Directory Services

New in OpenDS 2.0: Monitoring in the Control Panel

Ludo2 Comments

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features in it.

Today we will look at the new feature in the Control Panel: the monitoring aspect.

At first look when we compare the Control Panel for OpenDS 1.2 (on the left below) and the one for OpenDS 2.0 (on the right below), not much has changed. Except for the left bar menu that contains a new section: Monitoring and a status bar at the bottom of the panel.

OpenDS 1.2 Control PanelOpenDS 2.0 Control Panel

Let’s look a little more in details what kind of monitoring information for the OpenDS server is now available:

General Information.

OpenDS 2.0 General Monitoring PanelIn the General Information Panel, you will find overall statistics such Connections, Up Time, but also information related to the system like the name, OS, number of CPUs, available memory in the JVM. You will also have a screen dedicated to the Java VM specific information (see below) such as the version, the vendor, the running arguments, a lot of details about the various segments of memory of the VM. A third screen highlights the work load. The fourth one gives details about the entry cache and the fifth one gives details about the local backend database environment, i.e. low level statistics on memory, transactions, locks in the database. There are more than 50 parameters from the database that you can retrieve and look at with the “Show Operations…” button.

OpenDS 2.0 Monitoring Java VM

The Connection Handler.

The Monitoring Panel for the Connection Handler gives greater details about the LDAP operations that are processed by the server, sorted by kind of Connection: what goes on the LDAP port, what happens on the LDAPS port and the Administrative operations.

OpenDS Connection Monitoring

There are many more statistics information available from the OpenDS server, either through LDAP, JMX or SNMP if you have enabled the later two. Not everything can be displayed in the GUI, and in future version we will provide external tools or widget to graph some of the monitoring information. Meanwhile, play with the Monitoring screens of the OpenDS 2.0 Control Panel, and let us know what you think, what you like, what you feel is missing.

And for a supported version of OpenDS, please check Sun OpenDS Standard Edition 2.0

Technorati Tags: , , , ,

OpenDS makes Java.net Headlines

LudoLeave a comment

Yes, the release of OpenDS 2.0 was a big news for all of us in the development team. But we’re really happy that the news is also big on Java.net.

Many thanks to the editors, and particularly to Marina Sum who keeps posting about the OpenDS to her blog, by passion and kindness.

Javanet20090720

Technorati Tags: , , , , ,

LDAP Tip : Counting the number of entries in a branch…

LudoLeave a comment

This is a general LDAP tip and it applies to OpenDS the open source LDAP directory service in Java, as well as Sun Directory Server (all versions) and other LDAP servers:

How can I know the number of entries under a specific node of the Directory Information Tree ?
Well it’s simple. Every entry contains an operational attribute that specify the number of immediate subordinates entry : numSubordinates.

So to retrieve the number of entries under a specific node of the DIT, for example in the ou=people,dc=example,dc=com, a simple read is required.

$ bin/ldapsearch -p 3389 -D "cn=directory manager" -w – -b "ou=people,dc=example,dc=com" -s base ‘(objectclass=*)’ numsubordinates

Password for user ‘cn=directory manager’:

dn: ou=People,dc=example,dc=com

numsubordinates: 21

This attribute is defined in an expired Internet-Draft but has been well implemented in many servers. There are often some limitations, like the value only counts entries on the same server, but overall it’s a very useful attribute especially when browsing through the DIT.

OpenDS and Sun Directory Server also implements another attribute : hasSubordinates, defined in X.501. hasSubordinates is a boolean and returns "true" or "false" depending on whether the entry is a branch or a leaf in the Directory Information Tree.

Technorati Tags: , , , ,

New in OpenDS 2.0: Recurrent and Scheduled Tasks

Ludo1 Comment

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features on it.

Today we will focus on one simple feature that greatly reduce cost of administration: scheduled tasks.

Being a Directory Server administrator often implies that you have to perform some administrative tasks on a regular basis. One of those tasks for example that an administrator has to do is a backup of the database. With most Directory Servers, the administrator would write a script to be run on a specific time of the day (or rather the night) that would proceed with the backup.

With OpenDS and the Recurrent Tasks, we’ve simplified this to the extreme: Just instruct OpenDS to do a backup on a weekly or daily basis, and as long as the server is running, it will execute the backup procedure at the desired time.

