A weird output from a SQL query to Sybase

Environment: Sybase OS, J2EE app running on Tomcat, Driver used was com.sybase.jdbc3.jdbc.SybDataSource

The query goes like this "Select T1.UserId AS ID, " T2.UserId AS GrID ......"

Now the output when logged shows this way
Exiting getColumnNames = [UserId, UserId, .................]

So the "AS" keyword seems to be not working. Problemssssssss

Now the solution was we changed the driver to net.sourceforge.jtds.jdbc.Driver downloaded from Sourceforge. Just downloaded jtds-1.2.2-dist.zip and extracted the jtds-1.2.2.jar to the lib and a simple restart with changes in the connection information.

Hope this would be useful to someone.

What am I doing?

Yepp, its been sometime that I got uncertain about what should I be doing. Finally I have decided to move a little ahead in Identity and learn somethign on Identity Governance. I am currently working on Sailpoint's Identity IQ implementation for a large bank.

Sailpoint - Identity IQ

Ever heard of Recertifications? I am talking about Access Recertifications which happen in organizations to periodically check who is allowed to access what? This process in many organizations goes this way ...

1. Collect user database from every Application owner across the organization
2. Consolidate the list with respect to managers
3. Send the lists to manager to verify if each of those users require the access to the application with whatever access level specified
4. Once the manager gives his decision, the users' accesses are either revoked or modified for which again its a lengthy process, as everyone acknowledges

Sailpoint's Identity IQ addresses this issue. The product just like an Identity Manager provides a unified view of the entire organizational users, with all the data pertinent to Recertifications. Once the application is configured for all the necessary applications and the user data is in, scheduled Certification Requests can be fired to every manager in the organization. Also the escalations can be handled. The managers can just login to the application and either recertify or revoke or modify user access to every application.

So most of the process is automated now. Don't think its done yet. It also can make SPML calls to any provisioning engine avaialable (not OOB) in the Identity market and thus automatize the complete Recertification process.

Read more about these at Sailpoint

One last thing, if I am not wrong these features are available in the world's renowed ... :-)

Why do companies end up paying huge amounts for Identity Projects?

The sure answer would be indiscipline. Any doubt?

When one starts up a company, least preference is given for IT discipline. No directory implementation, no domains etc which result in a process chaos after few years. Then managements start thinking about bringing things in order and end up not only paying huge amounts to get it straight moreover end up in improper implemenations. I have seen many companies which never had any system according to conventional methods when it comes to user management.

The question that bugs me every moment is why companies do not leverage the open source tools avialable? Directories are avialable in the open, operating systems are available in open, why cant one avail these?

These are my view points:

1. The day the company is christened a directory structure should be in place

2. Every employee record should be present in it.

3. All the available systems in the office should authenticate the user against this directory

4. Employee should be given an option to change his passwords and few other details online

5. Form filling should be avoided on the induction day, instead a webpage should be used and the data should be recorded into a HR database and then should be fed to the directory

6. A small PLSQL trigger on the database can create the email address without conflicts

7. Free Identity tools like SUN Identity Manager should be implemented within one year

8. Every application or tool that the organization needs should be under the perview of Identity Manager

Am I missing something???

I feel these are the basics that one should do for the company's IT wellness in the long run.

It happens only in ..........

Recently I visited my Car Service center. While they were working on my car I was going through the workshop and was shocked to read this (last one).

An update on ViDT

Today I received a comment on my previous post on ViDT.

"Is VIDT available in Market or from Sun? Could you provide some more detail about VIDT?"

The answer would be ViDT which was previously known as a VIP was the IP of Neogent. This tool makes the implementation of the organizational Identity framework much easier and thus faster. As this tool started achieving popularity, SUN acquired Neogent. Now this tool is used by SUN PS folks to implement the framework faster. This is not available outside for anyone else. SUN has kept it for self :-)

Over-Security consciousness hurts sometimes

Yesterday I was at the PVR Bangalore. I noticed a couple of foreigners arguing with the security at the entrance of the Audi. The guard says they do not allow laptops inside and the couple say its their official laptop and they cannot leave it with the security. They argued with everyone in the hierarchy and finally they left the theater cursing my country and their time. They said they were waiting in the mall for more than two hours just to watch the movie, finally which they couldn’t.

So when it comes to security, where are we heading to? Things meant to keep us happy and safe are troubling us? A theater which charges relatively double to any other ordinary theater in town doesn't provide enough infrastructure where such things can be handled.

Security is something which when dealt by uneducated and unsophisticated people will be the same.

An Observation

I was going through Linkedin and just clicked on a survey. The results it showed for the survey have something noteworthy. Check it out.

Why IDM initiatives fail?

First check this post


What is said here is true. The people who are building solutions only think of technical issues always, rather than the features which are roots of the organization, viz. Processes and Policies. From an architecting perspective it is very crucial to understand the processes of the organization and then chalk out a plan for work rather than checking out what can be done by the product.

I feel, technologically everything is possible, with the only two constraints - TIME and MONEY. If a space shuttle can be sent to MARS, then an Identity implementation is possible, with or without the chosen product's features. However the feasibility of a solution with respect to time and money has to be planned when one architects.

Just my thought ...

