opensource

New in OpenDS 2.0: I18N Collation Matching Rules

Ludo4 Comments

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features in it.

Today we will be taking a closer look at the I18N Collation Matching Rules.

In LDAP, most of the data is made of DirectoryStrings which are UTF-8 encoded strings. LDAPv3 specifications and more precisely RFC 4518, defines the way to prepare UTF-8 strings to be compared in LDAP and OpenDS being fully compliant with LDAPv3 implements this RFC.

This means that the server will properly case-fold non-ascii characters and be able to compare properly and in a case insensitive way, none ascii characters like the French é or Japanese characters.

OpenDS Entry Editor Panel

Let’s work with an example, an entry with the givenName “Hélène” illustrated on the right (click on the image for a larger view).

If I search the directory for that givenname, I can retrieve the entry:

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname=hélène)’
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
mail: Helene.Detroy@example.com
givenName:: SMOpbMOobmU=
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
uid: hdetroie
cn:: SMOpbMOobmUgRGVUcm9pZQ==
sn: DeTroie

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname=HÉLNE)’ givenName
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
givenName:: SMOpbMOobmU=

Note : DN, CN and GivenName are base64 encoded in the result as expected per LDIF Specifications.

Note : To be able to type in correctly the string “hélène” in a terminal (like to the filters above), make sure the LANG is set to use UTF-8 encoded characters (LANG=en_US.UTF-8).
Let’s see what happens if I’m searching for the same user without the accentuated letters.

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname=helene)’

$

 

Nothing returned. This is because in Unicode the letter e and é do not normalize the same. Now this is a big problem, especially in Europe because we do not like when our name is not written how it should be and also because the person that searches may not remember exactly how to spell the name or may not know how to type the composed character on his machine. Also in French (but with other locales as well), the letters e and é and É are considered comparing equal.

That’s where the I18N Collation Matching Rules come to the rescue.

OpenDS 2.0, like his far ancestor Sun Directory Server, supports by default a set of extensible matching rules that are locale specific.

This means I can now search for the GivenName according to the Collation Rules associated with French or German or Norvegian or Japanese.

Each locale has been assigned an OID and then there are 6 different matching rules per locale : LowerOrEqual, LowerThan, Equality,GreaterOrEqual, GreaterThan , Substring.

So if one would like to match givenname for equality according to the French collation rules, the filter would be the following: (givenname:1.3.6.1.4.1.42.2.27.9.4.76.1.3:=Helene)

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname:1.3.6.1.4.1.42.2.27.9.4.76.1.3:=helene)’ givenName
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
givenName:: SMOpbMOobmU=

Or for a substring match, still according to the French collation rules:

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname:1.3.6.1.4.1.42.2.27.9.4.76.1.6:=hel*)’ givenName
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
givenName:: SMOpbMOobmU=

 

But remembering OID for each locale and type of matching is not easy. So we’ve also provided some shortcuts in the form of the locale name and a short string representing the different matching; lte, lt, eq, gte, gt, sub

Examples:

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname:fr.eq:=helene)’ givenName
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
givenName:: SMOpbMOobmU=

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname:fr.sub:=hel*)’ givenName
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
givenName:: SMOpbMOobmU=

$ bin/ldapsearch -p 2389 -b “dc=example,dc=com” ‘(givenname:de.eq:=helene)’ givenName
dn:: Y249SMOpbMOobmUgRGVUcm9pZSxvdT1QZW9wbGUsZGM9ZXhhbXBsZSxkYz1jb20=
givenName:: SMOpbMOobmU=

So not only those I18N Collation Matching Rules can be used in Search filters to search, but they can be used for indexing as well, and also for server side sorting.

Unfortunately, setting extensible matching rules for indexes is not possible from the ControlPanel. So it has to be done with dsconfig.

