This document provides an overview of LDAP (Lightweight Directory Access Protocol). It discusses what directory services are, the need for LDAP to centralize user information, and some key LDAP concepts like its data model, schemas, and LDIF format. It also covers setting up an OpenLDAP server, including configuration, indexing, access control, and integration with other LDAP tools and applications.
Active Directory is a common interface for organizing and maintaining information related to resources connected to a variety of network directories.
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to access information directories.
A directory service is a distributed database application designed to manage the entries and attributes in a directory.
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. In this session, we introduce the AWS CLI and how to use it to automate common administrative tasks in AWS. We cover several features and usage patterns including Amazon EBS snapshot management and Amazon S3 backups. We show how to combine AWS CLI features to create powerful tools for automation. See how to develop, debug, and deploy these examples in several live, end-to-end examples.
The AWS CLI provides an easy-to-use command line interface to AWS and allows you to create powerful automation scripts. In this session, you learn advanced techniques that open up new scenarios for using the AWS CLI. We demonstrate how to filter and transform service responses, how to chain and script commands, and explore new features in the AWS CLI.
Active Directory is a common interface for organizing and maintaining information related to resources connected to a variety of network directories.
Lightweight Directory Access Protocol (LDAP) is an Internet protocol used to access information directories.
A directory service is a distributed database application designed to manage the entries and attributes in a directory.
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. In this session, we introduce the AWS CLI and how to use it to automate common administrative tasks in AWS. We cover several features and usage patterns including Amazon EBS snapshot management and Amazon S3 backups. We show how to combine AWS CLI features to create powerful tools for automation. See how to develop, debug, and deploy these examples in several live, end-to-end examples.
The AWS CLI provides an easy-to-use command line interface to AWS and allows you to create powerful automation scripts. In this session, you learn advanced techniques that open up new scenarios for using the AWS CLI. We demonstrate how to filter and transform service responses, how to chain and script commands, and explore new features in the AWS CLI.
Slide deck related to the Microsoft Reactor Benagluru event on September 1 2021.
https://www.meetup.com/en-AU/microsoft-reactor-bengaluru/events/280353882
During the session following topics were covered
- Scaling options in Kubernetes including HPA, Cluster Autoscaler, Manual scaling
- Need for Kubernetes based Event Driven Autoscaling (KEDA)
- Live demos of Producer and Consumer for RabbitMQ queue
- KEDA Architecture
- KEDA scalers and event sources
Installation of Grafana on linux ; connectivity with Prometheus database , installation of Prometheus ; Installation of node_exporter ,Tomcat-exporter ; installation and configuration of alert manager .. Detailed step by step installation and working
AWS Glue is a fully managed, serverless extract, transform, and load (ETL) service that makes it easy to move data between data stores. AWS Glue simplifies and automates the difficult and time consuming tasks of data discovery, conversion mapping, and job scheduling so you can focus more of your time querying and analyzing your data using Amazon Redshift Spectrum and Amazon Athena. In this session, we introduce AWS Glue, provide an overview of its components, and share how you can use AWS Glue to automate discovering your data, cataloging it, and preparing it for analysis.
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...Edureka!
In this edureka tutorial, we will show you how to use the AWS IAM service to secure your AWS account and the application that you will be connecting to it.
Below are the topics we will cover in this tutorial:
1. Why do we need Access Management?
2. What is AWS IAM?
3. Components of IAM
4. Multi-Factor Authentication
5. Hands-on
Kubernetes Secrets Management on Production with DemoOpsta
Are you still keep your credential in your code?
This session will show you how to do secrets management in best practices with Hashicorp Vault with a demo on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/kBgePhkmRMA
TD Tech - Open House: The Technology Playground @ Sathorn Square
October 29, 2022
This session is focused on diving into the AWS IAM policy categories to understand the differences, learn how the policy evaluation logic works, and go over some best practices. We will then walk through how to use permission boundaries to truly delegate administration in AWS.
본 강연에서는 금융권 사례 중심으로 AWS 인프라 도입을 최적의 Design pattern 및 Behavior에 대하여 소개해 드립니다. AWS가 제공하는 서비스 중 특정 사용 사례와 워크로드에 적합한 서비스를 고르기 위해 고려해야 할 사항들에 대해 알아봅니다. 또한 AWS Direct Connect 파트너사인 KINX에서 Direct connect의 특징 및 PoC 프로그램에 대해 소개해 드립니다.