Metaview deprecated - SUN Identity Manager 8.0

The best thing I feel SUN developers did was they removed the Metaview feature. This reportedly had couple of bugs and I was once caught by them :-(

SUN Identity Manager 8.0 is released

SUN Identity Manager 8.0 is out

For all the enthusiasts - come download and experience the amazing product

A brief overview of this release:

Sun Identity Manager 8.0 is the latest version of the Sun Identity Manager product offering with expanded Role support, enhanced reporting capabilities, and updated resource adapter and application server support. This update improves upon the industry-leading Identity Manager 7.1 solution with:

# Role Enhancements

• Role life cycle management can require approvals on Role creates, edits and deletes, and Role changes can be applied to all assigned Users.
• User-to-Role life cycle management improvements enable support for future and temporary Role assignments.
• Default Role types including Business Roles, IT Roles, Applications, and Assets are now provided to encourage best practices with regards to Role management.
• Business Roles can contain roles required by all, conditional for some, and optional (by request and optional approval) for others. A Business Role designer can define coarse grain access, while delegating to the user or a manager the ability to fine tune the access within the scope of a Business Role.

# Enhanced Reporting with Data Exporter

• Manager operational data can be made available for use by other processes and applications.
• Data held by and flowing through Identity Manager can be periodically exported to a customer-managed data warehouse or third-party business intelligence and reporting tools.
• Exported data can be used to answer historical questions regarding 'Who had access to a system, and who approved that access?'. It can also be used to provide reports on operational behavior over time, such as 'Provision Operations by Resource' and 'Workflow Approval Response Times'.

# Attribute Configuration

• Extended, queryable, and summary attributes can now be configured for roles as well as users.
• The new extended attribute configuration supports specification of value syntax (STRING, INT, DATE, or BOOLEAN), whether the attribute can have a single or multiple values, and a text description for the attribute.

# Other Notable Updates

• UNIX resource adapters now support SSH connections using private/public key pairs for authentication to managed resources.
• Service Provider user password changes will be checked against the password policy configured on the user directory.

# Supported Resource Additions and Updates

• Exchange 2007 (New)
• Microsoft Active Directory Application Mode (ADAM) (New)
• RSA SecurID 6.1.2 (Updated)
• Siebel CRM 8.0 (Updated)
• Oracle E-Business Suite on Oracle Applications 12 (Updated)
• HP OpenVMS 8.3 (Updated)

# Supported Application Server Updates

• Sun Java System Application Server 9.1 (GlassFish v2 UR1, 32-bit and 64-bit)
• Oracle Application Server Enterprise Edition 10g Release 3 (10.1.3)
• Oracle Application Server Standard Edition 10g Release 3 (10.1.3)
• BEA WebLogic Server 10
• JBoss Application Server 4.2

# Bug Fixes and Platform Support Updates

For more information about the features in this release, see the Identity Manager 8.0 Release Notes or the Identity Manager documentation set.

Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory

This article describes how to configure a Solaris OS client to use Microsoft Windows Server 2003 R2 Enterprise Edition (Active Directory) for authentication and naming services.

Download the PDF and read on.

8 - The wait is over

Yes the wait is over. Very soon the latest version, 8.0 of Identity Manager will be out. Keep checking for updates on the same.

Create Table without using mouse and menus

A little bit out of context, however I thought this is interesting and helpful.

Create Table without using mouse and menus

Do you know it’s possible to create Table without using mouse and menus in MS word and Outlook. Here it’s that…

Type the content +——+——+——+ in Microsoft Word, Outlook and press Enter. One row of a table will be created and for more rows you can press TAB

Step 1: Type +———–+————————+————-+

Step 2: (After pressing Enter having the cursor at the last ‘+’ Result will be like the below one)

Step 3: (press TAB to create more Rows)

In this ' + ' represents the column borders and ' – ' represents the length of the each column. This Simple way can be used at urgent times

Open Source at SUN - Identity Management

The Identity Manager IDE has been open-sourced. As a side note, this also means that the Eclipse
plugin is officially out there. The versions of IdM that are supported include 6.0 (sp3/sp4), 7.0, 7.1.x.x, 8.0 (after the release).

Is NetBeans Plugin Supported by SUN?

Good Question isn't it?

Answer:

Sun only officially supports the Netbeans plugin through standard support tickets and only if you have a support contract for Identity Manager.

The picture of a person whom I adore

Yes, it is Whitfield Diffie the inventor of the Public Key Cryptography.

AD Password Sync can be delayed

Read an article on Microsoft site on how to delay the password updates for a user specific amount of time. I am sure this would be useful for many of us at any time during our deployments.

Read on ...

Kindly leave your emailId

I get few tech queries. Most of them are posted as comments. When I want to get back to them, I do not have their mail id.

Thus kindly post your mail id.

Thanks a lot.

Tripit.com

A little bit out of the box, however I have been just told about an amazing tool provided by http://www.tripit.com.

Features:

1. Just send your trip itinerary to plans@tripit.com and it automatically creates your id with your email and sends you a password
2. It also parses your email and plans your calender accordingly.
   
3. Using the calender update URL you may synchronize your personal calenders.
4. Also when you expand your network by adding friends it shows where they are and to them, where you are.

Isnt this cool???

All the frequent travelers out there, register on http://www.tripit.com