SlideShare a Scribd company logo

LDAPCon 2011 - The LemonLDAP::NG Project

Clément OUDOT
Clément OUDOT

This document outlines a presentation given by Clément Oudot on the LemonLDAP::NG software. It introduces LemonLDAP::NG as a single sign-on and access management software. It discusses features like single sign-on, authentication methods including LDAP, application protection, identity federation protocols, and more. The presentation provides details on the architecture, components, configuration, and LDAP support within LemonLDAP::NG.

Technology
1 of 33
Download to read offline
LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT LDAP Con – 11th October 2011 Web access under protect
cn=Schedule,dc=lemonldap-ng,dc=org ● Speaker autobiography ● Single Sign On and friends ● The LemonLDAP::NG software ● Focus on LDAP support in LemonLDAP::NG 10/10/11 2 http://lemonldap-ng.org
uid=coudot,dc=lemonldap-ng,dc=org 10/10/11 3 http://lemonldap-ng.org
uid=coudot,dc=lemonldap-ng,dc=org ● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● French LDAP documentations on http://www.linagora.org ● Leader of LDAP Tool Box project http://ltb-project.org ● Leader of LemonLDAP::NG project http://lemonldap-ng.org ● Weakness: prefer Perl over Java 10/10/11 4 http://lemonldap-ng.org
cn=SSO,dc=lemonldap-ng,dc=org 10/10/11 5 http://lemonldap-ng.org
cn=Why,dc=lemonldap-ng,dc=org ● More and more web applications/services requiring authentication ● Password strength ↘ as password number ↗ (human being laziness) ● LDAP directory can help to have single credentials but not single sign on 10/10/11 6 http://lemonldap-ng.org
cn=Definition,dc=lemonldap-ng,dc=org ● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications ● Applications do not manage passwords anymore ● Identity of the user is forwarded to applications by the SSO software 10/10/11 7 http://lemonldap-ng.org
cn=Kinematics,dc=lemonldap-ng,dc=org 1 User 3 2 Web Application WebSSO Portal 10/10/11 8 http://lemonldap-ng.org
cn=Delegation,dc=lemonldap-ng,dc=org 10/10/11 9 http://lemonldap-ng.org
gn=Reverse+sn=Proxy,dc=lemonldap- ng,dc=org 10/10/11 10 http://lemonldap-ng.org
cn=Friends,dc=lemonldap-ng,dc=org ● WebSSO often share its spare time with: ● Access Management: RBAC, OrBAC, WYWBAC (What you want Based Access Control) ● Self Service: password recover, account creation ● Identity federation: share identity over defined protocols (OpenID, SAML, etc.) 10/10/11 11 http://lemonldap-ng.org
dc=lemonldap-ng,dc=org 10/10/11 12 http://lemonldap-ng.org
cn=History,dc=lemonldap-ng,dc=org ● LemonLDAP was founded in 2003 by Eric GERMAN (MINEFI) to replace Novell WebSSO product (Novell → llevon → Lemon) ● Like Novell or SiteMinder, LemonLDAP uses HTTP headers to forward user identity ● LemonLDAP::NG is a complete rewrite of LemonLDAP, founded by Xavier GUIMARD (Gendarmerie Nationale) in 2005 ● Thomas CHEMINEAU and Clément OUDOT (LINAGORA) complete the core team. 10/10/11 13 http://lemonldap-ng.org
cn=Components,dc=lemonldap- ng,dc=org ● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl 10/10/11 14 http://lemonldap-ng.org
cn=Architecture,dc=lemonldap- ng,dc=org 10/10/11 15 http://lemonldap-ng.org
cn=Kinematics,dc=lemonldap-ng,dc=org 10/10/11 16 http://lemonldap-ng.org
cn=Kinematics,dc=lemonldap-ng,dc=org 1.User tries to access protected application, his request is catched by Handler 2.SSO cookie is not detected, so Handler redirects user to Portal 3.User authenticates on Portal 4.Portal checks authentication 5.If authentication succeed, Portal collect user data 6.Portal creates a session to store user data 7.Portal gets the session key 8.Portal creates SSO cookie with session key as value 9.User is redirected on protected application, with his new cookie 10.Handler gets session get from cookie and gets session 11.Handler stores user data in its cache 12.Handler check access rule and send headers to protected applications 13.Protected application sends response to Handler 14.Handler sends the response to user 10/10/11 17 http://lemonldap-ng.org
