SlideShare a Scribd company logo

LSC@LDAPCon 2011

S
sbahloul

This document provides an overview and demonstration of the LSC (LDAP Synchronization Connector) project. LSC is an open source tool that allows synchronization between different data sources like LDAP directories, databases, and files. It supports reading and writing to various backends and transforming data on the fly. The presentation demonstrates using LSC to synchronize identities between an OpenLDAP source and OpenDJ and PostgreSQL destinations. It discusses the project roadmap and asks how best to handle notifications of data updates between synchronized systems.

Technology
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
LSC @ LDAPCON . 2011 Sébastien Bahloul
About me  Developer and software architect  10 years experience in IAM  Recently hired as product manager by a French security editor, Dictao, providing : – personal and server signature, – certificate and signing validation, – electronic vault – multi-factor authentication 11/10/11 Page 2
Agenda  Solving one issue : directory synchronization  The LSC project  Demonstration  Open question : how to get updates notification ? 11/10/11 Page 3
Handling multiple data sources ? 11/10/11 Page 4
Why ?  Most of us have already done a directory migration  Who has already written a synchronization script ? that has been used once ?  Most of LDAP servers are not providing either a way to synchronize either heteregeneous data or homogeneous data with other implementations 11/10/11 Page 5
Introduction  Automatic synchronization tools − If they already exist, they are quite expensive  Directory / database-specific replication  Application-specific connectors (AD, SAP, etc) − What about the rest?  Between different databases, directories, files?  Different data models?  Using standards: LDAP, SQL, etc...? 11/10/11 Page 6
Goals – functionality  Read/write to any repository − Database or LDAP directory or ? − Standard LDAPv3 operations − Connectors for databases  Transform data on-the-fly − Adapt to a different data model − JavaScript based engine to manipulate data  Adjustable updates: force values, insert defaults, merge new values with existing ones, no change... 11/10/11 Page 7
Goals – usability  Quickly implement a new synchronization  Highly configurable − What exactly do we read? − Powerful transformations (correctness is important) − What exactly do we write?  Run fast (performance is important)  Easy to setup => Fill the gap between the Perl script and the Enterprise ETL 11/10/11 Page 8
About LSC Project  What is LSC? − LDAP Synchronization Connector − Open Source project − BSD licence − Written in Java − 6 years in the making − 4 years ago LSC-project.org created − ~10 regular contributors  Website: http://lsc-project.org 11/10/11 Page 9
LSC : read and write « everywhere »  Original and best supported connector to LDAP directories  Additional sources: NIS, database, LDIF/CSV files, Web Services  Additional destinations: Scripting, database  Extensible API for custom referential support 11/10/11 Page 10
Standards based – Wide support  Any LDAP server should be supported, tested on: − OpenLDAP − OpenDS/J − Sun DSEE − Microsoft Active Directory − Novell Directory Services − IBM Tivoli Directory Server  Any database with a JDBC connector, tested on: − MySQL, PostgreSQL, Oracle, MSSQL, HSQLDB, ... 11/10/11 Page 11
Features  Full « Refresh » or « RefreshAndPersist » with dryrun support  On the fly event handling  Plugin API : connectors, libraries, scripting languages  JMX and command line remote invocation  Advanced libraries : encryption, Active Directory, localized strings, ... 11/10/11 Page 12
Synchronization rules  Use your preferred language to write LSC rules!  LSC built-in and historical support for JavaScript  Extensible to any JSR 223 compliant language : – Php – Groovy – Unix tools (awk, TCL), – Python, Ruby, Scheme (Lisp) – ... 11/10/11 Page 13
LSC synchronization principles  First step: sync − Get a list of all pivots from the source − For each pivot  Read the source object  Search for the destination object with pivot  Build up desired destination object by applying transformations to source object  If the destination object exists, calculate modifications  Apply: create or modify 11/10/11 Page 14
LSC synchronization principles  Second step: clean (optional) − Get a list of all pivots from the destination − For each pivot  Search for the source object with pivot  If the source object doesn't exists, delete from destination  Apply: delete  Alternative step: asynchronous mode − Get the next source object to synchronize 11/10/11 Page 15
LSC : graphical interface 11/10/11 Page 16
Demonstration  Simple use case: synchronize identities  Involved referential: – A source OpenLDAP directory – Provisioning to: • OpenDJ • PostgreSQL 11/10/11 Page 17
Roadmap  Current 2.0 version ✔ Event handling ✔ Write to database ✔ Plugin API  Next minor version 2.1 (Q1 2012) ✗ Move to a real LDAP API (Apache / OpenDJ LDAP API) ✗ Two-phase commit for file, directory (RFC5805) and database (one-to-many) ✗ Administrative GUI including scheduler  Next major version 3.0 (later) ✗ Data reconciliation (embedded database) ✗ Many-to-many design 11/10/11 Page 18
Try it out! Get involved!  Main website: http://lsc-project.org/ − Tutorials: quickstart demo − Reference documentation 11/10/11 Page 19
How to get notification updates ?  The current way of handling: – OpenDJ / OpenDS / Oracle / Sun / Netscape : persistent search (draft psearch) – Apache DS / OpenLDAP: LDAP Content Synchronization (RFC4533)  What would be the best way? – Ldap Client Update Protocol – Per product logs (retro/external/access/...) – Application-side database 11/10/11 Page 20
Thanks for your attention! Any questions?

