Can you point me to a good GPL user account management system?
May 27, 2010 3:40 AM Subscribe
Ok, so, i'm looking for a user account management system that's: open source, web-based, LAMP-based would be best -but if there's a good IIS solution i'd go for it- and reasonably modular/extensible.
Our users are provisioned on an openLDAP for mail (which is also the reference repository), an Active Directory for Windows sessions, file sharing and printing, and a database which can only be accessed by web services for ToIP.
I'd like to streamline the user account provisioning, modification and deletion process (us being an academic institution, we have a lot of turn-over), and reduce the number of tools from 3 to 2, or, even better, 1 by finding one tool that can create, manage, sync and delete users from the openLDAP to the AD and maybe the Cisco database (with a plugin we would dev/have developed for us).
If that tool was also able to manage account expiry dates (automatically or by the way of reminders/alerts) and run scripts at various points of the provisioning process, it'd be heaven-in-IT-dept.
For AD we currently use the native MS tools, for openLDAP we're running a mix of phpldapadmin and an internally-developed tool, and for ToIP we use the Cisco web interface.
I've looked at LDAP Administration Super Tool, which isn't really what i'm looking for. I've also looked at LDAP Account Manager, which, from the look of it, doesn't seem to be able to manage a single account across multiple servers). Apple Open Directory might work, but i don't have the Mac hardware to give it a try and we don't run Mac OS X Server and don't plan to.
Sooo, what could the Hive Mind recommend/point me to that could fit (most of) that (ok, hefty..) bill?
Our users are provisioned on an openLDAP for mail (which is also the reference repository), an Active Directory for Windows sessions, file sharing and printing, and a database which can only be accessed by web services for ToIP.
I'd like to streamline the user account provisioning, modification and deletion process (us being an academic institution, we have a lot of turn-over), and reduce the number of tools from 3 to 2, or, even better, 1 by finding one tool that can create, manage, sync and delete users from the openLDAP to the AD and maybe the Cisco database (with a plugin we would dev/have developed for us).
If that tool was also able to manage account expiry dates (automatically or by the way of reminders/alerts) and run scripts at various points of the provisioning process, it'd be heaven-in-IT-dept.
For AD we currently use the native MS tools, for openLDAP we're running a mix of phpldapadmin and an internally-developed tool, and for ToIP we use the Cisco web interface.
I've looked at LDAP Administration Super Tool, which isn't really what i'm looking for. I've also looked at LDAP Account Manager, which, from the look of it, doesn't seem to be able to manage a single account across multiple servers). Apple Open Directory might work, but i don't have the Mac hardware to give it a try and we don't run Mac OS X Server and don't plan to.
Sooo, what could the Hive Mind recommend/point me to that could fit (most of) that (ok, hefty..) bill?
Response by poster: Ah, no, we don't use Forefront Identity Manager (i'll look into it), we actually use the user management plugin for the MMC (does it show i'm not really a Microsoft guy?). As of Talend, i'll check it out right away, thanks!
posted by vivelame at 4:35 AM on May 27, 2010
posted by vivelame at 4:35 AM on May 27, 2010
Best answer: You're looking for 'identity management' or at the very least a provisioning engine.
For open source, there is 'VELO':
http://docs.safehaus.org/display/VELO/Home
There is also Sun's "Open Provisioning Toolkit" or "OpenPTK":
http://wikis.sun.com/display/openptk/Project+OpenPTK
ForgeRock has started development on 'OpenIDM' - I believe it's an effort from some people that broke away from Sun just before it was eaten by Oracle.
http://www.forgerock.com/openidm.html
There are (very expensive) commercial offerings from Novell, CA, Oracle, IBM. - Microsoft Forefront has already been mentioned - I'm not sure if it is priced more reasonably than the other commercial offerings.
posted by csmason at 6:26 AM on May 27, 2010
For open source, there is 'VELO':
http://docs.safehaus.org/display/VELO/Home
There is also Sun's "Open Provisioning Toolkit" or "OpenPTK":
http://wikis.sun.com/display/openptk/Project+OpenPTK
ForgeRock has started development on 'OpenIDM' - I believe it's an effort from some people that broke away from Sun just before it was eaten by Oracle.
http://www.forgerock.com/openidm.html
There are (very expensive) commercial offerings from Novell, CA, Oracle, IBM. - Microsoft Forefront has already been mentioned - I'm not sure if it is priced more reasonably than the other commercial offerings.
posted by csmason at 6:26 AM on May 27, 2010
Response by poster: Thank you csmason, VELO seems like it would fit the bill nicely. OpenIDM will probably too, when they release it.. I'll explore VELO further.
posted by vivelame at 1:10 AM on May 28, 2010
posted by vivelame at 1:10 AM on May 28, 2010
« Older How do you address your mother-in-law in your own... | Job interviews from the other side of the desk Newer »
This thread is closed to new comments.
On the open source side, you could check out Talend. It is more geared towards data integration but it could certainly be used for provisioning and synchronization (it supports LDAP).
posted by purephase at 4:31 AM on May 27, 2010