description=Application protection, dc=lemonldap-ng,dc=org ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 10/10/11 18 http://lemonldap-ng.org
cn=Examples,dc=lemonldap-ng,dc=org ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 10/10/11 19 http://lemonldap-ng.org
cn=Configuration,dc=lemonldap- ng,dc=org ● Configuration is shared between all components ● It can be stored in: ● Local files ● SQL database ● LDAP directory ● Configuration is also available trough SOAP 10/10/11 20 http://lemonldap-ng.org
jpegPhoto=Configuration interface, dc=lemonldap-ng,dc=org 10/10/11 21 http://lemonldap-ng.org
cn=Cookies and sessions, dc=lemonldap-ng,dc=org ● Cookies and sessions have lifetime ● Sessions can also have an idle timeout ● Sessions can be stored in File, LDAP, SQL, noSQL (Memcached, Redis, Cassandra, …) ● Sessions are also available trough SOAP ● Cookies can be protected to travel only on secure connections ● Cross domain is managed 10/10/11 22 http://lemonldap-ng.org
cn=Authentication methods, dc=lemonldap-ng,dc=org ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 10/10/11 23 http://lemonldap-ng.org
cn=Identity provider, dc=lemonldap- ng,dc=org ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 10/10/11 24 http://lemonldap-ng.org
ou=LDAP,dc=lemonldap-ng,dc=org 10/10/11 25 http://lemonldap-ng.org
ou=LDAP,dc=lemonldap-ng,dc=org ● LemonLDAP::NG is in love with LDAP since its birth: ● Authentication, user data mining and password change ● Group membership ● Password policy ● Configuration and sessions 10/10/11 26 http://lemonldap-ng.org
cn=Standard,ou=LDAP,dc=lemonldap- ng,dc=org ● Classical LDAP authentication process: ● Search directory to get DN from user login ● Bind with found DN and user password ● User data: ● Get attributes and store them in session data ● Manage multi-valued attributes ● Many configuration options: version, timeout, binary attributes, search base, search filter, attributes... 10/10/11 27 http://lemonldap-ng.org
cn=Group Membership,ou=LDAP, dc=lemonldap-ng,dc=org ● LemonLDAP::NG can collect groups: ● Search on a group branch ● Keep groups where user is member ● Advanced feature: recursive groups: ● Keep all groups hierarchy ● LDAP groups can be mixed with local defined groups ● Many configuration options: search base, groups objectClass and attributes, recusivity 10/10/11 28 http://lemonldap-ng.org
cn=Password Policy,ou=LDAP, dc=lemonldap-ng,dc=org ● Uses Password Policy defined in Behera Draft: ● Authentication: – Display account is locked or account is expired – Display seconds before expiration and used graces ● Password Change: – Display constraint check (quality, size, history, …) – Force password change if requested by the Directory ● Can use password policy with a standard modify operation, or with password modify extended operation 10/10/11 29 http://lemonldap-ng.org
cn=Configuration+cn=Sessions, ou=LDAP, dc=lemonldap-ng,dc=org ● Configuration and sessions can be store in an LDAP Directory ● Uses standard Apache::Session API ● Allow easy multi-master architecture deployement 10/10/11 30 http://lemonldap-ng.org
cn=The End,dc=lemonldap-ng,dc=org 10/10/11 31 http://lemonldap-ng.org
cn=Thanks,dc=lemonldap-ng,dc=org ● Thanks to: ● LDAPCon organization for letting me speak in front of you ● LDAP Get Together France people for staying until the end of this conference ● LDAP standard to be complicated enough to allow me to teach it to other who do not want to learn it alone ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 10/10/11 32 http://lemonldap-ng.org
cn=Questions,dc=lemonldap-ng,dc=org 10/10/11 33 http://lemonldap-ng.org

Recommended

Introduction to Perl Net::LDAP
Introduction to Perl Net::LDAPIntroduction to Perl Net::LDAP
Introduction to Perl Net::LDAP
Clément OUDOT
 
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGWebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
Clément OUDOT
 
Lemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrationsLemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrations
xguimard
 
