Tuesday Sep 29, 2009

LDAPCon 2009 summary

On Sunday September 20th and Monday 21st, I attended the 2nd LDAP International Conference, aka LDAPCon 2009, in Portland OR, USA.
The attendance was lower than expected initially but included most of the LDAP open source projects (Apache Directory, LSC Project, OpenDS, OpenLDAP) as well as directory server vendors (Apple, Isode, Sun, Symas, UnboundID) and some users of the technology.

All the slides for the presentations are now available, as well as the articles submitted for participation.

LP0_1859On Sunday, the conference was inaugurated by Mike Schwartz from GLUU, a Texas based start-up. GLUU intends to provide identity federation and single sign-on as a service and makes an intensive use of LDAP technologies : directory servers, directory proxy servers, virtual directories and DSML gateways for provisioning.

LP0_1860Stefan Seelman described the Apache Directory project and its toolchain, from the excellent Apache Directory Studio (you don't know the Studio yet, go get it !) to its embedded directory server. Stefan demonstrated how to use Studio to create a staged directory server, and then role out the changes into the production one.

LP0_1865Later in the day, Emmanuel Lecharny explained how Apache Directory Server is supporting RFC 4533 to allow synchronization between an OpenLDAP server and the Apache Directory Server. As of today, Apache Directory Server is only supporting the consumer side of the protocol so it can act as a replica of an OpenLDAP master. Building the supplier side is next on their roadmap but it's more complex, and then trying to do multi-master replication will require to implement conflict resolution procedures that have to be exactly identical to OpenLDAP ones. Based on our experience with Sun Directory Server and OpenDS, this will be the trickiest part. I got questioned on when OpenDS or Sun Directory Server will support this RFC. Honestly, this is not on our roadmap and we would be happy to add it if the community needs it and is willing to contribute. But today we already have a working multi-master replication feature that is much more scalable and powerful than what RFC 4533 allows to build.

LP0_1862Jonathan Clarke talked about LDAP Synchronization Connector, an open source project building synchronization tools between LDAP and other data sources such as RDBMs, flat files or alternate directories. LSC is written in Java and is already in production in a few french companies.

Terry Neely then presented how to do physical access control with LDAP. An interesting story about how to design schema, leverage replication to distribute access control information related to door and buildings. The OpenLDAP server running on an embedded hardware, with a 4GB compact flash !

Howard Chu, Chief Architect for OpenLDAP, and I did a joint presentation on how to store LDAP data in MySQL Cluster and we described the architecture of our respective implementations: OpenLDAP back-ndb and OpenDS ndb backends. Andrew Morgan from the MySQL Cluster team helped us describing MySQL Cluster. The question of having an in-memory distributed backend for LDAP server still raises a lot of questions and eyeballs, but people are starting to understand the value of scaling and getting simultaneous access to the data via LDAP, SQL or direct APIs.

LP0_1870Kurt Zeilenga presented his work in Isode directory to provide security label-based authorization. Security label based authorization is another flavor of authorization, in addition to identity based and role based authorization. The idea is to grant permission to access data based on the label presented by the authenticated user and the label of the data to be accessed. Which a lot of users in the directory, and many security levels (there can be up to 256 levels), this kind of authorization system scales better than Access controls. The Isode implementation has security labels at the entry level (not attribute). Clearance for a user is derived from an attribute in the user entry, from the user certificate in the directory or directly from the authentication level. While the presentation was mostly an overview of security labels and how they could be used in the context of a directory service, I found the presentation quite interesting as I've been asked a couple of time to add security label awareness to Sun Directory Server, especially in the context of Solaris Trusted Extensions.

We ended day one with a panel open discussion with the various directory projects and vendors. After briefly discussing areas where progress is to be made (see Mathias summary for details), we looked at the LDAP community and try to find ideas to increase it or make it more active. One area we (Sun) have been active is education. For the last couple of years, we've been involved in giving LDAP trainings in Universities, or helping teachers with projects involving LDAP instead of RDBMs. Another area is client APIs and code examples. The work that we're doing with the Apache Directory team is a good step. It was also quite interesting that Howard Chu came to me in the after hours and discussed about Java for servers. Obviously, getting fresh blood in projects in getting harder with C based projects than Java based projects, as most of students are no longer learning C programming but Java programming (and other modern languages).