연사: 김봉환 솔루션 아키텍트, 아마존 웹서비스 / 남시우 차장, KINX 담당자
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Starting with Docker 1.12, Docker has added features to the core Docker Engine to make multi-host and multi-container orchestration extremely simple to use and accessible to everyone. Docker 1.12 Networking plays a key role in enabling these orchestration features.
In this online meetup, we learned all the new and exciting networking features introduced in Docker 1.12:
Swarm-mode networking
Routing Mesh
Ingress and Internal Load-Balancing
Service Discovery
Encrypted Network Control-Plane and Data-Plane
Multi-host networking without external KV-Store
MACVLAN Driver
by Greg McConnel, Sr. Solutions Architect, AWS
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket and launching an Amazon EC2 instance of a specific type.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
LDAP stands for Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service. This video gives you a high level overview of LDAP and some examples of software that utilize LDAP, such as Active Directory.
Slide deck related to the Microsoft Reactor Benagluru event on September 1 2021.
https://www.meetup.com/en-AU/microsoft-reactor-bengaluru/events/280353882
During the session following topics were covered
- Scaling options in Kubernetes including HPA, Cluster Autoscaler, Manual scaling
- Need for Kubernetes based Event Driven Autoscaling (KEDA)
- Live demos of Producer and Consumer for RabbitMQ queue
- KEDA Architecture
- KEDA scalers and event sources
Installation of Grafana on linux ; connectivity with Prometheus database , installation of Prometheus ; Installation of node_exporter ,Tomcat-exporter ; installation and configuration of alert manager .. Detailed step by step installation and working
AWS Glue is a fully managed, serverless extract, transform, and load (ETL) service that makes it easy to move data between data stores. AWS Glue simplifies and automates the difficult and time consuming tasks of data discovery, conversion mapping, and job scheduling so you can focus more of your time querying and analyzing your data using Amazon Redshift Spectrum and Amazon Athena. In this session, we introduce AWS Glue, provide an overview of its components, and share how you can use AWS Glue to automate discovering your data, cataloging it, and preparing it for analysis.
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...Edureka!
In this edureka tutorial, we will show you how to use the AWS IAM service to secure your AWS account and the application that you will be connecting to it.
Below are the topics we will cover in this tutorial:
1. Why do we need Access Management?
2. What is AWS IAM?
3. Components of IAM
4. Multi-Factor Authentication
5. Hands-on
Kubernetes Secrets Management on Production with DemoOpsta
Are you still keep your credential in your code?
This session will show you how to do secrets management in best practices with Hashicorp Vault with a demo on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Youtube Record: https://youtu.be/kBgePhkmRMA
TD Tech - Open House: The Technology Playground @ Sathorn Square
October 29, 2022
This session is focused on diving into the AWS IAM policy categories to understand the differences, learn how the policy evaluation logic works, and go over some best practices. We will then walk through how to use permission boundaries to truly delegate administration in AWS.
본 강연에서는 금융권 사례 중심으로 AWS 인프라 도입을 최적의 Design pattern 및 Behavior에 대하여 소개해 드립니다. AWS가 제공하는 서비스 중 특정 사용 사례와 워크로드에 적합한 서비스를 고르기 위해 고려해야 할 사항들에 대해 알아봅니다. 또한 AWS Direct Connect 파트너사인 KINX에서 Direct connect의 특징 및 PoC 프로그램에 대해 소개해 드립니다.
연사: 김봉환 솔루션 아키텍트, 아마존 웹서비스 / 남시우 차장, KINX 담당자
Amazon RDS allows you to launch an optimally configured, secure and highly available database with just a few clicks. It provides cost-efficient and resizable capacity while managing time-consuming database administration tasks, freeing you to focus on your applications and business.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Starting with Docker 1.12, Docker has added features to the core Docker Engine to make multi-host and multi-container orchestration extremely simple to use and accessible to everyone. Docker 1.12 Networking plays a key role in enabling these orchestration features.
