OpenDJ LDAP Directory Services update

FR_plogo_org_FC_openDJ-300x86The new version of ForgeRock Directory Services, based on OpenDJ 3.0, was released in January and I’ve already written about the new features here, here and here.

We’ve now started the development of the next releases. We’ve updated the high level roadmap on our wiki, to give you an idea of what’s coming.

The last few weeks have been very active, as you can see on our JIRA dashboard.

Screen Shot 2016-03-18 at 10.56.12

There are already a few new features and enhancements in the master branch of our GIT repository :

A Bcrypt password storage scheme. The new scheme is meant to help migration of user accounts from other systems, without requiring a password reset. Bcrypt also provide a much stronger level of security for hashing passwords, as it’s number of iteration is configurable. But since OpenDJ 2.6, we are already providing a PBKDF2 password storage scheme which is recommended over Bcrypt by OWASP, for securing passwords.

Some enhancements of our performance testing tools, part of the OpenDJ LDAP Toolkit. All xxxxrate tools have a new way of computing statistics, providing more reliable and consistent results while reducing the overhead of producing them.

Some performance enhancements in various areas, including replication, group management, overall requests processing…

If you want to see it by yourself, you can checkout the code from our GIT repository, and build it, or you can grab the latest nightly build.

Play with OpenDJ and let us know how it works for you.

OpenDJ Nightly Builds…

For the last few months, there’s been a lot of changes in the OpenDJ project in order to prepare the next major release : OpenDJ 3.0.0. While doing so, we’ve tried to keep options opened and continued to make most of the changes in the trunk/opends part, keeping the possibility to release a 2.8 version. And we’ve made tons of work in branches as well as in trunk/opendj. As part of the move to the trunk, we’ve changed the factory to now build with Maven. Finally, at the end of last week, we’ve made the switch on the nightly builds and are now building what will be OpenDJ 3, from the trunk.

For those who are regularly checking the nightly builds, the biggest change is going to be the version number. The new build is now showing a development version of 3.0.

$ start-ds -V
OpenDJ 3.0.0-SNAPSHOT
Build 20150506012828
--
 Name Build number Revision number
Extension: snmp-mib2605 3.0.0-SNAPSHOT 12206

We are still missing the MSI package (sorry to the Windows users, we are trying to find the Maven plugin that will allow us to build the package in a similar way as previously with ant), and we are also looking at restoring the JNLP based installer, but otherwise OpenDJ 3 nightly builds are available for testing, in different forms : Zip, RPM and Debian packages.

OpenDJ Nightly Builds at ForgeRock.org

We have also changed the minimal version of Java required to run the OpenDJ LDAP directory server. Java 7 or higher is required.

We’re looking forward to getting your feedback.

OpenDJ on Windows…

OpenDJ LogoOpenDJ, the LDAP directory services in Java, is supported on multiple platforms and has been for many years. We’re testing on Linux, Windows, Solaris, Mac OS X, but also different JVMs: Oracle JRE, OpenJDK, Azul Zulu, IBM JVM…

With OpenDJ 2.6, we’ve made it easier for people to install it on Linux machines by providing RPM and Debian packages.

We are now also providing a MSI package to ease the installation and removal on Windows machines. The MSI package is available for nightly builds here.

OpenDJ MSI InstallerScreen Shot 2015-01-28 at 09.14.01

Making OpenDJ easier for Linux, DevOps and the cloud…

packagerpm

I’ve recently made some changes on the OpenDJ nightly builds page and made available 2 new deliveries for OpenDJ : an RPM package and a Debian package.

The goal of providing native packages for OpenDJ is to make things much easier for the Linux system administrators and the DevOps  who want to deploy OpenDJ automatically, as well as for whoever wants to run OpenDJ in a VM in the cloud.

packagedeb

There has been several other efforts to build native packages for OpenDJ, here and there, but due to the structure of OpenDJ deliveries, you could not properly upgrade versions. The packages available with the nightly builds are taking advantage of the new upgrade mechanism that has been developed, allowing an easier and smoother migration from previous releases.

If you do use the packaged version, make sure you log any bugs you find in theOpenDJ issue tracker.

I’d like to thank Danny Turner for his great contributions to the OpenDJ native packaging.

OpenDS 2.3.0-build003 is now available…

Opends Logo TagWe have just uploaded OpenDS 2.3.0-build003, a new snapshot from the development branch of the OpenDS project, to the promoted-build repository.

OpenDS 2.3.0-build003 is built from revision 6502 of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.3.0-build003/OpenDS-2.3.0-build003.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.3.0-build003/OpenDS-2.3.0-build003-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.3.0-build003/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.3.0-build003, including the detailed change log

Major changes since OpenDS 2.3.0 build002 include :

  • Provides support for the MS Permissive Modify control (#4238)
  • Adds support for multiple superior objectclasses in schema (#615)
  • Updated Berkeley DB Java Edition to version 4.0.103
  • Several enhancements and fixes in the External Changelog: Reliability in special cases like disabling replication domains, naming entries by ChangeNumber (Issue #4537), performance of searches with bounded filters (#4507), supporting operational attributes…
  • Resolves an issue (#4546) during shutdown that could cause deadlock in replication
  • Resolves an issue (#4554) on Windows with the Windows services
  • Some enhancements in the GUI look and feel and in 508 compliance
  • Resolves some issues (#4529, #3891, #3404, #3402) with specific replication conflict resolution
  • Improves the startup time of the server and detection of services tags
  • Resolves an issue (#4553) with the referential integrity plugin when several attributes are configured but only one is in a user entry
  • Fixes an issue (#4386) when adding an entry with duplicate values, resulting in a NPE
  • Fixes an issue (#4468) with the way values in filters and indexes are normalized
  • Resolves some performance issue (#4384) in replication monitoring
  • Improves reliability of replication initialization protocol (Issues #3395 #3998)
  • Resolves several issues (#3966, #4406, #4536 with clients tools and control panel when the server disconnect on error
  • Fixes some issues with MakeLDIF utility
  • Resolves a few issues (#4520) within Import
  • Improves the SSHA password storage scheme to be compatible with hashes from other servers (#4558)
  • Resolves an issue (#4232) with Windows specific LDIF files during Import
  • Adds an option to log replications CSNs in the Access Logs, like Sun Directory Server does
  • Resolves an issue (#4556) with the Password Modify extended operation when some validation must be skipped for administrators
  • Resolves an issue (#2748)with the order of message logged in the access logs
  • Resolves an issue where password policies subentries are not applied after replicated