LP0_1867On Monday September 21st, the day started with an analyst view on the LDAP directory landscape. Felix Gaehtgens, analyst and partner at Kuppinger Cole, talked about the various market segments of the directory markets and the third generation of LDAP directory products that have emerged in the last couple of years.

Kurt Zeilenga gave a status of LDAP standardization efforts, occurring at IETF and at ISO/IEC. The hottest topic is the password policy which is evolving in both standard bodies. Howard Chu and I have published an update on the Password Policy for LDAP internet-draft. We intend to post additional changes and get it through to RFC status in the coming months.
Other topics being worked on through IETF are LDAP Transaction draft, currently under editors' review, the LDAP schema for NIS (rfc 2307-bis), schema for VCard, schema for Kerberos and for NFS v4.
Kurt suggested that there is still some work to be done at IETF on the LDAP front, but it would be better conducted through a working group. He also encouraged people to join the standardization effort and bring some new blood to it, recognizing that he would be happy to participate but not lead a new working group. He suggested a list of topics that could be covered by the working group :

  • Chaining Operations
  • Access Controls based on X.500 model
  • LDIF update
  • Complex Transactions
  • Schema versioning and management
  • Password Policies
  • ...

The next 3 presentations were about APIs for LDAP Java developers. Emmanuel Lecharny and I described the work we've done in the last few months collaborating on a common LDAP API for the Java platform, and we discussed what is required to move this work to standardization. Our presentation was mostly areas of work and a call for participation on that effort. We've moved our discussion to the Apache Directory API public mailing list (api (a) directory (dot) apache (dot) org).
LP0_1871Right after, Neil Wilson, chief architect at UnboundID, showed some slick slides about UnboundID's products, focusing mainly on their new LDAP client Java SDK, demonstrating it's use on the Android platform. UnboundID SDK is already available as opposed to Apache Directory or OpenDS ones. But it would definitely need to be polished and cleaned so that it could be used by our project for our needs, i.e. use the same SDK for both the server and client tools.
Following these 2 SDK presentations, Stefan Seelman demonstrated how to leverage the DataNucleus project and more specifically its support of LDAP to the standard JDO interface.

LP0_1872Howard Chu gave an overview of the new overlays developed in OpenLDAP related to user authentication and authorization. Based on the work from nss-ldapd the nssov overlay provides integration with the nss and the pam stacks. Another interesting module is an integrated certification authority overlay where user certificates and keys are generated magically based on the query filters. While this looks smart, it raises a lot of questions with regards to the security levels associated with generating and using certificates over LDAP, and it's current implementation (only search parameters are used to generate the certificate) is messing a lot with the semantics of searches. Both Kurt and I think it should be implemented as an extended operation or at least a search control.

Finally but not least, I closed the LDAPCon with my presentation on the innovations that have been done in the OpenDS project. My presentation was articulated in 2 parts, innovations that directory administrators benefit from like the Assured Multi-Master replication model and the scheduled and recurrent tasks. And the innovations for the developers, basically new LDAP syntaxes and matching rules to ease application developments. You can find the details in the slides or the paper that I wrote for the conference.

Overall, this conference was really good for us and for meeting with some of the OpenDS community members, but as well for raising the awareness on what we've been doing in the last couple of years. I really enjoyed the discussions with all attendees, the beers in the evening and the fun of trying to connect the iPhone LDAP clients to the OpenLDAP server running on Howard's G1 phone.

LP0_1874 LP0_1876 LP0_1878

All photos that I took during the conference are publicly available, and free of use for non commercial purpose.

Technorati Tags: , , , , , , ,

Monday Sep 14, 2009

Jack and Pat on OpenSSO and OpenDS...

Pat Patterson reminded me of a conversation he had at OSCON 2009 with Jack Adams about OpenSSO. Luckily, the discussion was captured in video.
During the conversation, they talk about OpenDS as well. Thanks for the plug, Pat !

 

 

Technorati Tags: , , , , , ,

Tuesday Jul 28, 2009

OpenDS turns 3 today...

OpenDS open source project is 3 years oldAnother year has passed and we already end of July. Today is the anniversary day for the OpenDS project which is turning 3 this year.

As usual, this is also time to look back in the mirror and consider what we've achieved.

