Software architect Symas. Apache Directory PMC.
OpenLDAP Replication Workshop
This tutorial takes the attendee through the process of setting up a multi-tier OpenLDAP replication network. The use case covers installation and configuration of a multi-master cluster and selectively replicating entries based on filters. The documentation provides the instructions for installing onto Centos 7 virtual machines including sample configurations and test cases used to verify completion.
Towards an Attribute-Based Role-Based Access Control System
We’ve all heard the complaint, Role-Based Access Control (RBAC) doesn’t work. It leads to 'Role Explosion', defined as an inordinate number of roles in a production environment. Nobody knows who is assigned to what, because there are hundreds, if not thousands of roles to keep track of. We could try Attribute-Based Access Control (ABAC), but that leads to a whole different set of problems, including non-standard implementations, complexity and lack of integrity. What's a system implementer to do?
There's a way of having both together, capturing the strengths of each while limiting their shortcomings. This talk discusses standards-based RBAC and how it can be enhanced to eliminate long entrenched problems by sprinkling attributes into the mix. At the same time we'll look at an open source implementation, Apache Fortress, that illustrates the techniques discussed in the talk using an LDAP data model.