identity

Another nice ForgeRock event

LudoLeave a comment

Yesterday, on the side of the JavaOne and OOW conferences, we had an executive round table with selected partners, customers and future customers. The event started with a 30 minutes speech by Scott McNealy, Sun founder and former CEO, also active supporter of ForgeRock.

Scott touched on the values and benefits of open source software, gave a top 12 reasons why you know your Identity and Access Management solution is not open source and talked briefly about his new company Wayin.

Mike Wilson, VP and CISO at McKesson, presented how McKesson has started to use ForgeRock Open Identity Stack for several projects and the benefits of our solution.

Thanks Scott, Mike and all for your participation.

Meeting ForgeRock during JavaOne / OOW

LudoLeave a comment

If you want to meet ForgeRock and you’re in the San Francisco bay during JavaOne and Oracle Open World, there will be several opportunities to meet some of us: our CEO, our Sales team, some of our developers or myself.

Sunday September 30th:

I will be participating in the JUG Leaders meetings and discussions as well as the GlassFish ones (when schedule allows). Later, you can find me at the GlassFish and Friends Party from 8pm to 10pm at The Thirsty Bear.

Monday October 1st:

JavaOne attendees should be able to see me during the conference. I will be part of a panel discussion on Open Source Identity and Access Management solutions, from 5:30pm to 6:15pm.


Following that, some ForgeRock employees and I will be at the 2nd Annual Solaris Family reunion from 7:00pm to 11:00pm. The event, part of the ZFS Day, is free, but please register here.

 

Tuesday October 2nd:

ForgeRock logoCome and meet the developers and other members of the open source projects supported by ForgeRock. We’re having a Beer Burst party from 5:00pm until 8:30pm at The House of Shields. Please register through eventbrite so that we know how many to expect.

Rest of the week…

Otherwise, throughout the week, I will be most of the time at the JavaOne conference or in the ForgeRock San Francisco offices with the local team. Please send me an email or message me on Twitter (@LudoMP) to arrange a meeting.  I will be leaving California for New York on Monday, October 8th.

I hope to see a large number of people from the OpenDJ, OpenAM or OpenIDM community, other open source projects, ex-coworkers, future customers, and friends during my stay.

ForgeRock Identity…

Ludo1 Comment

ForgeRock logoEach company has its own culture, influenced by leadership, the founders and the employees. I ‘m not trying to describe ForgeRock company’s culture, one has to live it to understand, but being a global company with offices in Oslo (Norway), Bristol (UK), Grenoble (France), San Francisco and Portland (USA), and employees in many other countries such as New Zealand, South Africa, Spain, Belgique, Hungary, etc, is a big part of our identity. Then, there are objects that are building the company’s identity, and you will find them everywhere. At ForgeRock, among other things, we have the “Orange Couch”.

Oslo:

Grenoble:

Portland /Vancouver:

And the home office version in  South Africa:

ForgeRock Cullture elements

Tab Sweep for Friday April 13th

LudoLeave a comment

Another week goes by, and it’s time for another tab sweep.

Syntegrity Networks, one of our major partners in the US, has launched a campaign to encourage their customers to migrate from Sun Directory Server to OpenDJ.

Silverpeas, a Collaborative Platform, built as open source under the GNU Affero license by the eponym company, has been supporting LDAP for authentication and authorization for some time. The documentation for setting up the LDAP domain has been updated using OpenDJ as the recommended server.

ForgeRock OpenIDM capabilities are growing. After getting OpenIDM to work with Activity to provide workflows, the team posted a experimental tutorial to integrate Jasper with OpenIDM to produce nice reports. You can find more of these tutorials in the OpenIDM How To Collection.

Tab sweep, Easter edition, and upcoming events

LudoLeave a comment
cc by http://www.flickr.com/photos/noukorama/

Articles and links

Action Identity has posted a couple of articles about ForgeRock products:

Our friends at ProfiQ have posted an article describing how to use OpenDJ with Red-Hat Certificate System.

While talking about using OpenDJ with LDAP enabled applications, we try to maintain a page on OpenDJ documentation wiki with different tutorials on how to configure OpenDJ client applications.

Upcoming Events

ForgeRock will be present at the European Identity and Cloud Conference (EIC), April 17-20 in Munich.