The LemonLDAP::NG Project
The LemonLDAP::NG ProjectThe LemonLDAP::NG Project
The LemonLDAP::NG Project
Clément OUDOT
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
LDAPCon
 
Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01
Maisha Price
 
FxUG@北陸資料
FxUG@北陸資料FxUG@北陸資料
FxUG@北陸資料
katzchang Otani
 
gRPC and Microservices
gRPC and MicroservicesgRPC and Microservices
gRPC and Microservices
Jonathan Gomez
 

Recommended

Introduction to Perl Net::LDAP
Introduction to Perl Net::LDAPIntroduction to Perl Net::LDAP
Introduction to Perl Net::LDAP
Clément OUDOT
 
WebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NGWebSSO and Access Management with LemonLDAP::NG
WebSSO and Access Management with LemonLDAP::NG
Clément OUDOT
 
Lemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrationsLemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrations
xguimard
 
The LemonLDAP::NG Project
The LemonLDAP::NG ProjectThe LemonLDAP::NG Project
The LemonLDAP::NG Project
Clément OUDOT
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
LDAPCon
 
Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01Introductiontowebarchitecture 090922221506-phpapp01
Introductiontowebarchitecture 090922221506-phpapp01
Maisha Price
 
FxUG@北陸資料
FxUG@北陸資料FxUG@北陸資料
FxUG@北陸資料
katzchang Otani
 
gRPC and Microservices
gRPC and MicroservicesgRPC and Microservices
gRPC and Microservices
Jonathan Gomez
 
gRPC on .NET Core - NDC Sydney 2019
gRPC on .NET Core - NDC Sydney 2019gRPC on .NET Core - NDC Sydney 2019
gRPC on .NET Core - NDC Sydney 2019
James Newton-King
 
Linux Hosting Training Course - Intro
Linux Hosting Training Course - Intro Linux Hosting Training Course - Intro
Linux Hosting Training Course - Intro
Ramy Allam
 
PHP and Web Services
PHP and Web ServicesPHP and Web Services
PHP and Web Services
Bruno Pedro
 
Generating Unified APIs with Protocol Buffers and gRPC
Generating Unified APIs with Protocol Buffers and gRPCGenerating Unified APIs with Protocol Buffers and gRPC
Generating Unified APIs with Protocol Buffers and gRPC
C4Media
 
Java web services using JAX-WS
Java web services using JAX-WSJava web services using JAX-WS
Java web services using JAX-WS
IndicThreads
 
GRPC 101 - DevFest Belgium 2016
GRPC 101 - DevFest Belgium 2016GRPC 101 - DevFest Belgium 2016
GRPC 101 - DevFest Belgium 2016
Alex Van Boxel
 
Grpc present
Grpc presentGrpc present
Grpc present
Phạm Hải Anh
 
Web Services
Web ServicesWeb Services
Web Services
Katrien Verbert
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-s
Kalin Chernev
 
OpenCms Days 2016: Next generation content repository
OpenCms Days 2016: Next generation content repository OpenCms Days 2016: Next generation content repository
OpenCms Days 2016: Next generation content repository
Alkacon Software GmbH & Co. KG
 
Web hdfs and httpfs
Web hdfs and httpfsWeb hdfs and httpfs
Web hdfs and httpfs
wchevreuil
 
XML-RPC and SOAP (April 2003)
XML-RPC and SOAP (April 2003)XML-RPC and SOAP (April 2003)
XML-RPC and SOAP (April 2003)
Kiran Jonnalagadda
 
OpenCms Days 2015 Next generation repository
OpenCms Days 2015 Next generation repositoryOpenCms Days 2015 Next generation repository
OpenCms Days 2015 Next generation repository
Alkacon Software GmbH & Co. KG
 
Linux Hosting Training Course [Level 1] - Lec 7
Linux Hosting Training Course [Level 1] - Lec 7Linux Hosting Training Course [Level 1] - Lec 7
Linux Hosting Training Course [Level 1] - Lec 7
Ramy Allam
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
Blueinfy Solutions
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
OW2
 
Json-based Service Oriented Architecture for the web
Json-based Service Oriented Architecture for the webJson-based Service Oriented Architecture for the web
Json-based Service Oriented Architecture for the web
kriszyp
 
Eugene Letuchy Erlangat Facebook
Eugene Letuchy Erlangat FacebookEugene Letuchy Erlangat Facebook
Eugene Letuchy Erlangat Facebook
Dario Salvelli
 