A little more than 10 days ago, we announced the availability of OpenDS 2.0, the new and stable release of our LDAPv3 directory server. OpenDS 2.0 came just about one year after OpenDS 1.0 and 6 months after OpenDS 1.2.
You can read about OpenDS 2.0 features in the Release Notes, but also in the various articles that have relayed our own announcement such as:

Sun OpenDS Standard Edition 2.0 CD
Yesterday, Sun publicly announced the general availability of Sun OpenDS Standard Edition 2.0, a Sun supported version of the OpenDS project, as well as the release of OpenSSO Express Build 8 (due in a couple of weeks).

Sun OpenDS Standard Edition 2.0 has the same features as OpenDS 2.0. Differences are in the branding, the license, the documentation that is available from docs.sun.com in HTML and PDF and of course the support services offered by Sun.
Mark Craig has already posted an illustrated article describing how easy it was to install Sun OpenDS Standard Edition 2.0 on Windows XP.

OpenSSO Express builds are supported snapshots of OpenSSO development. As Pat Patterson, Community Manager for OpenSSO and covering all Identity Products at Sun, detailed on his blog, OpenSSO Express Build 8 includes a new Mobile One Time Password Feature, the Fedlet for .Net and a new task flow enabling single sign-on to Salesforce.com.

As OpenDS is getting mature, we're seeing public endorsement and use of it. In the last couple of weeks, we had 2 success stories including the use of OpenDS :

Finaly within a year, the OpenDS Community has more than doubled, in term of members in the community, but as well in the number of active contributors and participants in the #opends IRC channel, and in term of unique visitors on the www.OpenDS.org.

OpenDS.org Monthly visits

I'm proud of what we've accomplished in 3 years and even more of the past year. We still have a lot of ideas and customers requirements to build in the OpenDS project. Overall we know where we want to go and we hope our new executives will agree that it's a nice and viable path to follow...

Technorati Tags: , , , , , , , ,

Monday Jul 27, 2009

OpenDS 2.0 on Mac OS X with the latest JVM...

Opends2 PictoMacOSX 10.5.7There is an issue in the start and stop scripts that is preventing OpenDS 2.0 to be installed via Java Web Start on Mac OS X 10.5 with the latest version of the JVM (Update 4 a.k.a 1.6.0_13). I've discovered the problem at the same time we were releasing OpenDS 2.0.0 release candidate 4 which was planned to be the last release candidate. So the fix is not the release but has been committed to the trunk.

The issue is that the new JVM does use a larger default minimal heap size and reject any calls with -Xmx if the maximum heap size is smaller than its internal default (around 30MB).

Still OpenDS 2.0 can be installed on Mac OS X and used with the latest JVM, by downloading the Zip file, unzipping it and doing minor edition in the start-ds and stop-ds scripts.

$ unzip ~/Desktop/OpenDS-2.0.0.zip
Archive: /Users/ludo/Desktop/OpenDS-2.0.0.zip
creating: OpenDS-2.0.0/
...
inflating: OpenDS-2.0.0/upgrade
$ cd OpenDS-2.0.0/bin

In the start-ds and the stop-ds scripts, replace all occurences of the string "-Xms8M -Xmx8M" with "-client"

$ cp start-ds start-ds.orig
$ sed -e "s/-Xms8M -Xmx8M/-client/g" < start-ds.orig > start-ds
$ cp stop-ds stop-ds.orig
$ sed -e "s/-Xms8M -Xmx8M/-client/g" < stop-ds.orig > stop-ds

OpenDS QuickSetup App IconYou can now run the setup program (or launch the QuickSetup application) to install and configure the OpenDS directory server.

Technorati Tags: , , , , , ,

Thursday Jul 23, 2009

Assured Replication: A New Feature of OpenDS 2.0

OpenDS 2.0 has just been released and there are several new and exciting features in it.

To me, the biggest innovation in this release is "Assured Replication", an extension to the loose consistency multi-master replication feature that brings tighter consistency of data between replica. "Assured Replication" is not to be taken for a full synchronous and transactional replication mechanism. A change is not transactionally applied to a set of or all replicas of a topology. With "Assured Replication", the response to an LDAP modification is delayed until the change has been received or applied by other servers, in a best effort mode. It provides a greater assurance that a change is not lost even if the server receiving it crashes.

