Friday Jul 11, 2008

OpenDS: un annuaire LDAP en Java et open source

OpenDS the open source Java LDAP directory server

L'équipe de développement du projet OpenDS est heureuse d'annoncer la disponibilité de OpenDS 1.0.0, la première version stable du projet OpenDS.

 OpenDS 1.0.0 est un serveur d'annuaire conforme au standard LDAPv3 et supporte la plus part des extensions et schemas LDAP standard et expérimentaux, assurant ainsi une meilleure interopérabilité avec les applications clientes.

Avec une occupation mémoire limitée qui lui permet d'etre embarqué dans d'autres applications Java, OpenDS possède un ensemble riche d'interfaces de programmation qui permet d'étendre facilement ses services. 

 Un model de replication multi-maitres permet de garantir la haute disponibilité des données aussi bien en écriture qu'en lecture. Bien que le nombre de serveurs maitres soit illimité, le serveur OpenDS 1.0.0 a été testé sous stress continu avec 4 serveurs maitres. 

 OpenDS 1.0.0 comprend aussi:

  • Un outil d'installation graphique qui permet d'installer, configurer et lancer un serveur opérationel en quelques clicks et moins de 3 minutes
  • Un tableau de bord graphique
  • Un outil de configuration en ligne de commande permettant d'effectuer toutes les taches administratives en mode interactif ou scripté
  • Des politiques de sécurité et de gestion des mots de passe avancées
  • Des capacités de sauvegarde et de restauration des données avancées.
  • Une application web faisant passerelle entre LDAP et DSML.
  • Une documentation pour les utilisateurs et administrateurs, complete et validée.

La configuration par défaut du serveur OpenDS est conçue pour les developpeurs et évaluateurs utilisant des machines avec peu de ressources. Pour obtenir de bonnes performances en chargeant le serveur, il est important de positionner les bonnes options de lancement de la JVM et de proceder a certains reglages du serveur et de sa base de données. Des recommandations pour certains parametres de la JVM sont disponibles sur le Wiki de Documentation de OpenDS.

Bien que nous soyons fier et heureux de cette première version du serveur d'annuaire LDAP OpenDS, bien d'autres fonctionalités sont prevues :

  • Une intégration avec OpenSolaris
  • Transactions pour LDAP
  • Un model de replication "Assurée" qui garantirait qu'un changement est reçu par au moins 2 serveurs maitres avant l'acquitement vers le client
  • Un access vers le journal des changements afin de permettre une synchronisation avec des services exterieurs
  • Un outil graphique de configuration pour les taches les plus courantes.
  • La gestion de la sécurité à travers la couche SASL
  • Des performances encore améliorées
  • ...

Pour plus d'information sur les fonctionalités prévues, allez sur la page RoadMap du wiki OpenDS.

Pour plus d'information sur la version OpenDS 1.0.0, voyez les "Release Notes".

Le support pour OpenDS 1.0 sera bientot disponible auprès de Sun Microsystems.  

Un grand merci à toute l'équipe du projet OpenDS 1.0.0 : developpeurs, testeurs, redacteurs techniques... 

Open Source LDAP Server in Java Released

OpenDS the open source Java LDAP directory serverThe OpenDS development team is very please to announce the release of OpenDS 1.0.0, the first stable release of the OpenDS project.

OpenDS 1.0.0 delivers a fully compliant LDAPv3 server (\*) that passes all of the compliance, interoperability and security tests suites. Furthermore, OpenDS 1.0.0 implements most the standard and experimental LDAP extensions defined in the IETF as RFCs or Internet-Drafts, ensuring maximum interoperability with LDAP client applications.

With a limited footprint allowing the server to be embedded in other Java applications, OpenDS has a very rich set of APIs making it easy to extend and increase usage scope.

OpenDS also supports a multi-master replication model that guarantees the high availability of the data for all operations, searches or updates. While theorically unlimited with regards to the number of masters, the OpenDS 1.0.0 server has been stressed under heavy and durable load with 4 Masters.

OpenDS 1.0.0 also includes :
- A 6 steps graphical installation tool that allows to have a server configured, up and running in less than 3 minutes.
- A graphical status panel
- A rich command line tool to perform all online administrative tasks both interactively or scripted.
- Advance security and password policies
- Advance backup and restore capabilities.
- A DSML gateway servlet.
- A complete user documentation set.

