OpenDS Enterprise Directory Services

1
OpenDS Enterprise Directory Services Trey
Drake AssetWorld 2007 Albuquerque, New Mexico
November 2007
2
Directory Services OpenDS

• What
• Why
• How

3
Look Familiar?

• Where are my users?
• Weak passwords?
• Users come and go
• I want single sign on!
• Who owns enterprise identity?
• Sarbanes?! - who, what, when, where?

4
What
5
Directory Service

• Stores organizes users network resources
• Secure
• High speed
• HA
• Replication
• Wired into apps, os, email, routers
• Upstack services

6
(No Transcript)
7
(No Transcript)
8
(No Transcript)
9
LDAP

• Standards, Standards, Standards
• Started 1993
• IETF (OpenLDAP, Sun, Novell, others)?
• OpenDS, OpenLDAP, Novell, AD, OID
• Network protocol
• Distributed

10
OpenDS

• Complete directory service
• Community effort
• FOSS - CDDL
• Bootstrapped by Sun
• Progress update since 11/06 - remember?

11
Fast Facts Here Today

• Rich password policy
• All platforms
• Easy install
• Manageable
• Extend everywhere
• Embedded option
• Replication

12
Fast Facts What's Missing

• No console
• No commercial support
• No virtual
• No proxy
• No transactions

13
On to the why...
14
Look Familiar (Again)?

• Where are my users?
• Weak passwords?
• Users come and go
• I want single sign on!
• Who owns enterprise identity?
• Sarbanes?!
• Who, what, when, where?

15
Data Consolidation

• De-fragment users and policies
• Secure, global view
• Simple, well known
• Extensible, roll your own person
• Preferred repository for provisioning systems
• Pillar for single sign on

16
Where are your users resources?
Linux
/etc/passwd
FMAX
Home grown
Peoplesoft
Active Directory
17
Where they should be
SSO
NIS
oany.edu
oucontractors
oufaculty
oustudents
FMAX
oustaff
oudevices
PSFT
Foo
18
Password Policy

• Simple idea, difficult to implement
• Spec outlines the solution
• strength
• tries
• login windows
• etc
• OpenDS implements the solution
• Applications and controls

19
(No Transcript)
20
User Provisioning

• Onboarding - establishing access
• Offboarding - terminating access
• Confident?
• Re-establishing access

21
User Silos
Portal
HR
FMAX
LDAP
Oracle
App DB
22
User provisioning

• Centralized user store infinitely easier
• Even so
• Barren FOSS landscape - Identyx
• Commercial Sun IDM
• Roll your own

23
Single Sign On

• Centralize access management
• Seamless to end user
• Manageable enterprise SSO requires a consolidated
  view
• Most SSO rely on LDAP
• Requires high performance repository
• Single SSO, single repository
• OpenSSO OpenDS

24
Identity Ownership

• Who owns enterprise identity?
• Centralized and federated directories
• Apps requiring directory writes
• Isolating directories
• Crossing regulatory boundaries
• OpenDS replication

25
Identity Ownership
Portal, Blogs
Linux, Windows
FMAX
Enterprise
local
26
(No Transcript)
27
Sarbanes

• Secure channels
• Centralized users and policy
• Password policy
• AAA - Auditing

28
OpenDS Sarbanes

• Secure LDAP Supports StartTLS and SSL
• Centralized users and policy
• Extensive password policy via controls
• Full, high performance activity logging

29
Other Directories

• Active Directory
• Sun DSEE
• Oracle
• OpenLDAP
• Novell
• Fedora
• Novell
• Apache

30
OpenDS

• Single Directory Services Stack
• Standards
• FOSS
• Fast
• Extensible
• Feature rich
• FOSS

31
Resources

• http//www.opends.org
• http//treydrake.wordpress.com
• treydrake_at_yahoo.com

32
Demo!

• Install
• Addressbook
• Glassfish and OpenDS