I’m heading to San Francisco now !

Well, I’ll be leaving home tomorrow morning, but early enough that people in California will still be up on the Friday night.

I’ll be arriving in San Francisco on Saturday mid-day, getting prepared for a long and intense week.

On Sunday, from 1pm to 7pm, we have our OpenSSO / OpenDS community day at the Moscone.

And for the rest of the week, we’ll be at CommunityOne West and JavaOne, mostly working on the Identity booth in the Pavilion.

See you there !

Technorati Tags: , , , , ,

An index of indexes in OpenDS

I noticed that my colleague Kunal wrote a series of article on OpenDS indexes.

Here’s an index of his posts:

Kunal is a committer in the OpenDS project, has recently developed the support for extensible matching rules and indexes in OpenDS, as well as all internationalized matching rules (also called collation rules) which allow to filter LDAP content according to a language specific rules.

Kunal is also an amateur photographer and we’re planning on bringing our respective toys in San Francisco next week to shoot pictures of the city but also during the CommunityOne and the JavaOne conferences.

Technorati Tags: , , , , , , , , ,

Being Global…

Some time ago, I enabled the ClustrMaps on my blog to get some idea of who was reading this space and where from.

And I must say I’m completely amazed by the global reach out of what I post here.

Below is a picture indicating the location of the readers from March 19 to May 20, 2009.

Blog Cluster map

While I’m not surprise that most readers are from US and Europe, I find it interesting that the blog has been read from 94 different countries, some of which I cannot even place on the map.

The power of the Internet keeps amazing me everyday. Now it would be really cool if you, reader from one of those little isolated red dot, could leave a comment and tell me what you’re interested in, and how you use OpenDS if you do.

Note that I do understand French, English and Spanish, so this leaves you some choice for leaving your comment. So don’t be shy !

Technorati Tags: , , , ,

OpenDS 2.0.0 Release Candidate 1 is now available

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC1 which is the first release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 150 issues have been fixed. However, there are still a few issues with the release candidates, and more specifically upgrading from an earlier version is not functional. This should be fixed in the next release candidate.

Localization of the OpenDS messages is still work in progress and thus some messages can still appear in English when running a localized version of the server.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.

So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC1 is built from revision 5374 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC1/OpenDS-2.0.0-RC1.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC1/OpenDS-2.0.0-RC1-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC1/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC1.

Major changes incorporated since OpenDS 1.3.0-build006 include:

  • Revision 5318 (Issue #3969) – Provide support for wildcards in dsconfig certificate management.
  • Revision 5321 (Issue #3962) – Fix memory leaks after Bind – Unbind
  • Revision 5323 (Issue #3971) – Enable Windows to detect the JVM automatically on install.
  • Revision 5336 (Issue #3981) – Fix uncontrolled memory growth under heavy connect/disconnect load.
  • Revision 5338 (Issue #3977) – Fix memory leak in Control Panel.
  • Revision 5347 (Issue #3938) – Improve the speed of dsconfig in non-interactive mode.
  • Revision 5364 (Issue #3995) – Fix an error that caused replication to stop if the queue-size-bytes maximum was reached.
  • Revision 5365 (Issue #3250) – Fix a problem that could cause replication initialization to fail.
  • Revision 5369 (Issues #3984 & #3989) – Fix security issues with Assertion, Pre-Read, and Post-Read Controls.
  • Revision 5374 – Upgrade JE to the latest official release (3.3.82).

Technorati Tags: , , , , ,

My new OpenDS cap

I meant to post this earlier… but thanks to our new friends, I have a new OpenDS cap.

For the time being, this one requires no extra work nor shift of duty 😉

I could have worn Felix’s cap as well, but I think it suits him better. And anyway, LDAP and OpenDS are good friends…

LDAP and OpenDS caps working together ;-)

Technorati Tags: , ,

OpenDS as the OpenSSO User Repository

OpenSSO Express 7 was announced earlier in April with a full support for OpenDS Standard Edition for storing users’ identity data.

Back in March, I pointed out Indira’s blog and the detailed how to guide for configuring OpenDS as the OpenSSO user store.

