DSEE 6.1 qualified with Sun Cluster 3.2…

SC3.2 Console Sun Java System Directory Server Enterprise Edition 6.0 delivered a Sun Cluster HA agent for Directory Server that was qualified with Sun Cluster 3.1 (which is the version in Java Enterprise System 5).

We’ve done a quick round of sanity tests of Sun Java System Directory Server 6.1 with Sun Cluster 3.2, and we can now claim the combination officially supported.

There is still a defect with Directory Server 6.1 that prevents the server from starting when SC 3.2 has been installed on a machine ( defect #6563445: Directory Server fails to start if rlimit is set to infinity). This defect has been fixed in the coming 6.2 version. Meanwhile Sun support organization will be happy to deliver a hot-fix for this on demand.

Technorati Tags: , , ,

A guided tour of the DSEE documentation set…

0595352170M

Mark, my office mate and long time technical writer in the Directory Services team, has just posted a detailed description of the Directory Server Enterprise Edition 6 documentation set. If you’re looking for information about DSEE and don’t know where to start from, I suggest that you go there and save a reference to it.

Technorati Tags: , , , ,

Saving Harry Potter…

I was out this week-end and when I came back yesterday evening, the expected brown box was waiting for me in the mailbox. So I opened it religiously and took a long look at the cover. And I put down the book on the pile of books that I will be taking with me for my vacations, begining of August. Oh yes, I am curious to see what will happen to Harry and how the story is ending, but I’m not that desperate that I can’t wait for a couple of weeks. At least then I will have the time to read chapters after chapters with limited distraction and interruptions. A good way to forget about the office and dive into vacation mode… I’m looking forward to it.

Img 0318

Technorati Tags: ,

OpenDS presentation at LDAPcon 2007

I’ve just received the confirmation that my proposal for an OpenDS presentation at the 1st International LDAPv3 Conference has been accepted.

The list of all presentations has been published. There will be a good representation of the LDAP community with most open source projects, commercial products and Ph.D. candidates.

I hope to see many of you in Cologne (Köln) early September.

Technorati Tags: , , , , ,

Over 80 bugs killed in over a week…

Two weeks ago, I announced the OpenDS Summer 2007 Bugfest.

The bug hunt ended last Friday and it’s been a quite successful week with exactly 84 bugs being fixed during these 10 days (including the US and French public holiday), by 14 different committers. This effort led to the first weekly build of what will be the 1.0 version of OpenDS.

While the Sun team was strongly encouraged by management to participate, we’ve seen little involvement of the community.

This is certainly a sign that we still have a lot of work to do to broaden the community, get it involved, and for us to be more transparent and open.

As a small step in that direction, I’ve started to daily join the #opends IRC chat room on Freenode.net, and to encourage participation from my co-workers. Time will tell if this helps…

Technorati Tags: , ,

A long awaited feature…

Directory Server Enterprise Edition 6.x is built on SleepyCat Berkeley DB for the storage of the LDAP entries and indexes…

For many years, customers have requested that we provide a way to shrink the database files, reclaiming unused pages. Well, the version of the SleepyCat BDB that we are using with DS 6.1 now has a public API that offer this capability and we’ve added the feature in DSEE 6.1. There is now a new subcommand for dsadm the offline DS management CLI: repack.

The usage is the following:

ludo:dsee63 > ds6/bin/dsadm repack --help
Usage: dsadm repack [ -b ] INSTANCE_PATH SUFFIX_DN [SUFFIX_DN ...]
Repacks existing suffix
The accepted value for OPTIONS is:
-b, --backend
Enables to specify backend name instead of SUFFIX_DN
For global options, use dsadm --help.
INSTANCE_PATH  Path of the Directory Server instance
SUFFIX_DN      Suffix DN (Distinguished Name) to repack
For more information, see dsadm(1M).

It operates on a Suffix and all DB files for this suffix are compacted. This includes the main data file (id2entry), all index files but also the replication changelog file if the suffix is Replicated and configured as a Master or Hub Replica. The compaction will process up to 8 files in parallel, each in its own thread.

Because database compaction is very IO intensive and requires exclusive access to the database, the Directory Server must be stopped to run this.

The time to do the compaction varies a lot depending on the overall size of the database, the number of updates done on the data since the creation of the suffix or last compaction, and mostly the performance of the disk subsystem. Or course, the larger the DB and the more changes, the longer it’ll take but the more it’ll regain disk space. In our experience with a database of approximately 10 million entries and many changes done since creation, the compaction process took approximately a couple of hours (on a v20 z).