$ dsconfig set-local-db-index-prop \
–backend-name userRoot \
–index-name givenName \
–add index-extensible-matching-rule:fr.eq \
–hostname ludovic-poitous-computer-2.local \
–port 5444 \
–trustStorePath /Users/ludo/dev/Tests/OpenDS2rc4/config/admin-truststore \
–bindDN cn=Directory\ Manager \
–bindPassword ****** \
–no-prompt

 

Don’t forget to rebuild the index for the givenName attribute (bin/rebuild-index -b dc=example,dc=com -i givenname).

You can find more information about the I18N Collation Matching Rules on the OpenDS 2.0 Documentation Wiki.

Technorati Tags: , , , , ,

New in OpenDS 2.0: Monitoring in the Control Panel

Ludo2 Comments

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features in it.

Today we will look at the new feature in the Control Panel: the monitoring aspect.

At first look when we compare the Control Panel for OpenDS 1.2 (on the left below) and the one for OpenDS 2.0 (on the right below), not much has changed. Except for the left bar menu that contains a new section: Monitoring and a status bar at the bottom of the panel.

OpenDS 1.2 Control PanelOpenDS 2.0 Control Panel

Let’s look a little more in details what kind of monitoring information for the OpenDS server is now available:

General Information.

OpenDS 2.0 General Monitoring PanelIn the General Information Panel, you will find overall statistics such Connections, Up Time, but also information related to the system like the name, OS, number of CPUs, available memory in the JVM. You will also have a screen dedicated to the Java VM specific information (see below) such as the version, the vendor, the running arguments, a lot of details about the various segments of memory of the VM. A third screen highlights the work load. The fourth one gives details about the entry cache and the fifth one gives details about the local backend database environment, i.e. low level statistics on memory, transactions, locks in the database. There are more than 50 parameters from the database that you can retrieve and look at with the “Show Operations…” button.

OpenDS 2.0 Monitoring Java VM

The Connection Handler.

The Monitoring Panel for the Connection Handler gives greater details about the LDAP operations that are processed by the server, sorted by kind of Connection: what goes on the LDAP port, what happens on the LDAPS port and the Administrative operations.

OpenDS Connection Monitoring

There are many more statistics information available from the OpenDS server, either through LDAP, JMX or SNMP if you have enabled the later two. Not everything can be displayed in the GUI, and in future version we will provide external tools or widget to graph some of the monitoring information. Meanwhile, play with the Monitoring screens of the OpenDS 2.0 Control Panel, and let us know what you think, what you like, what you feel is missing.

And for a supported version of OpenDS, please check Sun OpenDS Standard Edition 2.0

Technorati Tags: , , , ,

OpenDS makes Java.net Headlines

LudoLeave a comment

Yes, the release of OpenDS 2.0 was a big news for all of us in the development team. But we’re really happy that the news is also big on Java.net.

Many thanks to the editors, and particularly to Marina Sum who keeps posting about the OpenDS to her blog, by passion and kindness.

Javanet20090720

Technorati Tags: , , , , ,

New in OpenDS 2.0: Recurrent and Scheduled Tasks

Ludo1 Comment

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features on it.

Today we will focus on one simple feature that greatly reduce cost of administration: scheduled tasks.

Being a Directory Server administrator often implies that you have to perform some administrative tasks on a regular basis. One of those tasks for example that an administrator has to do is a backup of the database. With most Directory Servers, the administrator would write a script to be run on a specific time of the day (or rather the night) that would proceed with the backup.

With OpenDS and the Recurrent Tasks, we’ve simplified this to the extreme: Just instruct OpenDS to do a backup on a weekly or daily basis, and as long as the server is running, it will execute the backup procedure at the desired time.

Here’s how to schedule an hourly, compressed backup for the main back-end :

$ bin/backup -p 5444 -D cn=directory\ manager -w secret12 -n userRoot \
-d ./backups -c –recurringTask ‘0 * * * *’

Recurring Backup task BackupTask-dc89d98e-4ade-410e-ad19-325279af8f67

scheduled successfully

Now, just wait for the hour to pass, and check if the backup has been taken 😉

The string passed as a parameter following the –recurringTask option has the same format as for the crontab(5) time/date: a 5 integer pattern field, separated by blank spaces: Minute (0-59), Hour (0-23), Day Of Month (1-31) Month Of Year (1-12) Day Of The Week (0-6 with 0 being Sunday).

