I am trying to download openldap and I came across an ldap Java JDK called OpenLdap fortress. http://www.openldap.org/fortress/ It seems to be good for Identity Management Access, which sounds good, since I was about to use an open source Identity Management Tool (Apache Shiro) Should I stick with Apache shiro or use just OpenLdap Fortress or both of them? What is the best solution for Identity and Access Management? What are the differences?
I'm not very familiar with Apache Shiro but it appears to be a framework for IAM which provides authentication, role-based authorization and encryption services for Java Web based applications. So from that perspective the two products match up.
Where the two separate is Fortress provides IdM infrastructure and is compliant with ANSI RBAC. It bundles with OpenLDAP directory (so you don't have to figure out how to do that) and provides a RESTful API that bundles with Java EE servlet containers like Tomcat (if the IAM API invocations must pass through firewalls) and will soon include a Web UI for administration and management of Fortress identities/RBAC policies and OpenLDAP.
So if you are looking for a framework to integrate with your existing IdM infrastructure and don't need ANSI RBAC, a Web admin or REST, Shiro is probably a good choice.
If ANSI RBAC compliance is important, and you need open source IdM infrastructure (like OpenLDAP), REST and UI along with the framework, you should look to Fortress.