Technorati Tags: , , , , , , ,

OpenDS 2.3.0-build002 is now available…

Opends Logo TagWe have just uploaded OpenDS 2.3.0-build002, a new snapshot from the development branch of the OpenDS project, to the promoted-build repository.

OpenDS 2.3.0-build002 is built from revision 6400 of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.3.0-build002/OpenDS-2.3.0-build002.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.3.0-build002/OpenDS-2.3.0-build002-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.3.0-build002/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.3.0-build002, including the detailed change log

Major changes since OpenDS 2.3.0 build001 include :

  • Multiple improvements on the Control Panel and the Setup
  • Multiple incremental improvements with the External Changelog, including reliability and performance (Issue #4478)
  • Upgraded the version of the Berkeley DB Java Edition to 4.0.95
  • Final fix for issue #4367, removing the need for BDB logging configuration via properties
  • Fixes some memory leaks with lots of connects and disconnects (Issue #4491)
  • Resolves a NPE when using Extensible Matching filters without matching rule OID (Issue #4385)
  • Fixes an issue (#4539) with the DSML gateway with JAXB and some Application Servers
  • Fixes an issue (#4492) in ACI where an NPE would occur when the base entry contains a single RDN component
  • Improves the reliability of the OpenDS Windows Services (Issues #4084 and #4381)
  • Resolves issue #4523 where ACI and sub-entry caches were not updated on replicas
  • Resolves issue #4538 where Virtual attributes would not be retrieved when the entry cache is configured
  • Fixes an issue with access controls that would give different results for cn=Directory Manager and plain user (Issue #4547)
  • Enhances the support and compliance of LDAP subentry, Collective attributes and Password Policy
  • Resolves several issues with Replication including Issues #4514, #4533 and #4534, and enhance the way Replication servers are electing servers they connect to (Issue #4343)
  • Renamed the extensions directory to “experimental”. The only experimental extension is the ArisID privacy control
  • Fixes several issues related to building OpenDS, especially on Windows.

Technorati Tags: , , , , , , ,

OpenDS 2.3.0-build001 is now available…

In December, the team had released OpenDS 2.2.0, a stable release of the LDAP directory server written for the Java platform. While the quality assurance team was testing and making sure the level of quality and reliability was there, the developers continued to add features on the trunk.

So today, I’m happy to announce the promotion of OpenDS 2.3.0-build001, the first development build on the path to OpenDS 2.4, a stable release currently planned for Summer 2010.

OpenDS 2.3.0-build001 is built from revision 6353 of our source tree and contains 2 major features :

  • The import code has been refined to improve performances, especially with very large data set. Tests have been run with 1,000,000,000 entries and the file imported in about 40 hours.
  • This version of OpenDS provides support for Subentries in LDAP [RFC 3672] and Collective Attributes for LDAP [RFC 3671]. In addition to the support of the Collective attribute standard, OpenDS supports a more user friendly notation, allowing to make use of Collective attribute definitions with standard attributes. More on this subject in a future article, although if you want to understand how to use it, Anton already wrote a description on the OpenDS Wiki.

These 2 features are just started to be seriously tested by the OpenDS team, so they cannot be considered as fully stable yet. There are already some issues being investigated, with the rebuild-index and verify-index commands. If you do find an issue with this OpenDS build, please report it in Issue Tracker.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.3.0-build001/OpenDS-2.3.0-build001.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.3.0-build001/OpenDS-2.3.0-build001-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.3.0-build001/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.3.0-build001, including the detailed change log

Major changes since OpenDS 2.2.0 include :

  • Multiple improvements on the Control Panel and the Setup including display of equivalent command-line commands, cosmetic aspects, messages, referral handling…
  • Multiple incremental improvements with the External Changelog, including reliability and performance
  • Revision 6190 – Upgraded the version of the Berkeley DB Java Edition to 4.0.73
  • Revision 6192 (Issue #4360) – Improves responsiveness of the OpenDS server when hammered with large searches and slow clients
  • Revisions 6198, 6209 (Issue #4371) – Solves an issue with PKCS12 certificates that do not have alias
  • Revision 6208 (Issue #4373) – Improves time to start the replication service
  • Revision 6292 (Issue #3601) – Adds the ability to update or delete schema attribute types and object classes definitions in the Control Panel
  • Revision 6332 (Issue #4472) – Fixes the way a Workflow element is checked to be a parent of another Workflow element
  • Revision 6334 (Issue #4464) – Solves an issue where reading the RootDSE could take too long when External Changelog is enabled
  • Revision 6336 (Issue #4477) – Increases the maximum size of DB log files from 10MB to 100MB
  • Revision 6351 – Support for localization in Catalan (ES_CA)
  • Revision 6353 (Issue #4489) – Resolve an issue where Java would not be detected even though JAVA_HOME variable was set

Technorati Tags: , , , , , , ,