We introduce the password policy standard (IETF Behera draft) and its implementation in OpenLDAP. We then present LDAP Tool Box Service Desk, a simple web application do display user account status and providing functions to check and reset password, lock/unlock account.
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
Since the 2.0 release of LemonLDAP::NG, we worked a lot on OAuth2 and OpenID Connect and the latest versions of the software can now be used to authenticate mobile applications, protect API and Webservices. For example, LemonLDAP::NG supports refresh tokens, for online and offline mode, and some OAuth2 specific endpoints like the introspection endpoint. In this presentation you will discover these new features and learn how to use them for your applications. Presentation by Clément Oudot, Worteks.
Webinar: Message Tracing and Debugging in WSO2 Enterprise Service BusWSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2016/10/message-tracing-and-debugging-in-wso2-enterprise-service-bus/
Tracing and debugging play a key role when developing enterprise integration solutions. It helps to understand and build robust high-performance applications efficiently and makes the most use of your development time. Debugging enables developers to traverse message flows during runtime and tracing helps track issues after the process finishes. This allows you to identify and fix issues at the root of the cause.
WSO2 Enterprise Service Bus (WSO2 ESB) has now introduced these two much-awaited features to the distribution. This webinar will
Examine how WSO2 ESB’s runtime, tooling and analytics are integrated to enable debugging and tracing
Explore use case on developing sample artifacts
Demonstrate the capabilities of the debugger
Discuss how to perform tracing information collections
Explain the capabilities of tracing
LemonLDAP::NG is a free WebSSO software, implementing CAS, SAML and OpenID Connect protocols
The 2.0 version is a major step in LemonLDAP::NG history. It brings brand new features as second factor authentication, SSO as a Service, devops Handler, etc. This talk will present how the software works, and the main new features.
Auth2 and OpenID Connect support in LemonLDAP::NG, OW2online, June 2020OW2
Since the 2.0 release of LemonLDAP::NG, we worked a lot on OAuth2 and OpenID Connect and the latest versions of the software can now be used to authenticate mobile applications, protect API and Webservices. For example, LemonLDAP::NG supports refresh tokens, for online and offline mode, and some OAuth2 specific endpoints like the introspection endpoint. In this presentation you will discover these new features and learn how to use them for your applications. Presentation by Clément Oudot, Worteks.
Webinar: Message Tracing and Debugging in WSO2 Enterprise Service BusWSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2016/10/message-tracing-and-debugging-in-wso2-enterprise-service-bus/
Tracing and debugging play a key role when developing enterprise integration solutions. It helps to understand and build robust high-performance applications efficiently and makes the most use of your development time. Debugging enables developers to traverse message flows during runtime and tracing helps track issues after the process finishes. This allows you to identify and fix issues at the root of the cause.
WSO2 Enterprise Service Bus (WSO2 ESB) has now introduced these two much-awaited features to the distribution. This webinar will
Examine how WSO2 ESB’s runtime, tooling and analytics are integrated to enable debugging and tracing
Explore use case on developing sample artifacts
Demonstrate the capabilities of the debugger
Discuss how to perform tracing information collections
Explain the capabilities of tracing
LemonLDAP::NG is a free WebSSO software, implementing CAS, SAML and OpenID Connect protocols
The 2.0 version is a major step in LemonLDAP::NG history. It brings brand new features as second factor authentication, SSO as a Service, devops Handler, etc. This talk will present how the software works, and the main new features.
Nagios Conference 2011 - Kimbrough Henley - Using Nagios To Monitor ServiceDeskNagios
Kimbrough Henley's presentation on monitoring ServiceDesk with Nagios. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
Always upgrade! There are hundreds of fixes between each PostgreSQL release, and an important number of them are security fixes! Logical replication allows making major upgrades with minimal downtime and feasible cons.
Single Sign On Across Drupal 8 - DrupalCon Global 2020Iwantha Lekamge
In today’s digitally-driven world, connecting multiple systems is a must for any organization. As organizations use different systems, websites and much more, a single authentication mechanism is highly beneficial.
MongoDB World 2019: MongoDB Implementation at T-MobileMongoDB
Come hear about T-Mobile's success story!
MongoDB was our choice to service customers at high velocity and improve customer experience with lightning speed response for complex read queries.
In this presentation, we’ll show security mechanisms and protections related to OpenShift Container Platform and our experiences deploying and using OpenShift, including:
Security mechanisms, such as user and network access control and policies in Openshift and underlying Openstack, the audit trail of administrative actions, ways to use and protect Kubernetes secrets, and the concealment of application data.