The recurrent tasks are not limited to backups. They can be applied to all tasks, although some may not be that useful to everyone. Although I do see some use of a daily import of an LDIF file from a well know location, as a way to synchronize with external sources.

And of course, you can list the scheduled and recurrent tasks with dsconfig and cancel them if needed.

In the next release of OpenDS, you will be able to configure the recurrent tasks with the Control Panel. If you can’t wait, you can try with the latest daily build.

You can find more information on recurrent tasks on the OpenDS Documentation Wiki.

Technorati Tags: , , , , ,

OpenDS 2.0.0 Release Candidate 4 is now available

LudoLeave a comment

Opends Logo TagA couple of blocking issues have been found in OpenDS2.0 Release Candidate 3 and so a new release candidate is now available. Hopefully this will be the last one, and we’re doing the last round of non-regression tests before the final release of OpenDS 2.0, around mid July.

OpenDS 2.0.0-RC4 is built from revision 5494 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC4/OpenDS-2.0.0-RC4.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC4/OpenDS-2.0.0-RC4-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC4/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC4.

This new candidate includes the following changes to OpenDS 2.0.0 RC3:

  • Revisions 5487, 5490 (Issue #4070) – Fix a bad encoding in a couple of LDAP extensions : PSearch Entry Change Notification Control and Password Policy State Extended Operation
  • Revision 5492 – Resolves a possible replication issue with future versions of OpenDS and Replication protocols.

Technorati Tags: , , , , ,

FISL 10 Trip report

LudoLeave a comment

I’ve just spent a wonderful week in Porto Alegre, Brazil where I’ve landed to talk about OpenDS at the FISL 10 conference.

This is my first visit in Brazil and I must say that I didn’t get any good impression of the country in the first two days. As a matter of fact, I didn’t get any impression at all. I arrived on Monday evening around 9pm, it was all dark. After more than 16 hours of traveling, I just wanted to hit a bed.

On the Tuesday morning, thanks to the jet lag, I got up quite early, checked email and went for breakfast by 7am, noticing a rainy day and still pretty dark. I was just done with the breakfast when Bruno Souza arrived and took me to the location of the Javali meeting, an ancillary event of FISL, sponsored by Sun and organized by SOU Java and RS JUG.

We spent the whole day in the conference room, watching from time to time through the windows the heavy rain and wind. The Javali talks ended with pizzas and guarana and by then the night was already dark.

While I didn’t get to see how Porto Alegre looks like in the first days of my visit, I did enjoyed the friendliness of Brazilians. At Javali, trying to follow the presentations in Portuguese was though but I think I got probably 50% of the technical parts thanks to the mix of english words and to my understanding of Spanish. And when it was necessary, Bruno or Mauricio Leal would do some translation for us.

I didn’t get to talk at Javali, the agenda was pretty full and I hadn’t told Bruno I would be coming as I wasn’t sure I could make it. But Pat Patterson presented Securing RESTful Web Services with OpenSSO (and OAuth) and mentioned a few times OpenDS.

LP0_1036

LP0_1039Wednesday was the first day of FISL and all the Sun participants went quite early to help setting up the booth in the Exhibition Hall. Sun’s booth was very well located and its main attraction was the thousands of small soccer balls that were given to attendees that registered to the OSUM program. I think that throughout the whole event, the Sun’s booth was the most vibrant and busy one, with Roger Brinkley making demos with his toys, Angel Camacho, Brian Leonard, Kirthankar Das and others helping with installs of OpenSolaris on attendees’ laptops.

LP0_1167LP0_1181

Arun Gupta fired the event on Wednesday morning with his presentation demonstrating the combined power of GlassFish, MySQL and NetBeans to build web applications.

