Product Description

In January 2009 JoshuaTree along with help from its partner Symas, began work on a new suite of Identity & Access Management products. These products would build on OpenLDAP's native capabilities.

Key objectives of the development project that ensued mandated use of pre-existing open source products, common and accepted standards, and to write new code only when necessary.

RBAC Commander Web Administration

First released August 28, 2013 under BSD 3-clause open source license. 

Commander Web UI includes pages for... 

  • ANSI RBAC entity and policy management
  • User based demographic attribute management
  • IETF password policy management
  • Self-service user and password administration
  • Centralized audit trail interrogation and viewing
  • Extensible framework for building custom pages

Where to obtain

The following sections provide an overview of Commander including technical info, screen shots and feature descriptions.  

Technical Description

  • Runs inside any Java 7 powered Servlet container
  • 15 Pages, 35 Panels, 10 List Views
  • ANSI RBAC INCITS 359 compliant
  • Apache Wicket UI framework (6.14.0)
  • AJAX & jQuery (1.11.0)
  • Spring dependency injection and security enforcement
  • Build & dependency management using Maven
  • OpenLDAP enabled centralized audit trail
  • Log4j enabled tracing
  • Automated web testing using Apache Solenium
  • Communication protocols supported:
    • LDAPv3 - most efficient protocol for direct to LDAP server communication utilized when applications are co-located inside same datacenter
    • HTTP/REST - less efficient protocol but easier integrate across widely distributed applications

Security Description

  • ANSI RBAC permission based policy enforcement
  • Java EE for declarative authentication/SSO & coarse-grained authorization
  • IETF password policies enforced during login
  • Spring for declarative page-level medium-grained authorization
  • Wicket and Fortress for access controls over button and link enablement
  • Fortress ARBAC for fine-grained declarative controls over entity access (User, Role, Permission,etc,...) along with their allowed operations (add, udate, delete, search)
  • Fortress audit trail tracks user actions
  • Fortress audit trail of entity change history (before/after)


Our mission is to make high performance security solutions available to every business

We were formed in 2009 by a team of software developers with decades of experience. We see an increasing reliance on network solutions; an enormous and rapid development and a widespread reliance on these vulnerable systems. But we have not seen a corresponding development in our ability to protect them.


All of JoshuaTree's source code is released under the OpenLDAP Public License.