In this online meetup, we learned all the new and exciting networking features introduced in Docker 1.12:
Swarm-mode networking
Routing Mesh
Ingress and Internal Load-Balancing
Service Discovery
Encrypted Network Control-Plane and Data-Plane
Multi-host networking without external KV-Store
MACVLAN Driver
by Greg McConnel, Sr. Solutions Architect, AWS
We take an in-depth look at the AWS Identity and Access Management (IAM) policy language. We start with the basics of the policy language and how to create and attach policies to IAM users, groups, and roles. As we dive deeper, we explore policy variables, conditions, and other tools to help you author least privilege policies. Throughout the session, we cover some common use cases, such as granting a user secure access to an Amazon S3 bucket and launching an Amazon EC2 instance of a specific type.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
Identity and Access Management (IAM) is first step towards AWS cloud adoption because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multi-factor authentication mechanisms; and operate IAM at scale.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
LDAP stands for Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service. This video gives you a high level overview of LDAP and some examples of software that utilize LDAP, such as Active Directory.
Plone - Déployer un intranet collaboratif avec intégration d'un annuaire LDAPParis, France
Pilot Systems présente une étude sur le déploiement d\'un intranet collaboratif sous Plone. Support du tutoriel Plone, présenté lors de Solutions Linux 2008
● Що таке Continuous Integration?
● Jenkins (Oracle Hudson)
● Установка Jenkins (Ubuntu Server)
● Створення завдання на прикладі Java
● Інструменти статичного аналізу
● Sonar. Установка. Аналітика.
● PHP and the OWASP Top Ten Security
Vulnerabilities
● Secure Programming With The Zend
Framework
● Apache HTTPD
Security
● MySQL Security
● PHP Security Tools
● Why this is important? What to do?
● Security threats & Mitigations
● Designing Secure Web Applications
● Building Secure Web Applications
● Securing Your Network, Web Server and
Database
● Assessing Your Security
• Що таке continuous integration (CI)?
• Побудова фічі з CI
• Практики та Переваги
• Впровадження
• Інструменти
• Приклади проектів -
Java, PHP, Android
• Висновки
● Що таке ITIL (коротко)?
● Що таке сервіс (service)?
● Сучасні проблеми керівників та менеджерів
● Що таке ITSM?
● Що таке ITIL (детально)?
● Стратегія сервісу, Дизайн сервісу,
Перехід(зміни) сервісу, Надання(робота)
сервісу, Постійне вдосконалення сервісу
● Відповідні стандарти та джерела
● Резюме
Чому це важливо?
Життєвий цикл. Наука відладки. Помилки
Приклад відладки. Процес
Розуміння помилок. Поведінка. Серйозність.
Пріорітет. Додаткові атрибути
Ізоляція. Аналіз. Рішення
Тестування. Неоптимальний процес
Попередження
● What is Unit Testing?
● Benefits
● What is PHPUnit?
● Installation
● The Bank Account Example
● Categories of (Unit) Tests / Software Testing
Pyramid
● Links
The Lightweight Directory Access Protocol (LDAP) is actually a set of open protocols used to access and modify centrally stored information over a network.
Oracle Identity Management presentation for 2010 Conference presented by Peter McLarty, looks at installation issues, planning and design, overall view of 11g Identity Management, more detailed look at installation and configuration of the Oracle Internet Directory.
Active Directory & LDAP Authentication Without TriggersPerforce
See how to build Active Directory and LDAP authentication into the Perforce Server, streamlining the process of linking your Perforce environment with your enterprise authentication system—no triggers required!
User administration without you - integrating LDAPMongoDB
*Configure MongoDB and MongoDB Atlas with LDAP authorization
*Test your user's access with mongoldap and other native tools
*Craft LDAP queries to optimize your LDAP accesses
*Adjust query templates and user-to-distinguished-name mappings to account for disparate LDAP trees
*Avoid common configuration mistakes
Open Ldap Integration and Configuration with Lifray 6.2.LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet
Apache Spark is a In Memory Data Processing Solution that can work with existing data source like HDFS and can make use of your existing computation infrastructure like YARN/Mesos etc. This talk will cover a basic introduction of Apache Spark with its various components like MLib, Shark, GrpahX and with few examples.
An Engine to process big data in faster(than MR), easy and extremely scalable way. An Open Source, parallel, in-memory processing, cluster computing framework. Solution for loading, processing and end to end analyzing large scale data. Iterative and Interactive : Scala, Java, Python, R and with Command line interface.
