If you are like me, your name shows up on google search, you occasionally participate in technology discussion forums and have sometime in the past posted your resume on one of the job websites. The result? Bunch of emails everyday with all kinds of positions everywhere! I have had a chance to work with many recruiters over the years, sometimes as a candidate and other times as an interviewer. Over the time, I have become aware of a few ways NOT to get my attention on an opportunity. Here they are in no particular order:
Send me a position just because a keyword matched: This is my favorite (I know I said I am listing the points in no particular order but I just can't resist). Guys please! I can't be a good match for an ATG Architect position if I worked as a developer on ATG for 2 months in the year 2001. I know you are using some software to search resumes by keywords but at least glance through the resume once.
Send me a position that is totally irrelevant: This one is worse than the previous one (and not my favorite at all because it makes me... let's just say angry). I sometimes get emails about positions that requires years of experience with certain tool, which is not even listed in my resume. Many times those emails explicitly mention that the experience is a must. What is even worse is sometimes people just call me directly with those positions, I tell them I am not a good fit and they hang up. What a waste of time!
Try to tempt me to leave my current project: If I could change only one thing about the recruiting process, it would be this one. The recruiter tells me he has a position for me that would be a 'great' fit. I tell them I am already on a project and not looking for anything. And he tells me "I just wanted to check with you if you are dissatisfied with your current project or looking for a 'better' opportunity." If that' how you get the candidates, expect to loose them the same way. Come on! How could a candidate trust you with such an unethical behavior? When I come across a recruiter like this, the first thing that comes to my mind is, he is probably lying about both opportunity and role.
Describe every project as SOA/web service project and every position as architect position: This is a funny one. Once, after hearing the description, I told the recruiter it didn't sound like an architect role (it required developing swing components - something I had never done), she said, "I mean you will be working with people at architect level."Huh!
List technologies instead of describing the position and role: My reaction to these emails is... nothing! Because they have no information. I recent one I received looked like, "CA, 3-6 months, JSP, EJB, Struts, send resume..." I don't even know what to write about this one.
I have a few more that don't turn me off right away but do come across poorly:
Send me an email not addressed to me
Keep sending me the same position multiple times
Spend more time describing your firm rather than talk about the position
Be interested in my resume and rate information more than telling me about the opportunity
Now let's be serious. This is a people business. I did a ton of interviews for my client in my previous project and from that experience I am convinced that good candidates are hard to find. It will be a mistake to expect them to 'react' to a poorly formed email or a sloppy phone call. It is easy to find 'a' candidate but it is very difficult to find a 'good' candidate. If upcoming work force shortage is not a myth, the recruiting industry will have to find innovative ways to look for candidates, contact them, sell the 'opportunity' to them and close the deal.
I use a mind mapping tool called Freemind. It is available here. It's a great tool for capturing ideas. I like seeing all my ideas grouped together right in front of me and this tool (written in Java) makes it possible. It's easier than a creating and reading a list.
Anyway, I want to talk about its installation. I have always used this tool on windows and it always installed itself without any problems. You can download an exe file from here. But things aren't as easy on Linux (isn't that why most of the people still find windows easier to use?). Freemind requires several packages to be installed successfully on Linux. The easiest way to deal with these dependencies is to download Freemind freemind-0.8.0-6.noarch.rpm file from here. Become root using su command and install the file using rpm -ivh <file_name> command. It will fail with a message that looks like:
error: Failed dependencies: jakarta-commons-lang is needed by freemind-0.8.0-6.noarch relaxngDatatype is needed by freemind-0.8.0-6.noarch msv-xsdlib is needed by freemind-0.8.0-6.noarch jgoodies-forms is needed by freemind-0.8.0-6.noarch xml-commons-apis is needed by freemind-0.8.0-6.noarch ws-jaxme is needed by freemind-0.8.0-6.noarch jakarta-commons-codec is needed by freemind-0.8.0-6.noarch
Now, go to JPackage website. Download and install every missing package listed above and then try installing Freemind again. Do you have to go through the pain of installing all these packages when all you need is a simple mind mapping tool? Not really! In the past I have used kdissert at http://www.kde.org.uk/apps/kdissert/, which is relatively easy to install but I am used to Freemind so I will stick to it.
I upgraded to SUSE Linux 10.2 from 10.1 yesterday. I must say I am pleased with what I see. I haven't seen much yet though so I don't have anything to rant about. So far, I have one up and one down: up: cool new Start menu down: system startup and shutdwon still take a long time
Anyway, if you follow my article to install SUSE 10.2, replace line "When asked to enter the directory, enter: /opensuse/distribution/SL-10.0-OSS/inst-source/" by "When asked to enter the directory, enter:/opensuse/distribution/10.2/repo/oss/." Everything else in the article should still be valid. Happy linuxing...
This entry is a follow up on using Apache Directory Server (Apache DS) and WAS 6.1 to implement security. If you haven't already, review Apache DS installation and configuration here and how to create users and groups here. In this entry, I will describe how to configure WAS 6.1 to use Apache DS and enable security.
