“OpenLDAP, syncrepl and multimaster replication” Ondřej Kuzník · Talk (45 minutes)

Coming from a deep dive into fixing long-standing corner-cases in OpenLDAP's syncrepl implementation and implementing an MMR syncrepl consumer with python-ldap, this talk will outline the existing challenges implementing syncrepl in MMR environments, progress made so far and plans for the future.


“Identity management in University POLITEHNICA of Bucharest” Mihai Carabas · Talk (45 minutes)

Identity management in an institution has to automated and provide different interfaces to different services. At University POLITEHNICA of Bucharest we have create a custom identity management system that creates the accounts in LDAP (389DS) and we also synchronize those to Active Directory.


“aehostd -- A custom NSS/PAM service for Æ-DIR” Michael Ströder · Talk (45 minutes)

This talk outlines why aehostd, a custom NSS/PAM service for Æ-DIR, was developed. Futhermore some implementation details and security aspects are explained followed by a demonstration of the host enrollment process.


“Sparrow Identity Server - From Fluttering to Flying” Kiran Ayyagari · Talk (45 minutes)

This presentation is aimed to describe various new features added to Sparrow Identity Server, including Multi-Master Replication and FIDO and OTP based 2FA authentication schemes.


“Set up Single Sign On, Access Control and Second Factor Authentication on web application with LemonLDAP::NG” Clément OUDOT · Workshop (3.5 hours)

LemonLDAP::NG is a free software (GPL license) that you can use to provide Single Sign On and Access control to Web applications.

This workshop will teach you to deploy and configure the solution, enable second factor authentication (2FA) and protect sample applications.


“The FusionIAM initiative” Clément OUDOT · Lightning Talk (15 minutes)

FusionIAM is a new initiative to offer a global open source IAM solution.


“LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Federation, WebService and API protection” Clément OUDOT · Talk (45 minutes)

LemonLDAP::NG is a well known WebSSO software. The 2.0 version was released in 2018 and brings a lot of new features, like multi-factor authentication (TOTP, U2F, ...), WebService and API protection, Plugin system...


“Discovering the Library That Drives 389 Directory Server's CLI, Web UI, and much more” Simon Pichugin · Talk (45 minutes)

The enterprise-class Open Source LDAP server for Linux - 389 Directory Server - can have very complex configurations with its replication, plugins and many other features.
Lib389 Python library is created to solve most of the problems and be a backend for 389 DS command line tools, Web UI and test…


“Using LDAP as FIDO 2.0 Server repository” HAMANO Tsukasa · Lightning Talk (15 minutes)

Using LDAP as FIDO 2.0 WebAuthn Server repository


“Modelling and evaluating complex user entitlements in directory services using JSON and REST” Mark Perry · Talk (45 minutes)

Internet-scale consumer services and large corporations have a similar problem: once a user is authenticated, what should they have access to? Major security incidents and data breaches have shown that authorisation problems can have a catastrophic impact on organisations. Group memberships no long…


“What's up with ForgeRock Directory Services” Ludovic Poitou · Lightning Talk (15 minutes)

It’s been nine years since we started working on Directory Services at ForgeRock. I will give you an update of where we are with ForgeRock Directory Services and some insights on where we’re heading.


“My directory service lives in cloud-cuckoo-land!” Ludovic Poitou · Talk (45 minutes)

The world of IT is changing. A few years ago, directory servers were deployed on machines and left running for years without intervention (if ain’t broken, don’t touch it). Now customers want to deploy all their applications and middleware in a cloud, where containers would have a lifespan of days …


“OpenLDAP Replication Workshop” Shawn McKinney, Maryanne Normann · Workshop (3.5 hours)

This tutorial takes the attendee through the process of setting up a multi-tier OpenLDAP replication network. The use case covers installation and configuration of a multi-master cluster and selectively replicating entries based on filters. The documentation provides the instructions for installin…


“Towards an Attribute-Based Role-Based Access Control System” Shawn McKinney · Talk (45 minutes)

We’ve all heard the complaint, Role-Based Access Control (RBAC) doesn’t work. It leads to 'Role Explosion', defined as an inordinate number of roles in a production environment. Nobody knows who is assigned to what, because there are hundreds, if not thousands of roles to keep track of. We could tr…


“New Replication Features in OpenLDAP” Howard Chu · Talk (45 minutes)

While the Syncrepl replication protocol has been used in OpenLDAP for many years, few other directory implementations have adopted it. To improve interoperability, the syncrepl consumer in OpenLDAP has
been extended to support other legacy replication mechanisms such as SunDS-style retro-changelog


“Open-Source LDAP training material” Andrew Findlay · Lightning Talk (15 minutes)

I am planning to open-source some of my LDAP training material. This is not quite as easy as it sounds, as the bulk of the value is in the books and slide-decks which are generated in LibreOffice. It's easy enough to publish ODT files, but not so easy to accept patches, run multiple release streams…


“APACHE DIrectory Project : a state of the (current) art” Emmanuel Lécharny · Talk (45 minutes)

Apache Directory is the Apache LDAP implementation in Java, but it's more than that. We will present the currents state of the project, which includes the server (ApacheDS) the LDAP API, the LDAP browser (Studio), the MVCC database (Mavibot) and some side priojects (Kerby, SCIMPLE and Fortress)


“An OpenLDAP backend for Samba - a new way forward” Nadezhda Ivanova · Lightning Talk (15 minutes)

The purpose of the talk is to describe the effort pun into the project so far, ways we have approached the problem and how we plan to continue the work


“Extending OpenLDAP password policy module with ppm” David Coutadeur · Lightning Talk (15 minutes)

OpenLDAP has proposed a password policy feature for a long time. The password policy overlay implements the draft-behera-ldap-password-policy-09 RFC, and propose a limited number of features, which can be extended by external plugins. The aim of the talk is to present ppm, an extension to OpenLDAP …


“Organizer and Sponsors Address” Nadezhda Ivanova · Lightning Talk (15 minutes)

Organizer and Sponsors Address


“Comprehensive LDAP Monitoring with "Bell Tower"” Christopher Paul · Talk (45 minutes)

In this lightning talk we will be describing the different features of Bell Tower. This talk will include discussions on other strategies to monitor LDAP and how adding Bell Tower to your LDAP monitoring can strengthen your LDAP environment. We will next discuss all the features of Bell Tower and c…


“Lightning Talks” · Talk (45 minutes)

Various lightning talks by LDAPcon attendees.