The Update Center 2 project has just released a new version of the IPS packaging toolkit.

One of the nice new feature of the toolkit is the Custom Ant tasks for pkg(5) providing a easy way to produce IPS packages, package repositories and installation image for Ant based build environment.

Christopher Kampmaier has updated the example use of the pkg(5) toolkit for OpenDS, demonstrating the power of these Ant tasks.

No doubt that we will be integrating the IPS factory in the OpenDS Project in the near future.

Technorati Tags: directory-server, java, java-enterprise-system, ldap, opends

Bill Hathaway, long time user of Sun Directory Server product, was recently playing with OpenDS, the open source LDAP directory server written in Java. After installing and populating the server with a million user entries, he started a "modrate" job and forgot about it… Approximately 327 millions changes later, and after 13 hours, the server was still running fine at an average of 7000 modifications per seconds !

Read the details on Bill’s blog.

Technorati Tags: directory-server, java, ldap, opends, performance, stress

I’ve just found this morning this article about OpenDS and IBM WebSphere Process Server (WPS), posted on BigAdmin By Sachin Krishna Telang. It covers step by step the procedures for installing and configuring OpenDS 1.0 as the User registry for WPS 6.0.2.0.

I’ve also added a reference to this article to the OpenDS Wiki page describing how to Use OpenDS With Specific Directory Enabled Applications, where we already have detailed procedures for GlassFish, Apache Web Server, Tomcat…

Technorati Tags: directory-server, java, ldap, opends

Nick Wooler recently moved from OpenSSO over to Directory Services team as the Product Line Manager. OpenDS and its commercial companion Sun OpenDS Standard Edition are now part of his daily matters. Not only he immediately tried the new toys, but he has scored a home run and produced this high quality screencast.

Watch how to install OpenDS, configure it and load 2000 sample entries, in less time than it takes to boil an egg !

Update on Sept. 2010

Oops, the movie is no longer available. Here’s another one done by @AlexisMP.

Technorati Tags: directory-server, java, ldap, opends, opensource, video

Via the Four Kitchens‘ blog, David Timothy Strauss sees some similarities between Drupal Nodes and the Directory Information Tree of an LDAP server such as OpenDS, making a parallel between the Decorator Pattern used when developing Node types and the possibility to decorate directory entries with Auxiliary object classes.

He also realizes the benefits of storing the nodes in a directory server that supports multi-master replication, providing high availability and scalability for Drupal servers.

I hope we will hear soon from David’s experiments with using OpenDS as a Node storage engine.

PS: David, you’re welcome to share your experience and comments on the OpenDS Users mailing list.

Technorati Tags: directory-server, java, ldap, opends, opensource

Java evangelist John Yeary just posted a detailed, well illustrated tutorial for setting up LDAP based authentication and authorization with GlassFish and OpenDS. The tutorial is similar to the one published on OpenDS Wiki a while ago, but adds the required steps to enable SSL and completely secure the authentication phase.

Technorati Tags: blog, directory-server, glassfish, java, ldap, opends

Java evangelist John Yeary just posted a detailed, well illustrated tutorial for setting up LDAP based authentication and authorization with GlassFish and OpenDS. The tutorial is similar to the one published on OpenDS Wiki a while ago, but adds the required steps to enable SSL and completely secure the authentication phase.

Technorati Tags: blog, directory-server, glassfish, java, ldap, opends

We have just uploaded OpenDS 1.1.0-build001, built from revision 4507 of our source tree, to our promoted builds folder.

The direct link to download the core server is: http://www.opends.org/promoted-builds/1.1.0-build001/OpenDS-1.1.0-build001.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/1.1.0-build001/OpenDS-1.1.0-build001-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/1.1.0-build001/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more i

nformation.

Detailed information about this build is available at http://www.opends.org/promoted-builds/1.1.0-build001.

Major changes incorporated since OpenDS 1.0.0 include:

#8226 Revision 4342 (Issue #3330) – The LDIF connection handler is now disabled by default.

#8226 Revision 4344 (Issue #3338) – Fix an error that was causing the upgrade mechanism to remove the any Java arguments that had been set for the server.

#8226 Revision 4349 (Issue #3328) – Correct the Java options used when the server is started through the status panel.

#8226 Revision 4350 (Issue #3310) – Fix an issue that was causing the restart of a master server to take several minutes.

#8226 Revision 4387 (Issue #3418) – Ensure that the status and status-panel commands display the Java version rather than the JVM version.

#8226 Revision 4394 (Issue #3438) – Ensure that the start-ds command uses the configured jvm arguments when running as a windows service.

#8226 Revision 4406 (Issue #3429) – Fix an issue that was causing online parallel replication initialization to fail.

#8226 Revision 4412 (Issue #3443) – When a new replication domain is configured, the server now prevents sub-suffix replication only if the sub-suffixes are identical.

#8226 Revision 4416 (Issue #1805) – Add options to the ldifdiff command to allow specific attributes or entries to be ignored when comparing LDIF files.

