OpenDS 1.3.0-Build002 is now available

Opends Logo TagWe have just uploaded OpenDS 1.3.0-build002, built from revision 5124 of our source tree, to our promoted builds folder.

The direct link to download the core server is:

The direct link to download the DSML gateway is:

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL, or visit for more i


Detailed information about this build is available at

Upgrade from 1.0 or 1.2 is still broken, but upgrade from 1.3.0-build001 should work.

Major changes that have been incorporated since the last promoted build (OpenDS 1.3.0-build001) include:

  • Revision 5052 (Issue #3823) – Correct an issue that caused the ds-privilege-name to cause an unchecked exception.
  • Revision 5054 (Issue #3832) – Provide ergonomics style settings for common server properties.
  • Revision 5055 (Issue #3831) – Add dsconfig support for a NullBackend.
  • Revision 5058 (Issue #3824) – Fix a null pointer exception that occurred if an offline import was done on an NDB back end.
  • Revision 5059 (Issue #3821) – NDB back end – do not normalize user provided DN forms when storing.
  • Revision 5060 (Issue #3816) – Fix a problem with replication when uppercase characters were included in DNs.
  • Revision 5061 (Issue #3851) – Force the monitor back end to return parent monitoring entries before their children.
  • Revision 5062 (Issue #3804) – Improve replication monitoring.
  • Revision 5064 (Issue #3678) – Prevent dsconfig from displaying the corresponding command when the –displayCommand option is not specified.
  • Revision 5066 (Issue #3860) – Fix a problem that prevented the server from finding a certificate in a JKS keystore if the alias contained uppercase characters.
  • Revision 5067 (Issue #2993) – Print the server’s runtime information in the logs when the server is started by the setup command.
  • Revision 5070 (Issue #3861) – Update the control panel to handle the new monitor attributes.
  • Revision 5071 (Issue #3764) – Fix a problem that caused the server to hang when the replication configuration was changed during a total update.
  • Revision 5072 (Issue #839) – Add a specific code for LDAPException handling.
  • Revision 5074 (Issue #3863) – Fix a dsconfig exception when trying to set the subject attribute in a Subject DN To User Attribute Certificate Mapper.
  • Revision 5079 – Fix indexed search scoping.
  • Revision 5083 (Issue #3525) – Ensure that attribute modifications are replicated for modDN operations.
  • Revision 5085 (Issue #3837) – Fix a problem that caused a subtree ldapsearch operation to return the same result twice.
  • Revision 5086 – Simplify index configuration and add configuration placeholders for future use.
  • Revision 5087 (Issue #3402) – Fix a replication conflict resolution issue that caused a failure to resolve a double mod_rdn of the same entry.
  • Revision 5088 (Issue #3714) – Ensure the ldapsearch returns exit code 10 when it receives a referral.
  • Revision 505091 (Issue #3873) – Fix a problem that caused certain commands to use the of other commands.
  • Revision 5095 (Issue #3300) – Fix a problem that prevented the server from starting if the back end of a replicated suffix was disabled.
  • Revision 5099 (Issue #3315) – Fix a problem that caused dsreplication initialize-all to return before the peer had completed initialization.
  • Revision 5104 (Issue #3853) – NDB back-end : make sure that blob handles are wired to their result sets to prevent out of order retrieval when iterating.
  • Revision 5105 (Issue #3886) – Fix an issue that prevented online import-ldif from using the skipfile.
  • Revision 5107 (Issue #3877) – Fix an unexpected error that occurred when enabling safe_data mode.
  • Revision 5110 (Issue #3854) – Fix various issues that caused uninstall to fail on Windows, due to log files.
  • Revision 5112 (Issue #3887) – Fix a problem that caused changes in the dynamic assured replication configuration to cause timeouts.
  • Revision 5113 (Issue #3829) – Fix a problem that occurred when dsreplication enable was used with “localhost” as the host name for –host1 and –host2.
  • Revision 5115 (Issue #3833) – Fix a corrupt index in a replication topology.
  • Revision 5117 (Issue #3827) – NDB back end : fix a problem that prevented the NDB back end from being enabled dynamically with dsconfig.
  • Revision 5119 (Issue #3889) – Allow replicas to know about the state of the other replicas in the topology.
  • Revision 5122 (Issues #3884 and 3867) – Fix two issues that prevented GSSAPI SASL authentication from working as expected.

Technorati Tags: , , , , ,

OpenDS, Sun Labs and Java teams collaborate on performances

Opends Logo TagIn the past months, Matthew Swift, OpenDS core server lead developer, has been focusing most of his work on improving OpenDS server’s performances, trying to leverage as many tools as he could.

DukewithhelmetSometime, tools are not enough, and Matt started to discuss with Laurent Daynes, researcher on multitasking virtual machines and also based in the Sun Grenoble Engineering Center, about some strange behaviors of the JVM when trying to benchmark OpenDS with huge databases and caches. A few weeks after, Tony Printezis, expert in the Garbage Collector, came to Grenoble and got interested in our project and experiences. For the last few months, they’ve been working together, exchanging instrumented JVM, logs, results and ideas… The exchanges are valuable for both the HotSpot JVM team and the OpenDS team, as together we’re really pushing Java and OpenDS to the limits, with a real case scenario.

For the OpenDS team, being able to tap in directly into the brains behind Java or ZFS, is a huge advantage.

You can find more details on Matt’s blog.

Technorati Tags: , , , , ,

Alive and Kicking…

Opends Logo Tag
The OpenDS project was launched almost 3 years ago, and while it took us some time to release a first stable release and we had a hiccup, the project has been constantly active.

An illustration of the activity can be found on but unfortunately those statistics are not refreshed on a regular basis and the OpenDS ones haven’t been updated since August 2008.

Another illustration is this colorful visualization of the history of commits in the OpenDS source code repository, also known as CodeSwarm, that I’ve put together. Simply enjoy !

Technorati Tags: , , , , ,

LDAP Directory Services performance: optimize the filesystem cache !

Getting the best performance of an LDAP directory server is a difficult task as there are many parameters to take into account, especially with the hardware itself. The CPU clock matters for processing thousands of requests per second as fast as possible. The amount of memory controls how much caching can be done for optimization. The storage subsystem has has some importance on both read and write operations, both in term of throughput and response time. The network interfaces sets how fast to read and respond to client applications.

But the filesystem and how it is configured is also proven to be part of the equation.

Brad Diggs, aka “The Zone Manager” and Senior Directory Architect,has posted a long, detailed and extremely well written article on Filesystem cache optimization strategies, comparing UFS and ZFS, providing tuning tips for both of them.

To quote one of my co-worker:

“after I applied some of those changes, we went from 850 modifications per second to 1100 modifications per second, but more importantly the variation was drastically reduced, providing more constant performance”.

If you’re looking to optimize the performances of Sun Directory Server, or even OpenDS, this article is a must read, and make sure you keep a bookmark on it.

Technorati Tags: , , , , ,

OpenDS Tab Sweep March 17

I’m not doing regular tab sweep but there has been several interesting things said on or about OpenDS in the last few days.

Technorati Tags: , , ,