Starting v6.1, WebSphere separates administrative security from application security. The term administrative security means you need username and password to administer the server. This includes getting server status, stopping the server (somehow it doesn't include starting the server, you can start the server without supplying username and password) and administer the server through admin console or through wsadmin scripts. The term application security means you can protect resources in your application (e.g. you can protect /profile url), assign application security roles to those protected resources and map users or groups from ldap to those roles. It is important to note that starting WebSphere 6.1, you can choose to enable only administrative security or only application security or both. In previous versions you were required to enable or disable both at the same time. For now, we will only enable administrative security, we will talk about application security in the future when we have a sample application. This assumes that
you have already created a WebSphere 6.1 profile with security disabled (if you want to know how to do that Send me an email)
Go to WAS admin console http://<host>:port/admin. For example, http://localhost:9060/admin
Click on Security > Secure administration, applications, and infrastructure
Select Standalone LDAP registry in Available realm definitions dropdown and click Configure
Enter the following values in the screen:
Primary administrative username: wasadmin (the admin user already created in ldap)
Select Server identity that is stored in the repository radio button (because we don't want WebSphere to generate an id for us)
Type of LDAP server: Custom (Apache DS is NOT one of the supported ldap servers)
Host: localhost
Port: 10389 (port on which Apache DS is listening)
Base distinguish name (DN): dc=example,dc=com (all our groups and users are under this base dn)
Bind distinguish name (DN): uid=wasadmin,ou=people,dc=example,dc=com (entry that uniquely identifies wasadmin user)
Bind password: <password for wasadmin user you used in when you created user in LDAP>
Leave default values for other options
Click Apply
Click Save directly to the master configuration link
Click Advanced Lightweight Directory Access Protocol (LDAP) user registry settings link under Additional Properties section
User filter: (&(uid=%v)(objectclass=inetOrgPerson))
Group filter: (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)))
User ID map: *:uid
Group ID map: groupOfNames:member;groupOfUniqueNames:uniqueMember
Click OK
Click Save directly to the master configuration link at the top of the page
Click OK and Save again
Click Security > Secure administration, applications, and infrastructure link on the left hand panel
Select Enable administrative security checkbox
Unselect Enable application security checkbox
Unselect Java 2 security checkbox
Select Standalone LDAP registry in Available realm definitions dropdown and click Set as current button
Click Apply button
Click Save directly to the master configuration link
We have enabled administrative security but the change will not take effect until we restart the server. Restart the server and go to admin console. Since security is enabled, you will be asked to accept a certificate and login using the WAS admin username and password you specified in ldap. From this point on, Apache DS must be running before you can administer the server.
Edit on Sunday Feb 18, 2007: Corrected the value of Bind distinguish name (DN): to read
Bind distinguish name (DN): uid=wasadmin,ou=people,dc=example,dc=com (entry that uniquely identifies wasadmin user)
Last time , we talked about installing and configuring Apache DS. Now, we will add users and groups to it. We need to create the following users: wasadmin: This is the WebSphere 6.1 administrator user. Once security is configured, we will log into WAS admin console using this user bob: This is a test application user. We will log into the 'security enabled' application using this test user
Users are typically placed in LDAP groups so that groups can be mapped to application roles as opposed to mapping individual users (users come and go, groups they belong to stay in the organization). We will create the following groups: admins: This group will hold all administrators. For now, we have only one administrator - wasadmin endusers: This group will hold all the application users. For now, we have only one end user - bob
Organizations typically organize their data in organizational units. A user could be part of multiple organizational units. For example, the user bob may be part of ou=HR as well as ou=people. We will create 2 organizational units: groups: This organizational unit will hold ALL the groups in Apache DS people: This organizational unit will hold ALL users. Both bob and wasadmin will be under this unit even though wasadmin is just a system user
As we will see shortly, a user may be part part of an organizational unit AND may belong to a group.
Creating groups and users
The high level steps to create users and groups are:
Create organizational units to hold users and groups
Create wasadmin user
Create application user
Create groups
To create the above items, you can specify all the information in a text file, commonly known as ldif file and load the file in the ldap server. Create a file called organizational_units.ldif and put the following content in it. If you are completely unfamiliar with LDAP concepts, this article may be a good start.
# An ldif file that creates people and groups organizational units dn: ou=people,dc=example,dc=com cn: people description: An organizational unit to store all people/users including system users objectClass: top objectClass: organizationalUnit
dn: ou=groups,dc=example,dc=com cn: groups description: An organizational unit to store all people/users including system users objectClass: top objectClass: organizationalUnit
In JXplorer, select LDIF > Import File, select this file and click Open. This will result in two new organizational units, ou=people and ou=groups under dc=example,dc=com.
We will put all users (including system users) in people ou and all groups in groups ou. Let's create users first. Create a file called users.ldif and put the following content in it.
dn: uid=wasadmin,ou=people,dc=example,dc=com cn: wasadmin cn: WebSphere Administrator cn: WAS administrator sn: wasadmin objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: wasadmin userpassword: wasadmin
dn: uid=bob,ou=people,dc=example,dc=com cn: Bob sn: User objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson uid: bob userpassword: password
Importing the file above creates 2 users under ou=people,dc=example,dc=com. For example, the dn of the wasadmin users becomes, uid=wasadmin,ou=people,dc=example,dc=com. We will use this dn to login to WAS admin console after we enable administrative security.
To create groups, create a text file called groups.ldif and put the following content in it:
dn: cn=admins,ou=groups,dc=example,dc=com description: admins group, WebSphere administrator will be part of this group cn: Administrators group objectClass: top objectClass: groupOfNames member: uid=wasadmin,ou=people,dc=example,dc=com
dn: cn=endusers,ou=groups,dc=example,dc=com description: application users group cn: Users group objectClass: top objectClass: groupOfNames member: uid=bob,ou=people,dc=example,dc=com
Notice how both the groups use the member attribute and point to the dn of its members. This attribute is required because our groups use groupOfNames object class. Since the member attribute is required, we created users first and then the groups. At this point, your ldap settings in JXplorer should look like this:
That's it! We are now ready to enable security in WebSphere 6.1. I will describe that process in the next entry.