#8226 Revision 4423 (Issue #3461) – Fix an issue that was causing the winlauncher to inherit handlers from its parent process.

#8226 Revision 4441 (Issue #3468) – Allow the password modify extended operation to accept a DN for the userIdentity.

#8226 Revision 4446 – Fix the residentialPerson object class definition bug introduced in RFC2256 and carried over to RFC4519 where the l attribute declared both MUST and MAY. The new definition reflects the X.521 origin of residentialPerson.

#8226 Revision 4464 – Fix an issue that resulted in an entry not being removed from the DN entry cache index.

#8226 Revision 4473 (Issue #3475) – Fix the Java Web Start setup on Mac OS.

#8226 Revision 4476 (Issue #3474) – authzid is no longer ignored when checking groupdn membership.

#8226 Revision 4485 (Issue #3484) – Fix a problem that resulted in a very low purge delay being set when the replication purge delay was changed.

#8226 Revision 4488 (Issue #3477) – Fix a problem that caused the replication server cache to become too large and the JVM to run out of memory.

#8226 Revisions 4489 and 4490 – Separate the server delivery into an “Install Layout” (the binaries) and an “Instance Layout” (the user data).

#8226 Revision 4496 – Adapt the make-ldif command for the split between instance and install.

#8226 Revision 4500 – (Issue #3492) – Fix an issue in which the get effective rights control returned incorrect rights for the isMemberOf attribute.

#8226 Revision 4503 (Issue #3488) – Fix a problem that caused replication initialization from quicksetup to fail occasionally.

#8226 Revision 4504 (Issue #3490) – Fix an issue that caused the uninstall process to produces numerous spurious warnings.

#8226 Revision 4506 (Issue #3496) – Fix a problem causing SASL/GSSAPI authentication to fail over startTLS.

Technorati Tags: directory-server, java, ldap, opends, opensource

Srikanth has written a long and detailed post on his blog where he compares the LDAP Simple Paged Result control and the Scrolling View Browsing of Search Result control (aka VLV).

Using OpenDS 1.0, an open source LDAP directory server written in Java, Srikanth describes the server settings and the use of these extensions with the ldapsearch tool. He is also providing a sample Java based application that lists all entries from a directory server, using the VLV control.

Nice work Srikanth ! Quite a nice proof of the benefits of the VLV control over Simple Paged Results.

Technorati Tags: developer, ldap, opends

Today is the second anniversary of the OpenDS project: an open source LDAP directory service written in Java.

Taking a few minutes to look back at the year that just passed, I’m proud of what we’ve done.

First we’ve released OpenDS 1.0 for the community. We now have a complete and fully featured LDAP directory server, easy to use, embeddable, extensible, reliable, fast… And we’re about to release the Sun supported version : Sun OpenDS Standard Edition 1.0. I’m sure you’ll hear more about it in the coming days.

We’ve grown our community of users and developers despite going through internal re-organization. We have almost doubled the number of committers in a year, receiving contributions in tests, functionalities, code and designs. The number of registered users has reached the 200 mark.

We’ve done well but there is still a lot to do for the coming years. We need to continue to deliver the functionalities our users and customers want. We need to continue to grow OpenDS ecosystem and community.

So come and have a part of the journey with us. There are many ways to interact with the OpenDS community, beside playing and running the code:

• Sign-up for a Java.net account and request a role on OpenDS
• Subscribe to the OpenDS users or dev Mailing lists
• Browse or Search the OpenDS mailing lists archive with MarkMail
• Read and write about OpenDS on the OpenDS documentation wiki
• Call in our monthly public meetings
• Chat about OpenDS on the #opends IRC channel
• Tweet about OpenDS
• Wear OpenDS from the OpenDS CafePress store
• Dive into the OpenDS stats with OpenDS @ ohloh
• Tag the OpenDS news @ SWiK
• Decorate your profile on Facebook with the OpenDS FaceBook Group
• Network with OpenDS users and developers from the OpenDS LinkedIn Group
• Network with more OpenDS users and developers from the OpenDS Plaxo Group

Technorati Tags: java, ldap, opends, opensource

On July 10th, OpenDS 1.0.0 the open source LDAP directory service in Java was released. In the release notes, the list of platforms on which OpenDS has been qualified is quite long but does not mention Mac OS X.

Many OpenDS developers have a MacBook (Pro) and use it for development, unit tests and first integration tests.

So OpenDS 1.0.0 works really well on Mac OS X with either Java 5 and Java 6.

OpenDS is now listed on Apple Mac OS X Downloads site, in the Unix and Open Source category.

Marla just announced the availability of MarkMail services for Java.net, provided free by MarkLogic.

