Wow, it seems that we got a hit yesterday with our Directory Server 6 tricks and tips presentation.
At least, this is what I can feel by reading this, this, this, this and this.
Thanks guys for the nice comments.
Technorati Tags: directory-server, ldap, Sun, suncec2007
I’m done with the “work” part of the CEC. Earlier this afternoon, Terry and I did our presentation on Directory Server 6, doing a deep dive into the database and explaining some tips for tuning and benchmarking DS.
Here’s a picture of the attendees captivated by Terry’s part.
If you had questions you couldn’t ask, don’t hesitate to drop Terry or me an email.
And thanks to all the attendees and especially the ones that came to say hi or ask further questions at the end of the hour.
Technorati Tags: directory-server, suncec2007
I’m done with the “work” part of the CEC. Earlier this afternoon, Terry and I did our presentation on Directory Server 6, doing a deep dive into the database and explaining some tips for tuning and benchmarking DS.
Here’s a picture of the attendees captivated by Terry’s part.
If you had questions you couldn’t ask, don’t hesitate to drop Terry or me an email.
And thanks to all the attendees and especially the ones that came to say hi or ask further questions at the end of the hour.
Technorati Tags: directory-server, suncec2007
Caught in action, Terry Gardner also known as mister Wiki, blogging live from Las Vegas at Sun CEC 2007.
Technorati Tags: suncec2007
Caught in action, Terry Gardner also known as mister Wiki, blogging live from Las Vegas at Sun CEC 2007.
Technorati Tags: suncec2007
The show started early this morning with the general session featuring Dan Berg, Hal Stern, James Batty, Marc Tremblay, Andy Bechtolsheim…
Later doing the day, I attended the presentation by Fulup Ar Foll on the subject the Identity savvy Web 2.0. And I watched Glynn Foster demonstrating OpenSolaris and project Indiana.
Technorati Tags: suncec2007
It was quite a long trip yesterday from Grenoble to Las Vegas, through Paris and Newark. Being trapped in planes the whole day was not so much fun, especially as the entertainment system in the transatlantic flight was out of service (although we -I and the other 30 other Sun French employees heading to Sun CEC- are a 2 minutes of entertainment as we watched Linux booting the system). But not being able to support the French Rugby team in their quarter-final against New Zealand was harder. We got the half-time score (3 -13) via SMS during the Newark stop. And when we landed in Las Vegas, many phones started to bip as the SMS announcing the victory of the French team could finally reached us. France had won 20 to 18. And I am proud to see the French flag floating here on the front of the Paris Las Vegas hotel .
Technorati Tags: France, rugby, worldcup, Sun, suncec2007
Marcos Ares, an ex-Directory Server developer, just posted an good and detailed example showing that tuning the filesystem where the Directory Server database resides is absolutely essential for performances.
Nice work Marcos.
Technorati Tags: directory-server, ldap, Sun
I’m heading tomorrow to Las Vegas for the Sun Customer Engineering Conference where I will be presenting with my esteemed colleague Terry Sigle some Directory Server 6 tricks and tips.
This will be my first visit to Las Vegas. The one thing that is already packed beside the presentation materials is my camera.
Technorati Tags: directory-server, suncec2007, Sun
Boleslaw Dawidowicz posted a very detailed and well illustrated step by step guide on how to configure JBoss Portal with OpenSSO and OpenDS.
Awesome !
Technorati Tags: directory-server, ldap, opends, JBoss, opensso, Sun
As Mark already pointed out, Directory Server 5.2 patch 6 is now available either as a full partial download from the Directory Server Enterprise Edition Download page, or in the form of patches from Sun Solve.
5.2patch6
115610-25 – AS Solaris Sparc Native
115614-28 – DS Solaris Sparc Native
115611-25 – AS Solaris X86 Native
115615-28 – DS Solaris X86 Native
118079-12 – AS Linux Native
118080-13 – DS Linux Native
121392-04 – DS MSI Windows
121529-03 – AS MSI Windows
121393-03 – DS HPUX Native
121515-03 – AS HPUX Native
117665-05 – Solaris SPARC ZIP
117666-05 – Solaris X86 ZIP
117667-05 – Windows ZIP
117668-05 – Linux ZIP
117669-05 – HPUX ZIP
117670-05 – >AIX ZIP
Release notes :
Patch6 Release Notes
Update on October 1st 2007: I stand corrected, DS5.2patch6 is only available as a patch. On the download page, there is also a link to the most recent FULL package on which to apply the patches.