WebServices SOAP WSDL and UDDI
WebServices SOAP WSDL and UDDIWebServices SOAP WSDL and UDDI
WebServices SOAP WSDL and UDDI
Rajkattamuri
 
Web services - A Practical Approach
Web services - A Practical ApproachWeb services - A Practical Approach
Web services - A Practical Approach
Madhaiyan Muthu
 
Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_preview
Clément OUDOT
 
Drupal and communication
Drupal and communicationDrupal and communication
Drupal and communication
Peter Arato
 

More Related Content

What's hot

gRPC on .NET Core - NDC Sydney 2019
gRPC on .NET Core - NDC Sydney 2019gRPC on .NET Core - NDC Sydney 2019
gRPC on .NET Core - NDC Sydney 2019
James Newton-King
 
Linux Hosting Training Course - Intro
Linux Hosting Training Course - Intro Linux Hosting Training Course - Intro
Linux Hosting Training Course - Intro
Ramy Allam
 
PHP and Web Services
PHP and Web ServicesPHP and Web Services
PHP and Web Services
Bruno Pedro
 
Generating Unified APIs with Protocol Buffers and gRPC
Generating Unified APIs with Protocol Buffers and gRPCGenerating Unified APIs with Protocol Buffers and gRPC
Generating Unified APIs with Protocol Buffers and gRPC
C4Media
 
Java web services using JAX-WS
Java web services using JAX-WSJava web services using JAX-WS
Java web services using JAX-WS
IndicThreads
 
GRPC 101 - DevFest Belgium 2016
GRPC 101 - DevFest Belgium 2016GRPC 101 - DevFest Belgium 2016
GRPC 101 - DevFest Belgium 2016
Alex Van Boxel
 
Grpc present
Grpc presentGrpc present
Grpc present
Phạm Hải Anh
 
Web Services
Web ServicesWeb Services
Web Services
Katrien Verbert
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-s
Kalin Chernev
 
OpenCms Days 2016: Next generation content repository
OpenCms Days 2016: Next generation content repository OpenCms Days 2016: Next generation content repository
OpenCms Days 2016: Next generation content repository
Alkacon Software GmbH & Co. KG
 
Web hdfs and httpfs
Web hdfs and httpfsWeb hdfs and httpfs
Web hdfs and httpfs
wchevreuil
 
XML-RPC and SOAP (April 2003)
XML-RPC and SOAP (April 2003)XML-RPC and SOAP (April 2003)
XML-RPC and SOAP (April 2003)
Kiran Jonnalagadda
 
OpenCms Days 2015 Next generation repository
OpenCms Days 2015 Next generation repositoryOpenCms Days 2015 Next generation repository
OpenCms Days 2015 Next generation repository
Alkacon Software GmbH & Co. KG
 
Linux Hosting Training Course [Level 1] - Lec 7
Linux Hosting Training Course [Level 1] - Lec 7Linux Hosting Training Course [Level 1] - Lec 7
Linux Hosting Training Course [Level 1] - Lec 7
Ramy Allam
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
Blueinfy Solutions
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
OW2
 
Json-based Service Oriented Architecture for the web
Json-based Service Oriented Architecture for the webJson-based Service Oriented Architecture for the web
Json-based Service Oriented Architecture for the web
kriszyp
 
Eugene Letuchy Erlangat Facebook
Eugene Letuchy Erlangat FacebookEugene Letuchy Erlangat Facebook
Eugene Letuchy Erlangat Facebook
Dario Salvelli
 
WebServices SOAP WSDL and UDDI
WebServices SOAP WSDL and UDDIWebServices SOAP WSDL and UDDI
WebServices SOAP WSDL and UDDI
Rajkattamuri
 
Web services - A Practical Approach
Web services - A Practical ApproachWeb services - A Practical Approach
Web services - A Practical Approach
Madhaiyan Muthu
 

What's hot (20)

gRPC on .NET Core - NDC Sydney 2019
gRPC on .NET Core - NDC Sydney 2019gRPC on .NET Core - NDC Sydney 2019
gRPC on .NET Core - NDC Sydney 2019
 
Linux Hosting Training Course - Intro
Linux Hosting Training Course - Intro Linux Hosting Training Course - Intro
Linux Hosting Training Course - Intro
 
