Introducing a pythonic RBAC API

py-fortress is a Python API implementing Role-Based Access Control level 0 – Core.  It’s still pretty new so there’s going to be some rough edges that will need to be smoothed out in the coming weeks.

To try it out, clone its git repo and use one of the fortress docker images for OpenLDAP or Apache Directory.  The README has the details.

py-fortress git repo

The API is pretty simple to use.

Admin functions work like this

# Add User:
admin_mgr.add_user(User(uid='foo', password='secret'))

# Add Role:

# Assign User:
admin_mgr.assign(User(uid='foo'), Role(name='customer'))

# Add Permission:
admin_mgr.add_perm(Perm(obj_name='shopping-cart', op_name='checkout'))

# Grant:
admin_mgr.grant(Perm(obj_name='shopping-cart', op_name='checkout'),Role(name='customer')) 

Access control functions

# Create Session, False means mandatory password authentication.
session = access_mgr.create_session(User(uid='foo', password='secret'), False)

# Permission check, returns True if allowed:
result = access_mgr.check_access(session, Perm(obj_name='shopping-cart', op_name='checkout'))

# Get all the permissions allowed for user:
perms = access_mgr.session_perms(session)

# Check a role:
result = access_mgr.is_user_in_role(session, Role(name='customer'))

# Get all roles in the session:
roles = access_mgr.session_roles(session)


In addition, there’s the full compliment of review apis as prescribed by RBAC.  If interested, look at the RBAC modules:

Each of the modules have comments that describe the functions, along with their required and optional attributes.

Try it out and let me know what you think.  There will be a release in the near future that will include some additional tooling.  If it takes off, RBAC1 – RBAC3 will follow.

Why I Ride

Say what you will about cycling, but it affords time for thoughtful contemplation.

Why am I doing this?  There are plenty of reasons not, starting with it being hard compared to other forms of transportation.

That the roadways don’t accommodate — we’re at best an annoyance, leading to spats and scuffles of varying severities.

It’s not convenient to commute this way requiring time consuming preparation.

Not a particularly time effective form of transportation — much faster to get into a car and drive.

Complications on arrival not shared with motorist; attired in such a way that is comically out of place of today’s societal norms.

Summing up the pros/cons, it can be hard to make a convincing argument for daily commuting on a bike.

So why do it?  Before that can be answered we have to delve into this issue a bit deeper.  What are the cons of commuting by car?

  1. The average automobile spews about 5 metric tons of carbon dioxide into the atmosphere a year.1
  2. Driving increases stress levels and encourages a sedentary lifestyle.
  3. The cost to maintain the nation’s highways, roads, bridges and streets is hard to calculate but is probable > $100 billion US.2
  4. The yearly cost to maintain an automobile about $9,000 US.3

Back to how riding affords time to think — more questions to ponder…

  1. What happens when everyone on the planet is driving a car?  (How much longer can the atmosphere absorb the greenhouse emissions before lasting consequences)
  2. How much longer can the US government afford to spend sizable portions of our tax revenue maintaining roadways?
  3. When will petroleum run out and what then?

More riding, more thoughts… at the turn of the century (twentieth), the internal combustion engine (and its supply chain) was perfected, cycling was widespread and automobiles rarely seen on the roads.

We all know what happens next, but what if otherwise?  The bicycle the target form of personal transportation and the automobile for public and commercial usage only.  Cyclist in the majority; living close by their place of worship, study, work, entertainment, etc…  Commuters would be traveling slower and have to talk to one another — maybe better for politics and settling disputes.

What would our environment look like — still polluted with carbons?  What of our hospitals — full of unfit patients?  What of our cities — divided by giant, ugly roadways or connected by scenic paths?

Is there a middle road?  Meanwhile I ride and long for the day everyone follows…



1. Greenhouse Gas Emissions from a Typical Passenger Vehicle
2. What is the federal government’s annual investment in transportation improvements?
3. Annual Cost of Ownership`

Why I love LDAPCon

This post is loosely based on a lightning talk last week in Brussels.  We had a few minutes to fill and I felt compelled to spill my guts, despite having nothing prepared.

For those that have never heard about LDAPCon, it’s a biennial event, first held in ’07, with rotating venues, always in interesting places.  The talks are a 50/50 split between technology providers and usages.

You can check out this year’s talks, along with sides — here.

It’s not a ‘big’ conference — attendance hovers between 70 and 80.  It doesn’t last very long — about two days.  There’s very little glitz or glory.  You won’t find the big vendors with their entourages of executives and marketing reps, wearing fancy suits, sporting fast talk and empty promises.  Nor are there giveaways, flashy parties or big name entertainers.  For the most part the media and analysts ignore it; participants don’t get much exposure to the outside world.  Everyone just sits in a single, large conference room for the duration and listens to every talk (gasp).

