Wednesday Jan 04, 2012

Project OpenPTK v2.0 released

Version 2.0 "shipped" 

The Project Open Provisioning ToolKit (OpenPTK) has released version 2.0. It has been "tagged" in the svn repository. See the project download page for access instructions ...

Release 2.0 of Project OpenPTK builds on the success of Release 1.x.

The goal ... enable developers to create custom interfaces to a variety of repositories....

Release 2.0 gives the developer more choices for how they want to create custom interfaces. Release 2.0 supports more back-end repositories: SPML 1 and 2, LDAP, JDBC, Oracle Identity Manager 11g. 

Here is a summary of the major new features in version 2.0:

  • Servlet-Based (Engine Architecture)
  • RESTful-based Web Service
  • Service / Operation Level Configuration
  • Client-Side Java API
  • Authentication
  • Authorization
  • Models, Views and Relationships
  • Actions
  • Encryption
  • Templates
  • Definition Functions
  • Enhanced Search
  • Services


For full details, see the OpenPTK version 2.0 Release Notes:

Monday Dec 03, 2007

LDAP/JNDI Service for Project OpenPTK

Today we posted an announcement related to a new feature that was just added to Project OpenPTK. The new feature is a Service that enables OpenPTK-based applications to provision users to LDAP-based directory servers.

Why is this important? The new LDAP/JNDI Service demonstrates that User Provisioning applications (which leverage Project OpenPTK consumer interfaces) can be abstracted from the back-end user repository. Prior to this announcement, OpenPTK-based applications could only leverage the SPML Service. Developers can now build User Provisioning interfaces that could use LDAP for Search and Read operations while SPML would be used for Create, Update and Delete operations.

The Test Samples and Example applications provided in the Project OpenPTK source download have been tested with both LDAP/JNDI and SPML. The Command Line and User Management Lite examples can easily switch between back-end user repositories by either updating a configuration file or by specifying a context at run-time.

The OpenDS directory server was used for development and testing. It was so easy to download, install and configure. Another must have tool, if your working with LDAP, is the Apache Directory Studio.

This is just the beginning of what the Project OpenPTK team has planned for this new LDAP/JNDI Service.

Friday Oct 12, 2007

Announcing Project Open Provisioning ToolKit (OpenPTK)

Derrick Harcey, Terry Sigle and I (Systems Engineers in Sun's Software Practice) publically announced Project OpenPTK at Sun's Customer Engineering Conference (CEC) 2007 in Las Vegas, Nevada.

In addition to my co-founders (Derrick and Terry), i'd like to thank lots of other people that helped make this project possible. The three of us put in a lot of evenings and weekends.

  • My wife: I spent a few weekends and evenings writing code and having conference calls. I woke her up sometimes while dicsussing issues during 1:00 AM conference calls.
  • My two boys: while they were either at swimming lessons or at Tae Kwon Do classes, I would occasionally bring my laptop to write code or read technology books for research.
  • My management supported this project since day one. Thanks for supporting our vision.
  • Sun's engineering, marketing, open source and legal teams.

Being a member of Project OpenPTK has allowed he to see, first hand, that Sun believes in and supports open source projects.

Friday Aug 26, 2005

Using Solaris RBAC Profiles, By Example

Recently I had a need to configure the Sun Java System Identity Manager for provisioning users to Solaris. Identity Manager uses Resource Adapters to communicate with resources (Solaris). When you configure a Resource Adapter, you need to specify a userid/password that has the ability to execute user and group management commands. One of the options is to use the sudo utility. Solaris has a far better solution to this problem ... Role Based Access Control (RBAC).

I documented the process of setting up a new Solaris Role (Identity Management) and the creation of a "proxy user" (idmadm). This step-by-step process is available as an article from the BigAdmin Feature Article site.

Wednesday Aug 10, 2005

Identity Manager as a Solaris 10 SMF service

I use Solaris 10 to demonstrate the Sun Java System Identity Manager. Setting up Identity Manager on Solaris 10 was easy, it had everything I needed ... a JSP/Servlet container and an RDBMS. Solaris 10 had Apache/Tomcat and MySQL already installed.

By default, Apache/Tomcat and MySQL used traditional start-up scripts. I decided to create a Solaris 10 SMF service for Identity Manager. I ended up creating two services, one for the MySQL database and the other for Apache/Tomcat. The Identity Manager service (idmgr) has a dependancy on the MySQL service (mysql).

Documenting my Solaris 10 SMF experiences evolved from my journal "chicken scratchings" to emailed notes to finally a technical whitepaper. The whitepaper was an internal only document. Thanks to a bunch of great co-workers we got it posted as a BigAdmin Feature Article. You can get it here.

If you're thinking about creating your own Solaris 10 service, take a look at the article. It includes step-by-step instructions and manifests that can be modified for your specific service.


Scott Fehrman


« June 2016

No bookmarks in folder


No bookmarks in folder

Ref. Material

No bookmarks in folder