Thursday, May 27, 2010

Testing LDAP CONCURRENT CONNECTION

This Sample Java code allows to Test the connectivity to OID server in a loop(for concurrent number of times.)
This code used getDefaultDirCtx() Method of ConnectionUtil Inteface to get connection to OID
//The code Start Here
import javax.naming.NamingException;
import oracle.ldap.util.jndi.ConnectionUtil;
import oracle.ldap.util.CommunicationErrorException;
public class testLDAP {public testLDAP() throws NamingException {
String ldapUser = "cn=orcladmin";
String ldapPwd = ;
String ldapHost = ;
//String ldapPortSSL ="13130" ;
String ldapPort ="389" ;
try{ for(int i=0;i<20;i++)
{System.out.println("--------Trying to connect to the OID server connection Number--------" +i + "\n");
ConnectionUtil.getDefaultDirCtx(ldapHost, ldapPort, ldapUser, ldapPwd, 1000);
System.out.println("Connected successfully to " +ldapHost + " on the Non-SSL port : "+ ldapPort+"\n" );
//ConnectionUtil.getDefaultDirCtx(host, port, bindDN, bindPwd, timelimit) }
}catch(Exception e)
{System.out.println (e);}
}
public static void main(String[] args) throwsNamingException { testLDAP class1 = new testLDAP();class1.getClass();}}
//The code END Here

Wednesday, October 14, 2009

Query to find all users associated with a resource in a provisioning or Provisioned state

/*List of all the users allocated with a Resource with a Specific Status*/
SELECT distinct(usr.usr_login),usr.usr_create,obj.obj_name,ost.ost_status from usr,act,oiu,obi,obj,ugp,usg,oug ,ugp ugp2,ost WHERE usr.act_key = act.act_key AND usr.usr_key = oiu.usr_key AND oiu.obi_key = obi.obi_key AND oiu.ost_key = ost.ost_key AND obi.obj_key = obj.obj_key AND usg.usr_key = usr.usr_key AND usg.ugp_key = ugp2.ugp_key AND obj.obj_key = oug.obj_key AND oug.ugp_key = ugp.ugp_key AND UPPER(obj.obj_name) like UPPER ('DR OID RO')AND OST.OST_STATUS LIKE 'Provisioning' and oug.obj_key in ( select distinct(d.obj_key) from ugp a, usg b , oug d ,ost s,obj where UPPER(obj.obj_name) like UPPER ('DR OID RO')AND s.OST_STATUS LIKE 'Provisioning' and b.ugp_key = a.ugp_key and d.ugp_key = a.ugp_key )order by usr.usr_create desc;

Wednesday, August 26, 2009

Java Code to add New Group in OID

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.*;
import java.util.*;

public class NewGroup
{
final static String ldapServerName = "dr.test.org";
final static String ldapServerPort = "389";
final static String rootdn = "cn=orcladmin";
final static String rootpass = "abcd1234";
final static String entryDn = "cn=newgroup,dc=gov,dc=in";

public static void main(String argv[]) throws NamingException
{
Properties env = new Properties();
env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
env.put( Context.PROVIDER_URL, "ldap://" + ldapServerName + ":" + ldapServerPort + "/");
env.put( Context.SECURITY_PRINCIPAL, rootdn );
env.put( Context.SECURITY_CREDENTIALS, rootpass );
DirContext ctx = new InitialDirContext(env);

// Create the objclassSet to hold all the entry's objectClasses.
BasicAttribute objclassSet = new BasicAttribute("objectclass");
objclassSet.add("top");
objclassSet.add("orclgroup");
objclassSet.add("groupofuniquenames");

// load the attributes
BasicAttributes attrs = new BasicAttributes();
attrs.put(objclassSet);
attrs.put("cn", "newgroup");
attrs.put("uniquemember", "cn=orcladmin");
ctx.creat>
}

OAM Authentication Process

1. HTTP request arises from browser
2. AccessGate: Is the resource protected?
3. AccessServer: checks the directory server for policy
4. Directory Server responds to Access Server
5. Access Sever responds to WebGate with policy information
6. WebGate presents the Challenge
7. User Credentials to Access Gate
8. AccessGate passes Credentials to Access Server
9. Access Server calls one or more authentication plug-ins
10. Access Server checks directory server for DN.
11. Directory Server responds with zero or 1 dn.
12. Access Server responds to Access Gate
13. Successful Authentication
14. Encrypted Cookie Set for browser
15. Is the user authorized? What are associated actions?
16. Access Server checks directory server for policy
17. Directory Server responds to Access Server
18. Access Server responds to WebGate with policy information
19. Returns requested resource.

