Directory Services December 14, 2005
Posted by Phillip in : work , 3 commentsI think hanging around / working with Darrell has turned me into a Directory Services junkie. Ever since I started working with Darrell to design, build and deploy a true Identity Management solution for Rackspace, I have been hooked on learning how to utilize Directory Services.
So for the last 8 months or so, Darrell and I have been working tediously to deploy Novell’s eDirectory and Identity Manager(formerly DirXML). These products actually allow you to tie in disparate data stores in which identities may reside such as Active Directory, OpenLDAP, phone systems, various HRISs, and all types of other nifty things. The beautiful thing about Identity Manager is the fact that it will allow two-way data flows between each of these connected systems so your data for each identity can be kept up-to-date in your identity vault, or wherever your authoritative source resides. For example, let’s say that joe.user@somecompany.corp logs into his Windows XP workstation that is a member of the Active Directory domain and hits the trusty CTRL-ALT-DEL to change his password. As soon as his password is changed within Active Directory, DirXML PassSync will notify Identity Manager of the change and push the new password into the identity vault, which will in turn flow down to the rest of the connected systems. Not quite true single sign-on, but getting closer.
So last week, as you can tell by the pictures, I was in snowy Utah. I was learning a product called Novell Audit. Audit (for short) allows you to log and audit just about everything that goes on in your eDirectory environment. It even allows you to audit your Identity Manager software policies. It can do some pretty wild stuff that Rackspace may, for obvious reasons, never utilize, like report access violation attemps to file shares, print shares, etc. The feature I do like is that you can use Audit to generate alerts by email, pager, or even send snmp traps based on your own custom defined criteria. This is going to be a must to ensure that when a new user is provisioned, their accounts are created in all the appropriate systems. Hopefully we can get this deployed in Q1.
eDirectory Fun November 22, 2005
Posted by Phillip in : work , 1 comment so farSo apparently NAT breaks eDirectory replication if you are replicating from outside of the NAT to inside the NAT and vice versa.
*yay*
More on this later I am sure.
Travel time again.
Posted by Phillip in : work , 1 comment so farLooks like I am gone on my birthday this time. :(
5 December 2005:
SAT to DEN: 12:28 PM - 1:40 PM
DEN to SLC: 2:27 PM - 3:51 PM
8 December 2005
SLC to PHX: 10:33 AM - 12:09 PM
PHX to SAT: 1:03 PM - 4:15 PM
Since I will be in class (Novell Audit) all day on the 6th and 7th, I predict no time for skiing!
SOAP
Posted by Phillip in : work , 1 comment so farSo I have been reading a little about SOAP. Specifically, the SOAP driver for Novell’s Identity Manager. This is part of one of my major projects at work. We were originally planning to use another method (or driver) to provision users into the directory, but this is the Smarter Way ™.
Since I know very little about XML-RPC, SOAP, etc., this will be a learning experience for me and I’m looking forward to it.
vacation? September 30, 2005
Posted by Phillip in : work , add a commentFinally finished my Q3 Goals for work. Looking forward to a little R&R. I have a week off of work and I plan on keeping my habitual email-checking to a minimum and I don’t really plan on answering the phone. Unless Darrell calls, I may answer for him.
Anyway, I am really looking forward to getting some things done around the house. Here is what I had in mind:
I am sure there are more. I just can’t remember them.