OpenDS and LDAP naming services on the Identity Buzz Podcast

IdmbuzzbeeTwo weeks ago, Nick Wooler and I talked about LDAP Naming Services and OpenDS in a new episode of the famous Identity Management Buzz Podcast. We cover the basics of Naming services, why LDAP naming services are the way to go and how OpenDS fits in this picture, for Solaris, OpenSolaris but also the other operating systems.

For more information, you can check the Identity Management Starter Kits for using OpenDS as the OpenSolaris Naming Service.

To learn more about OpenDS, go to the open source main web site

Technorati Tags: , , , , , , ,

My vote for the iPhone App of the year !

I haven’t been an early adopter of the iPhone, mostly because it only became available in France with the 3G model, but since I bought mine I’ve been really pleased with it (apart from the short battery lifetime). Like most iPhone users, I’ve downloaded and added a few apps, but I’ve been reluctant to pay for apps that I couldn’t try before…

Until yesterday !

Yesterday, Anton Bobrov, a co-worker and developer on the OpenDS project, still maintainer of the Netscape LDAP SDK, told me that his Directory application was available on the App Store. I knew it was it the work, and knowing Anton I was expecting some pretty well crafted application.

Indeed, Directory is a simple, clean and lean LDAP query application that allows iPhone and iPodTouch users to search their corporate directory servers (or LDAP savvy developers to test their development server ;-).). Directory provides secure access and authentication to the server and allows to dial, email or add contacts in the local address book.

I’m currently using it to access Sun‘s externally accessible phone directory, but I’ve tested it successfully with both Sun Directory Server and OpenDS.

ZEN Directory App for iPhoneZEN Directory App for iPhone and iTouch

Here’s the settings that I’ve used (once you’ve installed the Directory application, there is a "Directory" section in the Settings application).

Identity: cn=John Smith (12345),ou=people,dc=sun,dc=com

[your Sun ID should be enclosed in brackets and watch the spaces]

Password: My Sun password


(Keep the remaining untouched).

Thanks Anton for this long desired application which will save me a lot of time in the future. May I request the ability to have multiple LDAP accounts and easily switch from one to another ?

Technorati Tags: , , , ,

Directory experts from the US meet in Somerset.

Nick Wooler presenting at Sun Directory Masters 2009 in NJYesterday and today, we’re hosting the US version of the Sun Directory Masters in Somerset NJ. Despite the weak economy and the swine flu, over 40 sales engineers, consultants, software architects met to discuss with the lead developers from the Directory engineering team, the coming features of Sun Directory Server Enterprise Edition 7 and Sun OpenDS Standard Edition 2.0.

With an agenda very similar to the Grenoble event, yesterday we’ve covered the Directory landscape, the Directory Services products roadmap, performances and new deployment scenarios offered with the new products. Today, we’re discussing Sun OpenDS Standard Edition 2.0, its performances, tools to transition legacy directory services to new deployments, benchmarking tools… We also have presentations done by our partners like Bill Hathaway from Versatile or our own field engineers or architects like Brad Diggs, Michael Melore (trying to entertain the attendance at lunch break), Wajih Ahmed or Lee Trujillo (as pictured during his talk below).

Michael Melore, Master of ceremony at the Directory Masters in Somerset NJLee Trujillo talking DirTracer at the Directory Master event in Somerset NJ

Technorati Tags: , , , , , , ,

OpenDS Tab Sweep April 27

It’s been a while since I last swept my browser’s tabs. OpenDS is being used and mentioned more and more those days.