As a result, you can now search, analyze, browse all of the Java.net mailing lists and more specifically the OpenDS ones:

• Users
• Dev
• Precommit-Notification
• QA

The service fills a need that has been expressed several times on … the mailing lists. If you want to give it a try for other Java.net projects :

http://markmail.org/search/?q=list%3Anet.java.dev.<ProjectName&gt;

Technorati Tags: java, opends, opensource, mailinglist, search

If you’re planing on using LDAP Naming Services with Solaris or OpenSolaris, we’ve just published a detailed article on how to setup OpenDS, the open source LDAP directory service written in Java, for it.

In a near future, we will make it even easier as we’re planning on having OpenDS 1.0 available in the OpenSolaris package repository.

Technorati Tags: directory-server, ldap, naming, opends, opensolaris, opensource

The OpenDS development team is very please to announce the release of OpenDS 1.0.0, the first stable release of the OpenDS project.

OpenDS 1.0.0 delivers a fully compliant LDAPv3 server (*) that passes all of the compliance, interoperability and security tests suites. Furthermore, OpenDS 1.0.0 implements most the standard and experimental LDAP extensions defined in the IETF as RFCs or Internet-Drafts, ensuring maximum interoperability with LDAP client applications.

With a limited footprint allowing the server to be embedded in other Java applications, OpenDS has a very rich set of APIs making it easy to extend and increase usage scope.

OpenDS also supports a multi-master replication model that guarantees the high availability of the data for all operations, searches or updates. While theorically unlimited with regards to the number of masters, the OpenDS 1.0.0 server has been stressed under heavy and durable load with 4 Masters.

OpenDS 1.0.0 also includes :

– A 6 steps graphical installation tool that allows to have a server configured, up and running in less than 3 minutes.

– A graphical status panel

– A rich command line tool to perform all online administrative tasks both interactively or scripted.

– Advance security and password policies

– Advance backup and restore capabilities.

– A DSML gateway servlet.

– A complete user documentation set.

Note that the defaults settings for the OpenDS server are targeted for the initial evaluator or developer, running on a machine with a limited amount of resources. So it is important to do initial tuning of the Java VM and the OpenDS server to scale.

The first recommendation is to use the latest version of the Java VM (as of today Java 6 update 6 aka 1.6.0_06).

Some recommendations for the Java VM settings have been published on the OpenDS Documentation Wiki. More specifically, in order to have constant performance, tuning the Garbage Collector is needed. We recommend the CMS GC or ParallelGC.

Finally, OpenDS does provide better performances when the database files are cached into memory. The initial size for the DB cache is 10% of the heap size and is definitely under sized. A good rule of thumb is to allocated a DB cache size about half of the heap size if the later is below or equal to 2 GB, and for heap size greater than 2 GB to allocate a DB cache size equal to the heap size minus 1GB.

While we are really happy with the first stable release of the OpenDS LDAP directory server, our roadmap includes many other features and some ambitious ones:

– Native packages for OpenSolaris and Linux.

– Transactions for LDAP

– Assured Replication which is a replication model where a changed is assured to be received on at least 2 masters before it get acknowledge to the client application.

– Access to the log of changes over LDAP in order to provide external synchronization services.

– Basic management GUI for the most common tasks.

– Confidentiality and Encryption negotiation through SASL

– Improved performances

…

For the more information about OpenDS 1.0.0 please check the release notes.

Support for OpenDS 1.0.0 will be soon available from Sun Microsystems.

(*) with the exception of a partial support of RFC 4518 – International String Preparation

Technorati Tags: directory-server, java, ldap, opends, opensource, Sun

The Sun Directory Service Control Center is a web application that allows administrators to configure and administer all of their Sun Directory 6.x servers and Directory Proxy 6.x servers from a single place.

The Console is supported to run on Tomcat 5.5 and Sun Java System Application Server 8.2. In a previous blog post, I demonstrated how to deploy DSCC in GlassFishv2.

Thanks to Eric Le Ponner, architect of DSEE and lead developer for the Administration part, we can now deploy DSCC in WebLogic 10 Application Server.

This will be fully supported with Sun Directory Server Enterprise Edition 7, but here’s the workaround to get it to work with Sun Java System Directory Server Enterprise Edition 6.3.

First deploy DSCC war file on WebLogic.

Then just add the following weblogic.xml file in the WEB-INF directory, next to the web.xml file for the DSCC web application:

<?xml version="1.0" encoding="utf-8"?>

<weblogic-web-app

xmlns="http://www.bea.com/ns/weblogic/90&quot;

xmlns:j2ee="http://java.sun.com/xml/ns/j2ee&quot;

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance&quot;

xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-web-app.xsd"&gt;

<container-descriptor>

<filter-dispatched-requests-enabled>false</filter-dispatched-requests-enabled>

</container-descriptor>

</weblogic-web-app>

There you are.

For those who like the gory details, DSCC is a servlet 2.3 web application and implements a servlet filter to manage security. WebLogic 10 Application Server supports by default the servlet 2.4 specifications and process differently filtered requests. The trick is then to instruct WebLogic to do the filtering as for the servlet 2.3 specifications.

Technorati Tags: directory-server, java-enterprise-system, ldap, Sun