More Related Content

PPTX
D2RQ
Shiv Kumar Ganesh
 
ODP
Open source identity management 20121106 - apache con eu
Francesco Chicchiriccò
 
PDF
LDAP Development Using Spring LDAP
LDAPCon
 
PDF
[WSO2Con EU 2017] Introduction to Ballerina
WSO2
 
ODP
Fusiondirectory: your infrastructure manager based on ldap
LDAPCon
 
PDF
What's New in OpenLDAP
LDAPCon
 
PDF
What's new in Kibana - Elastic meetup
UllyCarolinneSampaio
 
PPTX
Event sourcing Live 2021: Streaming App Changes to Event Store
Shivji Kumar Jha
 
D2RQ
Shiv Kumar Ganesh
 
Open source identity management 20121106 - apache con eu
Francesco Chicchiriccò
 
LDAP Development Using Spring LDAP
LDAPCon
 
[WSO2Con EU 2017] Introduction to Ballerina
WSO2
 
Fusiondirectory: your infrastructure manager based on ldap
LDAPCon
 
What's New in OpenLDAP
LDAPCon
 
What's new in Kibana - Elastic meetup
UllyCarolinneSampaio
 
Event sourcing Live 2021: Streaming App Changes to Event Store
Shivji Kumar Jha
 

What's hot (18)

PPTX
NoSQL Database in .NET Apps
Shiju Varghese
 
PDF
Rails - getting started
True North
 
PPTX
A Short Presentation on Kafka
Mostafa Jubayer Khan
 
PPTX
NiFi - First approach
Mickael Cassy
 
PDF
[WSO2Con EU 2017] Manipulating XML, JSON and SQL Data Types with Ballerina
WSO2
 
PDF
Update on the OpenDJ project
LDAPCon
 
PDF
Why we love ArangoDB. The hunt for the right NosQL Database
Andreas Jung
 
PPT
Replacing Your Shared Drive with Alfresco - Open Source ECM
Alfresco Software
 
PDF
BUILDING WEB APPS WITH ASP.NET MVC AND NOSQL
Michael Kennedy
 
PDF
Kafka Summit SF 2017 - Kafka Connect Best Practices – Advice from the Field
confluent
 
PDF
Flywaydb
Manuel de la Peña Peña
 
PDF
NoSQL and CouchDB: the view from MOO
James Hollingworth
 
PDF
[WSO2Con EU 2017] File Processing and Websockets with Ballerina
WSO2
 
PDF
[WSO2Con EU 2017] Ballerina: Exploring Data Integration
WSO2
 
PDF
Newsql 2015-150213024325-conversion-gate01
Jagadeesha DG
 
PDF
Alfresco Day Roma 2015: Full Stack Load Testing
Alfresco Software
 
PPTX
Apache Con 2021 Structured Data Streaming
Shivji Kumar Jha
 
PPTX
ELK - Stack - Munich .net UG
Steve Behrendt
 
NoSQL Database in .NET Apps
Shiju Varghese
 
Rails - getting started
True North
 
A Short Presentation on Kafka
Mostafa Jubayer Khan
 
NiFi - First approach
Mickael Cassy
 
[WSO2Con EU 2017] Manipulating XML, JSON and SQL Data Types with Ballerina
WSO2
 
Update on the OpenDJ project
LDAPCon
 
Why we love ArangoDB. The hunt for the right NosQL Database
Andreas Jung
 
Replacing Your Shared Drive with Alfresco - Open Source ECM
Alfresco Software
 
BUILDING WEB APPS WITH ASP.NET MVC AND NOSQL
Michael Kennedy
 
Kafka Summit SF 2017 - Kafka Connect Best Practices – Advice from the Field
confluent
 