Here’s how to schedule an hourly, compressed backup for the main back-end :

$ bin/backup -p 5444 -D cn=directory\ manager -w secret12 -n userRoot \
-d ./backups -c –recurringTask ‘0 * * * *’

Recurring Backup task BackupTask-dc89d98e-4ade-410e-ad19-325279af8f67

scheduled successfully

Now, just wait for the hour to pass, and check if the backup has been taken 😉

The string passed as a parameter following the –recurringTask option has the same format as for the crontab(5) time/date: a 5 integer pattern field, separated by blank spaces: Minute (0-59), Hour (0-23), Day Of Month (1-31) Month Of Year (1-12) Day Of The Week (0-6 with 0 being Sunday).

The recurrent tasks are not limited to backups. They can be applied to all tasks, although some may not be that useful to everyone. Although I do see some use of a daily import of an LDIF file from a well know location, as a way to synchronize with external sources.

And of course, you can list the scheduled and recurrent tasks with dsconfig and cancel them if needed.

In the next release of OpenDS, you will be able to configure the recurrent tasks with the Control Panel. If you can’t wait, you can try with the latest daily build.

You can find more information on recurrent tasks on the OpenDS Documentation Wiki.

Technorati Tags: , , , , ,

OpenDS 2.0 is here !

Ludo9 Comments

The OpenDS development team is very please to announce the availability of OpenDS 2.0.0 and it’s supported companion Sun OpenDS Standard Edition 2.0.

OpenDS is an LDAPv3 compliant Directory Service written entirely in Java. The 2.0 release has many new features since OpenDS 1.0 that was released a year ago:

• A graphical control panel that enables basic server and data administration is available and replaces the OpenDS 1.0 status-panel

• An administration connector manages all administration related traffic to the server. By separating user operations and administration operations, the administration connector ensure a better quality of service and simplify logging and monitotring

• Connections can be secured and encrypted with SASL mechanisms

• Access Control mechanism has been enhanced to control access based on the level of security of the connection

• The ;binary transfert option is now supported

• Standard schema files related to Solaris and OpenSolaris LDAP naming services are provided by default

• Setup and tools provide an enhanced support for the JCEKS keystore and alternate security providers

• A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication

• Recurring tasks allow an administrator to schedule repeated tasks such as backups

• New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages

• Better monitoring information for the server and for Replication

• Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax

• VLV indexes are now built during the Import

• Works with IBM JVM (Java 6 SR4 required)

• Works by default with JConsole and VisualVM when JMX Connection Handler is enabled

• Default settings and ergonomics have been improved reducing the need for tuning parts of the server

• Greatly improved performances and stability over time of those performances

• Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

OpenDS 2.0.0 is a promotion of OpenDS 2.0.0 Release Candidate 4, built with revision 5492, to the stable and finalized version.

It can be installed with the Java WebStart QuickSetup or downloaded as a Zip file.

A DSML-to-LDAP Gateway is available as a War file.

Like for previous OpenDS releases, a snapshot of the documentation wiki has been setup. The documentation is still being verified and a few links might not be functional yet. We expect it to be finalized by the end of next week.

You can find more information about OpenDS 2.0 in the release notes.

For a supported version of OpenDS, please check the Sun OpenDS Standard Edition 2.0 home page or get it directly from Sun Download Center.

I’d like to address a special thank to our external contributors who have helped making this release a better release, especially Christian Brennsteiner for the German translation of messages, Tosiki Iga for the Japanese translation, D.J Hagberg for the performance enhancements, Andy Wang for the IBM JVM Support.

Thanks also to all users who have raised issues during the development phase, helping us with testing the server in ways we can’t.

This is a major milestone for the OpenDS project, but there is more to come… Make sure you check the Roadmap and you participate to it.

Technorati Tags: , , , ,

Lowering the bar for OpenDS Translation…

LudoLeave a comment

Opends Logo TagPavel Heimlich, also known as Hajma on in the OpenDS project and lead for many Translation projects, has gone through all of the OpenDS messages to figure out the ones that were still in use and important to translate. There is now a "simplified" OpenDS project in the Community Translation Interface that contains a 5th of the initial messages, making it easier and faster for the volunteers to translate OpenDS to their preferred language. There are currently on-going translation for chinese, french, german, japanese, korean, polish, portuguese, serbian and spanish, but new language projects can be initiated on demand.

If you’re interested, check the How To Guide.