We will also be participating to Devoxx France, April 18 to 20 in Paris. I will be co-speaking on Thursday 19, 7pm about Open Source in France, and will be available for individual meetings from Thursday morning to Friday end of afternoon. So, if you want to discuss about ForgeRock products or job opportunities, send me a mail, or leave a comment.

In the news…

Ludo1 Comment

I’ve been traveling a little bit last week, visiting a major customer in the UK (helping with their OpenDJ based directory service that has grown from 13 Millions entries to 17 Millions in a about 6 months).

Last week was also a busy week in term of news for ForgeRock. First, we’ve  announced the release of OpenIDM 2.0, a major version of our real-time identity life-cycle management, provisioning and synchronization software product. OpenIDM 2.0 is a new release, but is already running in production at a few happy customers.

ForgeRock and Qubera Solutions have announced a partnership for the delivery of Standard-based Identity Services based on ForgeRock I3 Open Platform. Qubera Solutions offers workshops and migration tools to help former Sun Microsystems customers to move away legacy software solutions.

I’ve also came across a blog post from Martin Sandren, that positions ForgeRock as one of the challengers on the Identity and Access Management market.  It’s an interesting reading and it looks like the previous announcement does start to address some of his concerns.

Martin was not the only one to talk about ForgeRock. Scott Mc Nealy has been nicely advertising about us on Twitter.

And finally, we’re expanding and therefore we’ve published a few job postings on our web site. I’m pretty confident that these are just a few to start with and we will have more, including some in our Grenoble Engineering Center.

Upcoming events

Ludo3 Comments

I’ve been pretty busy at ForgeRock and haven’t found much time to post here. I’ll try to improve in the coming weeks. Meanwhile, I’d like to share a number of events in which I’m participating:

October 10, 11. LDAPCon in Heidelberg, Germany. I have a couple of presentations on the first day, and will be around until the end of the conference. If you want to meet and discuss, drop me a note.

October 26, 27, 28. fOSSA in Lyon, France. I will be attending the 3 days of the conference, presenting on Thursday 27th in the Development track. FOSSa is a free conference, that focuses on open source communities and projects, without any marketing spin. Register now.

November 8th, OpenIDM Summit in Darmstadt, Germany. I won’t be able to attend that summit, but it’s a great opportunity to learn more about ForgeRock open source Identity Management solutions.  Registration is already open, don’t wait !

We’re also working on a one day broader ForgeRock I3 Open Platform event, some time late November. I’ll let you know when it’s finalized, but I will be presenting OpenDJ along with the other ForgeRock product managers.

I hope to see you soon, here or there.

A new release of OpenDJ : 2.4.2

Ludo1 Comment

We’ve just pushed another consolidation release of OpenDJ, the open source Directory services in Java, resolving a number of issues around the External Changelog and multi-master Replication, resulting in a more efficient and more reliable service, especially after network outages.

The full details about the release have been posted in the OpenDJ 2.4.2 Release Notes.

As usual, you can find every thing on the OpenDJ Downloads page:

Enjoy !

Linux and Unix LDAP clients and RFC2307 support

Ludo11 Comments

Quite often when one tries to migrate data from a directory server to another, small differences are discovered that prevent a direct and smooth migration. One of the most common issues when migrating from OpenLDAP or other Linux centric directory server to OpenDJ is around the schema for NIS, or the RFC 2307.

Before we dive into the core of the problem, let’s describe the symptoms:

Part of migrating from one directory to another consist of exporting the data to a common textual format, most likely LDIF, and import it in the new server. If you try to import some data in OpenDJ and it rejects entries as invalid with messages like the one just below, then you’ve just hit a schema issue with RFC 2307.

LDAP: error code 65 – Entry cn=MyGroup,ou=groups,dc=example,dc=com violates the Directory Server schema configuration because it does not include a structural objectclass.  All entries must contain a structural objectclass

Why a schema issue ?

Well, RFC 2307, “An Approach for Using LDAP as a Network Information Service” was published as an experimental RFC in 1998. As Unix vendors started to use it, they found a few issues which were addressed in an internet draft nicknamed rfc2307bis (the latest version can be found here). Solaris and HP-UX started to use this later schema, while Linux sticked to the official RFC.