Note that the defaults settings for the OpenDS server are targeted for the initial evaluator or developer, running on a machine with a limited amount of resources. So it is important to do initial tuning of the Java VM and the OpenDS server to scale.
The first recommendation is to use the latest version of the Java VM (as of today Java 6 update 6 aka 1.6.0_06).
Some recommendations for the Java VM settings have been published on the OpenDS Documentation Wiki. More specifically, in order to have constant performance, tuning the Garbage Collector is needed. We recommend the CMS GC or ParallelGC.
Finally, OpenDS does provide better performances when the database files are cached into memory. The initial size for the DB cache is 10% of the heap size and is definitely under sized. A good rule of thumb is to allocated a DB cache size about half of the heap size if the later is below or equal to 2 GB, and for heap size greater than 2 GB to allocate a DB cache size equal to the heap size minus 1GB.

While we are really happy with the first stable release of the OpenDS LDAP directory server, our roadmap includes many other features and some ambitious ones:
- Native packages for OpenSolaris and Linux.
- Transactions for LDAP
- Assured Replication which is a replication model where a changed is assured to be received on at least 2 masters before it get acknowledge to the client application.
- Access to the log of changes over LDAP in order to provide external synchronization services.
- Basic management GUI for the most common tasks.
- Confidentiality and Encryption negotiation through SASL
- Improved performances
...

For the more information about OpenDS 1.0.0 please check the release notes.

Support for OpenDS 1.0.0 will be soon available from Sun Microsystems.

(\*) with the exception of a partial support of RFC 4518 - International String Preparation

Technorati Tags: , , , , ,

Friday Dec 21, 2007

OpenDS 1.0.0-build009 is now available

We have just uploaded OpenDS 1.0.0-build009, built from revision 3597 of our source tree, to our promoted builds folder. The direct link to download the core server is: https://opends.dev.java.net/files/documents/4926/80019/OpenDS-1.0.0-build009.zip

The direct link to download the DSML gateway is: https://opends.dev.java.net/files/documents/4926/80022/OpenDS-1.0.0-build009-DSML.war

We have also updated the archive that may be used to install OpenDS via Java Web Start. You may launch that using the URL http://www2.opends.org/install/QuickSetup.jnlp, or visit https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool for more information.

Detailed information about this build is available at
http://www2.opends.org/promoted-builds/1.0.0-build009

Major changes incorporate since OpenDS 1.0.00-build08 include:

  • Revision 3468 (Issue #2214) -- Add the ability to accept certificates permanently in the graphical user interface. Fix an issue where the Subject DN of the certificate was not parsed correctly and and reported a host name mismatch.
  • Revision 3469 (Issue #1902) -- Fix an issue where dsconfig set-backend-prop did not check whether values provided exceeded the maximum value for a property.
  • Revision 3470 -- Add checks to avoid problems with DN comparison in the QuickSetup code.
  • Revision 3473 (Issue #2347) -- Fix an issue in which the dsconfig command would exit of no JE indexes were configured and a user attempted to view or edit them.
  • Revision 3485 (Issue #2613) -- Fix a problem with the upgrade commands which were breaking the replication mechanism.
  • Revision 3486 (Issue #2618) -- Fix an issue in which the dsframework register-server command was failing.
  • Revision 3487 (Issue #2617) -- Fix a NullPointerException in the dsreplication status command.
  • Revision 3488 (Issue #2085) -- Partial fix for a problem in which dsconfig did not close connections properly. This fix applies to dsconfig interactive mode only.
  • Revision 3489 -- Add two targets (run-server and run-dsconfig) that enable you to run the server or dsconfig without using a shell script, for example, from Netbeans. Also add two targets (nb-debug-server and nb-debug-dsconfig") that enable you to debug the server and dsconfig from Netbeans.
  • Revision 3492 (Issue #2614) -- Allow the ldif-directory property of an LDIF connection handler to be a relative path.
  • Revision 3493 -- Add nodetach to get server output when using the run-server and nb-debug-server targets. Enable debugging in the nb-debug-server target. Add a new nb-profile-server target for one click server profiling from NetBeans.
  • Revision 3499 (Issue #2565) -- Fix a Java Exception that occurred during replication conflict resolution.
  • Revision 3504 (Issue #2630) -- Fix a problem in in which the dsreplication pre-external-initialization command did not work correctly with a binary copy.
  • Revision 3507 (Issue #1732) -- Provide bundled installation documentation in an html file called install.html at the top level install directory.
  • Revision 3511 (Issue #2319) -- Protect access to the dc=replicationChanges suffix by default, using a global ACI that denies all operations for all users other than the Directory Manager.
  • Revision 3513 (Issues #2007 and #2049) -- Provide a generic mechanism for using multiple caches and fix an issue in which dsconfig was unable to configure the entry cache.
  • Revision 3519 (Issue #2615) -- Fix a deadlock in the change log trimming that caused a subsequent deadlock of the replication server.
  • Revision 3522 (Issue #2331) -- Fix an issue in which the manage-tasks command was always run interactively.
  • Revision 3525 (Issue #2655) -- The class org.opends.server.replication.server.ReplicationCache has been renamed as org.opends.server.replication.server.ReplicationServerDomain.
  • Revision 3528 (Issue #2633) -- Fix an issue in which new updates were not replicated when initializing a topology with dsreplication initialize-all, unless the server on which the data was originally imported was restarted.
  • Revision 3529 (Issue #2658) -- Fix a problem causing unexpected behavior when monitoring the entry cache.
  • Revision 3532 (Issue #2587) -- Fix an issue in which dsreplication enable failed to initialize the schema of a secondary server if the user schema contained a new object class dependent on a new attribute type.
  • Revision 3536 (Issue #2661) -- Make the classes in org.opends.messages public so that they can be referenced from other public APIs.
  • Revision 3538 (Issue #2086) -- Make FIFO the default entry cache instead of Soft Reference.
  • Revision 3543 (Issue #2599) -- Fix an issue in which the replication mechanism added the modifiersName and modifyTimestamp to schema updates, introducing an inconsistency between the schema on replicated instances.
  • Revision 3555 (Issue #2612) -- Fix an issue in which initialization of the ADS failed when both servers were configured for replication separately.
  • Revision 3557 (Issue #2648) -- Ensure that the dsconfig and dsreplication commands support IPv6 addresses.
  • Revision 3559 (Issue #2742) -- Add the objectClass attribute to the Root DSE operational attributes global ACI.
  • Revision 3572 (Issues #2730 and #2620) -- Provide a way for users to set specific JAVA arguments (and use a specific JVM) for every command-line utility.
  • Revision 3574 (Issue #2751) -- Fix an issue in which the account status notification handler could not be enabled if the template files were referenced with a relative path.
  • Revision 3575 (Issue #2767) -- Fix an issue in which using the entryDN attribute with userattr inheritance was broken.
  • Revision 3576 (Issue #2759) -- Add the objectClass attribute to the list of target attributes in the global ACI that grants anonymous read access - this issue prevented anonymous users from seeing cn=schema.
  • Revision 3577 -- Fix a bug which prevented the Java WebStart installer from setting the JAVA_HOME environment variable.
  • Revision 3582 (Issue #1862) -- Provide a verbose option with the setup command. By default, the graphical setup and the command-line setup run in non-verbose mode.
  • Revision 3585 (Issue #2446) -- (Partial fix). Add support to the administration framework for specifying one or more "default" managed objects which should be created automatically when a parent managed object is created. This is the first step in creating default indexes automatically when a new backend is created.
  • Revision 3586 (Issue #2446) -- Define default indexes that should be created when a new Local DB Backend is created. The default indexes are aci (presence), objectClass (equality), and entryUUID (equality).
  • Revision 3591 (Issue #2451) -- It is now possible to override the default naming argument for dsconfig sub-commands using the CLI profile in the XML definitions. To do this add the naming-argument-override attribute to a relation's CLI profile relation element.
  • Revision 3592 (Issue #2451) -- The CLI naming argument for virtual attributes has been over-ridden and is now name.
  • Revision 3595 (Issue #2741) -- Fix an issue in which adding and removing ACIs made the server unstable.
  • Revision 3596 (Issue #138) -- Various fixes and improvements to the DSML gateway.

Technorati Tags: , , , , ,

Friday Dec 14, 2007

OpenDS, OpenSolaris, GlassFish et bien d'autres...

 Ludo Resource Dcp 6547Nous organisons un seminaire technique sur les logiciels et projets open-source pour nos partenaires, au centre de recherche et développement de Grenoble (Grenoble Engineering Center), du 15 au 18 Janvier 2008.

Seront presentés, entre autres, Sun Secure Global desktop, OpenSolaris, GlassFish, NetBeans, OpenDS, OpenESB , xVM, OpenJDK, OpenDMK, Identity Management, Federation Management, Java CAPS...

L'agenda détaillé incluant la liste des présentateurs, les points de contact et les modalités d'inscription sont en ligne.

Attention le nombre de participants est limité, donc n'attendez pas la derniere minute pour vous inscrire.

Technorati Tags: , , , , , , ,

Thursday Mar 08, 2007

Community events in Paris on Wednesday March 21st

Sun Tech Days are coming to Paris on March 19th, 20th and 21st. As part of this event, there will be a GlassFish Community User Group where we will be presenting OpenDS. Alexis has posted the complete agenda of the meeting as well as other ancillary events.

The same day, still in Paris but at the Sun Customer Briefing Center (Av de Iéna), there is an Identity Management User Group. It seems that pre-registration is very successful, but if you're a Sun customer and are interested in participating, it is still time.

 See you in Paris in about 2 weeks.

About

This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today