Identity Infrastructure Is
Our Area Of Expertise

The subjects discussed here include technologies, standards, architecture, implementation, and applications ... a broad range, to be sure. Each area is evolving rapidly due to the dramatic increase in scope and importance of identity for services and applications. LDAP, virtual directories, federation, and SSO are now key ingredients in an IT infrastructure. The ability to get maximum performance from them is absolutely critical. We are fortunate to have a "behind-the-scenes" view, and hope the observations we share from that perspective prove useful to our readers who care about these topics.

Follow Symlabs
More Information
Blogroll
Entries By Topic

Entries in LDAP (9)

Wednesday
Jun232010

New Version Of Symlabs Free LDAP Browser Now Available

DateWednesday, June 23, 2010 at 03:30PM

We've just released Symlabs LDAP Browser v1.5 - a faster, friendlier, and even more compatible LDAP browser for identity management professionals who want a rock- solid application to assist in managing LDAP-based infrastructures at the most attractive price possible ... FREE.

In this new and improved version of our free LDAP browser we've done a complete overhaul of the connection manager, making it simpler to set up and store the parameters used to connect to different backend repositories. The new connection manager allows you to quickly change basic parameters for existing connections, and then connect with or without saving those changes. It sports a new tabbed interface that groups settings which belong together, making it easier to find the parameters that you want to change.

In the spirit of updating the GUI and providing a friendlier interface, we've developed an improved Entry editor, so that it is easier to view and edit the entries stored within your directories. Virtual Schema Management windows have also been developed to make it easier to work in environments that make use of virtual directories or LDAP proxy solutions.

Many performance enhancements have been done to the underlying code which have made our LDAP browser quicker and generally more responsive. And, of course, we have sorted out some bugs that were present in our virgin release, resulting in a product that functions reliably and predictably well, regardless of the backend directory that it is connecting to or the platform that it is running on.

From the initial release, we were never really satisfied with our ability to handle referrals elegantly and, since this is a common feature for Active Directory users, we have put a lot of effort into providing a variety options that help you work with referrals or ignore useless error messages. This makes the browser "quieter", and much easier to use.

Just to put it all in one place here's a quick summary to list the new additions in v1.5:

  • Higher speed and better performance
  • Easier connection management and a new tabbed interface
  • Refined search and bookmarks features
  • Simplified display of entries and nodes
  • Greater compatibility with mainstream LDAP directories
  • More control, flexibility, and functionality for referral handling
  • Improved layouts for user interfaces and screens

We're really excited about the improvements that we've made to this product and believe that systems administrators and developers will genuinely appreciate the work that we've done. And, we're very pleased that we're able to keep the product free to use. We know that part is appreciated by the IT community, since it has been requested so often after its initial release just a couple of short months ago.

If you already use the previous version of the product, we encourage you to download and install the latest release to take advantage of the many improvements. And, if you haven't tried it yet, download Symlabs Free LDAP Browser here and it give it a whirl now.

AuthorRowan Puttergill | Comment2 Comments |
in , ,
Friday
Apr022010

Use 'Virtual Schemas' To Make Complex Data Management Problems Disappear

DateFriday, April 2, 2010 at 07:47PM

It has only been just over a month since we released Symlabs Free LDAP Browser, and already we're closing in on a thousand downloads of the software. The enthusiastic reception must indicate that we've done something right, and also makes this seem like a good time to take a closer look at what the browser has to offer plus why it's the perfect application to use in conjunction with Symlabs Virtual Directory Server and Symlabs LDAP Proxy, as well as a range of other LDAP directory products.

To quickly review, Symlabs LDAP Browser is a java application that can run on practically any OS that supports a Java Runtime Environment. It has many great built-in features like full TLS/SSL support, stored searches & bookmarks, LDIF exports, RootDSE & schema viewing, and two simplified editing interfaces for managing directory entries. It can even open multiple connections at once and switch between them using an intuitive tabbed interface, which is extremely useful when working with virtual directories since you'll most likely want to see the difference between views on your backend and the view that you are generating through the proxy engine.

One of the most common integration problems that virtual directories are typically called upon to resolve involves distributed or fragmented identity data. And, one feature that's unique to Symlabs LDAP Browser is proving to be particularly handy for virtual directory administrators who deal with this. They frequently find user data stored across multiple backend repositories, and, if they're lucky, these are repositories of the same type. If they're not so lucky, the various different repositories at least support the same protocol. But, if they're downright jinxed, they'll find themselves trying to consolidate data stored in several types of LDAP directories along with records stored in various relational databases.