One of the main difference between the RFC and the internet draft, is the PosixGroup object class definition that was changed from Structural to Auxiliary, hence the failure to import an entry defined with the RFC 2307 schema into a server supporting the rfc2307bis schema.

So what to do if I want to successfully import my data ?

There are 2 options : Fix the data to be compliant with rfc230bis schema or configure OpenDJ schema to be strictly RFC2307 compliant.

Fixing the data is quite simple, but requires basic knowledge of LDIF.

Since in rfc2307bis the posixGroup is Auxiliary, the entries are missing a Structural object class to be valid. The simplest way to fix that is to add the namedObject Structural object class.

dn: cn=MyGroup,ou=Groups,dc=example,dc=com
cn: MyGroup
objectClass: top
objectClass: posixGroup
objectClass: namedObject
gidNumber: 1001
description: My Group
memberUid: 1
memberUid: 10

Make sure you change all group definition and you can now import the data to OpenDJ.

Linux pam_ldap has full support for RFC2307bis. You just need to update the /etc/pam_ldap.conf file with the following line :

nss_schema rfc2307bis

Now, if you prefer to remain strictly compliant with RFC 2307, you need to change the schema of the OpenDJ server. Basically, you just need to stop the server, remove the 04-rfc2307bis.ldif file from the config/schema/ directory (save it in case you need it later) and add in the config/schema/ directory, the 04-rfc2307.ldif file. You can now import the data in OpenDJ.

This 04-rfc2307.ldif file is not part of the current distribution of OpenDJ, but we will add it pretty soon, however not as the default schema.

OpenAM – The Book

Ludo2 Comments

For many years, I’ve been working in collaboration with the Sun access management product team,  as it started working on the Directory Server Access Management Edition (DSAME) product that years later became Sun Access Manager and OpenSSO. And now that I’m at ForgeRock, I have the pleasure to keep working with some members of that team, on OpenAM, the continuation of the OpenSSO open source project.

My knowledge of the product is rather shallow as I’ve worked on several case studies or issues related to customers and LDAP directory servers, but I never had a chance to deploy a service for production use or even extensive testing.

So when I learnt that Packt Publishing was releasing a book on “OpenAM”, writen by Indira Thangasamy, an ex-colleague of mine and manager of the Quality Assurance team, I asked if I could get a copy for review, which Packt kindly agreed to.

I haven’t finished the book yet, as it’s over 250 pages of content, covering all aspects of the OpenAM software, from its history, its components and services, to its integration with Google Apps or SalesForce… But from what I’ve read (about 2/3 of the book), I can say that the book is easy to read and well organized. It helps a beginner to grasp the concepts and starts using the product, thanks to the detailed explanations and diagrams. As the chapters advance and dive into specific technical areas, Indira uses real-world examples and simple code or commands, followed by detailed description to illustrate what OpenAM does or does not, giving a comprehensive picture of the fully featured product.

Some of the features of OpenAM are not covered in the book, like Federation or the most recent Entitlement Services or Secure Token Services. I hope they will be covered in a revised edition or may be another book, as these features are becoming more used and important to enterprise security and access management.

In summary, if you’re about to, or have just started to engage on a project with OpenAM, this book will help you understand the technology and ease your ramping up. But even for the more experienced users of OpenAM, the book contains full of details, tips and example that will save you time and make you more efficient.

You can find the book on Pack-Publishing web site or Amazon.

New releases of OpenAM and OpenDJ !

Ludo7 Comments

It’s the happy hour, with a double release day at ForgeRock.

OpenAM 9.5.2 has just been released, along with the J2EE Agents 3.0.3 and are now available for downloads from ForgeRock. You can find the release details in the Release Notes.

OpenDJ 2.4.1 has also been released today. The patch release can be found on the Downloads page in various forms: Java WebStart Installer, Zip package or SVR4 package. The Release Notes have been posted on the Documentation wiki.

A couple of News feeds for OpenDJ and ForgeRock

LudoLeave a comment

The OpenDJ development team has its own blog now. You will find news, tips and other information about the Open source ldapv3 Directory services in Java.

On the same topic, there is now an aggregator of news feeds related to ForgeRock that has been set and you can read all the news from a single place : http://blogs.forgerock.org/aggregator/