Enterprise Role Management to be part of the Sun Identity stack

Sun has entered into an agreement to acquire VAAU a premier provider of Enterprise Role Management software.

Here is the press release

What is role management?

A role represents access rights to resources or data, that often corresponds to a business function. Example a tax manager has the rights to view financial data.

How do roles gel with Identity Management and Sun Identity Manager in particular?

If you have worked with Sun Identity Manager, you will have a assigned a role to a resource and then a user to that role to grant the user access to the resource.

Role management software simplifies that process especially in a large deployment with hundreds of applications and thousands of roles. Often roles usurp users in their quantity – more roles than users!

With good role management, security policies can be easier to manage and enforce, example ensuring users only have the roles they are entitled to, to perform their job.

Read more at VAAU’s website

Sun Directory Server 6.2 upgrade process

This blog entry outlines the process
of upgrading the Sun Directory Server from version 6.0 to version 6.2

Assumptions

This procedure assumes the following:

  1. The operating system is Solaris
    SPARC.

  2. The PKG version of Directory
    Server 6.0 has been installed.

  3. The DCC is deployed in the Sun
    Java Web Console (not as a .war file in a J2EE container).

  4. The services are managed in SMF.

  5. The patches are downloaded to a
    directory “RequiredPatches”. Note: installation of the first
    patch requires a reboot, therefore do NOT download the patches to
    /tmp or /var/tmp (some systems) otherwise the files will be lost after the reboot.

  6. The installation paths are as
    follows:

Software

Instances

DSCC

Cacao

WebConsole

/opt/SUNWdsee

/var/opt/SUNWdsee/dsins1

/var/opt/SUNWdsee/dscc/ads

/var/cacao

/usr/share/webconsole

Patches required before upgrade

Inventory the patches on each server
and establish what versions exist.

To inventory the patches, execute
‘showrev –p | grep “Patch: <patchnumber>”’

Example:

#
showrev -p | grep “Patch: 119963”

Patch:
119963-05 Obsoletes: Requires: Incompatibles: Packages: SUNWlibC

Patch:
119963-08 Obsoletes: Requires: Incompatibles: Packages: SUNWlibC

#

The list of patches is in column one
and is hyperlinked to enable download of the patch from
sunsolve.sun.com

Patch to install

118833-36

119963-08

119254-44

125378-02

119810-04

119345-05

119044-03

123893-04

125937-05

Patches required to perform 6.2
upgrade

125276-05

Verify current version installed

Execute LDAPSEARCH to display the
current version, substituting <PASSWORD> for the Directory
Manager password.

#
ldapsearch -h localhost -b cn=config -D “cn=directory manager”
-w <PASSWORD> objectclass=nsslapdConfig nsslapd-versionstring

version:
1

dn:
cn=config

nsslapd-versionstring:
Sun-Java(tm)-System-Directory/6.0

Begin the upgrade process

Stop the processes

Disable DCC Directory server

#
svcadm disable
svc:/application/sun/ds:ds–var-opt-SUNWdsee-dscc6-dcc-ads

Disable LDAP instance

# svcadm disable
svc:/application/sun/ds:ds–var-opt-SUNWdsee-dsins1

Disable CACAO

#svcadm disable
svc:/application/management/common-agent-container-1:default

Disable Java Web Console

#svcadm disable
svc:/application/management/wbem:default

#svcadm disable
svc:/system/webconsole:console

Installation of patches

Before installing patch 118836 a
workaround for a small defect is required.

(see note here)

Workaround

#mkdir /var/tmp/118833-36.SUNWcslr

Click each of the following to view
the output of the above patch installations

118833-36.txt
see above workaround. Also, reboot after
installing this patch.

119044-03.txt

119254-44.txt

119810-04.txt

123893-04.txt

125378-02.txt

125937-05.txt

Upgrade to Directory Server 6.2

Install patch
125276-05.txt

Restart Directory and Console services

Start cacaoagent

#svcadm enable
svc:/application/management/common-agent-container-1:default

Start DCC

#
svcadm enable
svc:/application/sun/ds:ds–var-opt-SUNWdsee-dscc6-dcc-ads

Start LDAP instance

# svcadm enable
svc:/application/sun/ds:ds–var-opt-SUNWdsee-dsins1

Start Java Web Console

#svcadm enable
svc:/application/management/wbem:default

#svcadm enable
svc:/system/webconsole:console

Verify that server was upgraded

Execute LDAPSEARCH to display the
current version, substituting <PASSWORD> for the Directory
Manager password.

#ldapsearch
-h localhost -b cn=config -D “cn=directory manager” -w
<PASSWORD> objectclass=nsslapdConfig nsslapd-versionstring

version:
1

dn:
cn=config

nsslapd-versionstring:
Sun-Java(tm)-System-Directory/6.2

View the Directory Server documentation here

Article published in the ISSA journal

I published an article titled “Trends in Identity and Access Management” in the November edition of ISSA.
ISSA is a prestigious international information systems security asssociation. Thanks to Glenn and Joel for their encouragement.

If you would like a copy of my article, I encourage you to become an ISSA member .

Alternatively, here is a copy of my article in PDF.