Arun Gupta, inauguring FISL conf with the 1st talk

Friday was the busiest day for me as I was scheduled for 2 presentations. But before that, I was invited to participate in Simon Phipps talk show, describing in 5 minutes, what was OpenDS, what were the benefits for the Brazilian open source users and developers.

Fisl10 Simontalk

Immediately after, and in the same room, I did my presentation for OpenDS with the theme of "Scaling the Identity Store with OpenDS". The sessions talked about the 3 models we have in OpenDS for deployment :

  • Embedded in Java applications,
  • Standalone replicated servers,
  • LDAP Front-end access to MySQL Cluster’s network DB.

While FISL is mostly attended by students, my session had a majority of System Administrators, interested by simplifying and reducing the cost of their data-centers.

Ludo speaking

Later in the afternoon, I was presenting again, repeating JavaOne’s presentation from Tony Printezis and Charlie Hunt GC Tuning In the HotSpot Java Virtual Machine. Charlie was meant to attend the event, but the week before found out he could not make it. As they recalled I was in the room at JavaOne and I’m quite familiar with the subject as we’re spending a lot of time trying the different options to tune the JVM to get the best performances out of OpenDS, they asked me to cover the talk. I think I’ve done a reasonable job, despite the density of information in the slides, and the simultaneous translation in Portuguese for the largest part of the crowd not so familiar with English.

Still on Friday, part of the exhibition floor was closed to the public as the Brazilian President, Lula Da Silva, was schedule to visit the event. Sun booth was very well positioned, on the border on the closed area and the crowd started to gather by the booth as President Lula arrived. The excitement was amazing. When the President reached by the OpenSolaris Brazil user group, he received an OpenSolaris cap and T-shirt from Vitorio Sassi, Sun employee and one of the leaders of the Brazilian OpenSolaris community.

Brazilian Presidente Lula with OpenSolaris community
Photo taken by Ludovic Poitou, June 26 2009.

Somerights20

.

On Saturday and last day of the FISL conference, I got to share a little bit more of the stage by answering a performance related question from the attendance on Bruno Souza’s session about the future of Java,with the exceptional presence of Javali, the mascote for the Javali user group.

Bruno Souza with Duke and Javali

Overall FISL has been an amazing experience. It is definitely the biggest open source I’ve participated to. Over 8200 registered visitors, from 27 different countries, more than 320 speakers for 354 presentations and a presidential visit. More than that, Brazilians are extremely nice, generous and happy to live. They made our stay in Porto Alegre something that I’ll remember for a long time. A special thanks to the main organizers: Bruno Souza and Eduardo Lima (here below with Simon Phipps)

LP0_1127

.

I’ll definitely participate to the Call For Presentation next year, if evangelism of the OpenDS project is still one of my tasks for next year.

You can find all photos for the event in the FISL 10 picasa album.

Technorati Tags: , , , , , , , ,

To the FISL attendees…

Ludo1 Comment

FISL 10

Many of you have requested the slides.

Here they are :

Thanks for your presence…

A more detailed article is in the works.

Technorati Tags: , , , , ,

OpenDS 2.0.0 Release Candidate 3 is now available

LudoLeave a comment

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC3, the third and probably last release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 170 issues have been fixed.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.

So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

Our quality team will be doing the same during the next 2 to 3 weeks.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC3 is built from revision 5460 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC3/OpenDS-2.0.0-RC3.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC3/OpenDS-2.0.0-RC3-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC3/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC3.

Major changes incorporated since OpenDS 2.0.0 RC2 include:

  • Revision 5436. Delivers updated localization bundles
  • Revision 5439 (issue #4047) – Resolves an issue with uninstalling OpenDS.
  • Revision 5440 (Issue #4049) – Fixes an issue in the Control Panel where monitoring information was not available for all Connection Handlers.
  • Revision 5441 (Issue #4045) – Fixes an issue with start-ds -F so it reports snmp build information.
  • Revision 5452 (Issue #3713) – Resolves an issue where sockets could be leaked when replication connection fails due to SSL handshake.
  • Revision 5459 (Issue #4057) – Fixes an issue where restoring the schema from a backup would silently fail and prevent the server from working.