Definitely, database compaction is not something that you want to run in your weekly maintenance routine. The downtime of Directory Server may be too long. But if the available disk’s space is getting close to the low watermark, it is worth stopping the server and reclaiming some of the space, before thinking of expanding the disk partition.

Below is an example of the dc=example,dc=com DB files before and after compaction, and the commands used to do the compaction: stop the server, compact, start the server.

ludo:dsee63 > ll instances/ds1/db/example/
total 3640
drwx------   2 lpoitou  icnc        1536 Jul  3 10:45 .
drwxr-xr-x   3 lpoitou  icnc         512 Jul  9 17:39 ..
-rw-------   1 lpoitou  icnc          38 Jul  3 10:45 DBVERSION
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_aci.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 17:39 example_ancestorid.db3
-rw-------   1 lpoitou  icnc      147456 Jul  9 17:39 example_cn.db3
-rw-------   1 lpoitou  icnc      122880 Jul  9 17:39 example_entrydn.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_givenName.db3
-rw-------   1 lpoitou  icnc      835584 Jul  9 17:39 example_id2entry.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_mail.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_mailAlternateAddress.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_mailHost.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_member.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_nsCalXItemId.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_nscpEntryDN.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_nsds5ReplConflict.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_nsLIProfileName.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_nsRoleDN.db3
-rw-------   1 lpoitou  icnc      131072 Jul  9 17:39 example_nsuniqueid.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_nswcalCALID.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_numsubordinates.db3
-rw-------   1 lpoitou  icnc       32768 Jul  9 17:39 example_objectclass.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_owner.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 17:39 example_parentid.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_pipstatus.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_pipuid.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_pwdaccountlockedtime.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_pwdfailuretime.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_pwdgraceusetime.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_seeAlso.db3
-rw-------   1 lpoitou  icnc      139264 Jul  9 17:39 example_sn.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_telephoneNumber.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_uid.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_uniquemember.db3
ludo:dsee63 > ds6/bin/dsadm stop /local/demo/dsee63/instances/ds1
Server stopped
ludo:dsee63 > ds6/bin/dsadm repack /local/demo/dsee63/instances/ds1 dc=example,dc=com
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example'
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', LDAP entries, size 827392 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index aci, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index ancestorid, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index ancestorid finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index aci finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index cn, size 139264 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', LDAP entries finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index cn finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index mailHost, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index mailHost finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index member, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index member finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsCalXItemId, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsCalXItemId finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nscpEntryDN, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nscpEntryDN finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsds5ReplConflict, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsds5ReplConflict finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsLIProfileName, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsLIProfileName finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsRoleDN, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsRoleDN finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsuniqueid, size 122880 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nswcalCALID, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nswcalCALID finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index nsuniqueid finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index entrydn, size 122880 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index numsubordinates, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index numsubordinates finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index entrydn finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index givenName, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index givenName finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index parentid, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index parentid finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pipstatus, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pipstatus finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pipuid, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pipuid finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pwdaccountlockedtime, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pwdaccountlockedtime finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pwdfailuretime, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pwdfailuretime finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pwdgraceusetime, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index pwdgraceusetime finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index seeAlso, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index seeAlso finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index sn, size 131072 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index uid, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index uid finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index sn finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index owner, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index owner finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index telephoneNumber, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index telephoneNumber finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index uniquemember, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index uniquemember finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index mail, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index mail finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index mailAlternateAddress, size 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index mailAlternateAddress finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index objectclass, size 32768 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example', index objectclass finished, size now 16384 bytes.
[10/Jul/2007:14:11:46 +0200] - Repacking backend 'example' ended.
[10/Jul/2007:14:11:46 +0200] - Repack finished.
[10/Jul/2007:14:11:46 +0200] - Waiting for 6 database threads to stop
[10/Jul/2007:14:11:47 +0200] - All database threads now stopped
ludo:dsee63 > ll instances/ds1/db/example/
total 1000
drwx------   2 lpoitou  icnc        1536 Jul  3 10:45 .
drwxr-xr-x   3 lpoitou  icnc         512 Jul 10 14:11 ..
-rw-------   1 lpoitou  icnc          38 Jul  3 10:45 DBVERSION
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_aci.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_ancestorid.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_cn.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_entrydn.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_givenName.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_id2entry.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_mail.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_mailAlternateAddress.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_mailHost.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_member.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nsCalXItemId.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nscpEntryDN.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nsds5ReplConflict.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nsLIProfileName.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nsRoleDN.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nsuniqueid.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_nswcalCALID.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_numsubordinates.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_objectclass.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_owner.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_parentid.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_pipstatus.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_pipuid.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_pwdaccountlockedtime.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_pwdfailuretime.db3
-rw-------   1 lpoitou  icnc       16384 Jul  9 16:38 example_pwdgraceusetime.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_seeAlso.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_sn.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_telephoneNumber.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_uid.db3
-rw-------   1 lpoitou  icnc       16384 Jul 10 14:11 example_uniquemember.db3
ludo:dsee63 > ds6/bin/dsadm start /local/demo/dsee63/instances/ds1
Server started: pid=15983
ludo:dsee63 >

Technorati Tags: , ,

12 years under the Sun

Today marks my 12th anniversary with Sun.