Identity Management Architecture

We’ve all seen cities that don’t just quite seem to have a sense of place, where the zoning didn’t yield a coherent set of uses or designs and things just seemed thrown together. This results from a lack of planning. Imagine the difficulty and danger of living in a place where there were few standards for building, multiple electrical voltages and phone systems, and roads were put in place willy-nilly.This is a situation that most enterprises find themselves in with their digital identity infrastructure. The systems are thrown into place with little thought to standards or interoperability. Solving the problem of the day, week or month becomes standard operating procedure. The end result is a tangled mess of systems that are brittle and unreliable. Heroic efforts are required to make small changes or even keep the systems running day-to-day.
More Here
Courtesy:http://www.windley.com/archives/2004/01/identity_manage_2.shtml
Labels: 0 comments

Monday, August 17, 2009

IAM in enterprises cost versus ROI

IAM in enterprises cost versus ROI
A.) Cost reduction
Think about things like time spent on password resets and time spent logging in. Good IdM solutions will give the user the ability for self-service password resets and single sign on. Gartner says that the average IT Help desk spends 40% of it's time on password resets alone. At the average IT Salary of $90K/year, that is a lot of money. Gartner also says the average employee spends 15 minutes/day on authentication. That adds up over a full work year, and can be avoided with SSO.
B.) cost reduction from self services
This is probably most commonly associated with security products. It can be hard to justify because this is the "What if" clause, but you can quantify how long it will take to fix a breach.
C.) Increased sales
Some of our customers have wanted our product because it gives them a competitive advantage by allowing their end-users SSO. This isn't the case for everyone, but we are increasingly seeing people that use IdM to increase sales.
D.)Compliance cost reduction from streamline of compliance processes
E).IAM as a start point for implementing ITIL.The ITIL implementations define the central database to store data used by procesess ranging from SLA, Problem, Change to Procurement, Accounting, etc.The IAM project will define the Identity Directory used by central database to define identities within ITIL processes. Rightly developed IAM project manage privileges for procesess in the ITIL implementation. If you implement IAM before ITIL implementation you will able to use it to manage ITIL procesess instead of create additional database to manage actors for these processes. ITIL defines IM as an important part of IT management and defines it as User Life Cycle process (from hire to retire) crossing with anothers. IAM processes are much more easier to implement in comparison to others.

Tuesday, August 4, 2009

How to Configure Xellerate with WebSphere MQ

Using WebSphere MQ: General Instructions

STEP 1. Prepare MQ
Install MQ in one or more machines as desired. Example: For fail over install MQ in one machine with hardware based fail over, or install MQ in multiple machines and create a clustered queue manager.

Create two queues in the Queue Manager. One queue will hold all the Messages and other queue is intended to be the DLQ. Naming the queues appropriately. For example: XLQueue and XLErrorQueue.

STEP 2: Removes queues hosted in Embedded Messaging
1. Start the WebSphere admin console.
2. Stop Xellerate Application. In case of clustered installation stop the Cluster running Xellerate.
3. Expand Resources and Select WebSphere JMS Provider.
4. Set the scope to the Cell Level for clustered and to the server level for non-clustered installations.
5. Click on Queue Connection Factories and remove xlConnectionFactory.
6. Click “WebSphere JMS Provider” to return to the WebSphere JMS Provider screen at the cell/server level.
7. Click on Queue Destinations and remove the xlQueue and xlErrorQueue.
8. Save your changes.

STEP 3: Change the xlJMSLogin credentials.
1. Expand Secutiry | JAAS Configuration and click on j2c Authentication Data.
2. Click on xlJMSLogin and change the username and password to the WebSphere MQ username and password.

STEP 4: Create WebSphere MQ Resources.
1. In the Resources section now click on WebSphere MQ JMS Provider.
2. Set the scope to Cell Level.
3. Click on WebSphere MQ Queue Connection Factories and create a new Connection Factory.
a. Make sure the JNDI Name of the connection factory is xlConnectionFactory.
b. Provide the other information required.
4. Perform Step 1 and 2, to return to the WebSphere MQ screen at Cell Level.
5. Click on WebSphere MQ Queue Destinations and create the xlQueue and xlErrorQueue.
a. Make sure the JNDI Names are queue/xlQueue and queue/xlErrorQueue respectively.
b. Provide other information as required.



Example screen shot for WebSphere xlConnectionFactory:






Example Screen Shot for XLQueue