PHP and Web Services
PHP and Web ServicesPHP and Web Services
PHP and Web Services
 
Generating Unified APIs with Protocol Buffers and gRPC
Generating Unified APIs with Protocol Buffers and gRPCGenerating Unified APIs with Protocol Buffers and gRPC
Generating Unified APIs with Protocol Buffers and gRPC
 
Java web services using JAX-WS
Java web services using JAX-WSJava web services using JAX-WS
Java web services using JAX-WS
 
GRPC 101 - DevFest Belgium 2016
GRPC 101 - DevFest Belgium 2016GRPC 101 - DevFest Belgium 2016
GRPC 101 - DevFest Belgium 2016
 
Grpc present
Grpc presentGrpc present
Grpc present
 
Web Services
Web ServicesWeb Services
Web Services
 
RESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-sRESTful with Drupal - in-s and out-s
RESTful with Drupal - in-s and out-s
 
OpenCms Days 2016: Next generation content repository
OpenCms Days 2016: Next generation content repository OpenCms Days 2016: Next generation content repository
OpenCms Days 2016: Next generation content repository
 
Web hdfs and httpfs
Web hdfs and httpfsWeb hdfs and httpfs
Web hdfs and httpfs
 
XML-RPC and SOAP (April 2003)
XML-RPC and SOAP (April 2003)XML-RPC and SOAP (April 2003)
XML-RPC and SOAP (April 2003)
 
OpenCms Days 2015 Next generation repository
OpenCms Days 2015 Next generation repositoryOpenCms Days 2015 Next generation repository
OpenCms Days 2015 Next generation repository
 
Linux Hosting Training Course [Level 1] - Lec 7
Linux Hosting Training Course [Level 1] - Lec 7Linux Hosting Training Course [Level 1] - Lec 7
Linux Hosting Training Course [Level 1] - Lec 7
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
 
Json-based Service Oriented Architecture for the web
Json-based Service Oriented Architecture for the webJson-based Service Oriented Architecture for the web
Json-based Service Oriented Architecture for the web
 
Eugene Letuchy Erlangat Facebook
Eugene Letuchy Erlangat FacebookEugene Letuchy Erlangat Facebook
Eugene Letuchy Erlangat Facebook
 
WebServices SOAP WSDL and UDDI
WebServices SOAP WSDL and UDDIWebServices SOAP WSDL and UDDI
WebServices SOAP WSDL and UDDI
 
Web services - A Practical Approach
Web services - A Practical ApproachWeb services - A Practical Approach
Web services - A Practical Approach
 

Similar to LDAPCon 2011 - The LemonLDAP::NG Project

Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_preview
Clément OUDOT
 
Drupal and communication
Drupal and communicationDrupal and communication
Drupal and communication
Peter Arato
 
Docker tlv
Docker tlvDocker tlv
Docker tlv
Ariel Moskovich
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
Clément OUDOT
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Opersys inc.
 
Design Web Service API by HungerStation
Design Web Service API by HungerStationDesign Web Service API by HungerStation
Design Web Service API by HungerStation
ArabNet ME
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
Worteks
 
Multi-mania: Hacking your way through website issues with F12 devtools
Multi-mania: Hacking your way through website issues with F12 devtoolsMulti-mania: Hacking your way through website issues with F12 devtools
Multi-mania: Hacking your way through website issues with F12 devtools
Katrien De Graeve
 
Intro to XPages for Administrators (DanNotes, November 28, 2012)
Intro to XPages for Administrators (DanNotes, November 28, 2012)Intro to XPages for Administrators (DanNotes, November 28, 2012)
Intro to XPages for Administrators (DanNotes, November 28, 2012)
Per Henrik Lausten
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
Men and Mice
 
Deploying Perl apps on dotCloud
Deploying Perl apps on dotCloudDeploying Perl apps on dotCloud
Deploying Perl apps on dotCloud
daoswald
 
Docker Logging Webinar
Docker Logging WebinarDocker Logging Webinar
Docker Logging Webinar
Sematext Group, Inc.
 
OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...
OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...
OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...
NETWAYS
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fast
Denis Karpenko
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Suzanne Aldrich
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Sammy Fung
 
Headless Drupal
Headless DrupalHeadless Drupal
Headless Drupal
UniMitySolution
 
Progressive web applications
Progressive web applicationsProgressive web applications
Progressive web applications
Tom Martin
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
Anatoliy Okhotnikov
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
SANE Ibrahima
 

Similar to LDAPCon 2011 - The LemonLDAP::NG Project (20)

Jdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_previewJdll 2010 lemon_ldap-ng_100_preview
Jdll 2010 lemon_ldap-ng_100_preview
 
Drupal and communication
Drupal and communicationDrupal and communication
Drupal and communication
 
Docker tlv
Docker tlvDocker tlv
Docker tlv
 
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
RMLL 2013 - Build your LDAP management web interface with LinID Directory Man...
 
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
Native Android Userspace part of the Embedded Android Workshop at Linaro Conn...
 
Design Web Service API by HungerStation
Design Web Service API by HungerStationDesign Web Service API by HungerStation
Design Web Service API by HungerStation
 
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
 
Multi-mania: Hacking your way through website issues with F12 devtools
Multi-mania: Hacking your way through website issues with F12 devtoolsMulti-mania: Hacking your way through website issues with F12 devtools
Multi-mania: Hacking your way through website issues with F12 devtools
 
Intro to XPages for Administrators (DanNotes, November 28, 2012)
Intro to XPages for Administrators (DanNotes, November 28, 2012)Intro to XPages for Administrators (DanNotes, November 28, 2012)
Intro to XPages for Administrators (DanNotes, November 28, 2012)
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
Deploying Perl apps on dotCloud
Deploying Perl apps on dotCloudDeploying Perl apps on dotCloud
Deploying Perl apps on dotCloud
 
Docker Logging Webinar
Docker Logging WebinarDocker Logging Webinar
Docker Logging Webinar
 
OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...
OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...
OSMC 2014: Interesting use cases of Zabbix improvements in latest versions | ...
 
[scala.by] Launching new application fast
[scala.by] Launching new application fast[scala.by] Launching new application fast
[scala.by] Launching new application fast
 
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other FiendsStanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
Stanford Drupal Camp 2015 - Repelling Bots, DDOS, and other Fiends
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server Edition
 
Headless Drupal
Headless DrupalHeadless Drupal
Headless Drupal
 
Progressive web applications
Progressive web applicationsProgressive web applications
Progressive web applications
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
 

More from Clément OUDOT

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0
Clément OUDOT
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
Clément OUDOT
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
Clément OUDOT
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
Clément OUDOT
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
Clément OUDOT
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
Clément OUDOT
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
Clément OUDOT
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
Clément OUDOT
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
Clément OUDOT
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
Clément OUDOT
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
Clément OUDOT
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
Clément OUDOT
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
Clément OUDOT
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
Clément OUDOT
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
Clément OUDOT
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
Clément OUDOT
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
Clément OUDOT
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
Clément OUDOT
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol
Clément OUDOT
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview
Clément OUDOT
 

More from Clément OUDOT (20)

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
fredae14
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Recommendation System using RAG Architecture
Recommendation System using RAG ArchitectureRecommendation System using RAG Architecture
Recommendation System using RAG Architecture
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 