Virtual directories offer a wealth of useful facilities to help resolve these problems, but quite often they do so by violating the schema. That's not to say schema violations are always a problem. Some applications are schema-agnostic and will just work with the attributes and LDAP objectClasses that they expect. Indeed some virtual directory products do offer the flexibility to smooth over problems caused by schema violation, and there are ways to trick an application into believing that the schema actually conforms (at least, we know it's possible with Symlabs LDAP Proxy and Symlabs Virtual Directory Server). Still, not every solution is going to call for such drastic measures. However, if you choose not to resolve schema violations, you may struggle to find a LDAP browser that can work properly in your environment.

Symlabs LDAP Browser has a very clever feature that addresses this issue. Imagine an ugly situation in which some data for your users is stored within a relational database and, at the same time, you have an LDAP directory that stores entries for the same users. You have an application that needs to access both sets of data as if it were stored in a single LDAP directory entry. The obvious solution is to implement a virtual directory that maps data from the tables in the database onto branches within the virtual directory tree. Using some join functionality, you merge the data from each record with the data for each entry based on a common field or attribute. Now you have a problem ... the directory will still report the schema that it supports, but you also have a bunch of 'virtual attributes' that represent data in the database, and these attributes are not reported by the schema.

While your target application may be okay with this and your LDAP browser may get as far as displaying the values for these attributes, its very unlikely that the browser will let you modify entries that do not conform to the schema. Unless, of course, you're using Symlabs LDAP Browser. It is similar in that it really is schema strict - the difference is it also supports the novel idea of a 'virtual schema'.

Symlabs LDAP Browser will download a copy of the schema into memory, then allow you to modify the schema entries that it has stored for the connection. You can add new objectClasses or attributes to the schema, remove conflicting classes or attributes, and modify existing schema entries. Although this has no effect on the backend server, it means that if the data presented by your virtual directory solution does not conform to an existing schema, you will still be able to work with that data within the browser. This is because the virtual schema approach allows you to trick Symlabs LDAP Browser into believing that the data actually does conform. Best of all, you can store the virtual schema modifications that you make for any connection so when you open the same connection again, the browser will download the schema as usual and then apply the modifications you previously made.

You can easily perform virtual schema modifications
that accommodate your virtual directory solution
And, when adding a new virtual attribute, you can
fully define it as if it were a genuine schema entry

Of course, this functionality will only work where a solution is designed to support it. In other words, this isn't a quick and easy way to modify the schema on your server so other applications will work with your data. It's only a convenient trick to get the browser itself to work with non-conforming data, but it's a trick that the virtual directory enthusiasts out there are very glad to see. We specialize in virtual directory solutions, and in our many years of experience we hadn't come across a browser that was effective at handling this type of problem. So, we put this little innovation into our Symlabs Free LDAP Browser and we're pleased that it's so popular.

If you're looking for something that can handle your actual schema modification requirements without affecting your existing repository, then you should look to Symlabs Virtual Directory Server or Symlabs LDAP Proxy, particularly given many of the recent improvements that we've made. If, on the other hand, you just need a browser that can work with your virtual directory solution, regardless of how schema-compliant its data presentation is, then download Symlabs LDAP Browser for yourself and use it with our compliments - its free.

Rowan Puttergill

AuthorRowan Puttergill | CommentPost a Comment |
in , , ,
Wednesday
Jan272010

Lots new in our virtual directory products version 5.5 (GSSAPI/SASL & Kerberos, HTTP Server Groups ...)

DateWednesday, January 27, 2010 at 02:49PM

We have just launched a new release of Symlabs LDAP Proxy and Symlabs Virtual Directory Server that delivers many performance enhancements plus a load of new and exciting features, and I'd like to share the information about these significant upgrades with you here.

Our development team has worked hard to create tighter integration with current technologies that are critical to the operation of both large and small enterprises. For example, the new GSSAPI/SASL interfacing capabilities that are included with Symlabs Virtual Directory Server provide significantly better support for Active Directory or other Kerberos-enabled environments, and the new extensions facility which has been added to both products offers the ability to download and install plug-ins as needed for the ultimate in flexibility. And, thanks to major usability improvements, a complete overhaul of the LDAP Browser that was bundled in, and a load of new plug-ins, this latest release from Symlabs is a polished product that is even easier to use. Of course, we haven't forgotten our commitment to industry-leading speed and reliability - version 5.5 is not only better, it's faster.