Technorati Tags: , , , , ,

Integrating OpenDS and Samba as a Primary Domain Controler…

LudoLeave a comment

Opends Logo Tag

Samba Logo

A few weeks ago, I was exchanging emails with one of the members of our community who was having issues with adding Samba related schema to OpenDS. The exchange turned into a few issues raised against OpenDS and a couple of builds later, he happily reported having all his problems solved and having a fully functional Primary Domain Controler running on his Ubuntu machine. And he immediately posted a detailed How To Guide on the OpenDS wiki.

I haven’t tried to reproduce the settings, but if you need to run Samba with LDAP on your server, you might want to check OpenDS and follow the steps to get it running.

Technorati Tags: , , , , , ,

OpenDS 2.0.0 Release Candidate 2 is now available

Ludo1 Comment

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC2, the second and probably last release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 170 issues have been fixed.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.

So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

Our quality team will be doing the same during the next 2 to 3 weeks.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC2 is built from revision 5417 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC2/OpenDS-2.0.0-RC2.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC2/OpenDS-2.0.0-RC2-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC2/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC2.

Major changes incorporated since OpenDS 2.0.0 RC1 include:

  • Revisions 5376, 5388, 5390 (Issues #3997, 4006 and 3993) – Improvements to the schema parsing mechanism.
  • Revision 5378 (Issue #3898) – Make all information from a BIND request accessible from AuthenticationInfo.
  • Revision 5381 (Issue #4009) – Fixes to the upgrade facility.
  • Revision 5384 (Issue #3856) – Improvements to the way in which connections and extended operations are logged.
  • Revision 5386 (Issue #3996) – Fix a problem that could result in lost delete operations within a replication topology.
  • Revision 5392 (Issue #4010) – Fix an exception in the DSML implementation.
  • Revision 5394 (Issue #4014) – Improve the information showed by start-ds.
  • Revision 5395 (Issue #4013) – Fix an encoding error for the server side sort response control.
  • Revision 5396 (Issue #4011) – Correct a problem with indexing after an upgrade.
  • Revisions 5398, 5400, 5403 & 5412 – Localization improvements.
  • Revision 5402 (Issue #4007) – Improve performance when importing entries containing attributes with many values.
  • Revisions 5404 & 5409 (Issue #4020) – Allow help links in the control panel to be customized.
  • Revision 5406 (Issue #4022) – Fix a Java exception when using dsconfig -m/unit-time.
  • Revision 5407 (Issue #4027) – Fix an NPE when configuring network groups.
  • Revision 5411 (Issue #3988) – Improve throughput stability and GC performance under heavy connect/disconnect loads.
  • Revision 5414 (Issue #4062) – Enable the deregistering of add/change/delete configuration listeners.
  • Revision 5415 (Issue #4012) – Improve the import task to handle missing include branches.
  • Revision 5417 (Issue #4023) – Restart the server after scheduling a restart task.

Technorati Tags: , , , , ,

OpenDS 2.0.0 Release Candidate 1 is now available

Ludo3 Comments

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC1 which is the first release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 150 issues have been fixed. However, there are still a few issues with the release candidates, and more specifically upgrading from an earlier version is not functional. This should be fixed in the next release candidate.

Localization of the OpenDS messages is still work in progress and thus some messages can still appear in English when running a localized version of the server.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.

So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC1 is built from revision 5374 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC1/OpenDS-2.0.0-RC1.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC1/OpenDS-2.0.0-RC1-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC1/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC1.