12 years is a long time, and probably more than I anticipated initially when I joined the company in 1995.

But I’ve been and I am still having a lot of fun, working on a pretty successful product, in a beautiful environment and with very smart people.

Sun Directory Server was started in the Grenoble Engineering Center -GEC- (called International Center for Network Computing – ICNC – at that time) in 1996. The team has evolved a lot with the Sun / Netscape Alliance, the merge with the Innosoft Directory team and all of the yearly re-organizations. But the largest part of Directory Services Engineering remains in Grenoble (well a few kilometers outside Grenoble, in Montbonnot more specifically) where we continue developing both DSEE and OpenDS.

Meanwhile Sun’s facilities have evolved as well. In a celebration mood for this anniversary, here are all the buildings I’ve been working in for the last 12 years.

Dcp 1656Dcp 1663Dcp 1721Dcp 6547

I think I’ll be around for a few more years, as I’ve found a good balance between a highly motivating working environment (and project), and quality of life in the Alps…

Dcp 6599

Technorati Tags: , ,

OpenDS project tracked in ohloh

OhlohA couple of months ago, I’ve added the OpenDS project to Ohloh, to track information related to the OpenDS community.

The Ohloh OpenDS website provides links and news about OpenDS project, direct access to the Download area, license information and metrics such as number of developers, commits statistics per day and per developer, number of lines of code and much more.

If you are using OpenDS, please add it to your stack on Ohloh, show us where you are located. And if you want to provide a user review, you’re more than welcome.

Technorati Tags: , ,

Deploying Directory Service Control Center in Glassfish v2…

Directory Server Enterprise Edition 6.1 introduced the ability to deploy the Console GUI (Directory Services Control Center alias DSCC) in any supported Application Server when installing using the Zip distribution (with Native distribution, aka Java ES installation, DSCC is deployed in Sun Web Console and already fully functional).

Note that as of today only Sun Application Server 8.2 and Tomcat 5.5 are supported.

So here’s a description on how to install DSEE 6.1, deploy DSCC in Glassfish v2 and use it to create new instances of Directory Server.

Installing DSEE 6.1

Download the DSEE 6.1 full install tar.gz file.

Expand it in a temporary directory.

/tmp/dsee61 > ls
dsee_data    dsee_deploy  idsktune

Install DSEE. With DSEE 6.1, there is no longer the choice to install just a part of DSEE. All binaries are installed, but no service is running. It will be up to you to chose which service (DS or DPS…) to enable and configure.

The -I option prevents interaction and does an implicit approval of the license. The -N option removes the checks for cacao ports, and does not enable it, although it is configured.