Core components of both products have been reviewed and tweaked to improve performance, particularly under Windows, while health monitoring and connection pooling capabilities have been updated to improve their functionality and flexibility in addition to performance. But, the major focus for this release has been to enhance usability and provide of new features. As a result, many new plug-ins have been added. There is a new, easy-to-use security plug-in that restricts data views based on simple criteria; various new mapping plug-ins, such as one for DN Suffix Mapping that makes it easy to work with group entries in a virtual tree; plus a number of plug-ins that create Active Directory functionality for the virtual directory, such as the new BackLinks plug-in which can link attributes across entries and the new Victim Attributes plug-in that provides a great way to work around schema modifications. Existing plug-ins for both products have also been updated, with some particularly useful enhancements for the logging plug-ins.

Symlabs Virtual Directory Server v5.5 comes with a host of powerful new features, particularly the GSSAPI/SASL interfacing capabilities - with Microsoft's strong adoption of Kerberos as its central authentication mechanism, adding this functionality to the system administrator's toolbox is a big plus. Using GSSAPI, you can now provide Kerberos authentication on a front-end listener, or alternatively use Kerberos to authenticate against back-end repositories. This means that you are much better able to integrate applications which are not designed to work within an Active Directory environment. Aside from Kerberos, Symlabs Virtual Directory Server also features automatic HTTP server groups, with proper health-checking and appropriate session-handling for failover scenarios already built-in. HTTP server groups open up the possibility to integrate B2B applications via web services as well as with generic XML over SOAP. Not only does this functionality now become incredibly easy to deploy, it also comes with a whole set of HTTP-specific plug-ins to control routing of requests to appropriate back-end servers plus a set of great logging plug-ins.

Many GUI enhancements have been made to both products, most notably the extension manager that now makes it possible to download and install new plug-ins as you require them. For many enterprise customers that require custom development, this will prove to be a massively useful feature. A fully functional GUI configuration component can be designed for any manual processing stage, and the resulting component can be developed for the client by Symlabs, then downloaded and incorporated into an existing version of the GUI to be used just like any other plug-in. This means that new features can be added to the product between full version releases, and that any custom functionality needed by a client to support a new requirement can be made as simple to configure as any of the standard plug-ins.

The DSGUI component for both products now includes better internal checks to ensure that valid or sensible variables are used during configuration, there is now an option to control warning messages for the right level of information, and canonicalization options have been improved and moved into their own advanced tab for a less cluttered interface. Many users will be glad to discover that DSGUI now not only provides a variety of options to integrate with an external LDAP Browser of their choosing, but also comes bundled with with a newly developed, fully-featured, SSL-capable, standalone LDAP Browser. The bundled Symlabs LDAP Browser has a long list of features and functionality, is fully compatible with both Symlabs Virtual Directory Server and Symlabs LDAP Proxy, and can be used with any LDAP or LDAP(S) server (including virtualized) so it's a great choice for an enterprise-wide tool.

The developers have spent a lot of time improving and adding to the logging plug-ins, and they have included a powerful log parsing script in the new release. This script can be used to extract particular log elements of interest for reports that are easier to understand, and for better integration with other monitoring applications that may already be in use throughout the infrastructure. There are also numerous improvements to documentation, including a complete guide to SSL, SASL, GSSAPI, and Kerberos plus a comprehensive manual for the new Symlabs LDAP Browser. The Help system inside DSGUI has also been upgraded so help pages now open in the default web browser, making it easier to step through the content using a familiar application.

These new versions of Symlabs Virtual Directory Server and Symlabs LDAP Proxy are sure to break new ground in the market. I know all our customers are going to appreciate the improvements that have been made throughout, and Active Directory systems administrators in particular will find a lot in this release that is aimed directly at them. Our focus has been on providing better integration tools, enhanced usability, and the best possible performance, and I'm pleased to say that by all accounts we've delivered. Best of all, you can see for yourself - just download an evaluation copy of either one at our website.

Jeff Zukowski

AuthorJeff Zukowski | CommentPost a Comment |
in ,
Thursday
Sep042008

DIDW Offers Information, Ideas, And Hands-On

DateThursday, September 4, 2008 at 02:10PM
It's often hard to keep the realm of Identity Management in perspective and grounded in reality, but Digital ID World 2008, which takes place next week from September 8th through 10th at the Hilton Anaheim in California, is one of those rare opportunities to grab several days of discussions, workshops, and educational sessions on a wide variety of topics that will help you do just that. This year there's a full agenda of talks that offer user, vendor, and standards perspectives on the industry, but one of the things I think is most valuable is the opportunity to get your hands on some of the products you'll need to actually make identity management a reality for your environment.