Opends Assured Replication with Safe Data level 2

Assured Replication can function in 2 modes :

  • Safe Data Mode: an update must be propagated to a defined number of Replication Servers before returning a response to the client. So if the server or the replication server is stopped, the data is still available to all other replicas.
  • Safe Read Mode: an update must be propagated to all directory servers in the domain before the client is returned a response for the update.

Of course, for both modes, it's possible to configure a timeout interval to prevent LDAP clients to be waiting indefinitely if some servers are not available.

Configuring Assured Replication is pretty straightforward but cannot be done when setting up replication itself. So the first step is to configure Multi-Master Replication for a domain with dsreplication.

$ bin/dsreplication enable --host1 localhost --port1 5444 --bindDN1 'cn=directory manager' --bindPassword1 secret12 --replicationPort1 8989 --host2 localhost --port2 6444 --bindDN2 'cn=directory manager' --bindPassword2 secret12 --replicationPort2 8990 --adminUID admin --adminPassword secret12 --baseDN "dc=example,dc=com" -X -n

Establishing connections ..... Done.
Checking Registration information ..... Done.
Configuring Replication port on server localhost:5444 ..... Done.
Configuring Replication port on server localhost:6444 ..... Done.
Updating replication configuration for baseDN dc=example,dc=com on server localhost:5444 ..... Done.
Updating replication configuration for baseDN dc=example,dc=com on server localhost:6444 ..... Done.
Updating Registration configuration on server localhost:5444 ..... Done.
Updating Registration configuration on server localhost:6444 ..... Done.
Updating replication configuration for baseDN cn=schema on server localhost:5444 ..... Done.
Updating replication configuration for baseDN cn=schema on server localhost:6444 ..... Done.
Initializing Registration information on server localhost:6444 with the contents of server localhost:5444 ..... Done.
Initializing schema on server localhost:6444 with the contents of server localhost:5444 ..... Done.

Replication has been successfully enabled. Note that for replication to work you must initialize the contents of the base DN's that are being replicated (use dsreplication initialize to do so).

$ bin/dsreplication initialize --baseDN "dc=example,dc=com" --adminUID admin --adminPassword secret12 --hostSource localhost --portSource 5444 --hostDestination localhost --portDestination 6444 -X -n

Initializing base DN dc=example,dc=com with the contents from localhost:5444:
23 entries processed (100 % complete).
Base DN initialized successfully.

See
/var/folders/SH/SHFsRjymHtqiZ4GxPNZERU++Fwk/-Tmp-/opends-replication-737929812662715818.log
for a detailed log of this operation.

$ bin/dsreplication status -h localhost -p 5444 --adminUID admin --adminPassword secret12 -X

dc=example,dc=com - Replication Enabled
=======================================
Server : Entries : M.C. (1) : A.O.M.C. (2) : Port (3) : Security (4)
---------------:---------:----------:--------------:----------:-------------
localhost:5444 : 23 : 0 : N/A : 8989 : Disabled
localhost:6444 : 23 : 0 : N/A : 8990 : Disabled

Now that replication is setup, we can enable the Assured Replication mode, using the dsconfig utility. For this, on each of the OpenDS direcotry servers, we first need to retrieve the full name of the replication domain.

$ bin/dsconfig -D cn=directory\\ manager -w secret12 -n -s list-replication-domains --provider-name "Multimaster Synchronization"

cn=admin data (domain 29167)
cn=schema (domain 9674)
dc=example,dc=com (domain 14741)

$ bin/dsconfig -D cn=directory\\ manager -w secret12 -n set-replication-domain-prop --provider-name "Multimaster Synchronization" --domain-name "dc=example,dc=com (domain 14741)" --advanced --set assured-type:safe-data --set assured-sd-level:2

Note that the Replication Domain has a different value on each server, so you have to repeat these 2 commands on each instance.
Setting the assured level for Safe Data to 2 means that the server will make sure the data has been received by at least 2 replication services before returning to the LDAP client the response to the update request.

From a client point of view, there should be no difference, except that the server might take a little longer to return the response to an update request. In our measures, we found that the response time increased by 25% for Safe Data Level 2, which seems a lot, but honestly, when the response time is in the order of 2ms, it's hard to notice !

You can find more information about Assured Replication on OpenDS 2.0 documentation wiki, both in the overview of OpenDS Replication Architecture and the Replication Administration Guide, and more specifically Assured Replication Administration Guide

Technorati Tags: , , , , ,

Monday Jul 20, 2009

New in OpenDS 2.0: Recurrent and Scheduled Tasks

Opends2 PictoOpenDS 2.0 has just been released and there are several new and exciting features on it.