BlahRecently, the official documentation appeared on the OpenSSO resource center. So if you want to use OpenDS as the OpenSSO User Repository, I encourage you to read and follow the steps detailed here: http://wikis.sun.com/display/OpenSSO/Using+OpenDS+as+a+User+Data+Store.

Technorati Tags: , , , , ,

OpenDS as the OpenSSO User Repository

OpenSSO Express 7 was announced earlier in April with a full support for OpenDS Standard Edition for storing users’ identity data.

Back in March, I pointed out Indira’s blog and the detailed how to guide for configuring OpenDS as the OpenSSO user store.

BlahRecently, the official documentation appeared on the OpenSSO resource center. So if you want to use OpenDS as the OpenSSO User Repository, I encourage you to read and follow the steps detailed here: http://wikis.sun.com/display/OpenSSO/Using+OpenDS+as+a+User+Data+Store.

Technorati Tags: , , , , ,

OpenDS, OpenSSO and Identity at large

On the first week of May, I was in Munich for the European Identity Conference hosted by Kuppinger-Cole.

This was my first participation and I was delighted to meet with several of the experts in the area as well as some OpenDS customers or users, whom I’ve mostly "known" only through blogs or emails. I had discussions with Kim Cameron, Jackson Shaw and James McGovern. We shared tea with Felix Gaehtgens and Prateek Mishra. The conference was also the opportunity to talk with and listen to some of my Sun colleagues that I don’t get to see often like Fulup Ar Foll and Eve Maler. I must say that both of them did pretty interesting presentations.


Eve’s keynote on the first day of the conference brought the case for "permissioned data sharing" and was very well argued. It was the first time that I heard about User Centric identity and VRM tied together and even with a proposed solution.


On Wednesday, Fulup did a very thought provocative (and fast forward) presentation about Digital Identity in the cloud, where he explained the identity management concepts are inherited from a centralized vision of the world and they would not fit well with the cloud, nor scale to the internet. He proposes to look at how mobile operators are solving massive identity scale and to leverage existing SAML2 and Liberty defined services to build the "lazy" identity architecture.

On Thursday I was to take part of a panel discussion on the subject of "The Identity Bus" or the future of Directory Services (should I say Identity Services ?), moderated by Felix Gaehtgens. The panel was an opportunity to see again Steve Shoaff, CEO of Unboundid but previously my manager, and to meet both Dale Olds of Novell and Prateek Mishra of Oracle. I don’t know if we’ve been able to give a good idea of what this "Identity Bus" would look like, but it’s definitely "something" in between applications and the data layer, and will probably use a set of protocols like SAML2 and XACML. After the panel, James McGovern asked me when OpenDS will support IGF and CARML. Since both are abstractions and APIs for applications to express their need in term of identity related data, I don’t think they are appropriate for an LDAPv3 directory server. But I do see a layer on top of Virtual Directories or Directories that is able to consume those and translate them into appropriate functions.

Right after that Panel, Mark Craig was taking part on a panel discussion on Virtual Directories, along with Sampo Kellomäki of Symlabs, Michel Prompt of Radiant Logic and Keith Grayson of SAP.

On the Tuesday, Pat Patterson and Daniel Raskin hosted the second OpenSSO Community Day, and it was a great success, with over 50 attendees, a day packed of presentations with a very good balance of users and deployers talks vs Sun employees’ talks.

Like in New-York, I talked about OpenDS, its goals and roadmap and why it’s the perfect companion to OpenSSO as the Users identity store. Most of the presentations from the OpenSSO Community Day have been posted on the event wiki page. And if you could not make it to New-York or Munich, we’re having a 3rd OpenSSO / OpenDS / Identity Connectors Community Day in San Francisco on Sunday May 31st at the Moscone center, starting at 1pm. The event is free, but please RSVP. And I hope to see you there.


And congratulations to Pat, Daniel and the whole OpenSSO team, for the Fedlet, winner of the "Best Innovation Award".

Overall, I found the conference really good and interesting and it helped me to put back the work we’re doing in the Directory Services engineering team, in the larger picture of Identity management.