Major changes incorporated since OpenDS 1.3.0-build006 include:

  • Revision 5318 (Issue #3969) – Provide support for wildcards in dsconfig certificate management.
  • Revision 5321 (Issue #3962) – Fix memory leaks after Bind – Unbind
  • Revision 5323 (Issue #3971) – Enable Windows to detect the JVM automatically on install.
  • Revision 5336 (Issue #3981) – Fix uncontrolled memory growth under heavy connect/disconnect load.
  • Revision 5338 (Issue #3977) – Fix memory leak in Control Panel.
  • Revision 5347 (Issue #3938) – Improve the speed of dsconfig in non-interactive mode.
  • Revision 5364 (Issue #3995) – Fix an error that caused replication to stop if the queue-size-bytes maximum was reached.
  • Revision 5365 (Issue #3250) – Fix a problem that could cause replication initialization to fail.
  • Revision 5369 (Issues #3984 & #3989) – Fix security issues with Assertion, Pre-Read, and Post-Read Controls.
  • Revision 5374 – Upgrade JE to the latest official release (3.3.82).

Technorati Tags: , , , , ,

OpenDS as the OpenSSO User Repository

LudoLeave a comment

OpenSSO Express 7 was announced earlier in April with a full support for OpenDS Standard Edition for storing users’ identity data.

Back in March, I pointed out Indira’s blog and the detailed how to guide for configuring OpenDS as the OpenSSO user store.

BlahRecently, the official documentation appeared on the OpenSSO resource center. So if you want to use OpenDS as the OpenSSO User Repository, I encourage you to read and follow the steps detailed here: http://wikis.sun.com/display/OpenSSO/Using+OpenDS+as+a+User+Data+Store.

Technorati Tags: , , , , ,

OpenDS, OpenSSO and Identity at large

LudoLeave a comment

On the first week of May, I was in Munich for the European Identity Conference hosted by Kuppinger-Cole.

This was my first participation and I was delighted to meet with several of the experts in the area as well as some OpenDS customers or users, whom I’ve mostly "known" only through blogs or emails. I had discussions with Kim Cameron, Jackson Shaw and James McGovern. We shared tea with Felix Gaehtgens and Prateek Mishra. The conference was also the opportunity to talk with and listen to some of my Sun colleagues that I don’t get to see often like Fulup Ar Foll and Eve Maler. I must say that both of them did pretty interesting presentations.

Eve

Eve’s keynote on the first day of the conference brought the case for "permissioned data sharing" and was very well argued. It was the first time that I heard about User Centric identity and VRM tied together and even with a proposed solution.

Fulup

On Wednesday, Fulup did a very thought provocative (and fast forward) presentation about Digital Identity in the cloud, where he explained the identity management concepts are inherited from a centralized vision of the world and they would not fit well with the cloud, nor scale to the internet. He proposes to look at how mobile operators are solving massive identity scale and to leverage existing SAML2 and Liberty defined services to build the "lazy" identity architecture.

On Thursday I was to take part of a panel discussion on the subject of "The Identity Bus" or the future of Directory Services (should I say Identity Services ?), moderated by Felix Gaehtgens. The panel was an opportunity to see again Steve Shoaff, CEO of Unboundid but previously my manager, and to meet both Dale Olds of Novell and Prateek Mishra of Oracle. I don’t know if we’ve been able to give a good idea of what this "Identity Bus" would look like, but it’s definitely "something" in between applications and the data layer, and will probably use a set of protocols like SAML2 and XACML. After the panel, James McGovern asked me when OpenDS will support IGF and CARML. Since both are abstractions and APIs for applications to express their need in term of identity related data, I don’t think they are appropriate for an LDAPv3 directory server. But I do see a layer on top of Virtual Directories or Directories that is able to consume those and translate them into appropriate functions.

Right after that Panel, Mark Craig was taking part on a panel discussion on Virtual Directories, along with Sampo Kellomäki of Symlabs, Michel Prompt of Radiant Logic and Keith Grayson of SAP.

On the Tuesday, Pat Patterson and Daniel Raskin hosted the second OpenSSO Community Day, and it was a great success, with over 50 attendees, a day packed of presentations with a very good balance of users and deployers talks vs Sun employees’ talks.

Like in New-York, I talked about OpenDS, its goals and roadmap and why it’s the perfect companion to OpenSSO as the Users identity store. Most of the presentations from the OpenSSO Community Day have been posted on the event wiki page. And if you could not make it to New-York or Munich, we’re having a 3rd OpenSSO / OpenDS / Identity Connectors Community Day in San Francisco on Sunday May 31st at the Moscone center, starting at 1pm. The event is free, but please RSVP. And I hope to see you there.

