This major release of Directory Services is a consolidation of the current product, bringing even more reliability and performances to a very robust product. But it also brings a number of new features and improvements.
The main change in this version is around monitoring. With a common set of services, APIs and libraries for the whole Identity Platform, we’ve refined and optimised the monitoring metrics of the Directory Services, organising them in a more logical and hierarchical way. When searching the monitoring data over LDAP, all entries now have a proper schema (objectClasses and AttributeTypes) and many metrics have been consolidated into a single attribute with a JSON. But in addition to also exposing the metrics via JMX, we are now offering 2 endpoints to directly collect them with Prometheus or Graphite and visualise them using Grafana. We’re delivering a sample Grafana dashboard to illustrate their use:
I will write a more in depth post to describe the new monitoring capabilities of ForgeRock Directory Services 6.0.
Amongst the other improvements of the new release, I can mention:
- Support for Time To Live (TTL) indexes at the backend level. When entries reach their TTL date, they are automatically removed from the data store.
- Ability to sort entries based on JSON attributes and specific fields, and also ability to sort entries when using Simple Paged results (and a page size smaller than the server side index limit).
- Support for configuring the server offline, using dsconfig (–offline).
- Support for expressions in the configuration file
- Support for defining a global server ID for replication, which will be used by all replicated suffixes of that server.
- Initial separation of what is static read-only configuration from what is more dynamic in deployments.
- A new option to ldapmodify and ldapdelete to do bulk load operations.
- More optimisations of disk space usage with entries and logs, as well as more optimisations of performances.
You can find more details in the Release Notes.
Directory Services 6.0 can upgrade instances of OpenDJ starting with version 2.6.0 or ForgeRock Directory Services 5.x, and it has been tested to be replicating with these versions as well, allowing a smooth upgrade of a replicated service with no downtime, nor change in configuration or replication. For a rolling upgrade, stop one of the servers, take a backup, install DS 6 and upgrade, restart the server, and move to the next one.
I’m looking forward to your feedback about the new release.