So what is it about this modest little gathering that I love so much?

Not my first rodeo.  The end of my career is much closer than its beginning, and I’ve been to dozens of conferences over the decades.  Large, small and everything in between.  For example, I’ve attended JavaOne twelve times and been to half a dozen IBM mega conferences.

Let’s start with relevance.  Contrary to what you may think LDAP is not going away.  It’s not sexy or exciting.  Depending on your role in technology you may not even have heard of it (although I can guarantee that your information is housed within its walls).  But it’s useful.  If you’re interested in security you better understand LDAP.  If you choose not to use it you better have good reasons.  Ignore at your peril.

I’ve been working with LDAP technology (as a user) for almost twenty years.  When I first started, back in the late ’90’s there was a fair amount of hype behind it.  Over the years that hype has faded of course.  As it faded, I found myself alone in the tech centers.  In other words, I was the only one who understood how it worked, and why it was needed.  As the years passed, I found my knowledge growing stale.  Without others to bounce ideas there’s little chance for learning. You might say I was thirsting for knowledge.

My first LDAPCon was Heidelberg in ’11.  It was as if I had found an oasis after stumbling about in the desert alone for years.  AH — at last others who understand and from whom I can learn and work with.

Many conferences are rather impersonal.  This is understandable of course, because the communities aren’t well established or are so large that it would be impossible to know everyone, or even a significant minority.

The leaders of these large technology communities are more like rock stars than ordinary people.  Often (not always) with oversized egos fed by the adoration of their ‘fans’.  This is great if you are seeking an autograph or inspiration, but not so much if you’re wanting help or validation of ideas.

Not the case at LDAPCon.  You’ll still find the leaders and architects, but not the egos.  Rather, they understand the importance of helping others find their way and encourage interaction and collaboration.

Sprinkle in with these leaders earnest newcomers.  Much like when I arrived in Heidelberg the pattern repeats.  These newcomers bring energy and passion that fuels the ecosystem and helps to stave off obsolescence.  There is a continuous stream of ideas coming forth ensuring the products and protocols remain relevant.

The newcomers are welcomed with open arms and not ignored.  This creates a warm atmosphere for collaboration.  New ideas are cherished not shunned.  Newcomers are elevated not marginalized.

Not a marketing conference.  You won’t find booths (like at a carnival) where passersby are cajoled and enticed by shiny lights and glitzy demos.  Where on the last day they warily pack up their rides and go to the next stop on the circuit.

Not a competitive atmosphere, rather collaborative.  Here is where server vendors like Forgerock, Redhat, Microsoft, Symas, and others meet to work together on common goals, improving conditions for the community.  They don’t all show up to every one, but are certainly welcome when they do.

Here, on the last day, there is some sadness.  We go and have some beer together, share war stories (one last time) and make plans for the future.

The next LDAPCon will probably again be held in Europe.  Perhaps Berlin or Brno.

I can hardly wait.


2017 Dirty Kanza Finish Line

Note: This post is about my second Dirty Kanza 200 experience on June 3, 2017.

It’s broken into seven parts:

Part I – Prep / Training

Part II – Preamble

Part III – Starting Line

Part IV – Checkpoint One

Part V – Checkpoint Two

Part VI – Checkpoint Three

Part VII – Finish Line


I went looking for Derrick but couldn’t find him.  A woman, found out later his wife…

“Are you John?” she asked.

I replied with my name and didn’t make the connection.  I’d forgotten the color of his support team and he got my name wrong so that made us even.

He caught up ten miles later, by then chasing the fast chicks.  I called out as they zoomed past, wished them well.  This is how it works.  Alliances change according to the conditions and needs from one moment to the next.

A lone rider stopped at the edge of downtown — Rick from Dewitt, Arkansas.  He was ready for takeoff.

“You headed out, how bout we team up?”  I asked matter-of-factly.  The deal was struck and then there were two.

Eventually, maybe twenty miles later, we picked up Jeremy, which made three.  It worked pretty well.  Not much small talk, but lots of operational chatter.  You’d thought we were out on military maneuvers.

  • “Rocks on left.”
  • “Mud — go right!”
  • “Off course, turning around.”
  • “Rough! Slowing!”

There were specializations.  For example, Jeremy was the scout.  His bike had fat tires and so he’d bomb the downhills, call back to us what he saw, letting us know of the dangers.  Rick did most of the navigating.  I kept watch on time, distance and set the pace.

By this time we were all suffering and made brief stops every ten miles or so.  We’d agreed that it was OK, had plenty of time, and weren’t worried.

Caught up with Derrick six miles from home.  Apparently he couldn’t keep up with the fast chicks either, but gave it the college try, and we had a merry reunion.

We rolled over the finish line somewhat past 2:00 am.


Rick and I crossing the FL

Here’s the official video feed:

And the unofficial one:

My support team was there along with a smattering of hearty locals to cheer us and offer congratulations.