How to address technical limitations or potentially unknown vectors of attack using compensating controls via auditd, monitoring, and alerting.
Security practices in Docker containers.
Use OpenSCAP auditing tool and profiles to audit virtual machine (VM) hosts and container images in our release pipeline.
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
We will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
Best practices for authentication (trust, certificate, MD5, Scram, etc).
Advanced approaches, such as password profiles.
Deep dive of authorization and data access control for roles, database objects (tables etc), view usage, row level security and data redaction.
Auditing, encryption and SQL injection attack prevention.
In this day and age, maintaining privacy throughout our electronic communications is absolutely necessary. Creating user accounts, and not exposing your MongoDB environment to the wider internet, are basic concepts that have been missed in the past. Once that has been addressed, individuals and organizations interested in becoming PCI compliant must turn to securing their data through encryption. With MongoDB, we have two options for encryption: at rest and transport encryption.
The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data.
Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
- Best practices for authentication (trust, certificate, MD5, Scram, etc).
- Advanced approaches, such as password profiles.
- Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction.
- Auditing, encryption, and SQL injection attack prevention.
Note: this session is delivered in French
Nagios Conference 2011 - Kimbrough Henley - Using Nagios To Monitor ServiceDeskNagios
Kimbrough Henley's presentation on monitoring ServiceDesk with Nagios. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
PerconaLive 2016 Santa Clara presentation on Hashicorp Vault with CTO Armon Dadger
https://www.percona.com/live/data-performance-conference-2016/sessions/using-vault-decouple-secrets-applications
Always upgrade! There are hundreds of fixes between each PostgreSQL release, and an important number of them are security fixes! Logical replication allows making major upgrades with minimal downtime and feasible cons.
Single Sign On Across Drupal 8 - DrupalCon Global 2020Iwantha Lekamge
In today’s digitally-driven world, connecting multiple systems is a must for any organization. As organizations use different systems, websites and much more, a single authentication mechanism is highly beneficial.
MongoDB World 2019: MongoDB Implementation at T-MobileMongoDB
Come hear about T-Mobile's success story!
MongoDB was our choice to service customers at high velocity and improve customer experience with lightning speed response for complex read queries.
In this presentation, we’ll show security mechanisms and protections related to OpenShift Container Platform and our experiences deploying and using OpenShift, including:
Security mechanisms, such as user and network access control and policies in Openshift and underlying Openstack, the audit trail of administrative actions, ways to use and protect Kubernetes secrets, and the concealment of application data.
How to address technical limitations or potentially unknown vectors of attack using compensating controls via auditd, monitoring, and alerting.
Security practices in Docker containers.
Use OpenSCAP auditing tool and profiles to audit virtual machine (VM) hosts and container images in our release pipeline.
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
We will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data. Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
Best practices for authentication (trust, certificate, MD5, Scram, etc).
Advanced approaches, such as password profiles.
Deep dive of authorization and data access control for roles, database objects (tables etc), view usage, row level security and data redaction.
Auditing, encryption and SQL injection attack prevention.
In this day and age, maintaining privacy throughout our electronic communications is absolutely necessary. Creating user accounts, and not exposing your MongoDB environment to the wider internet, are basic concepts that have been missed in the past. Once that has been addressed, individuals and organizations interested in becoming PCI compliant must turn to securing their data through encryption. With MongoDB, we have two options for encryption: at rest and transport encryption.
The webinar will review a multi-layered framework for PostgreSQL security, with a deeper focus on limiting access to the database and data, as well as securing the data.
Using the popular AAA (Authentication, Authorization, Auditing) framework we will cover:
- Best practices for authentication (trust, certificate, MD5, Scram, etc).
- Advanced approaches, such as password profiles.
- Deep dive of authorization and data access control for roles, database objects (tables, etc), view usage, row-level security, and data redaction.
- Auditing, encryption, and SQL injection attack prevention.
Note: this session is delivered in French
Similar to [Pass the SALT 2020] Understand password policy in OpenLDAP and discover tools to manage it (20)
LemonLDAP::NG is a well known WebSSO software. The 2.0 version was released in 2018 and brings a lot of new features, like multi-factor authentication (TOTP, U2F, ...), WebService and API protection, Plugin system...