  • Masoud Kalali, in the Java zone of, wrote a long and detailed article demonstrating how to do end to end security with JavaDB. One of the mechanism for securing the access to the database is LDAP based authentication and authorization and Masoud details how to use OpenDS to enable this.
  • In the Architects zone of, Masoud again published an interview with me (yeah, I know, but a little bit of self promotion never hurts) about the OpenDS project and Sun Directory Server Enterprise Edition.
  • Johan Andersson, wrote a blog post on the subject of LDAP and MySQL Cluster, describing some of the work we’ve done in the OpenDS project (and that has also been conducted in OpenLDAP).
  • On a different note, I came accross the Ldap Synchronization Connector (LSC) open source project (under the BSD license), delivering tools to to synchronize a LDAP directory from a list of data sources including any database with a JDBC connector, another LDAP directory, flat files… LSC seems a pretty new and confidential project, yet they are listing a few real customers based deployments. LSC is written in Java, and uses OpenDS as an embedded directory server.
  • OpenDS on Amazon EC2. An Amazon Machine Image (AMI) built on the OpenSolaris AMI, with OpenDS pre-installed and ready to use is now available and supported. This was announced along with AMI for GlassFish and OpenSSO.

Technorati Tags: , , , ,

Meeting the OpenDS and OpenSSO teams…

The OpenSSO and OpenDS communities will be gathering twice in the coming months.

In an “unconference” format, join us for a day or half-day of discussions and presentations with users, deployers and developers of our identity related open source projects.

May 5, 2009 in Munich.

This second OpenSSO Community Day will take place at the Deutschen Museum, München (Munich), Germany, kindly hosted by the European Identity Conference 2009.

If you haven’t done so, it is still time to register, but hurry up, there are few remaining seats.

And suggest your ideas, proposals for presentations on the OpenSSO Community Wiki page.

Note that OpenSSO Community Day attendees are eligible for a 20% discount on registration for the European Identity Conference. Quote discount code OPENSSO when registering.

May 31, 2009 in San Francisco, just before CommunityOne and JavaOne.

The third OpenSSO Community Day will be at the Moscone Center, San Francisco, CA, immediately before the CommunityOne West and JavaOne conferences.

Still in an ‘unconference’ format, the agenda includes all of Sun’s open source identity projects: OpenDS, OpenSSO and Identity Connectors. Suggest your ideas, proposal for presentations at

Technorati Tags: , , , , ,

MySQL, data and LDAP access

MySQL Conference & Expo 2009

LDAP and RDBMs have often been opposed in the past with LDAP being the preferred service for fast frequent lookups, authentication and authorization, and RDBMs being the preferred service to write large data, updated frequently, mined some time to time.

But both technologies have some things in common: they are data stores and they are heavily used. And often, within an enterprise or a service provider, the data stored in the RDBMs is duplicated from the LDAP directory service (or vice-versa).

So there is an interest in sharing the data between RDBMs and LDAP. There are different ways to achieve this.

At the MySQL conference on April 20-23, 2009, we will be holding a BoF session to discuss how to make use of LDAP with MySQL databases, with Sun products : Sun Directory Server Enterprise Edition and OpenDS.

I hope to see you there.

Technorati Tags: , , , , , , ,

Hallo OpenDS ! Cześć OpenDS ! Hola OpenDS !

OpenDS, LDAP directory server. Open Standards, Open SourceCommunities are amazing. A day after we announced the Translation Community for the OpenDS project, we’ve already added 3 languages to the ones already set.

So I’m please to announce the availability in the Community Translation Interface, the OpenDS German translation project, the OpenDS Spanish translation project and the OpenDS Polish translation project.

OpenDS Gemeinschaft für Deutsch Übersetzung ist nun offen

OpenDS comunidad para la traducción español ya está abierto

OpenDS społeczność niemiecki tłumaczenie jest już otwarty

Disclaimer : those 3 translation above are computer generated, unlike the OpenDS community let translations !

General discussion are taking place on the G11N alias <> but language specific mailing lists have been created to discuss in native languages the details:

  • For German :
  • For Spanish :
  • For Polish:

Please subscribe to the mailing lists if you intend to participate. And many thanks to the OpenDS community members that have already signed up.