Today we will focus on one simple feature that greatly reduce cost of administration: scheduled tasks.

Being a Directory Server administrator often implies that you have to perform some administrative tasks on a regular basis. One of those tasks for example that an administrator has to do is a backup of the database. With most Directory Servers, the administrator would write a script to be run on a specific time of the day (or rather the night) that would proceed with the backup.
With OpenDS and the Recurrent Tasks, we've simplified this to the extreme: Just instruct OpenDS to do a backup on a weekly or daily basis, and as long as the server is running, it will execute the backup procedure at the desired time.

Here's how to schedule an hourly, compressed backup for the main back-end :

$ bin/backup -p 5444 -D cn=directory\\ manager -w secret12 -n userRoot \\
-d ./backups -c --recurringTask '0 \* \* \* \*'
Recurring Backup task BackupTask-dc89d98e-4ade-410e-ad19-325279af8f67
scheduled successfully

Now, just wait for the hour to pass, and check if the backup has been taken ;-)

The string passed as a parameter following the --recurringTask option has the same format as for the crontab(5) time/date: a 5 integer pattern field, separated by blank spaces: Minute (0-59), Hour (0-23), Day Of Month (1-31) Month Of Year (1-12) Day Of The Week (0-6 with 0 being Sunday).

The recurrent tasks are not limited to backups. They can be applied to all tasks, although some may not be that useful to everyone. Although I do see some use of a daily import of an LDIF file from a well know location, as a way to synchronize with external sources.

And of course, you can list the scheduled and recurrent tasks with dsconfig and cancel them if needed.

In the next release of OpenDS, you will be able to configure the recurrent tasks with the Control Panel. If you can't wait, you can try with the latest daily build.

You can find more information on recurrent tasks on the OpenDS Documentation Wiki.

Technorati Tags: , , , , ,

Friday Jul 17, 2009

OpenDS 2.0 is here !

The OpenDS development team is very please to announce the availability of OpenDS 2.0.0 and it's supported companion Sun OpenDS Standard Edition 2.0.

OpenDS is an LDAPv3 compliant Directory Service written entirely in Java. The 2.0 release has many new features since OpenDS 1.0 that was released a year ago:
• A graphical control panel that enables basic server and data administration is available and replaces the OpenDS 1.0 status-panel
• An administration connector manages all administration related traffic to the server. By separating user operations and administration operations, the administration connector ensure a better quality of service and simplify logging and monitotring
• Connections can be secured and encrypted with SASL mechanisms
• Access Control mechanism has been enhanced to control access based on the level of security of the connection
• The ;binary transfert option is now supported
• Standard schema files related to Solaris and OpenSolaris LDAP naming services are provided by default
• Setup and tools provide an enhanced support for the JCEKS keystore and alternate security providers
• A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
• Recurring tasks allow an administrator to schedule repeated tasks such as backups
• New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
• Better monitoring information for the server and for Replication
• Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
• VLV indexes are now built during the Import
• Works with IBM JVM (Java 6 SR4 required)
• Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
• Default settings and ergonomics have been improved reducing the need for tuning parts of the server
• Greatly improved performances and stability over time of those performances
• Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

OpenDS 2.0.0 is a promotion of OpenDS 2.0.0 Release Candidate 4, built with revision 5492, to the stable and finalized version.
It can be installed with the Java WebStart QuickSetup or downloaded as a Zip file.
A DSML-to-LDAP Gateway is available as a War file.

Like for previous OpenDS releases, a snapshot of the documentation wiki has been setup. The documentation is still being verified and a few links might not be functional yet. We expect it to be finalized by the end of next week.

You can find more information about OpenDS 2.0 in the release notes.
For a supported version of OpenDS, please check the Sun OpenDS Standard Edition 2.0 home page or get it directly from Sun Download Center.

I'd like to address a special thank to our external contributors who have helped making this release a better release, especially Christian Brennsteiner for the German translation of messages, Tosiki Iga for the Japanese translation, D.J Hagberg for the performance enhancements, Andy Wang for the IBM JVM Support.
Thanks also to all users who have raised issues during the development phase, helping us with testing the server in ways we can't.

This is a major milestone for the OpenDS project, but there is more to come... Make sure you check the Roadmap and you participate to it.