FusionIAM is based on the following softwares:
* OpenLDAP
* Fusion Directory
* LemonLDAP::NG
* LDAP Tool Box
* LSC
It is hosted by OW2: https://gitlab.ow2.org/fusioniam/fusioniam
[Identity Days 2019] Maîtrisez les accès à vos applications Web (Cloud et On...Worteks
LemonLDAP::NG est un logiciel libre d’authentification unique (SSO), contrôle d’accès et fédérations des identités pour les applications Web. Il implémente entre autres les protocoles CAS, SAMLv2 et OpenID Connect.
Disposant de nombreux connecteurs avec différents systèmes et applications, il permet en particulier de s’authentifier sur AD avec Kerberos ou via SAML sur ADFS ou AzureAD.
[BlueMindSummit] Présentation de la solution W'SweetWorteks
W'Sweet est une solution de travail collaboratif intégrant BlueMind, NextCloud et Rocket.Chat, avec unification de l'authentification par LemonLDAP::NG
LemonLDAP::NG is a free WebSSO software, implementing CAS, SAML and OpenID Connect protocols
The 2.0 version is a major step in LemonLDAP::NG history. It brings brand new features as second factor authentication, SSO as a Service, devops Handler, etc. This talk will present how the software works, and the main new features.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
4. 12/06/2019 4
A draft with multiple versions
●
Password policy for LDAP is an IETF draft:
https://tools.ietf.org/html/draft-behera-ldap-password-poli
cy
●
First version published in 1999
●
Last version (10) published in 2009, and now expired
5. 12/06/2019 5
Password policy content
●
The specification covers:
●
LDAP control request and response
●
LDAP schema for password policy configuration
●
LDAP operationnal attributes for password policy status in user
entries
●
How to process authentification and password modification
requests
7. 12/06/2019 7
Authentication checks
●
Expiration: do not allow authentication if password is
expired, or manage authentication graces
●
Lock: manage failures counter and do not allow
authentication if password is locked
●
Force change: allow authentication but force password
change
●
Warnings: time before expiration and graces remaining
10. 12/06/2019 10
Overlay ppolicy
●
In OpenLDAP 2.4: Behera draft v9
●
In OpenLDAP 2.5: Behera draft v10
●
Major changes between v9 and v10:
●
Maximum password size
●
Authentication delay
●
Idle time
●
Validity period
12. 12/06/2019 12
Password policy configuration
●
Each password policy is represented as an LDAP entry using
pwdPolicy objectClass
●
Possibility to add pwdPolicyChecker objectClass to load a
specific module to check password complexity
●
LDAP Tool Box project ships an Open Source pwdChecker
module named ppm:
https://github.com/ltb-project/ppm
14. 12/06/2019 14
Password policy status in user entry
●
Some opertionnal attributes are stored in user entry:
●
pwdPolicySubentry: active policy for this user
●
pwdChangedTime: last password change date
●
pwdAccountLockedTime: lock date. If the value is
"000001010000Z", means account is locked permanently
●
pwdFailureTime: list of last failure dates
●
pwdHistory: history of old password
●
pwdGraceUseTime: list of grace dates
●
pwdReset: flag to request password change at next login
15. 12/06/2019 15
Overlay lastbind
●
Specific overlay to remember last successful bind
(operational attribute authTimestamp)
●
Overlay configuration :
dn: olcOverlay=lastbind,olcDatabase={1}mdb,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcLastBindConfig
objectClass: olcOverlayConfig
olcOverlay: lastbind
olcLastBindPrecision: 1
16. 12/06/2019 16
Things no one tells you
●
Account locking: having a value in pwdAccountLockedTime
of a user entry does not mean the user account is locked.
Indeed, if current date is greater than lock date and lockout
duration, the account is unlocked. The value will be erased at
next authentication.
●
Password reset: even if password reset is requested,
authentication is allowed. OpenLDAP will just limit operations
to the password modification, but this has no impact on
applications just using OpenLDAP for authentication.
19. 12/06/2019 19
Support your support
●
User issues with authentication system is often linked to a lost
password, expired password or locked account
●
Support team does not have admin access to LDAP directory
and do not know how password policy works
●
Support team needs to know quickly the account status to
give the correct answer to solve the user issue
21. 12/06/2019 21
LDAP Tool Box Service Desk
●
Main features:
●
Quick search for an account
●
View main attributes
●
View account and password status
●
Test current password
●
Reset password and force password change at next connection
●
Lock/Unlock account
●
Post hook