Posts Tagged opendj
While building OpenDJ I hit a roadblock : XJC is defective with OpenJDK 8 and prevents us from building the DSML gateway that is part of the OpenDJ project. It’s only recently when the openjdk bug database was made publicly available that I found it was a known P1 issue, yet still not resolved.
Recently someone filed a bug against OpenDJ for failing with openjdk 8, so we paid more attention, found the cause of the failure and fixed it. And now OpenDJ directory server is working fine on openjdk 8. We are keeping an automatic build and test with openjdk8 (*) to make sure things will work when Java 8 is released.
Next steps will be to verify that OpenDJ still works with the beta version of jdk8 of IBM Java virtual machine.
* If you’re not familiar with OpenDJ nightly tests, do not try to interpret the results out there. Some of those complex replication tests are unfortunately sensitive to processor speed, thread timing and synchronization.So they tend to fail often on single CPU virtual machines where resources are unknown. They are fully passing on 2 or more CPU machines.
My coworker Chris Ridd has spent a little bit of spare time writing a small utility that can parse the output of OpenDJ monitoring information to extract the details of the replication topology. Give the output to some graphical tool and here’s the result (based on one of our biggest customer -anonymized- data) :
This is a worldwide deployment with many directory services in 4 regions and 8 replication services fully connected. Each directory service is connected to a single replication server, but can failover in matter of seconds, by priority in the same region.
If you want to give it a try on your own replication topology, it’s simple. The tool is open source and part of the OpenDJ utilities that Chris has pushed to GitHub. Just feed it with the output of ldapsearch on cn=monitor.
Join us for the Open Identity Stack Summit Europe, on 14-16 October 2013 at the Domaine de Béhoust, France.
We will be gathering at ForgeRock’s luxe Chateau, Domaine de Béhoust (just outside Paris), where our Open Identity Stack community will delve into OpenAM, OpenIDM, and OpenDJ best practices, use cases, how-tos, and more.
We’ve been saying for a long time that identity & access management (IAM) must be reconstructed to adapt to today’s problems. Modern APIs, standards, scale, speed, and modular architecture are all needed for successful modern IAM deployments. The agenda will include dynamic working sessions addressing the latest IAM developments, including mobility, identity bridge, and customer case studies.
A call for papers is open. If you are doing something interesting with the Open Identity Stack and you would like to share the experience by presenting a session at the summit, send your proposal by September 4.
ForgeRock’s chateau is large, but registration is limited. Therefore, I encourage you to reserve your spot and register quickly !
If you want to get a feel of the atmosphere of the conference, check the photo album from the first ForgeRock Open Identity Summit or get a glimpse at the skills of one of our keynote speakers :
I hope to see you at ForgeRock’s chateau in October !
OpenDJ 2.6.0 brings a lot of added value, including :
- A REST to LDAP service, allowing an easy access to directory data using HTTP/JSON. The service can be run either embedded in the server or as a standalone web application.
- A new upgrade process to ease transition from OpenDJ 2.4.5 or newer to 2.6.
- New Linux native packages (RPM and Debian) to facilitate the automatic deployment of OpenDJ in the private and public cloud.
- OpenDJ can be configured to delegate authentication to a Microsoft Active Directory service, providing tighter integration with Microsoft environment without the burden of synchronizing passwords.
- An optional extension to remove specific attributes from updates, making it more flexible and easier to deal with legacy applications and migration tasks.
- A way to synchronize SAMBA password attributes with the user’s password.
- Some improvements on the integrity of references, that is now enforced at creation or on update.
- More flexible and efficient audit logs.
- A Java based LDAP software development kit.
For the complete list of new features, enhancements and fixed defects, please read the release notes.
The binaries can be downloaded from ForgeRock Downloads.
Over the course of the development of OpenDJ, we’ve received many contributions, in form of code, issues raised in our JIRA, documentation… We address our deepest thanks to all the contributors and developers :
Aiman Tahboub, Alan Evans, Arturo V Sanchez, Auke Schrijnen, Bernhard Thalmayr, Brent Palmer, Bruno Vernay, Chris Dowey, Chris Ridd, Christophe Sovant, Dan Gardner, Danny Turner, Darin Perusich, Donal Duane, Elliot Kendall, Eswar Moorthy, Fred Voss, Gael Allioux, Gary Williams, German Parente, Göran Odmyr, Ian McGlothlin, Jamie Nelson, Jean-Noël Rouvignac, Jeff Blaine, Jeffrey Crawford, Jens Elkner, Lana Frost, Laurent Bristiel, Ludovic Poitou, Manuel Gaupp, Manuel Schallar, Mark Craig, Mark Gibson, Marko Harjula, Martin Sperle, Matthew Stevenson, Matthew Swift, Miroslav Fadrhonc, Mitch Silverstein, Nemanja Lukić, Nicholas Sushkin , Nikolay Belaevski, Per-Olov Sjoholm, Peter Major, Rauli Ikonen, Sachiko Wallace, Slavomir Katuscak, Tomas Forsman, Vanessa Richie, Violette Roche, Willi Burmeister
Happy 4th of July everyone !
I hope all attendees enjoyed the summit as much as I have. It’s been a real pleasure to meet face to face some of the project members, customers and partners I’ve interacted with, over emails and phone for the last 3 years, and to see again colleagues, ex-coworkers…
All the photos that I’ve captured during the summit are now publicly available on Flickr.
See you at the next summit !
[Update on June 19] The presentations from the summit are now online. Goto the Summit page and click on the Agenda.
For those who haven’t registered yet, I believe that there are still a few spots available : http://forgerock.com/summit/.
For the other ones, I’m looking forward to see you next week, in sunny and beautiful Pacific Grove.
OpenDJ, the open source LDAP directory service in Java, offer some interesting services to reduce and optimize the size and usage of data.
One of them is the Virtual Attribute feature, which allow certain attributes and values to be computed as needed, either based on some of the server internals or other attributes. OpenDJ ships with a number of virtual attributes by default : entryDN, entryUUID, etag, gouverningStructureRule, hasSubordinate, isMemberOf, numSubordinate, password Expiration Time (ds-pwp-password-expiration-time), structuralObjectClass, subSchemaSubEntry, …
Since these attributes are virtual and thus not stored as part of the entries in the database backend, you must not define any index for them. When possible, the virtual attribute provider will make use of default system index (like entryDN uses the DN index), but most of the time, these attributes are for reading and consuming.
If you do configure an index for one of the virtual attribute, the server will repeatedly report that the index is degraded with an error message similar to the following :
[21/Jan/2013:09:16:07 +0000] category=JEB severity=NOTICE msgID=8847510 msg=Due to changes in the configuration, index dc_example_dc_com_entryDN is currently operating in a degraded state and must be rebuilt before it can be used
And then some seaches may fail to return entries. So you must delete this index to let the server behave properly.