Whether you're building new infrastructure or updating an existing one, whether it's for internal use, commercial opportunities, or government services - there's no substitute for demonstrations & discussion with the product folks to help you see how a puzzle assembles into your particular picture, in my opinion. We place a lot of emphasis on this, so we'll be there in booth 311 (around the center of the exhibition area in the California Pavilion) with demonstrations of Symlabs Virtual Directory Server, Symlabs LDAP Proxy, and Symlabs Federated Identity Suite plus experts from our team to answer your questions, discuss your individual requirements, and generally offer suggestions that we hope will be useful in your planning.

As already mentioned here in earlier posts, we've added a lot of improvements to all three of these products in the past several months, and we'd love to show them off for you. Of course, we encourage you to take in the rest of the agenda, since there's a wealth of informative presentations and panels on tap, just don't forget to pay us a visit while you're in the area. We're looking forward to seeing you.

Jeff Zukowski

AuthorJeff Zukowski | Comments Off |
in , ,
Wednesday
May072008

Remote Administration Server (Part 2)

DateWednesday, May 7, 2008 at 12:00AM

The time has come to finish up this discussion of the new Remote Administration Server (RAS) in version 4.0 of Symlabs LDAP Proxy and Symlabs Virtual Directory Server by describing how it actually brings a lot of benefit to a production environment. This, of course, is what our customers care about more than the technology itself (and far more than a philosophy debate with the MOTCL* (*see last post)).

Refreshing your memory from last time, before RAS (i.e., before version 4.0) each instance of Symlabs LDAP Proxy or Symlabs Virtual Directory Server and its associated instance of DSGUI were tightly coupled, one-to-one. For example, every server running Symlabs LDAP Proxy was also running it's DSGUI interface, and while this provided a nice graphical configuration and management tool, you had to access it through that server, and you could only manage instances running on the same server when you did. As production environments routinely started having lots of instances on lots of servers, our customers started asking for a way to simplify and consolidate their management capabilities.

Now with RAS, the architecture has been re-worked so that there are several options for managing complex environments, allowing customers to create the one that makes it easiest for them. The "core engine" in Symlabs LDAP Proxy or Symlabs Virtual Directory Server no longer needs its tightly-coupled graphical environment for configuration and management (as it was before version 3.0, when MOTCL roamed the earth). Instead, RAS allows an instance of DSGUI running on any machine to configure and manage an instance of the core engine running in any server, using fully secure communication of course. One ring to rule them all.

Using the RAS server is fully optional, so if you want run a local DSGUI in the server along the instance of its core engine, you can still do so ... and start managing multi-server configurations the moment you need to, and not an instant before. The rapid prototyping that DSGUI users are used to has not been lost, in fact you haven't lost the flexibility to manage any instance of Symlabs LDAP Proxy or Symlabs Virtual Directory Server from the command line, if that's what works for you. You have simply gained the flexibility to configure and manage them all easily from one place, or from several places using whatever division of responsibility and toolkit matches your organization needs.

Also, with the introduction of RAS we changed the way in which configurations are stored, so they are now platform independent. If you have several RAS instances running on different types of servers, you can simply copy and move the configurations among the servers with just a mouse click. This should come in very handy, especially in production environments where several instances have to be kept current, such as when fail-over scenarios or server replications are managed. It will also be useful where different environments are maintained for preproduction and production, or where different OS are used, for example initial testing done on a Windows desktop with production running Solaris. Now configurations can easily be created on technician's desktop, verified there, and  moved to a preproduction environment to begin load and performance testing in seconds, all without having to worry about changing environments, desktop sharing, or other cumbersome annoyances.

I can keep on talking about implementation details for hours, but at this point you should get the picture, so the next step is to prove it to yourself. Just download a free evaluation version from http://symlabs.com and check out how useful this new feature is. We are always interested in opinions (including from MOTCL) to help us keep improving the features offered in our products, so after you try it, any feedback you want to send us will be greatly appreciated.

Fernando García Vegas

Author Fernando García Vegas | Comment1 Comment |
in ,
Page 1 2 Next 5 Entries »