Thursday, March 19, 2020

Hub and Switch and Router

I was doing a udemy course to learn more about the networking concepts and wanted to clarify the confusion between Hub, Switch and Router.

Hub: This hardware device is to route the network packets from one machine to all the machines on the Local Area Network. This is a dumb device and sends the packet to all the machines in the network.

Switch: This hardware device does the same thing as Hub except that it is a smart device and keeps the Mac address of all the connected devices. It can figure out which packet is meant for which device and only sends to that device instead of broadcasting it to all devices in the Local Area Network.

Router: This hardware device is to connect devices from one LAN to another LAN.

This video is very good to summarize the above.

Wednesday, March 18, 2020

Enterprise Architecture

What is Enterprise Architecture?

Since my role requires working with various teams and engineers/architects/business analysts etc, I thought let me do some theoretical reading on Architecture. I have watched various videos on this and found this video very good.

Another good video which I liked is this. This video talks about the differences between architecture and design patterns and also briefly gives overview about some of the key architecture patterns.

Wednesday, March 11, 2020

Package Managers for Mac

Most of the time when we have to install something on the machine, we simply google and follow the links on the first search page results and find commands to install the same. We normally don't pay attention what the command really is doing and how it is working under the hood. In this post I am going to clarify some of the things I learned over a period of time and feel it will be helpful for my blog readers... Yes, I am going to start blogging again after 10+ years. 

There are two package installers I have heavily used BREW/Homebrew and PIP.
PIP is a python libraries/package manager if you are working with python.
Brew is used to manage softwares you need for your development or utilities.
I will not explain Brew and instead refer to this youtube link as this person has really explained it very effectively.

Thursday, September 24, 2009

LDAP Change log number


I was inactive on this blog for quite some time but I will try to post on this once again.

In this blog I am trying to put some light on the LDAP change log numbers and how they work.

until now I was under impression that LDAP change log number always start with 1 and increase in sequence. It does increase in sequence but if an LDAP environment has a limit to keep change log only for last N number of days then LDAP first changelog number is not 1 but something else.

Now if you have to check what is the first and last change log number in your directory then how would you do it programatically?

Below is the code which can be used to get the lastchangelognumber. Similarly one can get the firstchangelognumber from the directory.

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingEnumeration;

public class ReadingLDAPChangeLog {

* @param args

static String RETURN_ATTRIBUTES[] = { "changes"};
static String RETURN_ATTRIBUTES_CHANGELOG[] = { "lastchangenumber"};

public static DirContext makeLDAPConnection (String Hostname, String Port, String BaseDN, String BindDN, String Password)
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://" + Hostname + ":" + Port + "/" + BaseDN);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, BindDN);
env.put(Context.SECURITY_CREDENTIALS, Password);
env.put(Context.BATCHSIZE, "100");
DirContext ctx = new InitialDirContext(env);
return ctx;
catch (Exception e)
System.out.println("Unable to connect to LDAP server.");
System.out.println("Please check connection parameters set in");
return null;

public static void main(String[] args) throws Exception {
//String SEARCH_FILTER = "(&(changenumber >= 550)(changenumber <= 580))";

String SEARCH_FILTER = "(objectclass = top)";

DirContext ctx_changelog = makeLDAPConnection("localhost","389","","cn=admin","*******");

SearchControls constraints_changelog = new SearchControls();

NamingEnumeration results_changelog ="", SEARCH_FILTER, constraints_changelog);

while ( results_changelog != null && results_changelog.hasMore() )

SearchResult sr = (SearchResult);
String DN = sr.getName();

Attributes attrs = ctx_changelog.getAttributes(DN, RETURN_ATTRIBUTES_CHANGELOG);

Attribute attr = attrs.get("lastchangenumber");
String lastchangenumber = (String)attr.get();




Saturday, July 5, 2008

Some Challenges in IDM project implementation

After working/talking about multiple IDM implementation I feel that there are different kinds of challenges in implementing the solution.

1) Getting the approvals/access from the end application : For example integrating with Oracle financial system one needs to have super user kind of permissions on the system for provisioning/deprovisioning. End application teams have there valid concerns for not giving that kind of access to IDM system.

2) Password policy : One of the very good feature of IDM system is to provide password synch across organization wide applications. In real world it becomes very challenging because of all systems does not have same password policy for one reason or the other.

3) Unique ID for life : If not all but most of the organizations work in the employee/consultant mode. People change there profile from employee to consultant and vice versa. It is a real challenge to find the same person in the system if S/he is returning to the organization. Organizations spreaded across globe are having this as a bigger challenge because they are working to consolidate there HR system under one umbrella to have better control over the system.

4) Missing unique ID in the applications : In the ideal world we expect end application which is getting integrated with IDM will have one or the other co-relation key to allow IDM to reconcile the accounts but it is not always true. Some times IDM teams have to request changing the end applications to have an extra field storing the co-relation key.

Tuesday, November 27, 2007

Adaptive Access Control

Few weeks back I went to attend Oracle Openworld in San Francisco and while I was on the demo grounds to see what oracle has to offer in the Identity and Access Control I met one product group which is building a "Adaptive Access Control" product.

This product builds the intelligence based on your previous access controls and compare them on next logon. This can be configured to make the metrics over a predefined period of time and freeze the statistics for next access requests.

For example if you are accessing the system between 8AM and 5PM on a daily basis and one day it gets the request at 10PM then it will deny the access.

This seems a good idea to me except for the reason that how long it takes to capture the metrics and how it handles the exceptions.

Another scenario could be that you access the system from North America reason and one day it sees the request from India then it has a valid reason to suspect the request.

Saturday, November 3, 2007

Open Source identity and Access management : VELO

Fortunately I got a chance to directly talk to Asaf Shakarchi (father of VELO) and I asked him why you named it VELO.

Asaf: It was taken by "velo binding". You can read about it in wiki.

My understanding: I then read about it in the Wiki and tried to link it with the identity and access control and realized the name is so true as the product is also trying to link and bind and control the identities.

I also asked him what is the function of remote performer and below is what I understood from his explanation

Remote performer is a kind of load balancer which can be used to delicate the responsibility of the VELO server. For example if the environment has many resources and you don't want to wait for the responses from the resource once you provision, you can use VELO remote performer. All the requests will be delegated to the remote performer and VELO server can perform other important tasks.

Remote performer is not a must for deploying VELO but it can give additional flexibility to distribute the load.

Hub and Switch and Router

I was doing a udemy course to learn more about the networking concepts and wanted to clarify the confusion between Hub, Switch and Router. ...