Jeremy, Rick and I had a brief moment where we congratulated each other before LeLan handed over our Breakfast Club finishers patches and I overheard Rick in his southern drawl…

“I don’t care if it does say breakfast club on there.”

Next were the hugs and pictures with my pit crew and I was nearly overcome with emotion.  Felt pretty good about the finish and I don’t care if it says breakfast club on there either.


The Pit Crew, l to r, Me, Gregg, Kelly, Janice, Cheri, Kyle


In addition to my pit crew…

My wife Cindy deserves most of the credit.  She bought the bike four years ago that got me all fired up again about cycling.  Lots of times when I’m out there riding I should be home working.  Throughout this she continues to support without complaint.  Thanks baby, you’re the best, I love you.

Next, are the guys at the bike shop — Arkansas Cycle and Fitness, my support team back home in Little Rock.  They tolerate abysmal mechanical abilities, patiently listen to requirements, and teach when need be (often).  Time and again the necessary adjustments were made to correct the issues I was having with the bike.  They’ve encouraged and cheered, offered suggestions on routes, tactics, training, nutrition, hydration and everything else related to the sport of endurance cycling.

Finally, my cycling buddies — the Crackheads.  Truth be known they’re probably more trail runners than cyclists, but they’re incredible athletes, from whom I’ve learned much about training for these types of endurance events.  In the summertime, when the skeeters and chiggers get too bad for Arkansas trail running, they come out and ride which makes me happy.

Screen Shot 2017-06-20 at 12.01.19 AM

The End

2017 Dirty Kanza Checkpoint Three

Note: This post is about my second Dirty Kanza 200 experience on June 3, 2017.

It’s broken into seven parts:

Part I – Prep / Training

Part II – Preamble

Part III – Starting Line

Part IV – Checkpoint One

Part V – Checkpoint Two

Part VI – Checkpoint Three

Part VII – Finish Line

Don’t Worry Be Happy

My thoughts as I roll out of Eureka @ 3:30pm…

  • Thirty minutes at a checkpoint is too long, double the plan, but was overheated and feel much better now.
  • I’m enjoying myself.
  • It’s only a hundred miles back to Emporia, I could do that in my sleep.
  • What’s that a storm cloud headed our way?  It’s gonna feel good when it gets here.

Mud & Camaraderie

That first century was a frantic pace and there’s not much time or energy for team building.  We help each other out, but it’s all business.

The second part is when stragglers clump into semi-cohesive units.   It’s only natural and in any case, foolish to ride alone.  A group of riders will always be safer than one, assuming everyone does their job properly.  Each new set of eyes brings another brain to identify and solve problems.

There’s Jim, who took a few years off from his securities job down in Atlanta, Georgia to help his wife with their Montessori school, and train for this race.  He and I teamed up during the first half of the third leg.  As the worst of the thunderstorms rolled over.

Before we crossed the US hiway 54, a rider was waiting to be picked up by her support team.  Another victim of muddy roads, a derailleur twisted, bringing an early end to a long day.  We stopped, checked and offered encouragement as a car whizzed by us.

“That’s a storm chaser!!”, someone called out, leaving me to wonder just how bad these storms were gonna get.

Derrick, is an IT guy from St. Joseph, Missouri, riding a single-speed bike on his way to a fifth finish, and with it a Goblet commemorating 1000 miles of toil.

We rode for a bit at the end of the third, right at dusk.  My GPS, up to now worked flawlessly had changed into the nightime display mode and I could no longer make out which lines to follow, missed a turn and heard the buzzer telling me I’d veered off course.

I stopped and pulled out my cue sheets.  Those were tucked safely and sealed to stay nice and dry.  What, I forgot to seal, its pages wet, stuck together and useless?

I was tired and let my mind drift.  Why didn’t I bring a headlamp on this leg?  I’d be able to read the nav screen better.  And where is everybody?  How long have I been on the wrong path?  Am I lost?

Be calm.  Get your focus and above all think.  What about the phone, maps are on it too.  It’s almost dead but plenty of reserve power available.

Just then Derrick’s dim headlight appeared in the distance.  He stopped and we quietly discussed my predicament.  For some reason his GPS device couldn’t figure that turn out either.  It was then we noticed tire tracks off to our right, turned and got back on track, both nav devices mysteriously resumed working once again.

Jeremy is the service manager at one of the better bike shops in Topeka, Kansas.  He’s making a third attempt.  Two years ago, he broke down in what turned into a mudfest.  Last year, he completed the course, but twenty minutes past due and didn’t make the 3:00 am cutoff.

His bike was a grinder of sorts with some fats.  It sounded like a Mack truck on the downhills, but geared like a mountain goat on the uphills.  I want one of them bikes.  Going to have to look him up at that bike shop one day.