/tmp/dsee61 > dsee_deploy install -i /local/demo/dsee61 -I -N
Sun Microsystems, Inc. ("Sun") SOFTWARE LICENSE AGREEMENT ("SLA") and
ENTITLEMENT for SOFTWARE
... < Full license text here> ...
By using the --no-inter option, you have implicitly accepted the license
Checking running Directory Server instances
Checking running Directory Proxy Server instances
Unzipping sun-ldap-base.zip ...
Unzipping sun-ldap-dsrk6.zip ...
Unzipping sun-ldap-dsrk-man.zip ...
Unzipping sun-ldapcsdk-tools.zip ...
Unzipping sun-ldapcsdk-dev.zip ...
Unzipping sun-ldap-ljdk.zip ...
Unzipping sun-ldap-jre.zip ...
Unzipping sun-ldap-shared.zip ...
Unzipping sun-ldap-shared-l10n.zip ...
Unzipping sun-ldap-directory.zip ...
Unzipping sun-ldap-directory-l10n.zip ...
Unzipping sun-ldap-directory-config.zip ...
Unzipping sun-ldap-directory-man.zip ...
Unzipping sun-ldap-directory-dev.zip ...
Unzipping sun-ldap-mfwk.zip ...
Unzipping sun-ldap-cacao.zip ...
Unzipping sun-ldap-console-agent.zip ...
Unzipping sun-ldap-console-cli.zip ...
Unzipping sun-ldap-console-common.zip ...
Unzipping sun-ldap-console-var.zip ...
Unzipping sun-ldap-jdmk.zip ...
Unzipping sun-ldap-directory-client.zip ...
Unzipping sun-ldap-directory-client-l10n.zip ...
Unzipping sun-ldap-proxy.zip ...
Unzipping sun-ldap-proxy-l10n.zip ...
Unzipping sun-ldap-proxy-man.zip ...
Unzipping sun-ldap-proxy-client.zip ...
Unzipping sun-ldap-proxy-client-l10n.zip ...
Unzipping sun-ldap-console-gui.zip ...
Unzipping sun-ldap-console-gui-help.zip ...
Unzipping sun-ldap-console-gui-l10n.zip ...
Unzipping sun-ldap-console-gui-help-l10n.zip ...
Creating WAR file for Console
Configuring Cacao at /local/demo/dsee61/dsee6/cacao_2
Setting Cacao parameter jdmk-home with default value [/local/demo/dsee61/dsee6/private]
Setting Cacao parameter java-home with default value [/local/demo/dsee61/jre]
Setting Cacao parameter nss-lib-home with default value [/local/demo/dsee61/dsee6/private/lib]
Setting Cacao parameter nss-tools-home with default value [/local/demo/dsee61/dsee6/bin]
Registering console agent into cacao
Registering JESMF agent into Cacao
You can now start your Directory Server Instances
You can now start your Directory Proxy Server Instances

Configuring Glassfish v2

I installed Glassfish v2 beta 2 build (downloaded from here <https://glassfish.dev.java.net/downloads/v2-b41d.html&gt; , following the installation instructions)

Add the following lines in the {install-dir}/domains/domain1/config/server.policy file

// Permissions for Directory Service Control Center
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/DSCC/-"
{
permission java.security.AllPermission;
};

Deploying the web application from the local directory

Once Glassfish has been installed and started, log onto the console (default is http://localhost:4848/).

DsccdeploySelect the Application / Web Applications and click the Deploy button.

Select the Location and a Local packaged file or directory. Browse the disk to locate the dscc.war file (or type the full path directly: /local/demo/dsee61/var/dscc6/dscc.war).

Set the application name to DSCC (same as in the server.policy file).

Click Ok.

Tuning and starting Cacao

Cacao is a Agent container that is available by default on Solaris systems and has been ported to all Java Enterprise System supported platforms. On Solaris or if you have multiple installations of DSEE on the same host, you need to tune Cacao and more specifically the ports it listens to.

ludo:cacao_2 > pwd
/local/demo/dsee61/dsee6/cacao_2
ludo:cacao_2 > ./usr/sbin/cacaoadm stop
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param snmp-adaptor-port=21161
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param snmp-adaptor-trap-port=21162
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param jmxmp-connector-port=21162
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param commandstream-adaptor-port=21163
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param  rmi-registry-port=21164
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param secure-webserver-port=21165
ludo:cacao_2 > ./usr/sbin/cacaoadm start

Note that you may not need to change all ports (most of them are unused), but it’s safer.

DSCC makes only use of the jmxmp-connector-port

Initializing DSCC

We’re almost done. But before using the console, it is still needed to initialize some parts of the system.

ludo:dsee61 > pwd
/local/demo/dsee61
ludo:dsee61 > dscc6/bin/dsccsetup initialize
***
DSCC Application cannot be registered because it is not installed
***
DSCC Agent is already registered
***
Choose password for Directory Service Manager:  aPassword
Confirm password for Directory Service Manager:  aPassword
Creating DSCC registry...
DSCC Registry has been created successfully
***

Using DSCC

You can either select the Web Application and click on Launch in the Glassfish Administration GUI

Or open your browser and type the DSCC app URL : http://ludo.france:8080/dscc

Authenticate as admin and Directory Service Manager’s password (the one specified during the DSCC initialization).

And you can now create new Directory instances from the Console…

Dsccnewds Dsccnewdsdone

Or register an existing instance to DSCC Registry:

ludo:dsee61 > dscc6/bin/dsccreg add-server /local/demo/dsee61/instances/ds1
Enter DSCC administrator's password:
/local/demo/dsee61/instances/ds1 is an instance of DS
Enter password of "cn=Directory Manager" for /local/demo/dsee61/instances/ds1:
This operation will restart /local/demo/dsee61/instances/ds1.
Do you want to continue ? (y/n) y
Connecting to /local/demo/dsee61/instances/ds1
Enabling DSCC access to /local/demo/dsee61/instances/ds1
Restarting /local/demo/dsee61/instances/ds1
Registering /local/demo/dsee61/instances/ds1 in DSCC on localhost.