Technorati Tags: , , , , ,

OpenDS 1.3.0-Build004 is now available

Opends Logo TagWe have just uploaded OpenDS 1.3.0-build004, built from revision 5184 of our source tree, to our promoted builds folder.

Note that this is a jump from OpenDS 1.3.0-build002 to OpenDS 1.3.0-build004. OpenDS 1.3.0-build003 was done with specific compilation to enable the MySQL Cluster NDB Backend, but not promoted with the regular builds.

The direct link to download the core server is:

The direct link to download the DSML gateway is:

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL, or visit for more information.

Upgrade from 1.0 or 1.2 is still broken, but upgrade from 1.3.0-build002 should work. However, a Flag Day was raised with revision 5134 which requires a rebuild of all indexes, or even better export the database to LDIF and re-import it.

Compared to 1.2.0, OpenDS 1.3.0-build004 contains the following new features and major improvements :

  • Assured Replication that provides stronger consistency and availability for replicated data
  • Supports Recurring Tasks allowing an administrator to schedule repeated tasks such as backups
  • Improves defaults settings and ergonomics for some server properties
  • Now builds VLV indexes during Import
  • A new internal ASN.1 encoding / decoding library that delivers better and more stable performances
  • Improves the Control Panel in various area
  • Now works well / better with IBM JVM
  • Full compliance with RFC 4518. Now DirectoryString matching fully supports UTF-8 characters
  • Supports languages specific matching rules for DirectoryStrings, for comparing and ordering, as well as support for indexing according to those rules
  • Provides better monitoring information for Replication
  • Full support for negotiating encryption through SASL and stacking encryption channels with TLS
  • Many performance improvements in the Core server and in Replication

Detailed information about this build is available at

Major changes that have been incorporated since the last promoted build (OpenDS 1.3.0-build002) include:

  • Revision 5124 (Issue #3626) – Replace occurrences of grep, cat, etc. with built-in shell commands.
  • Revision 5125 (Issue #3896) – Fix an issue that prevented users from creating a sub-suffix with the Control Panel.
  • Revision 5126 (Issue #3826) – Fix an exception in the Control Panel that occurred if a node existed as a non-suffix node.
  • Revision 5129 (Issues # 3295 & 3899) – Fix an SNMP exception at startup and a resource issue on Windows platforms.
  • Revision 5130 (Issue #3297) – Fix a problem that caused localised answers to be rejected by certain commands.
  • Revision 5131 (Issue #3528) – Check that the start time entered for scheduled tasks has not already passed.
  • Revision 5132 – Remove keytool dependencie by using the keystore API, integrate Andy Wang’s IBM JVM/JDK changes, provide a Platform class to put platform and JDK version-specific code in a single location, provide APIs for core matching rules.
  • Revision 5133 (Issue #2616) – Fix an ldapsearch error when parsing command-line arguments.
  • Revision 5134 (Issue #3880) – Provide support for unicode characters in core matching rules.
  • Revision 5135 – Create a flag day for changes in revision 5134.
  • Revision 5136 (Issue #3555) – Refresh the DIT view in the Manage Entries menu of the Control Panel.
  • Revision 5138 (Issue #3582) – Fix a problem that caused reverts to fail with the error “no valid existing backup locations”.
  • Revision 5139 (Issue #3451) – Use a specific error message with ldapcompare if a specified file cannot be read.
  • Revision 5141 (Issue #3894) – Fix a potential data corruption issue when writing binary attributes/blobs.
  • Revision 5143 (Issue #3903) – Fix a problem that caused the “Start Server when the Upgrade has Completed” option to fail when upgrading using QuickSetup.
  • Revision 5145 (Issue #3455) – Correct an error that occurred when deleting a VLV index.
  • Revision 5147 (Issue #2793) – Ensure that incremental backups work as expected when an empty directory is specified.
  • Revision 5148 – Provide localized resource files.
  • Revision 5149 (Issue #3893) – Correct a problem that caused dsreplication enable between an OpenDS 1.2 server and an OpenDS 1.3 server to fail.
  • Revision 5150 & 5153 (Issue #3629) – Remove duplicate dsconfig error messages.
  • Revision 5151 (Issue #3793) – Provide the ability to create extensible indexes using dsconfig.
  • Revision 5152 (Issue #3910) – Ensure that Base64 encoding works with UTF-8 characters.
  • Revision 5155 (Issue #3908) – Fix a problems with ChangeNumber generators.
  • Revision 5156 (Issue #3892) – Make ACI evaluation optional when returning entries and references to clients.
  • Revision 5157 (Issue #3900) – Fix an error that occurred when importing / adding LDIF due to trailing spaces.
  • Revision 5158 (Issue #3505) – Fix a confusing ACI targetscope message.
  • Revision 5159 (Issue #2667) – Fix a problem that occurred when configuring VLV indexes with dsconfig.
  • Revision 5160 (Issue #3312) – Change aci and ds-cfg-global-aci equality matching rules to octetStringMatch instead of CaseIgnoreIA5EqualityMatchingRule.
  • Revision 5161 (Issue #2624) – Ensure that ldapsearch returns the correct return code when no password is provided.
  • Revision 5167 (Issue #3828) – Prevent a connection to the server from being tied up while waiting for the user to enter a password.
  • Revision 5168 (Issue #3321) – Fix an error raised during index creation and delete with dsconfig.
  • Revision 5169 (Issue #3270) – Ensure that ldappasswordmodify takes into account the password history count.
  • Revision 5171 (Issue #3251) – Fix the LDIFReader rejectLastEntry, which printed an incorrect entry.
  • Revision 5172 (Issue #2963) – Fix a problem that caused dsreplication status to display an incorrect value for missing changes.
  • Revision 5173 (Issue #3907) – Provide a pkg(5) delivery.
  • Revision 5174 (Issue #3904) – Complete the replication referral URL configuration regular expression implementation.
  • Revision 5175 (Issue #3748) – Ensure that all admin tools use 4444 as the default admin port.
  • Revision 5176 (Issue #3856) – Fix a problem that caused LDAPS connections to be logged as LDAP connections in the access log.
  • Revision 5177 (Issue #3673) – Ensure that the server checks for port availability on Windows.
  • Revision 5178 (Issue #3528) – Ensure that scheduled tasks check that the start time has not passed.
  • Revision 5179 (Issue #2965) – Add the missing-changes to cn=monitor for replication servers.
  • Revision 5180 & 5181 (Issue #3119) – Prevent a null pointer exception that occurred when disabling the referential integrity plugin.
  • Revision 5184 (Issue #3914) – Fix a problem that prevented the server state from being updated.

Technorati Tags: , , , , ,

Getting started with OpenDS Translations

OpenDS for the International crowd...Pavel Heimlich, the lead for the French translation for OpenDS, kindly posted an How To Guide for using CTI for the OpenDS community led translations, on the OpenDS Wiki.

If you’re interested in testing your translation skills with OpenDS messages, check the page, it gives a pretty good idea on how simple it is to use the tool… The hard part is really in providing good and consistent translation !

Technorati Tags: , , , , ,

Hello OpenDS ! こんにちは OpenDS ! Salut OpenDS !

OpenDS, the open source LDAP directory server in Java

[English] [Japanese] [French]

Dear OpenDS Community,

We are in the process of building the Translation Community for OpenDS, the open source LDAP Directory Service, and are calling for your participation. If you are interested in trying your skills as a translator a Quick start guide() is provided for you to get started with Community Translation Interface (CTI), a web based tool allowing community led translation.

As you may know, OpenDS 1.1 was translated into 7 languages. We would like your help now, to translate OpenDS 2.0 into the same 7 languages: Japanese, Traditional Chinese, Simplified Chinese, Korean, French, German, and Spanish. Today we’re starting with two languages (Japanese and French) but we will expand as contributors are lining up.