Technorati Tags: , , , ,

Friday Jul 10, 2009

A nice gesture from FISL organizers

I've just received a "certificate of attendance as a Speaker" from the FISL organizers. This is a very nice gesture and adds to the amazing experience that is FISL. Big thanks to the organizers and more specifically Fernanda Weiden who had to cope with the egos of over 320 speakers.

FISL Certificate

Technorati Tags: , , , ,

Thursday Jul 09, 2009

Lowering the bar for OpenDS Translation...

Opends Logo TagPavel Heimlich, also known as Hajma on in the OpenDS project and lead for many Translation projects, has gone through all of the OpenDS messages to figure out the ones that were still in use and important to translate. There is now a "simplified" OpenDS project in the Community Translation Interface that contains a 5th of the initial messages, making it easier and faster for the volunteers to translate OpenDS to their preferred language. There are currently on-going translation for chinese, french, german, japanese, korean, polish, portuguese, serbian and spanish, but new language projects can be initiated on demand.
If you're interested, check the How To Guide.

Technorati Tags: , , , , ,

Monday Jun 29, 2009

FISL 10 Trip report

I've just spent a wonderful week in Porto Alegre, Brazil where I've landed to talk about OpenDS at the FISL 10 conference.
This is my first visit in Brazil and I must say that I didn't get any good impression of the country in the first two days. As a matter of fact, I didn't get any impression at all. I arrived on Monday evening around 9pm, it was all dark. After more than 16 hours of traveling, I just wanted to hit a bed.
On the Tuesday morning, thanks to the jet lag, I got up quite early, checked email and went for breakfast by 7am, noticing a rainy day and still pretty dark. I was just done with the breakfast when Bruno Souza arrived and took me to the location of the Javali meeting, an ancillary event of FISL, sponsored by Sun and organized by SOU Java and RS JUG.
We spent the whole day in the conference room, watching from time to time through the windows the heavy rain and wind. The Javali talks ended with pizzas and guarana and by then the night was already dark.
While I didn't get to see how Porto Alegre looks like in the first days of my visit, I did enjoyed the friendliness of Brazilians. At Javali, trying to follow the presentations in Portuguese was though but I think I got probably 50% of the technical parts thanks to the mix of english words and to my understanding of Spanish. And when it was necessary, Bruno or Mauricio Leal would do some translation for us.
I didn't get to talk at Javali, the agenda was pretty full and I hadn't told Bruno I would be coming as I wasn't sure I could make it. But Pat Patterson presented Securing RESTful Web Services with OpenSSO (and OAuth) and mentioned a few times OpenDS.

LP0_1036

LP0_1039Wednesday was the first day of FISL and all the Sun participants went quite early to help setting up the booth in the Exhibition Hall. Sun's booth was very well located and its main attraction was the thousands of small soccer balls that were given to attendees that registered to the OSUM program. I think that throughout the whole event, the Sun's booth was the most vibrant and busy one, with Roger Brinkley making demos with his toys, Angel Camacho, Brian Leonard, Kirthankar Das and others helping with installs of OpenSolaris on attendees' laptops.

LP0_1167LP0_1181

Arun Gupta fired the event on Wednesday morning with his presentation demonstrating the combined power of GlassFish, MySQL and NetBeans to build web applications.

Arun Gupta, inauguring FISL conf with the 1st talk

Friday was the busiest day for me as I was scheduled for 2 presentations. But before that, I was invited to participate in Simon Phipps talk show, describing in 5 minutes, what was OpenDS, what were the benefits for the Brazilian open source users and developers.

Fisl10 Simontalk

Immediately after, and in the same room, I did my presentation for OpenDS with the theme of "Scaling the Identity Store with OpenDS". The sessions talked about the 3 models we have in OpenDS for deployment :

  • Embedded in Java applications,
  • Standalone replicated servers,
  • LDAP Front-end access to MySQL Cluster's network DB.

While FISL is mostly attended by students, my session had a majority of System Administrators, interested by simplifying and reducing the cost of their data-centers.