Technorati Tags: , , , , ,

“Directory Services for Enterprise Productivity”: a webinar on May 20th, 2009

webinariconA new FREE webinar from the Sun Software Identity series, has been announced and will be on the subject of directory services. Starting at 10:00 am PDT / 1:00 pm EDT / 18:00 GMT on Wednesday May 20th, 2009, the webinar will cover how to reduce cost and improve the speed and performance of your enterprise using directory services.

This webinar will be lead by Nick Wooler, product line manager for Sun directory products: OpenDS and Sun Directory Server Enterprise Edition. Be sure to sign up and reserve your seat now.

Technorati Tags: , , , , ,

OpenDS 1.3.0-Build006 is now available

Opends Logo TagWe have just uploaded OpenDS 1.3.0-build006, built from revision 5309 of our source tree, to our promoted builds folder.

Note that now that this build has been promoted, we’ve made a branch on the OpenDS code repository to produce the OpenDS 2.0 release. The next promoted build will be a release candidate.

The direct link to download the core server is: http://www.opends.org/promoted-builds/1.3.0-build006/OpenDS-1.3.0-build006.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/1.3.0-build006/OpenDS-1.3.0-build006-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/1.3.0-build006/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

There are still issues with upgrading with the QuickSetup tool and reverting to build earlier than revision 5134 is not supported.

Detailed information about this build is available at http://www.opends.org/promoted-builds/1.3.0-build006.

Major changes that have been incorporated since the last promoted build (OpenDS 1.3.0-build004) include:

  • Revision 5185 (Issue #3609) – Added the ability to deregister delayed listeners on a configuration entry.
  • Revision 5187 (Issue #3194) – Ensure that ldapcompare checks for superfluous arguments.
  • Revision 5193 (Issue #3915) – Ensure that abandon operations do not block request handlers.
  • Revision 5195 – Addition of localized resource files with new translations.
  • Revision 5196 – (Issue #3686) – Fix an issue that prevented make-ldif from parsing redirects to file based attributes.
  • Revision 5197 (Issue #2764) – Fix a problem with the ldapsearch –countEntries option.
  • Revision 5199 (Issue #3779) – Fix an issue that caused a merge with real attribute to show only the virtual attribute value.
  • Revision 5201 (Issue #2070) – Add validation of the DB cache size before applying it to the JE.
  • Revision 5208 (Issue #2642) – Fix a problem that prevented ldif-diff from detecting differences in encoded values.
  • Revision 5209 (Issue #3814) – Fix a problem that caused the start-ds script to return before the server had started.
  • Revision 5210 (Issue #3913) – Fix a problem that caused OpenDS to stop accepting connections after being ping by specific Load Balancers.
  • Revision 5214 – Add support for numSubordinates in NDB Backend
  • Revision 5218 (Issue #3001) – Fix a performance bottleneck in GeneralizedTimeSyntax.format.
  • Revision 5219 (Issue #3445) – Provide normalization of multi-valued RDNs.
  • Revision 5223 (Issue #3925) – Fix a problem with dsreplication.
  • Revision 5224 (Issues #2273 & #3482) – Add more stringent pattern checks to make sure that only files that could have been named by the TimeStampNaming policy are accepted by the filename filter.
  • Revision 5226 (Issue #3638) – Ensure that referrals are properly managed for bind operations.
  • Revision 5230 (Issue #2896) – The server should return a "Protocol Error" after a bind with an unrecognised version number.
  • Revision 5233 (Issue #2671) – Fix a problem that caused invalid values to be accepted for VLV index configuration.
  • Revision 5234 (Issue #3827) – Ensure that the import-ldif command takes into account the –skipfile option.
  • Revision 5235 (Issue #3926) – Ensure that import-ldif creates inherited objectclass attributes.
  • Revision 5236 (Issue #3343) – Fix a problem with virtual attribute rules.
  • Revision 5237 (Issue #3918) – Restore the behavior where an empty controls context-specific BER sequence is not encoded if the LDAP message has no controls.
  • Revision 5238 (Issue #2608) – Fix a problem that caused stop-ds to fail when the connection with the smtp-server failed.
  • Revision 5241 (Issues #3842 & #3770) – Validate recurring task day against the actual maximum of a given calendar instance.
  • Revision 5243 (Issue #3773) – Remove recurring task iterations completely upon recurring task removal.
  • Revision 5244 (Issue #2233) – Log a notice when a task starts and ends execution.
  • Revision 5247 (Issue #3336) – Take the appropriate action for failed dependencies for scheduled tasks.
  • Revision 5249 (Issue #2725) – Prevent completed tasks from causing exceptions if the task class is disallowed after it has completed.
  • Revision 5254 (Issue #3179) – Fix a thread left in the system after shutdown.
  • Revision 5256 – Use the platform mbean server by default to allow access to the server monitoring data from VisualVM and similar monitoring tools.
  • Revision 5257 & 5259 (Issues #3387 & #3388) – Fix issues with attribute name exceptions.
  • Revision 5260 – Improve the monitoring code in the case of a server being slow to answer.
  • Revision 5261 (Issue #2977) – Fix an exception that occurred during Replication Server database trimming.
  • Revision 5264 (Issue #3602) – Change the masks for user-defined and 3rd-party messages so that messages no longer have the top-bit set.
  • Revision 5265 (Issue #3047) – For export-ldif, change the default access rights of the exported file from 644 to 600.
  • Revision 5266 (Issue #2624) – Correct an issue that caused ldapsearch to return the wrong return code if no password was provided.
  • Revision 5268 – Various improvements to the task scheduler.
  • Revision 5272 – Avoid ConcurrentModificationException when removing completed task iterations.
  • Revision 5273 (Issue #3928) – Fix a problem that caused the wrong error message to be sent to the access log.
  • Revision 5276 (Issue #3939) – Improve memory allocation when sending search result entries.
  • Revision 5281 (Issue #3943) – Make the installation path across consistent across tools.
  • Revision 5283 (Issue #3949) – Unknown trailing ASN.1 elements are now ignored when decoding the Password Modify extended operation value.
  • Revision 5285 (Issue #3951) – Fix an issue that was causing the Control Panel to use the admin port for ldap operations.
  • Revision 5286 (Issue #3948) – Correct the display of monitoring information in the Control Panel.
  • Revision 5287 (Issue #3931) – Fix a problem with virtual attributes generating data multiple times.
  • Revisions 5288 & 5289 (Issues #3944 & #3945) – Fix licensing issues with the upgrade utility.
  • Revision 5290 (Issue #3952) – FIx a problem with log files on Windows.
  • Revision 5292 (Issue #3444) – Fix a problem where only a single name form was allowed per structural object class.
  • Revision 5297 (Issue #3964) – Improve JE backend cleaner scalability.
  • Revision 5299 (Issue #3949) – Fix an issue in the ASN.1 parsing code to support LDAP implied extensibility.
  • Revision 5300 (Issue #3965) – Revert is not supported from 2.0 to a previous version. This change introduces the corresponding flag day.
  • Revision 5301 (Issue #3958) – Support upgrading from a standard OpenDS server to a branded OpenDS server of the same version.
  • Revision 5302 (Issue #3968) – Fix a problem that caused dsconfig –displayCommand to provide invalid values.
  • Revisions 5305 & 5306 (Issue #3964) – Enable high priority check-pointer by default for more robust out of the box performance.

Technorati Tags: , , , , ,

I’ll be in Munich from May 5 to 7.

 Idmbuzz Resource Eic09Banner

I’ll be in Munich from May 5th to May 7th first participating in the OpenSSO Community Day 2.0, representing the OpenDS team.

I will be also actively participating to this year’s Kuppinger Cole European Identity Conference since I will be talking, on May 7th, on a panel discussion on the future of directory and identity services titled “Building an Identity Bus for the Future“.

There are also several of my coworkers and experts in identity management that will be speaking. Check the list.

Please come and see us, and don’t forget to pay a visit to the Sun booth as well.

Technorati Tags: , , , , ,