Quick introduction on managing RESTful services with Drupal.
1) Drupal is the RESTful server
2) Drupal is the RESTful client managing data in MEAN stack
Code for the demo is at https://github.com/kalinchernev/Drupal-7/tree/master/restful_lecture
Real time Analytics with Apache Kafka and Apache SparkRahul Jain
A presentation cum workshop on Real time Analytics with Apache Kafka and Apache Spark. Apache Kafka is a distributed publish-subscribe messaging while other side Spark Streaming brings Spark's language-integrated API to stream processing, allows to write streaming applications very quickly and easily. It supports both Java and Scala. In this workshop we are going to explore Apache Kafka, Zookeeper and Spark with a Web click streaming example using Spark Streaming. A clickstream is the recording of the parts of the screen a computer user clicks on while web browsing.
● What is Unit Testing?
● Benefits
● What is Test Driven Development?
● What is Behavior Driven Development?
● Categories of (Unit) Tests / Software Testing
Pyramid, Frameworks
● C++, Java, .NET, Perl, PHP frameworks
● Unit-testing Zend Framework application
• Хто ми є
• Agile і методології/Принципи Lean
• Коротко про Kanban
• Інструменти та процес
• Експерименти з обмеженнями
• Команди та рівномірне навантаження
• Приклад Канбан-процесу
• Дошки, картки, персоналізація, діаграми
• Резюме та посилання
Типи баз даних
● Реляційні бази даних (OLTP)
● Обробка транзакцій (ACID)
● Database-centric архітектура
● Моделювання даних. Узгодження іменування
● Нормалізація та денормалізація
● Індексування. Найкращі практики
What is continuous integration?
Building a feature with continuous integration
Practices of continuous integration
Benefits of continuous integration
Introducing continuous integration
Final thoughts
Continuous integration tools
● Що таке "цикл зворотнього зв'язку"?
● Цикли зворотнього зв'язку у eXtreme
Programming
● Зміцнення та скорочення циклу
зворотнього зв'язку
● Декларація взаємозалежності
● Запитання та обговорення
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4
Ldap introduction (eng)
1. LDAP
● What is Directory Services
● The need for LDAP
● LDAP Overview and Basics
● Setting up and tunning OpenLDAP
● Other LDAP tools and applications
2. What is Directory Services
● Similar to database but designed more for reading than
for writing
● Defines a network protocol for accessing contents of
the directory
● Scheme for replication of data
● Directory Service examples: DNS, finger, password DB
● LDAP is a 'Lightweight Directory Access Protocol'
3. The need for LDAP
● Multiple disparate sources of the same information
● Users need separate logins and passwords to login to
different systems
● Complex to keep information in sync
● Similar data spread around many flat files or in
database with different formats
● Inadequacies of NIS ie. Not very extensible
● X.500 is too complicated
Summarizing the above: Centralization, Integration
and Delegating Responsibility
4. LDAP Overview
● LDAP is a ‘Lightweight Directory Access Protocol’
● LDAP marries a lightweight DAP with the X.500
information model
● Uses an extensible hierarchical object data model
● An LDAP server may implement multiple ‘back-ends’:
RDBMS, simple indexes (Berkeley DB), X.500
gateway
● Designed for frequent reads and infrequent writes
5. LDAP Benefits
● Standardized schemas exist for many purposes
(well beyond that of NIS)
● Allows consolidation of many information sources
● Well defined API, support from many applications
● Easily replicated and distributed
● Multiple backends allow integration with existing data
sources (RDBMS, etc)
● Much faster than RDBMS (using lightweight backend
like Berkeley DB)
6. LDAP Basics
● Data is organised into an hierarchical tree
● Each ‘entry’ (tree node) is identified by a DN (distinguished
name) e.g. uid=aokhotnikov,ou=People,ou=Users,dc=ldap,dc=sjua
● Each component of a DN is called an RDN (relative DN) and
represents a branch in the tree
● The RDN must be unique within the nodes at the same level of
the tree (is generally equivalent to one of the attributes ie. ‘uid’
or ‘cn’ in the case of a person)
