mail)
- Verify cluster and load balancing functionality
- Query several directories at the same time for data consistancy verification
... and a lot more.

Why the name CN=Monitor. Well.. a lot of the information collected and analyzed is gathered from the CN=Monitor base DN.


Looks very promising!!!

Will keep you posted,

Gavin.

Suretec now have a merchant account!

AsteriskCatalystDojoJabber/XMPPLinuxOpenLDAPOpenSIPSOpen SourcePerlPostgreSQLSquidSuretec It's been a long process, almost 6 weeks, what with the new laws regarding PCI DSS compliance as of the 1st of October 2009, PCI DSS Scans, Business plans, website terms and connditions and many more things we have a merchant account at last!!!

This is mainly for our new Internet Telephony Service Provider called SureVoIP which is currently live with various customers but has no front facing sales and marketing site yet, only the admin and customer portal.

We'll keep you posted with a proper press release in due course.

Thanks,

Gavin.

LDAPCon 2009 Call For Papers

OpenLDAPOpen SourceSuretec The International Conference on LDAP[?] is a technical forum for IT professionals interested in LDAP and related topics like directory servers, directory management applications, directory integration, identity and access management, and meta directories.

It focuses on implementation and integration of LDAP servers and LDAP-enabled client applications. The event will bring together vendors, developers, active and prospective LDAP practitioners to share their experiences about deployment strategies, service operations, interoperability, discuss LDAP usage in new projects and learn about upcoming trends and developments.
Topics

You are involved with LDAP in interesting projects?

- You do LDAP client development?
- You have used LDAP like no-one before?
- You have innovative concepts in LDAP Integration?

Why not share your experiences, good and bad, with others?

We look for speakers who ae willing to talk about:

Continue reading "LDAPCon 2009 Call For Papers"

OpenLDAP Quick Tips: Replication Strategies

OpenLDAPOpen SourceSuretec Hi All,

Here's the 22nd tip in the "OpenLDAP Quick Tips" series:

"You are not sure what type of OpenLDAP replication to use, but you know you need to".

This tip won't actually go into the technical setup (and isn't very quick ;-) ) of the different replication types, we'll leave that for another set of tips. You can always read up on them yourself in the Replication section of the OpenLDAP 2.4 Administrator's Guide. Or if you're coming to the UKUUG's annual Large Installation Systems Administration (LISA) you'll be able to hear Howard Chu and myself give our talks:

- OpenLDAP Replication Strategies - Gavin Henry (Suretec Systems & OpenLDAP project)
- OpenLDAP and MySQL: Bridging the Data Model Divide - Howard Chu (Symas Corp. & OpenLDAP project).

Andrew Findlay (Skills 1st), another respected authority on LDAP[?] will also be giving a talk on Writing Access Control Policies for LDAP.


Anyway, on to the strategies.

Continue reading "OpenLDAP Quick Tips: Replication Strategies"

OpenLDAP Quick Tips: Interacting with LDAP from shell scripts by Vincent van Gelder

OpenLDAPOpen SourceSuretec Hi All,

Here's the 21st tip in the "OpenLDAP Quick Tips" series kindly contributed by Vincent van Gelder.

"You need to carry out LDAP[?] operations using shell scripts".

The following is an example sent in by Vincent van Gelder (you can e-mail your tip to us too):

------------------------
The following script I use when interacting with ldap[?] from shell scripts:


http://members.tripod.com/vgoenka/unixscripts/unldif.sed.txt


Sample script:

CODE:
###################################### #!/bin/bash PHOTO=/tmp/tux.jpg IFS=$'\n' for dn in $(ldapsearch -ZZ -LLL -A -b 'ou=Users,ou=Intranet,o=Company,c=NL' -s one '(&(!(jpegPhoto=*))(objectClass=inetOrgPerson))' jpegPhoto \  | unldif  | grep '^dn' ) do     echo $dn     echo "changetype: modify"     echo "add: jpegPhoto"     echo "jpegPhoto::$(openssl base64 -in $PHOTO | sed 's/^/ /')"     echo done ######################################


The sample script fetches users from ldap whithout a photo and adds a
default photo. Output is a ldif.

It also demonstrates how to add binary attributes from shell using
openssl tool.

The unldif script makes sure the dn is always just one line.

--
Met vriendelijke groet,

Vincent van Gelder
------------------------


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Source vs Symas OpenLDAP

Open SourceSuretec We've just published two comparisons of OpenLDAP source management versus Symas OpenLDAP Packages:

Nothing special, just a quick comparison.

