At ForgeRock, I have multiple reasons to enjoy what I do. I have the responsibility for two products: OpenDJ, the LDAP directory services and OpenIG the Identity Gateway, and I also manages the French subsidiary. But what really gets me excited in the morning is that I get to work with very smart and passionate people!
Jean-Noël, one of the engineers of the OpenDJ development team, has a passion for beautiful code and he loves refactoring, cleaning existing code. On his personal time, he started to automate his process in Eclipse, and then turn it into an Eclipse plugin, and finally made the code available as an open source project: AutoRefactor. Now, in the office, most of the engineers using Eclipse are also using the AutoRefactor plugin.
So when Jean-Noël got to present his work at our local Java User Group (the AlpesJUG), the rest of the team went along and supported him. As one of the other engineers has a passion for photography (which I share), it gives this amazing picture gallery and set of souvenirs for everyone:
PS: It also helps that we are working in a great environment where we can afford to do this⬇︎ (sometime to time) during our lunch break!
Many years ago, when I’ve started working on LDAP directory services, we needed to have some auditing of the operations occurring on the server. So, the server had a “Access” log which contained a message when an operation was received, and one when it was returned to the client, which included the processing time on the server side (the etime parameter). On Netscape and Sun directory servers, the etime was measured in seconds. This format allowed us to detect requests that were taking a long time, or were started but not finished.
In OpenDJ, we switched the etime resolution to milliseconds, but there’s an option to set it to nano-seconds. Yet, with millisecond resolution, there are still a number of log entries with an etime value of 0. The truth is that the server is faster, but so are the machines and processors.
At a rate of 50 000 operations per seconds (which can easily be sustained on my laptop), having two messages per operation does generate a lot of data to write to disk. That’s why we have introduced a new audit log format, not well advertised I must say, in OpenDJ 2.6.0. To enable the new format, use the following dsconfig command:
dsconfig set-log-publisher-prop -h localhost -p 4444 -X -n \ -D "cn=directory manager" -w password \ --publisher-name File-Based\ Access\ Logger --set log-format:combined
And now instead of having 2 lines per operations, there is a single one.
[23/Feb/2015:08:56:31 +0100] SEARCH REQ conn=0 op=4 msgID=5 base="cn=File-Based Access Logger,cn=Loggers,cn=config" scope=baseObject filter="(objectClass=*)" attrs="1.1" [23/Feb/2015:08:56:31 +0100] SEARCH RES conn=0 op=4 msgID=5 result=0 nentries=1 etime=0 [23/Feb/2015:08:56:31 +0100] SEARCH REQ conn=0 op=5 msgID=6 base="cn=File-Based Access Logger,cn=Loggers,cn=config" scope=baseObject filter="(objectClass=*)" attrs="objectclass" [23/Feb/2015:08:56:31 +0100] SEARCH RES conn=0 op=5 msgID=6 result=0 nentries=1 etime=0
After, in combined mode:
[23/Feb/2015:13:00:28 +0100] SEARCH conn=48 op=8215 msgID=8216 base="dc=example,dc=com" scope=wholeSubtree filter="(uid=user.1)" attrs="ALL" result=0 nentries=1 etime=0 [23/Feb/2015:13:00:28 +0100] SEARCH conn=60 op=10096 msgID=10097 base="dc=example,dc=com" scope=wholeSubtree filter="(uid=user.6)" attrs="ALL" result=0 nentries=1 etime=0
The benefits of enabling the combined log format are multiple. Less data is written to disk for each operation, less I/O operations are involved, resulting in overall better throughput for the server. And it allows to keep more history of operations with the same volume of log files.
Do you think that OpenDJ 3.0 access log files should use the combined format by default ?
Today marks the 5 years anniversary of ForgeRock !
5 years and the company counts over 250 employees, over 500 customers, and more than half a billion of identities protected by our ForgeRock Identity Stack ! By the way, this is just the beginning… Feeling like you want to be part of it ? We’re growing and hiring !
I do remember celebrating the 1st anniversary, with less than 20 people and a cake, in a small hotel south of Portugal…
What an amazing journey ! Thanks Hermann,Jonathan, Lasse, Steve and Victor for bootstrapping the company and giving us the opportunity to join, work hard and have fun ! Happy anniversary to the 5 of you !
OpenDJ, the LDAP directory services in Java, is supported on multiple platforms and has been for many years. We’re testing on Linux, Windows, Solaris, Mac OS X, but also different JVMs: Oracle JRE, OpenJDK, Azul Zulu, IBM JVM…
With OpenDJ 2.6, we’ve made it easier for people to install it on Linux machines by providing RPM and Debian packages.
We are now also providing a MSI package to ease the installation and removal on Windows machines. The MSI package is available for nightly builds here.
Thanks to Chris Lee, the most recent technical writer at ForgeRock, there is now a new visual design for the snapshot documentation for our open source projects.
Check it out on the OpenDJ Administration Guide, the OpenDJ SDK Developer’s Guide, the OpenIDM Integrator’s Guide or the Guide to OpenIG…
The new year is well engaged, but it’s still time for me to give you my best wishes for 2015…
May this new year bring you (more) love, happiness, success… And a peaceful journey towards your personal or professional goals !
The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.
Here’s an excerpt:
The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 34,000 times in 2014. If it were a concert at Sydney Opera House, it would take about 13 sold-out performances for that many people to see it.