Entries Tagged 'Penrose' ↓

After the jump, read article by Michael Caton’s - “Virtual Directories Take Hold“.

I love 37signal products. I use BackpackIt to organize my personal tasks. I use Basecamp to manage my projects and clients. Recently, 37signal introduced Highrise, a simple contact sharing web-app. You can forward your e-mail conversations to Highrise and it will know how to append the conversations to the right contact. This is a great lead/sales tracking tool, in other words, salesforce.com killer!

Would it be nice if you can lookup Highrise contacts in your e-mail clients (Thunderbirds, Outlook Express, etc.) or address book? It turns out that there’s an ubiquitous way to look-up remote contacts on all of these clients. It is through directories/LDAP protocol.
Here is Apple Address Book directory configuration:

The combination of Highrise and Penrose allows users to lookup Highrise contacts thru LDAP. As you know, Penrose provides a light-weight LDAP service on top of identity silos, such as databases. The database to LDAP transformation is done in a real-time. No migration and synchronization is needed.
P.S: We have built a prototype for a telco environment. As you know, telco has the most stringent requirements, both from performance and scalability standpoints. So, Jason is you are reading this and interested in getting our help for Penrose implementation, give us a buzz. We’d love to work with you.

With NIS is being EOL’d by Sun, most organizations will want to migrate their NIS servers to LDAP-based directories. Organization who is still using Sun NIS will fail Sarbanes-Oxley audits. However, the Sun current migration process is fairly lengthy and complicated one. Penrose can simplify this process by providing an LDAP façade for the NIS backend servers. Its NIS adapter technology will facilitate an extended transition period by leveraging data in the NIS domains data stores. Its transformation, join and proxy engines will help address data migration concerns such as UIDs and GIDs conflicts (non unique across all of its NIS domains) and management of site local data. The advantage of this approach is that administrator can start moving pool of machines into the new LDAP system in a staggered manner with no or minimal downtime.

Thanks to Neil Wilson (a.k.a cn=Directory Manager) for his advise. We have completed OpenDS integration on Penrose in record time. Penrose can now leverage four LDAP listeners: ApacheDS (default), OpenLDAP, Fedora DS and OpenDS.

DoubleSlash, an Identity Management consultant, Klaus Moser, published an article with a title “Penrose - Virtual Directory 2.0“. It’s worth a read. (WARNING: it is written in German)

We are in the process of completing integration between Fedora DS and Penrose. We created a Java-Backend plug-in that can be installed as a Fedora DS Plug-ins module (Fedora DS is very well documented. Kudos to the Redhat team). The configuration instruction is here.

How does virtual directory relate to single-sign on solution ? Why do you need a virtual directory when you have SSO ?

They say a picture is worth 1,000 words. So here are four pictures for you.
Picture 1: before SSO

Picture 2: After SSO

As you can clearly see, an SSO solution removes multiple authentications so that a user doesn’t need to type (present) his credentials every time he accesses an application.

The nature of SSO implies that there will be only one central repository for user information and credential, preferably within an LDAP server. So, any additions, modifications, etc. of user information and credentials will have to be performed within this central store.

The reality is far from this simple concept, as described in this excellent blog from Radovan’s single directory paradigm.

This is where virtual directory technology comes to the rescue.

Picture 3: Here’s the picture before a virtual directory

Picture 4: Here’s after a virtual directory

The ultimate goal of a virtual directory is to create a single account (virtualized/centralized) for a user, which is obviously a real improvement.

Single account (end goal of a virtual directory) is not equal to single authentication (end goal of an SSO solution).

Make sense? Please feel free to chime in.

Highlights:

• Improved mapping Engine
• Performance enhancements
• Improved LDAP listeners using the latest version of ApacheDS and OpenLDAP
• Support of operational attributes
• Numerous bug fixes
• Penrose Studio proxy/snapshot wizards

Download link

Starting from version 1.0.4, Penrose virtual directory services can be run under OpenLDAP using back-java backend. Here is the complete instruction.

UPDATE: Java Backend for OpenLDAP is now available for download.