Technorati Tags: directory-server, java-enterprise-system, ldap, Sun
Sun Java System Directory Server Enterprise Edition 6.2 has been released with Sun Java Enterprise System 5 Update 1 about two weeks ago.
Now the full install and the Zip archives can be downloaded from the DSEE Download page.
On a side note, it has been reported a couple of times, that Directory Server failed to restart after installing the 6.2 patch. It seems that it is linked with a specific hot-fix being applied to the Directory Server binaries prior to install 6.2 patch. If you have applied a hot-fix to DS 6 and want to install DS 6.2 patches, make sure that in the /opt/SUNWdsee/ds6/lib and /opt/SUNWdsee/ds6/lib/sparcv9 directories, the libslapd.so is a symbolic link to libslapd.so.1 (and the later is in fact the real dynamic library).
Enjoy !
Technorati Tags: directory-proxy-server, directory-server, java-enterprise-system, ldap, Sun
Sun Java System Directory Server has supported for many years the ability to hash the userPassword attribute with the crypt(3C) algorithm.
But the crypt function has evolved from the basic standard Unix crypt algorithm (which truncates password to 8 characters) to support MD5, Blowfish and other stronger algorithms.
Until Directory Server 6.1, there was very limited support for those algorithms (it happened that a password hashed with MD5 – outside DS – could be used for authentication, but the server itself would never hash a password this way).
Starting with Directory Server 6.1, there is now a way to tune the CRYPT password storage plugin to specify which crypt algorithm to use, and on Solaris only, it is even possible to delegate the choice of algorithm to the OS via the /etc/security/policy.conf (and the CRYPT_DEFAULT directive).
The way to configure with algorithm is used by the crypt library when hashing a userPassword to store in Directory Server is to add an argument to the "CRYPT password storage" plugin configuration entry.
# dsconf set-plugin-prop CRYPT argument:<Pattern>
where <Pattern> is a choice of (but not limited to):
%.2s – Default unix crypt algorithm (and the default
when no argument is defined)
$1$%.8s – bsd md5
$2a$04$%.22s – Blowfish
$md5$%.8s$ – Sun md5
If <Pattern> maps to an algorithm that is not supported by the OS (for example $2$, old variants of blowfish), then a warning message is logged and the hash will be done using the default Unix algorithm
This guarantee that the password is always hashed even if the configured salt does not match an existing algorithm.
On Solaris only, a special value of "auto" is allowed to specify that CRYPT will use the system’s default mechanism, as configured in /etc/security/policy.conf
Notes:
Example:
> dsconf set-plugin-prop -p 1389 CRYPT ‘argument=$md5$%.8s$’
Enter "cn=Directory Manager" password:
Directory Server must be restarted for changes to take effect.
> dsadm restart /local/demo/ds
> dsconf get-plugin-prop -p 1389 CRYPT
Enter "cn=Directory Manager" password:
argument : $md5$%.8s$
depends-on-named :
depends-on-type :
desc : Unix crypt algorithm (CRYPT)
enabled : on
feature : crypt-password-storage-scheme
init-func : crypt_pwd_storage_scheme_init
lib-path : /opt/SUNWdsee/ds6/lib/pwdstorage-plugin.so
type : pwdstoragescheme
vendor : Sun Microsystems, Inc.
version : 6.2
>
Technorati Tags: directory-server, java-enterprise-system, security
While on the same subject of the interaction between Glassfish and directory servers, Trey Drake posted a few months ago details on how to integrate OpenDS and Glassfish for authentication and authorization.
But there are other ways to leverage OpenDS and Glassfish. As OpenDS is a pure Java application, it can be embedded in other Java application or web application, running in the same JVM. And with its built-in multi-master replication, OpenDS can provide high-availability for users and groups within a cluster of Sun Java System Application Servers.
Technorati Tags: directory-server, glassfish, glassfishv2, java-enterprise-system, ldap, opends
Ludo Sketches 