● Each node has 1 or many attribute values associated with it. Each
attribute can have 1 or many values
7. LDAP Basics (cont.)
● ‘objectClass’ is a mandatory attribute which specifies
the schema (attribute constraints) for the given node
● Multiple ‘objectClass’ attributes can be combined
together to achieve inheritance
● Example ‘objectClass’ (common schema) attributes:
dcObject, organizationalUnit, person, organizationalPerson,
inetOrgPerson, inetLocalMailRecipient
● CN (Canonical Name) is another common attribute
used to provide a unique name for a directory object
8. LDAP Schemas
● Many standard schemas exist including:
– People schemas - person, organisationalPerson, inetOrgPerson,
posixAccount, mailLocalRecpient, strongAuthenticationUser
– Group schemas – groupOfUniqueNames, posixGroup,
organisationalRole, roleMember
– Host / Network schemas – domain, ipHost, ipNetwork, ipProtocol,
ipService, ieee802Device, bootableDevice
● An invaluable schema repository from Alan Knowles at the
Hong Kong Linux Centre:
– http://ldap.akbkhome.com/
9. LDIF File Format
● LDIF (LDAP Data Interchange Format) is used to
import/export from a LDAP directory server and run updates
dn: cn=GForge Admin
User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
givenName: GForge Admin
sn: User
cn: GForge Admin User
uid: gforgeadmin
userPassword: {MD5}6z8f1uQp3reOfghTFrecJQ==
uidNumber: 1000
gidNumber: 544
homeDirectory: /opt/gforge5
mail: acidumirae@gmail.com
10. Custom Schemas
● LDAP schemas uses SNMP style OIDs (Object Ids) for
uniquely defining schema elements
● Apply for IANA enterprise number here:
– http://www.iana.org/cgi-bin/enterprise.pl
● Private enterprise number OID prefix is 1.3.6.1.4.1 eg.
Metaparadigm uses 1.3.6.1.4.1.11137
● Information on custom schemas can be found here:
– http://www.openldap.org/doc/admin/schema.html
11. Linux LDAP Servers
● OpenLDAP is the primary open-source LDAP
implementation based on Univ. Michigan LDAP
http://www.openldap.org/
● Sun provides the iPlanet Directory Server/Sun One Java DS
● Oracle provides an LDAP server using an Oracle database
backend
● Many others available (Novell DS, Fedora DS, Apache DS,
OpenDS, Innosoft, etc.)
● Linux can also integrate with LDAP servers running on
other platforms such as Microsoft Active Directory or
Novell eDirectory
12. Commercial LDAP Servers
● Novell eDirectory ● CA Directory
● Sun One Identity Server ● Lotus Domino
● Microsoft Active Directory ● Nexor Directory
● Apple Open Directory ● View 500
● Siemens DirX ● Isode's M-Vault
● Oracle Internet Directory ● aeSLAPD
● IBM Tivoli Directory ● ...
http://www.paldap.org/ldap-server-software
13. Scalability and Fault Tolerance
● OpenLDAP supports real-time directory replication to
provide load-balancing and high availability
● OpenLDAP supports single master, multiple slaves
● Most LDAP aware applications can be configured to use
multiple LDAP servers (providing fallback servers)
● Multiple master support is in the works (currently alpha)
● OpenLDAP can be integrated with ‘heartbeat’ and ‘mon’ to
provide fault tolerance http://www.linux-ha.org/
14. Setting up OpenLDAP
● Configuration is located in: /etc/openldap/slapd.conf
● We need to include the schemas we are using
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/collective.schema
include /etc/ldap/schema/corba.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/duaconf.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/java.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/openldap.schema
include /etc/ldap/schema/ppolicy.schema
include /etc/ldap/schema/samba.schema
● Next we specify a database
database hdb
suffix "dc=ldap,dc=sjua"
rootdn "cn=admin,dc=ldap,dc=sjua"