We would like to introduce our Language Leads for growing Community Translations.

Language Lead for Japanese Community Translation : Shinichi Hanaki <Shinichi (dot) Hanaki (at)Sun (dot) COM>. Contact Japanese Community Alias:

Language Lead for French Community Translation: Pavel Heimlich <Pavel (dot) Heimlich (at) Sun (dot) COM >

Contact French Community Alias:

Welcome Hanaki and Pavel.

Send your queries to


Shankar and Ludovic.

OpenDS コミュニティにご参加のみなさん、

私たちは、オープンソースの LDAP ディレクトリサービスである OpenDS





web ベースのツール Community Translation Interface (CTI) について紹介しています。

ご存じのように OpenDS 1.0 では、英語以外に、日本語を含めて 7 つの言語でローカライズされていますが、






メールアドレスは、 になります。

コンタクト先:Shinichi Hanaki <Shinichi.Hanaki@Sun.COM>

(OpenSSO や OpenDS など、Sun のアイデンティティー関連製品の日本語ローカライズを


OpenDS の他のメーリングリストとは違って、ここでは日本語で気兼ねなくコミュニケーションを


OpenDS を実際お使いになられてる方、これから OpenDS を使ってみようと興味をもたれてる方も、


なにかわからないことなどございましたら、 宛、もしくは上記コンタクト先アドレスへ



Chers membres de la communauté OpenDS,

Nous sommes en train de mettre en place une Communauté de Traduction pour OpenDS, le serveur d’annuaire LDAP en logiciel libre, et faisons appel à votre participation. Si vous êtes intéressés par exercer vos talents de traducteur, vous trouverez ici un guide de prise en main de l’Interface de Traduction Communautaire (Community Translation Interface, CTI), un outil web pour faire de la traduction assistée par communauté.

OpenDS 1.1 a été traduit dans 7 langues. Nous aimerions de l’aide pour traduire OpenDS 2.0 dans ces 7 langues : Japonais, Chinois Traditionel, Chinous Simplifié, Coréen, Français, Allemand et Espagnol. Nous commençons dès aujourd’hui avec 2 langues (le Japonais et le Français) mais nous ajouterons les autres au fur et à mesure de la participation de traducteurs volontaires.

Permettez nous de vous présenter les responsables des différentes langues pour cette Traduction Communautaire naissante.

La traduction en Japonaise est conduite par Shinichi Hanaki <Shinichi (point) Hanaki (a) Sun (point) COM>, et un alias a été mis en place pour collaborer en Japonais autour des traductions :

La traduction Française est conduite par Pavel Heimlich <Pavel (point) Heimlich (a) Sun (point) COM>, et un alias a été mis en place pour discuter en Français sur les traductions :

Bienvenue à Hanaki et Pavel.

Pour toute information supplémentaire, contactez


Shankar et Ludovic.

Technorati Tags: , , , , , ,

Sun Directory Masters 2009 in Grenoble. Day 1.

Gecday1It’s been a busy day in the Grenoble Engineer Center with Directory Masters gathering from all over Europe and even Japan for two days of training on the coming releases of Sun Directory Server Enterprise Edition and Sun OpenDS Standard Edition.

For those two days, we’re hosting 30 sales, presales, architects, consultants from Sun and partner companies, immersed within the developers, architects, managers of the Directory Engineering team. This is a very good way for our guest to understand where the product is going and how to better sell it to customers, and for engineers to learn more about the real customers needs and problems to solve.

Today we’ve touched mostly the Directory landscape, our product roadmap, DSEE, deployments, performances, virtual directory features. Tomorrow will have more of an OpenDS flavor…

PS: To my Japanese friends, Moryia is not on the picture, but he’s in Grenoble 😉

Technorati Tags: , , , , , ,