Photo

And congratulations to Pat, Daniel and the whole OpenSSO team, for the Fedlet, winner of the "Best Innovation Award".

Overall, I found the conference really good and interesting and it helped me to put back the work we’re doing in the Directory Services engineering team, in the larger picture of Identity management.

Technorati Tags: , , , , ,

OpenDS 1.3.0-Build006 is now available

LudoLeave a comment

Opends Logo TagWe have just uploaded OpenDS 1.3.0-build006, built from revision 5309 of our source tree, to our promoted builds folder.

Note that now that this build has been promoted, we’ve made a branch on the OpenDS code repository to produce the OpenDS 2.0 release. The next promoted build will be a release candidate.

The direct link to download the core server is: http://www.opends.org/promoted-builds/1.3.0-build006/OpenDS-1.3.0-build006.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/1.3.0-build006/OpenDS-1.3.0-build006-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/1.3.0-build006/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

There are still issues with upgrading with the QuickSetup tool and reverting to build earlier than revision 5134 is not supported.

Detailed information about this build is available at http://www.opends.org/promoted-builds/1.3.0-build006.

Major changes that have been incorporated since the last promoted build (OpenDS 1.3.0-build004) include:

  • Revision 5185 (Issue #3609) – Added the ability to deregister delayed listeners on a configuration entry.
  • Revision 5187 (Issue #3194) – Ensure that ldapcompare checks for superfluous arguments.
  • Revision 5193 (Issue #3915) – Ensure that abandon operations do not block request handlers.
  • Revision 5195 – Addition of localized resource files with new translations.
  • Revision 5196 – (Issue #3686) – Fix an issue that prevented make-ldif from parsing redirects to file based attributes.
  • Revision 5197 (Issue #2764) – Fix a problem with the ldapsearch –countEntries option.
  • Revision 5199 (Issue #3779) – Fix an issue that caused a merge with real attribute to show only the virtual attribute value.
  • Revision 5201 (Issue #2070) – Add validation of the DB cache size before applying it to the JE.
  • Revision 5208 (Issue #2642) – Fix a problem that prevented ldif-diff from detecting differences in encoded values.
  • Revision 5209 (Issue #3814) – Fix a problem that caused the start-ds script to return before the server had started.
  • Revision 5210 (Issue #3913) – Fix a problem that caused OpenDS to stop accepting connections after being ping by specific Load Balancers.
  • Revision 5214 – Add support for numSubordinates in NDB Backend
  • Revision 5218 (Issue #3001) – Fix a performance bottleneck in GeneralizedTimeSyntax.format.
  • Revision 5219 (Issue #3445) – Provide normalization of multi-valued RDNs.
  • Revision 5223 (Issue #3925) – Fix a problem with dsreplication.
  • Revision 5224 (Issues #2273 & #3482) – Add more stringent pattern checks to make sure that only files that could have been named by the TimeStampNaming policy are accepted by the filename filter.
  • Revision 5226 (Issue #3638) – Ensure that referrals are properly managed for bind operations.
  • Revision 5230 (Issue #2896) – The server should return a "Protocol Error" after a bind with an unrecognised version number.
  • Revision 5233 (Issue #2671) – Fix a problem that caused invalid values to be accepted for VLV index configuration.
  • Revision 5234 (Issue #3827) – Ensure that the import-ldif command takes into account the –skipfile option.
  • Revision 5235 (Issue #3926) – Ensure that import-ldif creates inherited objectclass attributes.
  • Revision 5236 (Issue #3343) – Fix a problem with virtual attribute rules.
  • Revision 5237 (Issue #3918) – Restore the behavior where an empty controls context-specific BER sequence is not encoded if the LDAP message has no controls.
  • Revision 5238 (Issue #2608) – Fix a problem that caused stop-ds to fail when the connection with the smtp-server failed.
