Opendj - A LDAP Server for dummies
•Download as PPTX, PDF•
1 like•4,874 views
My presentation at H2HC 2014 A brief description about OpenDJ, how to install and how it works.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Opendj - A LDAP Server for dummies
Similar to Opendj - A LDAP Server for dummies (20)
Recently uploaded
Recently uploaded (20)
Opendj - A LDAP Server for dummies
- 1. OpenDJ A LDAP Server for dummies Claudio Borges aka but3k4 cbsfilho@gmail.com
- 2. About me +13 years experience with Linux/Unix Systems Administrator Specialist Technical Leader at Locaweb PPP Programmer (Python/Perl/PHP) Fresh Father USF4 player
- 3. What is OpenDJ? A powerful and secure LDAP Server Written in java It began as a fork of the OpenDS code base Initial release in december 21 2010 100% opensource (CDDL License) Reliable and Scalable
- 5. Features Easy installation, configuration and administration Rich Command Line Interface (CLI) Control Panel (Admin GUI) Automatic backups with task scheduler High Availability Rest API Flexible, and easy to use plug in mechanism
- 6. OpenDJ in Action Install OpenDJ The Command Line Interface (CLI) Control Panel (Admin GUI) Replication Tuning Backup
- 7. Install OpenDJ Download OpenDJ from ForgeRock website: https://backstage.forgerock.com/#!/downloads/OpenDJ Create a local user: Ex: opendj Install JAVA 6 or later If you download the file OpenDJ-2.6.0.zip, unzip the file: Ex: unzip -v OpenDJ-2.6.0.zip -d /opt/ Run the setup utility Create the init script and start OpenDJ
- 10. Install OpenDJ
- 11. Command Line Interface The dsconfig command is the primary command line tool for viewing and editing OpenDJ configuration. You can run it with or without arguments.
- 14. Control Panel OpenDJ Control Panel offers a graphical user interface for managing both local and remote servers.
- 15. Control Panel
- 16. Control Panel
- 17. Control Panel
- 18. Control Panel
- 19. Replication You can set up replication automatically using the QuickSetup GUI when you first install the directory server. If you set up your directory servers by using the setup command, you can use the dsreplication command to configure replication between the servers.
- 20. Replication
- 21. Replication First, you need to create an admin user. you will use the dsframework command. This utility can be used to perform operations in the directory server administration framework.
- 22. Replication Creating the admin user:
- 23. Replication Configuring the replication:
- 24. Replication
- 25. Replication
- 26. Replication Initialize Replication between servers:
- 27. Replication
- 28. Replication Monitoring the replication:
- 29. Replication
- 30. Tuning If you have a heavy traffic, you need to change the values below using the dsconfig command: idle-time-limit = 20 lookthrough-limit = 10000 size-limit = 5000 time-limit = 20
- 31. Tuning
- 32. Tuning For a server with 24gb of RAM, use these options: - -d64 - -XX:+UseCompressedOops - -Xms8g - -Xmx12g - -Xmn4g - -XX:MaxTenuringThreshold=1 To apply JVM settings for your server, edit config/java.properties, and apply the changes with the dsjavaproperties command.
- 33. Tuning
- 34. Tuning You need to configure the maximum number of Open File Descriptors for the OpenDJ User, so, create the file /etc/security/limits.d/opendj.conf, with these values: opendj soft nofile 65535 opendj hard nofile 131072 Restart the OpenDJ with the command: stop-ds --restart --quiet
- 35. Tuning
- 36. Backup OpenDJ has a internal backup tool. This tool can be used to back up one or more directory server backends.
- 37. Backup
- 38. Locaweb Case The Locaweb OpenDJ environment is composed of: - Two F5 BiG-IP Load Balancers (layer 4) - 4 servers, 16 procs and 24gb RAM each This configuration reached 60k maximum concurrent connections per server in production environment.
- 39. References http://opendj.forgerock.org https://wikis.forgerock.org/confluence/display/OPENDJ/ Home http://docs.forgerock.org/en/opendj/2.6.0/configref/inde x.html https://ludopoitou.wordpress.com/ https://opends.java.net/
- 40. Thanks for your Attention! Any questions? Claudio Borges www.claudioborges.org cbsfilho@gmail.com @but3k4
Editor's Notes
- 389 Directory Service from Red Hat, written in C, multi-master Apache DS from Apache SF, written in java, multi-master OpenLDAP from OpenLDAP Foundation, written in C, multi-master (RFC 4533) Ludovic Poitou left Oracle in September 2010 for ForgeRock
- RESTful access to directory data over HTTP
- You can use Apache Directory Studio for manage OpenDJ servers
- Replication in OpenDJ is designed to be both easy to implement in environments with a few servers, and also scalable in environments with many servers.
- The directory server replication model is a loosely consistent, multi-master model. In other words, all directory servers in a replicated topology can process both read and write operations.
- M.C. - Indicates the number of updates already pushed by the other LDAP servers in the topology, but not yet replayed on the specified LDAP server. If this number is high on a particular server, investigate the latency of that server. A.O.M.C - Specifies the approximate date of the oldest update pushed by the other directory servers in the topology, but not yet processed on the specified LDAP server.
- idle-time-limit - the maximum amount of time a connection can sit idle before the server disconnect it lookthrough-limit - the maximum number of entries to look through while processing a search request size-limit - the maximum number of entries returned to a search request time-limit - the maximum amount of time to spend returning results to a client
- -d64 - To use a heap larger than about 3.5 GB on a 64-bit system, use this option. -XX:+UseCompressedOops - Java object pointers normally have the same size as native machine pointers. If you run a small, but 64-bit JVM, then compressed object pointers can save space. Set this option when you have a 64-bit JVM, -Xmx less than 32 GB, and Java SE 6u23 or later. -Xms, -Xmx - Set both minimum and maximum heap size to the same value to avoid resizing. Leave space for the entire DB cache and more. -Xmn - Set the new generation size between 1-4 GB for high throughput deployments, but leave enough overall JVM heap to avoid overlaps with the space used for DB cache. -XX:MaxTenuringThreshold=1 - Force OpenDJ to create only objects that have either a short lifetime, or a long lifetime.