Technorati Tags: , , , , ,

OpenDS 2.0.0 Release Candidate 4 is now available

LudoLeave a comment

Opends Logo TagA couple of blocking issues have been found in OpenDS2.0 Release Candidate 3 and so a new release candidate is now available. Hopefully this will be the last one, and we’re doing the last round of non-regression tests before the final release of OpenDS 2.0, around mid July.

OpenDS 2.0.0-RC4 is built from revision 5494 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC4/OpenDS-2.0.0-RC4.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC4/OpenDS-2.0.0-RC4-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC4/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC4.

This new candidate includes the following changes to OpenDS 2.0.0 RC3:

  • Revisions 5487, 5490 (Issue #4070) – Fix a bad encoding in a couple of LDAP extensions : PSearch Entry Change Notification Control and Password Policy State Extended Operation
  • Revision 5492 – Resolves a possible replication issue with future versions of OpenDS and Replication protocols.

Technorati Tags: , , , , ,

LDAPCon call for papers extended to July 8th…

LudoLeave a comment

I’ve just heard that the deadline for submitting proposals of presentations for the LDAPCon has been extended by a week.

if you’re involved with LDAP in interesting project and you want to share your experiences, your innovative concepts… please check the "Call for Papers" and submit a proposal. Don’t wait, a week is not much and it’s better to do it now than realize the deadline is already over 😉

The second edition of the International Conference on LDAP (LDAPCon) will be held on September 20th and 21st, 2009 in Portland, Oregon, USA, just before and at the same location as LinuxCon 2009.

Technorati Tags: , ,

Work Paleontology

Ludo1 Comment

It all started today by a conversation with a colleague on our long experience with LDAP and Directory Services…

E3X LogoI told him that I’ve started my carrier as a developer in the X.400 domain. In my first job, for a French startup called E3X, between 1991 and 1995, I’ve wrote 3 different versions of a P7 Message Store for the UCOM.X400 product line. Along the same dates, I’ve also been involved a little bit with X.500. One of the things that I’ve done, was using our UCOM.X500 product to store information about some restaurants in the Sophia-Antipolis area, so that we could search and choose one whenever we had visitors coming. The data included beside the usual address and phone number, the type of food, opening hours, whether reservation was necessary and so on…

The schema defined eventually got cleaned up and published as an internet draft by my manager at that time, Dr. Alain Zahm. You can find a summary of this internet draft at the very end of this page: http://choices.cs.uiuc.edu/uChoices/Papers/Proposals/92.MobileComputing/INDEX.

Minutes of IETF OSI-DS meeting in November 1992 also shows that the schema was discussed.

Now that all public and research X.500 servers have been stopped and decommissioned, there is no trace of this anymore. Google is too young to have references to this, and so is Yahoo. But I do remember that in the mid 90ies, whenever I was searching for my name, most of the results coming back were associated with some little known restaurants on the French Riviera !

In 1995, I joined Sun to work on the Solstice X.400 product and a year later, with a coworker, I’ve started working on University of Michigan slapd code to produce Sun Directory Services 1.0, released in September 1997… the rest is history 🙂

Technorati Tags: , ,

LDAPCon call for papers closes tomorrow…

LudoLeave a comment

if you’re involved with LDAP in interesting project and you want to share your experiences, your innovative concepts… please check the “Call for Papers” and submit a proposal NOW !

The second edition of the International Conference on LDAP (LDAPCon) will be held on September 20th and 21st, 2009 in Portland, Oregon, USA, just before and at the same location as LinuxCon 2009.

Technorati Tags: , ,

OpenDS 2.0.0 Release Candidate 3 is now available

LudoLeave a comment

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC3, the third and probably last release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 170 issues have been fixed.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.

So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

Our quality team will be doing the same during the next 2 to 3 weeks.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC3 is built from revision 5460 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC3/OpenDS-2.0.0-RC3.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC3/OpenDS-2.0.0-RC3-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC3/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC3.

Major changes incorporated since OpenDS 2.0.0 RC2 include:

  • Revision 5436. Delivers updated localization bundles
  • Revision 5439 (issue #4047) – Resolves an issue with uninstalling OpenDS.
  • Revision 5440 (Issue #4049) – Fixes an issue in the Control Panel where monitoring information was not available for all Connection Handlers.
  • Revision 5441 (Issue #4045) – Fixes an issue with start-ds -F so it reports snmp build information.
  • Revision 5452 (Issue #3713) – Resolves an issue where sockets could be leaked when replication connection fails due to SSL handshake.
  • Revision 5459 (Issue #4057) – Fixes an issue where restoring the schema from a backup would silently fail and prevent the server from working.