LDAPCon 2011 - The LemonLDAP::NG Project

  • 1. LemonLDAP::NG The LemonLDAP::NG project Clément OUDOT LDAP Con – 11th October 2011 Web access under protect
  • 2. cn=Schedule,dc=lemonldap-ng,dc=org ● Speaker autobiography ● Single Sign On and friends ● The LemonLDAP::NG software ● Focus on LDAP support in LemonLDAP::NG 10/10/11 2 http://lemonldap-ng.org
  • 3. uid=coudot,dc=lemonldap-ng,dc=org 10/10/11 3 http://lemonldap-ng.org
  • 4. uid=coudot,dc=lemonldap-ng,dc=org ● LDAP engineer since 2003 in LINAGORA company, with experiences in SUN/Oracle to OpenLDAP migration ● French LDAP documentations on http://www.linagora.org ● Leader of LDAP Tool Box project http://ltb-project.org ● Leader of LemonLDAP::NG project http://lemonldap-ng.org ● Weakness: prefer Perl over Java 10/10/11 4 http://lemonldap-ng.org
  • 5. cn=SSO,dc=lemonldap-ng,dc=org 10/10/11 5 http://lemonldap-ng.org
  • 6. cn=Why,dc=lemonldap-ng,dc=org ● More and more web applications/services requiring authentication ● Password strength ↘ as password number ↗ (human being laziness) ● LDAP directory can help to have single credentials but not single sign on 10/10/11 6 http://lemonldap-ng.org
  • 7. cn=Definition,dc=lemonldap-ng,dc=org ● Single Sign On authentication allow users to submit their credentials only once, and to access all trusted applications ● Applications do not manage passwords anymore ● Identity of the user is forwarded to applications by the SSO software 10/10/11 7 http://lemonldap-ng.org
  • 8. cn=Kinematics,dc=lemonldap-ng,dc=org 1 User 3 2 Web Application WebSSO Portal 10/10/11 8 http://lemonldap-ng.org
  • 9. cn=Delegation,dc=lemonldap-ng,dc=org 10/10/11 9 http://lemonldap-ng.org
  • 10. gn=Reverse+sn=Proxy,dc=lemonldap- ng,dc=org 10/10/11 10 http://lemonldap-ng.org
  • 11. cn=Friends,dc=lemonldap-ng,dc=org ● WebSSO often share its spare time with: ● Access Management: RBAC, OrBAC, WYWBAC (What you want Based Access Control) ● Self Service: password recover, account creation ● Identity federation: share identity over defined protocols (OpenID, SAML, etc.) 10/10/11 11 http://lemonldap-ng.org
  • 12. dc=lemonldap-ng,dc=org 10/10/11 12 http://lemonldap-ng.org
  • 13. cn=History,dc=lemonldap-ng,dc=org ● LemonLDAP was founded in 2003 by Eric GERMAN (MINEFI) to replace Novell WebSSO product (Novell → llevon → Lemon) ● Like Novell or SiteMinder, LemonLDAP uses HTTP headers to forward user identity ● LemonLDAP::NG is a complete rewrite of LemonLDAP, founded by Xavier GUIMARD (Gendarmerie Nationale) in 2005 ● Thomas CHEMINEAU and Clément OUDOT (LINAGORA) complete the core team. 10/10/11 13 http://lemonldap-ng.org
  • 14. cn=Components,dc=lemonldap- ng,dc=org ● LemonLDAP::NG main components: ● Portal: authentication process, user interaction, application menu, password change form ● Manager: configuration interface, sessions explorer ● Handler: Apache agent, manage access authorizations ● Perl, only Perl, just Perl ● Relies on Apache and mod_perl 10/10/11 14 http://lemonldap-ng.org
  • 15. cn=Architecture,dc=lemonldap- ng,dc=org 10/10/11 15 http://lemonldap-ng.org
  • 16. cn=Kinematics,dc=lemonldap-ng,dc=org 10/10/11 16 http://lemonldap-ng.org
  • 17. cn=Kinematics,dc=lemonldap-ng,dc=org 1.User tries to access protected application, his request is catched by Handler 2.SSO cookie is not detected, so Handler redirects user to Portal 3.User authenticates on Portal 4.Portal checks authentication 5.If authentication succeed, Portal collect user data 6.Portal creates a session to store user data 7.Portal gets the session key 8.Portal creates SSO cookie with session key as value 9.User is redirected on protected application, with his new cookie 10.Handler gets session get from cookie and gets session 11.Handler stores user data in its cache 12.Handler check access rule and send headers to protected applications 13.Protected application sends response to Handler 14.Handler sends the response to user 10/10/11 17 http://lemonldap-ng.org
  • 18. description=Application protection, dc=lemonldap-ng,dc=org ● LemonLDAP::NG uses Apache virtual host as application identifier ● Each application owns: ● Access rules: each rule refers to an URL pattern, logout can be caught ● HTTP headers: each header contains a session value, or an evaluated Perl expression ● POST data: only used for form replay ● Redirection options: protocol and port 10/10/11 18 http://lemonldap-ng.org