4791_116007741662_583231662_2881035_1391095_n

Later in the afternoon, I was presenting again, repeating JavaOne's presentation from Tony Printezis and Charlie Hunt GC Tuning In the HotSpot Java Virtual Machine. Charlie was meant to attend the event, but the week before found out he could not make it. As they recalled I was in the room at JavaOne and I'm quite familiar with the subject as we're spending a lot of time trying the different options to tune the JVM to get the best performances out of OpenDS, they asked me to cover the talk. I think I've done a reasonable job, despite the density of information in the slides, and the simultaneous translation in Portuguese for the largest part of the crowd not so familiar with English.

Still on Friday, part of the exhibition floor was closed to the public as the Brazilian President, Lula Da Silva, was schedule to visit the event. Sun booth was very well positioned, on the border on the closed area and the crowd started to gather by the booth as President Lula arrived. The excitement was amazing. When the President reached by the OpenSolaris Brazil user group, he received an OpenSolaris cap and T-shirt from Vitorio Sassi, Sun employee and one of the leaders of the Brazilian OpenSolaris community.

Brazilian Presidente Lula with OpenSolaris community
Photo taken by Ludovic Poitou, June 26 2009.
Somerights20

.

On Saturday and last day of the FISL conference, I got to share a little bit more of the stage by answering a performance related question from the attendance on Bruno Souza's session about the future of Java,with the exceptional presence of Javali, the mascote for the Javali user group.

Bruno Souza with Duke and Javali

Overall FISL has been an amazing experience. It is definitely the biggest open source I've participated to. Over 8200 registered visitors, from 27 different countries, more than 320 speakers for 354 presentations and a presidential visit. More than that, Brazilians are extremely nice, generous and happy to live. They made our stay in Porto Alegre something that I'll remember for a long time. A special thanks to the main organizers: Bruno Souza and Eduardo Lima (here below with Simon Phipps)

LP0_1127

.

I'll definitely participate to the Call For Presentation next year, if evangelism of the OpenDS project is still one of my tasks for next year.

You can find all photos for the event in the FISL 10 picasa album.

Technorati Tags: , , , , , , , ,

Saturday Jun 27, 2009

To the FISL attendees...

FISL 10

Many of you have requested the slides.
Here they are :

Thanks for your presence...
A more detailed article is in the works.

Technorati Tags: , , , , ,

Wednesday Jun 24, 2009

OpenDS 2.0.0 Release Candidate 3 is now available

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC3, the third and probably last release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 170 issues have been fixed.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.
So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

Our quality team will be doing the same during the next 2 to 3 weeks.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC3 is built from revision 5460 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC3/OpenDS-2.0.0-RC3.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC3/OpenDS-2.0.0-RC3-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC3/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC3.

Major changes incorporated since OpenDS 2.0.0 RC2 include:

  • Revision 5436. Delivers updated localization bundles
  • Revision 5439 (issue #4047) - Resolves an issue with uninstalling OpenDS.
  • Revision 5440 (Issue #4049) - Fixes an issue in the Control Panel where monitoring information was not available for all Connection Handlers.
  • Revision 5441 (Issue #4045) - Fixes an issue with start-ds -F so it reports snmp build information.
  • Revision 5452 (Issue #3713) - Resolves an issue where sockets could be leaked when replication connection fails due to SSL handshake.
  • Revision 5459 (Issue #4057) - Fixes an issue where restoring the schema from a backup would silently fail and prevent the server from working.

Technorati Tags: , , , , ,

Tuesday Jun 23, 2009

If "God" says it...

...It must be true.

James Gosling
In a interview published this monday in eWeek Europe, James Gosling queried about Innovation in Java, replied the following:

"It's all over the place inside Sun. People are doing cool things in any direction you want to look. The enterprise guys — the GlassFish group — they're totally on a tear these days. The OpenDS guys are being really successful. The OpenJDK guys are getting some real traction. Stuff like the Jigsaw modularity stuff is getting a lot of excitement."

As one of the OpenDS guys, I like the middle of the response... And so it must be true !

Technorati Tags: , , , ,

Sunday Jun 21, 2009

OpenDS in Brazil

This week, one of the biggest conference about Open Source Software takes place in Porto Alegre, Brazil: FISL.
FISL stands for "Forum Internacional Software Livre" in the Portuguese language and means "International Free Software Forum".

FISL 10

This will the 10th edition and already over 6000 people have registered, according to the organizers.
It's the first time I get to go to FISL and to Brazil as well. I'm looking forward to it, as I've been told a lot about the energy and the good atmosphere of the conference. It will be a good opportunity to be in touch with our community from South America.