Last year I remembered him lying at the roadside, probably ten maybe fifteen miles outside of Emporia.

“You alright?”, we stopped and asked.  It was an hour or more past midnight and the blackest of night.

“Yeah man, just tired, and need to rest a bit.  You guys go on, I’m fine”, he calmly told us.

There’s the guy from Iowa, who normally wouldn’t be at the back-of-the-pack (with us), but his derailleur snapped and he’d just converted to a single-speed as I caught up with him, and his buddy.  This was a first attempt for both.  They’d been making good until the rains hit.

Or the four chicks, from where I do not know, who were much faster than I, but somehow kept passing me.  How I would get past them again remains a mystery.

Also, all of the others, whose names can’t be placed, but the stories can…



Seven miles into that third leg came the rain.  It felt good, but introduced challenges.  The roads become slippery and a rider could easily go down.  They become muddy and the bike very much wants to break down.

Both are critical risk factors in terms of finishing.  One’s outcome much worse than the other.

Fortunately, both problems have good solutions.  The first, slow down the descents, pick through the rocks, pools of mud and water — carefully.  If in doubt stop and walk a section, although I never had to on this day, except for that one crossing with peanut butter on the other side.

By the way, these pictures that I’m posting are from the calmer sections.  It’s never a good idea to stop along a dangerous roadside just to take one.  That will create a hazard for the other riders, who then have to deal with you in their pathways which limits their choices for a good line.  When the going is tricky, keep it moving, if possible to do so safely.

The second problem means frequent stops to flush the grit from the drivetrains.  When it starts grinding, it’s time to stop and flush.  Mind the grind.  Once I pulled out two centimeter chunks of rocks lodged in the derailleurs and chain guards.

Use whatever is on hand.  River, water, bottles, puddles.  There was mud — everywhere.  In the chain, gears and brakes.  It’d get lodged in the pedals and cleats of our shoes making it impossible to click in or (worse) to click out.  I’d use rocks to remove other rocks or whatever is handy and/or expedient.  It helps to be resourceful at times like this.  That’s not a fork, it’s an extended, multi-pronged, mud and grit extraction tool.

The good folks alongside the road were keeping us supplied with plenty of water.  It wasn’t needed for hydration, but for maintenance.  I’d ask before using it like this, to not offend them.  Pouring their bottles of water over my bike, but they understood and didn’t seem to mind.

We got rerouted once because the water crossing decided it wanted to be a lake.  This detour added a couple of miles to a ride that was already seven over two hundred.

The rain made for slow but I was having a good time and didn’t want the fun to end.

Enjoy this moment.  Look over there, all the flowers growing alongside the road.  The roads were still muddy but the fields were clean and fresh, the temperatures were cool.


wild flowers along the third leg

Madison (once again)

Rolled in about 930p under the cover of night.


930p @ Madison CP3

After all that fussing over nameplates in the previous leg and found out it was mounted incorrectly.  It partially blocked the headlight beam and had to be fixed.


Cheri lends a hand remounting the nameplate so I can be a happy rider

It was Cheri’s second year doing support.  Last year it was her and Kelly crewing for Gregg and I.  This year, she and Gregg came as well.  As I said earlier, the best part of this race is experiencing it with friends and family.

I was in good spirits, but hungry, my neck ached, and my bike was in some serious need of attention.  All of this was handled with calm efficiency by Kelly & Co.

Kyle, who’s an RN, provided medical support with pain relievers and ice packs.  They knew I liked pizza late in the race and Gregg handed some over that had just been pulled fresh from the oven, across the street, at the EZ-mart. It may not sound like much now, but gave me the needed energy boost, from something that doesn’t get squeezed out of a tube.

As soon as Cheri finished the nameplate, Gregg got the drivetrain running smoothly once again.

All the while, Kelly and Mom were assisting and directing.  There’s the headlamp needing to be mounted, fresh battery packs, change to the clear lens on the glasses, socks, gloves, cokes, energy drinks, refilling water tanks, electrolytes, gels and more.  There’s forty-some to go, total darkness, unmarked roads.  Possibly more mud on the remaining B roads.  Weather forecast clear and mild.

Let’s Finish This

“Who are you riding with?”, Gregg called out as I was leaving.  He ran alongside for a bit, urging me on.


Gregg runs alongside as I leave CP3

“Derrick and I are gonna team up”, I called back, which was true, that was the plan as we rolled into town.  Now I just had to find him.  Madison was practically deserted at this hour, its checkpoint regions, i.e. red, green, blue, orange, were spread out, and what color did he say he was again??


Twenty two minutes spent refueling at checkpoint three and into the darkness again.  That last leg started @ 10 pm with 45 miles to go.  I could do that in my sleep, may need to.

Screen Shot 2017-06-17 at 9.32.30 PM

Next Post: Part VII – Finish Line