Technorati Tags: , , , , ,

OpenDS in Brazil

Ludo4 Comments

This week, one of the biggest conference about Open Source Software takes place in Porto Alegre, Brazil: FISL.

FISL stands for "Forum Internacional Software Livre" in the Portuguese language and means "International Free Software Forum".

FISL 10

This will the 10th edition and already over 6000 people have registered, according to the organizers.

It’s the first time I get to go to FISL and to Brazil as well. I’m looking forward to it, as I’ve been told a lot about the energy and the good atmosphere of the conference. It will be a good opportunity to be in touch with our community from South America.

My session will talk about "Scaling the Identity Store with OpenDS", describing the options to scale OpenDS based LDAP directory service from very small embedded to extremely large, telco scale. It’s schedule to happen on Friday 26th, from 11am to 12am in room 41A.

See you there.

Technorati Tags: , , , , , ,

LDAPCon 2009, Call for Papers is open

Ludo1 Comment

The second edition of the International Conference on LDAP (LDAPCon) will be held on September 20th and 21st, 2009 in Portland, Oregon, USA, just before and at the same location as LinuxCon 2009. The first International Conference on LDAP was held in September 2007 in Germany (Some pictures).

A call for papers has be raised and the Program Committee asks you to submit them by July 1st. So if you’re involved with LDAP in interesting project and you want to share your experiences, your innovative concepts… please check the "Call for Papers" and submit a proposal by July 1st 2009.

Technorati Tags: , , , , ,

Integrating OpenDS and Samba as a Primary Domain Controler…

LudoLeave a comment

Opends Logo Tag

Samba Logo

A few weeks ago, I was exchanging emails with one of the members of our community who was having issues with adding Samba related schema to OpenDS. The exchange turned into a few issues raised against OpenDS and a couple of builds later, he happily reported having all his problems solved and having a fully functional Primary Domain Controler running on his Ubuntu machine. And he immediately posted a detailed How To Guide on the OpenDS wiki.

I haven’t tried to reproduce the settings, but if you need to run Samba with LDAP on your server, you might want to check OpenDS and follow the steps to get it running.

Technorati Tags: , , , , , ,

OpenDS 2.0.0 Release Candidate 2 is now available

Ludo1 Comment

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC2, the second and probably last release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 170 issues have been fixed.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.

So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

Our quality team will be doing the same during the next 2 to 3 weeks.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC2 is built from revision 5417 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC2/OpenDS-2.0.0-RC2.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC2/OpenDS-2.0.0-RC2-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC2/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC2.

Major changes incorporated since OpenDS 2.0.0 RC1 include:

  • Revisions 5376, 5388, 5390 (Issues #3997, 4006 and 3993) – Improvements to the schema parsing mechanism.
  • Revision 5378 (Issue #3898) – Make all information from a BIND request accessible from AuthenticationInfo.
  • Revision 5381 (Issue #4009) – Fixes to the upgrade facility.
  • Revision 5384 (Issue #3856) – Improvements to the way in which connections and extended operations are logged.
  • Revision 5386 (Issue #3996) – Fix a problem that could result in lost delete operations within a replication topology.
  • Revision 5392 (Issue #4010) – Fix an exception in the DSML implementation.
  • Revision 5394 (Issue #4014) – Improve the information showed by start-ds.
  • Revision 5395 (Issue #4013) – Fix an encoding error for the server side sort response control.
  • Revision 5396 (Issue #4011) – Correct a problem with indexing after an upgrade.
  • Revisions 5398, 5400, 5403 & 5412 – Localization improvements.
  • Revision 5402 (Issue #4007) – Improve performance when importing entries containing attributes with many values.
  • Revisions 5404 & 5409 (Issue #4020) – Allow help links in the control panel to be customized.
  • Revision 5406 (Issue #4022) – Fix a Java exception when using dsconfig -m/unit-time.
  • Revision 5407 (Issue #4027) – Fix an NPE when configuring network groups.
  • Revision 5411 (Issue #3988) – Improve throughput stability and GC performance under heavy connect/disconnect loads.
  • Revision 5414 (Issue #4062) – Enable the deregistering of add/change/delete configuration listeners.
  • Revision 5415 (Issue #4012) – Improve the import task to handle missing include branches.
  • Revision 5417 (Issue #4023) – Restart the server after scheduling a restart task.

Technorati Tags: , , , , ,