October 10, 2017 at 11:27 pm #19091
Greetings and Hello backstage brethren.
We (montclair.edu) are just starting the full stack implementation planning.
Thanks in advance for your (future) help and support.
best / cheers,
–Paul S.October 10, 2017 at 11:29 pm #19092
Questions + Recommendation needed – PostGRES or Oracle as the under- the – hood – db engine – for IDM, AM and DJ/LDAP.
Whats been your experience?
–Paul S.October 11, 2017 at 12:40 am #19093Bill NelsonParticipant
It really depends on your architecture and what you are trying to achieve as to whether you select PostGRES or Oracle for OpenIDM (by the way, there are other choices, but you only asked about these options). From what I understand about your environment, either would be fine. So it now comes down to a licensing cost and experience decision. If you want to bypass Oracle licensing, then PostGRES is fine. You then need to look at which DB for which you have experienced DBAs on staff. Ultimately you will need to monitor the DB and tune it from time to time so if you already have experience with one or the other, that needs to be considered in your decision.
Your question really only pertains to OpenIDM as OpenAM uses OpenDJ as its Config Store & CTS Store. For OpenAM User Profiles you could use any LDAPv3 server, Active Directory, or a relational database, but again, from what I understand about your environment, you are probably going to lean towards LDAP or AD.
OpenDJ includes its own embedded database and options include the PDB or JE – selected when you install the product. The PDB was introduced when Oracle was changing its licensing terms on the JE (the Berkley DB, Java Edition) and ForgeRock needed to have another choice (versus paying the licensing fees). But since Oracle changed their mind on the licensing, this is no longer a factor and ForgeRock recommends using the JE; that is what we use in all implementations.
Hope this helps,
BTW, please ask these questions in the appropriate forums – OpenIDM, OpenDJ, OpenAM, etc. As that is where the real gurus of each topic hang out. Me, I just stalk most of the forums from time to time.October 11, 2017 at 1:38 pm #19100Enrico.gulfiParticipant
we are currently testing ForgeRock products as part of citizen e-gov portal.
I posted yesterday a question on OpenDJ REST API but can’t see it in the corresponding forum.
Is publishing immediate or does it go through a “clearing desk”?
Best regards, EnricoOctober 11, 2017 at 2:19 pm #19101
I am familiar w/ BerkleyDB – a good choice for embedding into Apps, so a good choice for AM and DS/DJ-LDAP. Need to research further for IDM. As you know – there will be integration and reporting requirements on IDM that would lean decision towards enterprise. PostGRES is already in house but smallish operation profile, we are ok w/ training up DBA’s on more PostGRES support – etc.
–Paul S.October 12, 2017 at 2:27 pm #19114adipaola_iconectivParticipant
Hi, my name is Tony DiPaola
I work for iconectiv, a Telecomm company in New Jersey, USA.
Forgive my newb-ness, but I will ask my question right away:
I set password-history-count (and max-password-age) from the command line:
/vendor/opendj/bin/dsconfig set-password-policy-prop –port 5444 –hostname localhost –bindDN “cn=Directory Manager” –bindPassword <PWD> –policy-name “Default Password Policy” –set password-history-count:10 –trustAll –no-prompt
I want to fetch password-history-count (and max-password-age) in java with OpenDj SDK. How do I do it?
Also, can I SET these parameters with the SDK, and if so, how?
Thanks in advance,
Tony DiPaolaOctober 17, 2017 at 3:45 pm #19155pkesar15Participant
I am an Identity and access management consultant and developer, working on Forgerock products for last three years. I primarily work on Access management.
OpenAM, OpenDJ and OpenIG are my in current playground.
Nowadays, I am trying to get a secure OIDC implementation working with OpenAM.
Happy to be part of this forum.
PriyaOctober 23, 2017 at 9:48 am #19233chris-fry-curtinParticipant
Hi, I’m Chris, Security Architect in Western Australia.
Last year we deployed OpenAM and OpenDJ for Single Sign On, and recently an IDM pilot using a publisher/subscriber integration pattern.
Right now we’re working on using OpenAM + IG to manage/enforce authentication and authorisation for Elasticsearch and Kibana.
– ChrisOctober 25, 2017 at 1:27 pm #19292PranavSharmaParticipant
I have a Linux box having LDAP (ApacheDS) installed. I will install OpenAM for federation services. Corporate LDAP resides in the parent organization. What are the options to establish trust as parent organization is registered in different country. My organization having ApacheDS + OpenAM is installed on Linux box while parent organization has Windows AD.
Please advise.November 30, 2017 at 6:38 am #19761samquinto14Participant
Hi im samNovember 30, 2017 at 3:48 pm #19827Jamie BowenModerator
Hi Enrico, Paul, Tony, Priya, Chris, Pranav & Sam.
Welcome to the forums. @PranvaSharma – try posting in the OpenAM forum, you should get a better response there.
You must be logged in to reply to this topic.