Flywaydb
Manuel de la Peña Peña
 
NoSQL and CouchDB: the view from MOO
James Hollingworth
 
[WSO2Con EU 2017] File Processing and Websockets with Ballerina
WSO2
 
[WSO2Con EU 2017] Ballerina: Exploring Data Integration
WSO2
 
Newsql 2015-150213024325-conversion-gate01
Jagadeesha DG
 
Alfresco Day Roma 2015: Full Stack Load Testing
Alfresco Software
 
Apache Con 2021 Structured Data Streaming
Shivji Kumar Jha
 
ELK - Stack - Munich .net UG
Steve Behrendt
 
Ad

Similar to LSC@LDAPCon 2011 (20)

PDF
LDAP Synchronization Connector presentation at LDAPCon 2009
Jonathan Clarke
 
ODP
Ldap Synchronization Connector @ 2011.RMLL
sbahloul
 
ODP
LSC - Synchronizing identities @ Loadays 2010
Jonathan Clarke
 
PPT
LSC - Synchronizing identities @ Loadays 2010
RUDDER
 
ODP
Under the Hood 11g Identity Management
InSync Conference
 
PDF
Slaps - a Smalltalk LDAP server
ESUG
 
PDF
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
Clément OUDOT
 
PPTX
Understand oracle real application cluster
Satishbabu Gunukula
 
ODP
11g Identity Management - InSync10
Peter McLarty
 
PDF
OpenDJ, life after Sun and OpenDS
Ludovic Poitou
 
PDF
Sharing system Linux using Network File Sharing
aldi219529
 
PPT
Dce rpc
pratosh123
 
PPTX
My Saminar On Php
Arjun Kumawat
 
PDF
The View - Leveraging Lotuscript for Database Connectivity
Bill Buchan
 
PDF
Is Ldap Dead ?
Ludovic Poitou
 
PDF
Ldap Programming Management And Integration 1st Edition Clayton Donley
rosaetouani
 
PDF
Synchronize AD and OpenLDAP with LSC
LDAPCon
 
PDF
Ldap introduction (eng)
Anatoliy Okhotnikov
 
PDF
Ldap 121020013604-phpapp01
SANE Ibrahima
 
PPTX
DevOps+Data: Working with Source Control
Ed Leighton-Dick
 
LDAP Synchronization Connector presentation at LDAPCon 2009
Jonathan Clarke
 
Ldap Synchronization Connector @ 2011.RMLL
sbahloul
 
LSC - Synchronizing identities @ Loadays 2010
Jonathan Clarke
 
LSC - Synchronizing identities @ Loadays 2010
RUDDER
 
Under the Hood 11g Identity Management
InSync Conference
 
Slaps - a Smalltalk LDAP server
ESUG
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
Clément OUDOT
 
Understand oracle real application cluster
Satishbabu Gunukula
 
11g Identity Management - InSync10
Peter McLarty
 
OpenDJ, life after Sun and OpenDS
Ludovic Poitou
 
Sharing system Linux using Network File Sharing
aldi219529
 
Dce rpc
pratosh123
 
My Saminar On Php
Arjun Kumawat
 
The View - Leveraging Lotuscript for Database Connectivity
Bill Buchan
 
Is Ldap Dead ?
Ludovic Poitou
 
Ldap Programming Management And Integration 1st Edition Clayton Donley
rosaetouani
 
Synchronize AD and OpenLDAP with LSC
LDAPCon
 
Ldap introduction (eng)
Anatoliy Okhotnikov
 
Ldap 121020013604-phpapp01
SANE Ibrahima
 
DevOps+Data: Working with Source Control
Ed Leighton-Dick
 
Ad

Recently uploaded (20)

PPTX
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PDF
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Software Development Methodologies in 2025
KodekX
 
What-is-the-World-Wide-Web -- Introduction
tonifi9488
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Make GenAI investments go further with the Dell AI Factory
Principled Technologies
 
IT Runs Better with ThousandEyes AI-driven Assurance
ThousandEyes
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
Responsible AI and AI Ethics - By Sylvester Ebhonu
Sylvester Ebhonu
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Trying to figure out MCP by actually building an app from scratch with open s...
Julien SIMON
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Software Development Methodologies in 2025
KodekX
 

