opendj - a ldap server for dummies

OpenDJA LDAP Server for dummies

Claudio Borges aka but3k4cbsfilho@gmail.com

About me+13 years experience with Linux/Unix

Systems Administrator Specialist

Technical Leader at Locaweb

PPP Programmer (Python/Perl/PHP)

Fresh Father

USF4 player

What is OpenDJ?A powerful and secure LDAP Server

Written in java

It began as a fork of the OpenDS code base

Initial release in december 21 2010

100% opensource (CDDL License)

Reliable and Scalable

Classic Scenario

FeaturesEasy installation, configuration and

administration

Rich Command Line Interface (CLI)

Control Panel (Admin GUI)

Automatic backups with task scheduler

High Availability

Rest API

Flexible, and easy to use plug in mechanism

OpenDJ in ActionInstall OpenDJ

The Command Line Interface (CLI)

Control Panel (Admin GUI)

Replication

Tuning

Backup

Install OpenDJ Download OpenDJ from ForgeRock website:

https://backstage.forgerock.com/#!/downloads/OpenDJ

Create a local user:

Ex: opendj

Install JAVA 6 or later

If you download the file OpenDJ-2.6.0.zip, unzip the file:

Ex: unzip -v OpenDJ-2.6.0.zip -d /opt/

Run the setup utility

Create the init script and start OpenDJ

Install OpenDJ

Install OpenDJ

Install OpenDJ

Command Line InterfaceThe dsconfig command is the primary command

line tool for viewing and editing OpenDJ configuration.

You can run it with or without arguments.

Command Line Interface

Command Line Interface

Control PanelOpenDJ Control Panel offers a graphical user

interface for managing both local and remote servers.

Control Panel

Control Panel

Control Panel

Control Panel

ReplicationYou can set up replication automatically using

the QuickSetup GUI when you first install the directory server. If you set up your directory servers by using the setup command, you can use the dsreplication command to configure replication between the servers.

Replication

ReplicationFirst, you need to create an admin user. you will

use the dsframework command. This utility can be used to perform operations in the directory server administration framework.

ReplicationCreating the admin user:

ReplicationConfiguring the replication:

Replication

Replication

ReplicationInitialize Replication between servers:

Replication

ReplicationMonitoring the replication:

Replication

TuningIf you have a heavy traffic, you need to change

the values below using the dsconfig command:

idle-time-limit = 20

lookthrough-limit = 10000

size-limit = 5000

time-limit = 20

Tuning

Tuning For a server with 24gb of RAM, use these options:

- -d64

- -XX:+UseCompressedOops

- -Xms8g

- -Xmx12g

- -Xmn4g

- -XX:MaxTenuringThreshold=1

To apply JVM settings for your server, edit config/java.properties, and apply the changes with the dsjavaproperties command.

Tuning

TuningYou need to configure the maximum number of

Open File Descriptors for the OpenDJ User, so, create the file /etc/security/limits.d/opendj.conf, with these values:

opendj soft nofile 65535

opendj hard nofile 131072

Restart the OpenDJ with the command:

stop-ds --restart --quiet

Tuning

BackupOpenDJ has a internal backup tool. This tool can

be used to back up one or more directory server backends.

Backup

Locaweb CaseThe Locaweb OpenDJ environment is composed

of:

- Two F5 BiG-IP Load Balancers (layer 4)

- 4 servers, 16 procs and 24gb RAM each

This configuration reached 60k maximum concurrent connections per server in production environment.

Referenceshttp://opendj.forgerock.org

https://wikis.forgerock.org/confluence/display/OPENDJ/Home

http://docs.forgerock.org/en/opendj/2.6.0/configref/index.html

https://ludopoitou.wordpress.com/

https://opends.java.net/

Thanks for your Attention!

Any questions?

Claudio Borgeswww.claudioborges.org

cbsfilho@gmail.com@but3k4