Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Opendj - A LDAP Server for dummies
1. OpenDJ
A LDAP Server for dummies
Claudio Borges aka but3k4
cbsfilho@gmail.com
2. About me
+13 years experience with Linux/Unix
Systems Administrator Specialist
Technical Leader at Locaweb
PPP Programmer (Python/Perl/PHP)
Fresh Father
USF4 player
3. What is OpenDJ?
A powerful and secure LDAP Server
Written in java
It began as a fork of the OpenDS code base
Initial release in december 21 2010
100% opensource (CDDL License)
Reliable and Scalable
5. Features
Easy installation, configuration and administration
Rich Command Line Interface (CLI)
Control Panel (Admin GUI)
Automatic backups with task scheduler
High Availability
Rest API
Flexible, and easy to use plug in mechanism
6. OpenDJ in Action
Install OpenDJ
The Command Line Interface (CLI)
Control Panel (Admin GUI)
Replication
Tuning
Backup
7. Install OpenDJ
Download OpenDJ from ForgeRock website:
https://backstage.forgerock.com/#!/downloads/OpenDJ
Create a local user:
Ex: opendj
Install JAVA 6 or later
If you download the file OpenDJ-2.6.0.zip, unzip the file:
Ex: unzip -v OpenDJ-2.6.0.zip -d /opt/
Run the setup utility
Create the init script and start OpenDJ
11. Command Line Interface
The dsconfig command is the primary command line
tool for viewing and editing OpenDJ configuration.
You can run it with or without arguments.
19. Replication
You can set up replication automatically using the
QuickSetup GUI when you first install the directory
server. If you set up your directory servers by using the
setup command, you can use the dsreplication
command to configure replication between the servers.
21. Replication
First, you need to create an admin user. you will use
the dsframework command. This utility can be used to
perform operations in the directory server
administration framework.
30. Tuning
If you have a heavy traffic, you need to change the
values below using the dsconfig command:
idle-time-limit = 20
lookthrough-limit = 10000
size-limit = 5000
time-limit = 20
32. Tuning
For a server with 24gb of RAM, use these options:
- -d64
- -XX:+UseCompressedOops
- -Xms8g
- -Xmx12g
- -Xmn4g
- -XX:MaxTenuringThreshold=1
To apply JVM settings for your server, edit config/java.properties,
and apply the changes with the dsjavaproperties command.
34. Tuning
You need to configure the maximum number of Open
File Descriptors for the OpenDJ User, so, create the file
/etc/security/limits.d/opendj.conf, with these values:
opendj soft nofile 65535
opendj hard nofile 131072
Restart the OpenDJ with the command:
stop-ds --restart --quiet
38. Locaweb Case
The Locaweb OpenDJ environment is composed of:
- Two F5 BiG-IP Load Balancers (layer 4)
- 4 servers, 16 procs and 24gb RAM each
This configuration reached 60k maximum concurrent
connections per server in production environment.
40. Thanks for your
Attention!
Any questions?
Claudio Borges
www.claudioborges.org
cbsfilho@gmail.com
@but3k4
Editor's Notes
389 Directory Service from Red Hat, written in C, multi-master
Apache DS from Apache SF, written in java, multi-master
OpenLDAP from OpenLDAP Foundation, written in C, multi-master (RFC 4533)
Ludovic Poitou left Oracle in September 2010 for ForgeRock
RESTful access to directory data over HTTP
You can use Apache Directory Studio for manage OpenDJ servers
Replication in OpenDJ is designed to be both easy to implement in environments with a few servers, and also scalable in environments with many servers.
The directory server replication model is a loosely consistent, multi-master model. In other words, all directory servers
in a replicated topology can process both read and write operations.
M.C. - Indicates the number of updates already pushed by the other LDAP servers in the topology, but not yet replayed on the
specified LDAP server. If this number is high on a particular server, investigate the latency of that server.
A.O.M.C - Specifies the approximate date of the oldest update pushed by the other directory servers in the topology, but not yet
processed on the specified LDAP server.
idle-time-limit - the maximum amount of time a connection can sit idle before the server disconnect it
lookthrough-limit - the maximum number of entries to look through while processing a search request
size-limit - the maximum number of entries returned to a search request
time-limit - the maximum amount of time to spend returning results to a client
-d64 - To use a heap larger than about 3.5 GB on a 64-bit system, use this option.
-XX:+UseCompressedOops - Java object pointers normally have the same size as native machine pointers. If you run a small, but 64-bit JVM, then compressed object pointers can save space. Set this option when you have a 64-bit JVM, -Xmx less than 32 GB, and Java SE 6u23 or later.
-Xms, -Xmx - Set both minimum and maximum heap size to the same value to avoid resizing. Leave space for the entire DB cache and more.
-Xmn - Set the new generation size between 1-4 GB for high throughput deployments, but leave enough overall JVM heap to avoid overlaps with the space used for DB cache.
-XX:MaxTenuringThreshold=1 - Force OpenDJ to create only objects that have either a short lifetime, or a long lifetime.