LSC@LDAPCon 2011

  • 1. LSC @ LDAPCON . 2011 Sébastien Bahloul
  • 2. About me  Developer and software architect  10 years experience in IAM  Recently hired as product manager by a French security editor, Dictao, providing : – personal and server signature, – certificate and signing validation, – electronic vault – multi-factor authentication 11/10/11 Page 2
  • 3. Agenda  Solving one issue : directory synchronization  The LSC project  Demonstration  Open question : how to get updates notification ? 11/10/11 Page 3
  • 4. Handling multiple data sources ? 11/10/11 Page 4
  • 5. Why ?  Most of us have already done a directory migration  Who has already written a synchronization script ? that has been used once ?  Most of LDAP servers are not providing either a way to synchronize either heteregeneous data or homogeneous data with other implementations 11/10/11 Page 5
  • 6. Introduction  Automatic synchronization tools − If they already exist, they are quite expensive  Directory / database-specific replication  Application-specific connectors (AD, SAP, etc) − What about the rest?  Between different databases, directories, files?  Different data models?  Using standards: LDAP, SQL, etc...? 11/10/11 Page 6
  • 7. Goals – functionality  Read/write to any repository − Database or LDAP directory or ? − Standard LDAPv3 operations − Connectors for databases  Transform data on-the-fly − Adapt to a different data model − JavaScript based engine to manipulate data  Adjustable updates: force values, insert defaults, merge new values with existing ones, no change... 11/10/11 Page 7
  • 8. Goals – usability  Quickly implement a new synchronization  Highly configurable − What exactly do we read? − Powerful transformations (correctness is important) − What exactly do we write?  Run fast (performance is important)  Easy to setup => Fill the gap between the Perl script and the Enterprise ETL 11/10/11 Page 8
  • 9. About LSC Project  What is LSC? − LDAP Synchronization Connector − Open Source project − BSD licence − Written in Java − 6 years in the making − 4 years ago LSC-project.org created − ~10 regular contributors  Website: http://lsc-project.org 11/10/11 Page 9
  • 10. LSC : read and write « everywhere »  Original and best supported connector to LDAP directories  Additional sources: NIS, database, LDIF/CSV files, Web Services  Additional destinations: Scripting, database  Extensible API for custom referential support 11/10/11 Page 10
  • 11. Standards based – Wide support  Any LDAP server should be supported, tested on: − OpenLDAP − OpenDS/J − Sun DSEE − Microsoft Active Directory − Novell Directory Services − IBM Tivoli Directory Server  Any database with a JDBC connector, tested on: − MySQL, PostgreSQL, Oracle, MSSQL, HSQLDB, ... 11/10/11 Page 11
  • 12. Features  Full « Refresh » or « RefreshAndPersist » with dryrun support  On the fly event handling  Plugin API : connectors, libraries, scripting languages  JMX and command line remote invocation  Advanced libraries : encryption, Active Directory, localized strings, ... 11/10/11 Page 12
  • 13. Synchronization rules  Use your preferred language to write LSC rules!  LSC built-in and historical support for JavaScript  Extensible to any JSR 223 compliant language : – Php – Groovy – Unix tools (awk, TCL), – Python, Ruby, Scheme (Lisp) – ... 11/10/11 Page 13
  • 14. LSC synchronization principles  First step: sync − Get a list of all pivots from the source − For each pivot  Read the source object  Search for the destination object with pivot  Build up desired destination object by applying transformations to source object  If the destination object exists, calculate modifications  Apply: create or modify 11/10/11 Page 14
  • 15. LSC synchronization principles  Second step: clean (optional) − Get a list of all pivots from the destination − For each pivot  Search for the source object with pivot  If the source object doesn't exists, delete from destination  Apply: delete  Alternative step: asynchronous mode − Get the next source object to synchronize 11/10/11 Page 15
  • 17. Demonstration  Simple use case: synchronize identities  Involved referential: – A source OpenLDAP directory – Provisioning to: • OpenDJ • PostgreSQL 11/10/11 Page 17
  • 18. Roadmap  Current 2.0 version ✔ Event handling ✔ Write to database ✔ Plugin API  Next minor version 2.1 (Q1 2012) ✗ Move to a real LDAP API (Apache / OpenDJ LDAP API) ✗ Two-phase commit for file, directory (RFC5805) and database (one-to-many) ✗ Administrative GUI including scheduler  Next major version 3.0 (later) ✗ Data reconciliation (embedded database) ✗ Many-to-many design 11/10/11 Page 18
  • 19. Try it out! Get involved!  Main website: http://lsc-project.org/ − Tutorials: quickstart demo − Reference documentation 11/10/11 Page 19
  • 20. How to get notification updates ?  The current way of handling: – OpenDJ / OpenDS / Oracle / Sun / Netscape : persistent search (draft psearch) – Apache DS / OpenLDAP: LDAP Content Synchronization (RFC4533)  What would be the best way? – Ldap Client Update Protocol – Per product logs (retro/external/access/...) – Application-side database 11/10/11 Page 20
  • 21. Thanks for your attention! Any questions?