My session will talk about "Scaling the Identity Store with OpenDS", describing the options to scale OpenDS based LDAP directory service from very small embedded to extremely large, telco scale. It's schedule to happen on Friday 26th, from 11am to 12am in room 41A.
See you there.

Technorati Tags: , , , , , ,

Thursday Jun 11, 2009

OpenDS 2.0.0 Release Candidate 2 is now available

Opends Logo TagThe OpenDS development team is very pleased to announce the immediate availability of OpenDS 2.0.0-RC2, the second and probably last release candidate for OpenDS 2.0.

OpenDS 2.0 has a number of new features over OpenDS 1.2.0 that was released in February 2009 :

  • A new mode for Multi-Master Replication providing greater consistency and availability of data: Assured Replication
  • Recurring tasks allow an administrator to schedule repeated tasks such as backups
  • New extensible matching rules and indexing allowing comparing, ordering of data according to specific locales and languages
  • Better monitoring information for the server and for Replication
  • Full compliance with RFC 4518 and matching of UTF-8 in attributes with a DirectoryString syntax
  • VLV indexes are now built during the Import
  • Several improvements in the Control Panel
  • Works with IBM JVM (Java 6 SR4 required)
  • Works by default with JConsole and VisualVM when JMX Connection Handler is enabled
  • Default settings and ergonomics have been improved reducing the need for tuning parts of the server
  • Greatly improved performances and stability over time of those performances
  • Resolved a possible security issue when Pre-ReadEntry, Post-ReadEntry and Assertion Controls were enabled

Overall, over 170 issues have been fixed.

The purpose of the Release Candidate is to solicit one last round of testing before the final release.
So please test the OpenDS release with your client applications, in your environment or on your favorite platform.

Our quality team will be doing the same during the next 2 to 3 weeks.

If you do find a bug, please report it with Issue Tracker.

We welcome feedback. Please report you experience with OpenDS on our mailing lists, or on #opends IRC channel on Freenode.

OpenDS 2.0.0-RC2 is built from revision 5417 of the b2.0 branch of our source tree.

The direct link to download the core server is: http://www.opends.org/promoted-builds/2.0.0-RC2/OpenDS-2.0.0-RC2.zip

The direct link to download the DSML gateway is: http://www.opends.org/promoted-builds/2.0.0-RC2/OpenDS-2.0.0-RC2-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www.opends.org/promoted-builds/2.0.0-RC2/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at http://www.opends.org/promoted-builds/2.0.0-RC2.

Major changes incorporated since OpenDS 2.0.0 RC1 include:

  • Revisions 5376, 5388, 5390 (Issues #3997, 4006 and 3993) - Improvements to the schema parsing mechanism.
  • Revision 5378 (Issue #3898) - Make all information from a BIND request accessible from AuthenticationInfo.
  • Revision 5381 (Issue #4009) - Fixes to the upgrade facility.
  • Revision 5384 (Issue #3856) - Improvements to the way in which connections and extended operations are logged.
  • Revision 5386 (Issue #3996) - Fix a problem that could result in lost delete operations within a replication topology.
  • Revision 5392 (Issue #4010) - Fix an exception in the DSML implementation.
  • Revision 5394 (Issue #4014) - Improve the information showed by start-ds.
  • Revision 5395 (Issue #4013) - Fix an encoding error for the server side sort response control.
  • Revision 5396 (Issue #4011) - Correct a problem with indexing after an upgrade.
  • Revisions 5398, 5400, 5403 & 5412 - Localization improvements.
  • Revision 5402 (Issue #4007) - Improve performance when importing entries containing attributes with many values.
  • Revisions 5404 & 5409 (Issue #4020) - Allow help links in the control panel to be customized.
  • Revision 5406 (Issue #4022) - Fix a Java exception when using dsconfig -m/unit-time.
  • Revision 5407 (Issue #4027) - Fix an NPE when configuring network groups.
  • Revision 5411 (Issue #3988) - Improve throughput stability and GC performance under heavy connect/disconnect loads.
  • Revision 5414 (Issue #4062) - Enable the deregistering of add/change/delete configuration listeners.
  • Revision 5415 (Issue #4012) - Improve the import task to handle missing include branches.
  • Revision 5417 (Issue #4023) - Restart the server after scheduling a restart task.

Technorati Tags: , , , , ,

About

This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today