  • 19. cn=Examples,dc=lemonldap-ng,dc=org ● Access rules: ● default → accept ● ^/admin → $groups =~ /admin/ ● ^/logout.php → logout_sso ● HTTP headers: ● Auth-User → $uid ● Auth-Name → uc($sn).", ".ucfirst($gn) 10/10/11 19 http://lemonldap-ng.org
  • 20. cn=Configuration,dc=lemonldap- ng,dc=org ● Configuration is shared between all components ● It can be stored in: ● Local files ● SQL database ● LDAP directory ● Configuration is also available trough SOAP 10/10/11 20 http://lemonldap-ng.org
  • 21. jpegPhoto=Configuration interface, dc=lemonldap-ng,dc=org 10/10/11 21 http://lemonldap-ng.org
  • 22. cn=Cookies and sessions, dc=lemonldap-ng,dc=org ● Cookies and sessions have lifetime ● Sessions can also have an idle timeout ● Sessions can be stored in File, LDAP, SQL, noSQL (Memcached, Redis, Cassandra, …) ● Sessions are also available trough SOAP ● Cookies can be protected to travel only on secure connections ● Cross domain is managed 10/10/11 22 http://lemonldap-ng.org
  • 23. cn=Authentication methods, dc=lemonldap-ng,dc=org ● LemonLDAP::NG supports a lot of authentication methods: ● LDAP ● Database ● SSL X509 ● Apache built-in modules (Kerberos, OTP, ...) ● SAML 2.0 ● OpenID ● Twitter ● CAS ● Yubikey ● Methods can be stacked or displayed together 10/10/11 23 http://lemonldap-ng.org
  • 24. cn=Identity provider, dc=lemonldap- ng,dc=org ● LemonLDAP::NG is a federation product, allowing services to get user identity trough standard protocols: ● SAML 2.0 ● OpenID 2.0 ● CAS 1.0 and 2.0 10/10/11 24 http://lemonldap-ng.org
  • 25. ou=LDAP,dc=lemonldap-ng,dc=org 10/10/11 25 http://lemonldap-ng.org
  • 26. ou=LDAP,dc=lemonldap-ng,dc=org ● LemonLDAP::NG is in love with LDAP since its birth: ● Authentication, user data mining and password change ● Group membership ● Password policy ● Configuration and sessions 10/10/11 26 http://lemonldap-ng.org
  • 27. cn=Standard,ou=LDAP,dc=lemonldap- ng,dc=org ● Classical LDAP authentication process: ● Search directory to get DN from user login ● Bind with found DN and user password ● User data: ● Get attributes and store them in session data ● Manage multi-valued attributes ● Many configuration options: version, timeout, binary attributes, search base, search filter, attributes... 10/10/11 27 http://lemonldap-ng.org
  • 28. cn=Group Membership,ou=LDAP, dc=lemonldap-ng,dc=org ● LemonLDAP::NG can collect groups: ● Search on a group branch ● Keep groups where user is member ● Advanced feature: recursive groups: ● Keep all groups hierarchy ● LDAP groups can be mixed with local defined groups ● Many configuration options: search base, groups objectClass and attributes, recusivity 10/10/11 28 http://lemonldap-ng.org
  • 29. cn=Password Policy,ou=LDAP, dc=lemonldap-ng,dc=org ● Uses Password Policy defined in Behera Draft: ● Authentication: – Display account is locked or account is expired – Display seconds before expiration and used graces ● Password Change: – Display constraint check (quality, size, history, …) – Force password change if requested by the Directory ● Can use password policy with a standard modify operation, or with password modify extended operation 10/10/11 29 http://lemonldap-ng.org
  • 30. cn=Configuration+cn=Sessions, ou=LDAP, dc=lemonldap-ng,dc=org ● Configuration and sessions can be store in an LDAP Directory ● Uses standard Apache::Session API ● Allow easy multi-master architecture deployement 10/10/11 30 http://lemonldap-ng.org
  • 31. cn=The End,dc=lemonldap-ng,dc=org 10/10/11 31 http://lemonldap-ng.org
  • 32. cn=Thanks,dc=lemonldap-ng,dc=org ● Thanks to: ● LDAPCon organization for letting me speak in front of you ● LDAP Get Together France people for staying until the end of this conference ● LDAP standard to be complicated enough to allow me to teach it to other who do not want to learn it alone ● Stay in touch: ● Identica: @coudot ● Twitter: @clementoudot ● IRC: KPTN #lemonldap-ng@freenode 10/10/11 32 http://lemonldap-ng.org
  • 33. cn=Questions,dc=lemonldap-ng,dc=org 10/10/11 33 http://lemonldap-ng.org