rootpw {SSHA}IrKtxIFV+2UbdD8JiL5ZuTsAx/cPuN2h
directory /var/lib/ldap
15. Setting up OpenLDAP (cont.)
● We can now start slapd (Standalone LDAP daemon)
# /etc/init.d/ldap start
● Next step is to add data to the directory using the LDIF
example presented earlier
# ldapadd -D cn=admin,dc=ldap,dc=sjua -W < init.ldif
Enter LDAP Password: xxxxx
adding new entry "dc=ldap,dc=sjua"
adding new entry "ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"
adding new entry "uid=gfrogeadmin,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua"
16. Tunning OpenLDAP
● We need to add additional indexes for performance
index objectclass eq
index cn pres,sub,eq
index sn pres,sub,eq
## required to support pdb_getsampwnam
index uid pres,sub,eq
## required to support pdb_getsambapwrid()
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index loginShell eq
index memberUid eq
index uniqueMember eq,pres
● We need to add ACLs for security
access to attr=userPassword by self write by anonymous auth by * none
access to dn="" by * read
access to *
by self write
by users read
by anonymous auth
17. Tunning OpenLDAP (cont.)
● Setup logging in syslog.conf (default is LOCAL4)
local4.* /var/log/sldap.log
● Make sure ‘slapd’ runs as non privileged user
● Make ‘slapd’ bind to SSL port for security
– need signed certificates with openSSL and modify slapd.conf
TLSCertificateFile /etc/openldap/ldap.sjua.cer
TLSCertificateKeyFile /etc/openldap/ldap.sjua.key
– modify init script to bind to SSL port
/usr/libexec/slapd -h 'ldap://ldap.metaparadigm.com/
ldaps://ldap.metaparadigm.com/'
-l LOCAL4 -u ldap -g ldap
18. LDAP Search Filters
● LDAP uses a simple ‘search filters’ syntax (RFC2254)
● LDAP queries return all attributes of matching entries (or specifically
selected attributes) which match the search filter
LDAP query particles are enclosed within parenthesis in the form of
( attribute <matching rule> value ) ie. (cn=GForge Admin User)
● Matching rules include (=, =~, >=, <=)
● * can be used as a wildcard within the value
● These can be combined together using the boolean operators: and, or
and not (&, |, !) eg:
– (&(cn=GForge Admin User)(objectClass=posixAccount))
– (&(objectClass=inetOrgPerson)(!(ou=People)))
– (|(cn=GForge Admin*)(cn=GForge*))
19. LDAP Search Filters (cont.)
● The following example ldap search retrieves the names and email
address of all users with a givenname of ‘Gforge Admin’ or ‘Orange
Admin’
ldapsearch -xLLL -h ldap.sjua -b ou=Users,dc=ldap,dc=sjua
'(&(|(givenname=GForge Admin)(givenname=Orange Admin))(ob-
jectClass=inetOrgPerson))' cn mail
dn: cn=GForge Admin
User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua
cn: GForge Admin User
mail: acidumirae@gmail.com
dn: cn=Orange Admin
User,ou=WebAdmin,ou=Users,dc=ldap,dc=sjua
cn: Orange Admin User
mail: aokhotnikov@softjourn.com
● Very easy to incorporate this into shell scripts with awk or sed
20. LDAP Applications
● Authenticate users in web applications
(OrangeHRM, gForge, DokuWiki, etc.)
● Authenticate users in Samba, Apache, ProFTPd, etc.
● Possible NSS (Name Service Switch) integration
● Possible PAM (Pluggable Authentication Module)
● Possible mail routing: Sendmail, Postfix, etc.
● Shared Address Book (Evolution, Mozilla, Outlook,
Eudora, web clients, etc.)
● Programming Libraries (Perl, Java, PHP, etc.)
22. Migration to LDAP
● Padl migration tools
– http://www.padl.com/OSS/MigrationTools.html
– passwd, group, hosts, networks, services, etc…
● We have migrated users from OrangeHRM using
custom PHP scrip that was generating LDIF files
– some issues with Samba – NTPassword is MD4
– minor issues with gForge – multiple
installations(dirty database)
23. Resources
● OpenLDAP: http://openldap.org
● Practical LDAP from Metaparadigm Pte Ltd.
http://gort.metaparadigm.com/ldap/
● Ubuntu Documentation: OpenLDAP Server
https://help.ubuntu.com/8.10/serverguide/C/openldap-server.html
● Ubuntu Documentation: Samba and LDAP
https://help.ubuntu.com/8.10/serverguide/C/samba-ldap.html
● Introduction to LDAP and Single Sign-On
http://tapor.ualberta.ca/Resources/Techdocs/completed/ldappresentation.pdf
● LDAP and Directory Services
http://ldap.mtu.edu/docs/public/mtu_dsinfo/techiefest/techiefest_files/v3_document.htm