  • Revision 5241 (Issues #3842 & #3770) – Validate recurring task day against the actual maximum of a given calendar instance.
  • Revision 5243 (Issue #3773) – Remove recurring task iterations completely upon recurring task removal.
  • Revision 5244 (Issue #2233) – Log a notice when a task starts and ends execution.
  • Revision 5247 (Issue #3336) – Take the appropriate action for failed dependencies for scheduled tasks.
  • Revision 5249 (Issue #2725) – Prevent completed tasks from causing exceptions if the task class is disallowed after it has completed.
  • Revision 5254 (Issue #3179) – Fix a thread left in the system after shutdown.
  • Revision 5256 – Use the platform mbean server by default to allow access to the server monitoring data from VisualVM and similar monitoring tools.
  • Revision 5257 & 5259 (Issues #3387 & #3388) – Fix issues with attribute name exceptions.
  • Revision 5260 – Improve the monitoring code in the case of a server being slow to answer.
  • Revision 5261 (Issue #2977) – Fix an exception that occurred during Replication Server database trimming.
  • Revision 5264 (Issue #3602) – Change the masks for user-defined and 3rd-party messages so that messages no longer have the top-bit set.
  • Revision 5265 (Issue #3047) – For export-ldif, change the default access rights of the exported file from 644 to 600.
  • Revision 5266 (Issue #2624) – Correct an issue that caused ldapsearch to return the wrong return code if no password was provided.
  • Revision 5268 – Various improvements to the task scheduler.
  • Revision 5272 – Avoid ConcurrentModificationException when removing completed task iterations.
  • Revision 5273 (Issue #3928) – Fix a problem that caused the wrong error message to be sent to the access log.
  • Revision 5276 (Issue #3939) – Improve memory allocation when sending search result entries.
  • Revision 5281 (Issue #3943) – Make the installation path across consistent across tools.
  • Revision 5283 (Issue #3949) – Unknown trailing ASN.1 elements are now ignored when decoding the Password Modify extended operation value.
  • Revision 5285 (Issue #3951) – Fix an issue that was causing the Control Panel to use the admin port for ldap operations.
  • Revision 5286 (Issue #3948) – Correct the display of monitoring information in the Control Panel.
  • Revision 5287 (Issue #3931) – Fix a problem with virtual attributes generating data multiple times.
  • Revisions 5288 & 5289 (Issues #3944 & #3945) – Fix licensing issues with the upgrade utility.
  • Revision 5290 (Issue #3952) – FIx a problem with log files on Windows.
  • Revision 5292 (Issue #3444) – Fix a problem where only a single name form was allowed per structural object class.
  • Revision 5297 (Issue #3964) – Improve JE backend cleaner scalability.
  • Revision 5299 (Issue #3949) – Fix an issue in the ASN.1 parsing code to support LDAP implied extensibility.
  • Revision 5300 (Issue #3965) – Revert is not supported from 2.0 to a previous version. This change introduces the corresponding flag day.
  • Revision 5301 (Issue #3958) – Support upgrading from a standard OpenDS server to a branded OpenDS server of the same version.
  • Revision 5302 (Issue #3968) – Fix a problem that caused dsconfig –displayCommand to provide invalid values.
  • Revisions 5305 & 5306 (Issue #3964) – Enable high priority check-pointer by default for more robust out of the box performance.

Technorati Tags: , , , , ,

I’ll be in Munich from May 5 to 7.

LudoLeave a comment

Idmbuzz Resource Eic09Banner

I’ll be in Munich from May 5th to May 7th first participating in the OpenSSO Community Day 2.0, representing the OpenDS team.

I will be also actively participating to this year’s Kuppinger Cole European Identity Conference since I will be talking, on May 7th, on a panel discussion on the future of directory and identity services titled “Building an Identity Bus for the Future“.

There are also several of my coworkers and experts in identity management that will be speaking. Check the list.

Please come and see us, and don’t forget to pay a visit to the Sun booth as well.

Technorati Tags: , , , , ,