Once it is registered, it can be managed with DSCC.

Technorati Tags: , , ,

OpenDS on its way to 1.0

As Neil posted on Monday, OpenDS version 0.9 has been released.

You can now install it with the QuickSetup tool or download the Zip file.

For more information on what’s new in this release, Neil posted some highlights of the changes, or you can read the detailed information.

OpenDS is on its way for its first official complete release (i.e. 1.0). There is still a lot of work to do, and we will have multiple weekly builds, beta builds before releasing it.

But to start with, we are targetting bugs with the first OpenDS Summer 2007 Bugfest. All contributions are accepted, it’s your chance to win a gift certificate to your favorite electronics store.

Technorati Tags: ,

More than just a Directory Server…

Sun Java System Directory Server Enterprise Edition 6.1 is the most recent version of our product, released a couple of weeks ago.

It seems that very few customers have realized that the product is more than just a directory server. In fact, DSEE is a complete Directory Services offering and includes:

  • A high performance, secure and scalable Directory Server
  • A fully featured Directory Proxy Server that offers security, data rewriting, load balancing, data distribution and virtual directory functionalities
  • A Directory Service oriented web based Console to manage from a single place all your Directory Server and Directory Proxy Server instances
  • A customizable, web based directory entry management et editing tool: Directory Editor
  • A users, passwords and groups synchronization with Active Directory engine: Identity Synchronization for Windows (ISW)
  • Directory Server Resource Kit, a set of tools and API to help with the deployment, testing of DSEE.

Dsee Overview

By the way, all of the parts are covered with the DSEE right to use license (either per entry, or per employee for the Java ES license). No need to pay more if you have a directory server deployed and you want to use Directory Editor or Directory Proxy Server.

Technorati Tags: , , ,

Jazoon

DSC_6592.NEF The first Jazoon conference took place last week in Zurich Switzerland. It has been a good and well organized conference, quite well attended, especially for a first one. I was told that there were over 600 registered attendees. The conference was hold in a movie theatre which has 2 majors advantages: the presentations are projected on huge screens and are easily readable by anyone even the ones sitting at the very back of the room, and very comfortable seats for the attendees.

I attended presentations from, among others, Harold Carr on project Tango also known as Web Services Interoperability Technology, Paul Sandoz (also co-worker from the Grenoble Engineering Center, France) on JAX-RS, the Java API for RESTful web services, Dean Allemang on Semantic Web, RDF, RSS and microformats.

DSC_6591.NEFThe keynote by Roy T. Fielding was quite informative for me, as it really put some hyped terms (such as REST) in their historical context (as my main focus is around LDAP, I had not closely followed the “internals” of the Web).

But most of all, conferences are a place for networking, meeting co-workers from other locations, meeting users or customers of our products and exchanging ideas, solutions…

My presentation about OpenDS was scheduled for this morning. The attendance was not as high as I could have expected, but I was challenged by Henry who was talking at the same time on Web 3.0 (the semantic web). Anyway, presentation went well, some of the questions showed some interest in OpenDS and understanding how it compares to the other LDAP servers. I ended up discussing with one application developer interested in learning more on embedding OpenDS in his web-application.

Overall, it was a good week and a good conference not too far away from home, but it is unsure that we will be presenting again OpenDS progress next year.

Technorati Tags: , , ,

DSEE availability with Zones.

There are different ways to obtain high availability for a Directory Service. One is to deploy Directory Server in a Cluster. Another one is to deploy 2 instances of the Directory Server and have them replicate to each other in a multi-master replication topology.

But even when using a hardware load balancer, you may want to front your Directory Server instances with a pair of load-balanced Directory Proxy Servers.

This way, you have physical redundancy at the load balancer level, and intelligent LDAP-aware load balancing at the proxy server level.

Directory Proxy Server 6 is very nice in that you can split binds, searches, and updates amongst several DS instances, and the connection state is maintained by the proxy, not the DS instance. So if a DS instance fails or is stopped for maintenance, the application isn’t forced to rebind, the proxy fails-over to another DS for writing or reading (*).

With Solaris 10 and Solaris Containers, you can do this on a pair of systems, each with a zone for a replicated Master DS, and another zone each for a DPS instance. The DPS instances are configured to load balance the authentication,read, write operation among the DS master zones.

This works out very well for some of our customers.

* – The failover does not work for searches that are already in progress and for which entries have been returned already. And it does not work either with Persistent searches.