Suretec®

OpenLDAP Quick Tips: Enable in Directory Monitoring

OpenLDAPOpen SourceSuretec Hi All,

Here's the 20th tip in the "OpenLDAP Quick Tips" series:

"You need to obtain information regarding the current state of your slapd instance":

slapd(8) supports an optional LDAP[?] monitoring interface you can use to obtain information regarding the current state of your slapd instance. For instance, the interface allows you to determine how many clients are connected to the server currently. The monitoring information is provided by a specialized backend, the monitor backend. A manual page, slapd-monitor(5) is available.


At the end of your slapd.conf file add:

CODE:
database monitor


and restart.

You'll now be able to query information like the following and use it in your monitoring tools:

CODE:
dn: cn=Total,cn=Connections,cn=Monitor structuralObjectClass: monitorCounterObject monitorCounter: 4 entryDN: cn=Total,cn=Connections,cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: FALSE



Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Encrypt your Oracle Berkeley DB if necessary

OpenLDAPOpen SourceSuretec Hi All,

Here's the 18th tip in the "OpenLDAP Quick Tips" series:

"You need to encrypt the raw bdb files":

This might be useful various reasons:

It may actually provide some value to sites that do regular backups of their raw DB files. It may actually be useful in some cases where you provide an encryption key on separate removable media (e.g. a USB flash drive). It might actually prevent a news article down the road on how some organization lost their 5 million record customer database and now all that unprotected data is now being exploited by criminals.

I doubt it, of course. It exacts a performance penalty on every DB operation, so I don't think anyone will be able to use this long-term. For the off-site backup scenario, it makes more sense to just encrypt the backup images (tar format or whatever backup utility is used). That way you only spend cycles on encryption once, at backup time. Any site that's savvy enough to do automated backups can certainly figure out how to protect those backups with encryption.


Continue reading "OpenLDAP Quick Tips: Encrypt your Oracle Berkeley DB if necessary"

OpenLDAP Quick Tips: Always 'make test'

OpenLDAPOpen SourceSuretec Hi All,

Here's the 17th tip in the "OpenLDAP Quick Tips" series:

"You've successfully built your own instance of OpenLDAP but want to make sure you've done it right":

So, you've grabbed the latest version, compiled it and want to get started straight way, but stop! Hours and hours have been spent writing test scripts for OpenLDAP, so please, please, please run:

CODE:
make test


before

CODE:
su -c "make install"


and save the OpenLDAP Issue Tracking System from getting full with silly reports!

Also, see our installation section of the FAQ.

If this is too much, why not get supported, prepackaged versions of OpenLDAP: Symas™ OpenLDAP™ Directory Services™

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Auditing - who modified what at what times?

OpenLDAPOpen SourceSuretec Hi All,

Here's the 16th tip in the "OpenLDAP Quick Tips" series (as requested by Bronius Motekaitis):

"You want to audit OpenLDAP for changes: who modified what at what times?":

Apart from normal logging via syslog there are two options for this; file based audit logging or LDAP[?] based logging (in directory).

For file based see Audit Logging and related man page slapo-auditlog:

The Audit Logging overlay can be used to record all changes on a given
backend database to a specified log file. Changes are logged as stan-
dard LDIF, with an additional comment header giving the timestamp of
the change and the identity of the user making the change.


For in directory logging see Access Logging and related man page slapo-accesslog:

The Access Logging overlay can be used to record all accesses to a
given backend database on another database. This allows all of the
activity on a given database to be reviewed using arbitrary LDAP
queries, instead of just logging to local flat text files.


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Change loglevels on the fly!

OpenLDAPOpen SourceSuretec Hi All,

Here's the 15th tip in the "OpenLDAP Quick Tips" series:

"You want to change your OpenLDAP loglevel to get more information, but can't take your directory server offline":

If you've been following the OpenLDAP Quick Tips series, you would have already read Switch to the dynamic config backend (cn=config) and will now have a live slapd dynamic backend configured. If not, go back and read it over ;-)
Continue reading "OpenLDAP Quick Tips: Change loglevels on the fly!"

OpenLDAP Quick Tips: OpenLDAP Logfile analysis

OpenLDAPOpen SourceSuretec Hi All,

Here's the 14th tip in the "OpenLDAP Quick Tips" series and today it comes from "Pablo Chamorro":

"You want to analyse your OpenLDAP logfile":

There are various ways to do this yourself by hand, but the have community already done the work for you and written the:

OpenLDAP Logfile analysis utility:

ldap[?]-stats.pl is a Perl program that can be used to analyze and report on OpenLDAP logfiles. The available reports include: operations (e.g., Connect, Bind, Unbind) performed per host, unindexed searches, attributes requested, search filters used, total operations per server, and operation breakdowns by day, hour and month.


A short sample output would look like:
Continue reading "OpenLDAP Quick Tips: OpenLDAP Logfile analysis"
tweetbackcheck