How To - OpenIdentityPlatform/OpenDJ GitHub Wiki
Get last version
export VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenDJ/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)"
echo "last release: $VERSION"
curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj.zip
unzip opendj
cd opendj
Setup server
#with clean baseDN
./setup --addBaseEntry -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt
#with sample data
./setup --sampleData 100000 -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt
Clean and reinstall server
bin/stop-ds
rm -rf {config,db,changelogDb,logs}
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --addBaseEntry --cli --acceptLicense --no-prompt
Check server status
bin/status --bindDN "cn=Directory Manager" --bindPassword password
Backup and restore
bin/backup --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backUpAll --backupDirectory bak --start 0 && tail -f logs/errors
bin/restore --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backupDirectory bak/userRoot/ --start 0 && tail -f logs/errors
Initialize replication between two servers
bin/dsreplication enable --host1 localhost --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 2389 --host2 localhost --port2 4445 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 2390 --adminUID admin --adminPassword password --baseDN dc=example,dc=com -X -n
bin/dsreplication initialize --baseDN dc=example,dc=com --adminUID admin --adminPassword password --hostSource localhost --portSource 4444 --hostDestination localhost --portDestination 4445 -X -n
Disable replication on server
bin/dsreplication disable --disableAll --port 4444 --hostname localhost --bindDN "cn=Directory Manager" --adminPassword password --trustAll --no-prompt
List all indexes
bin/backendstat show-index-status --backendID userRoot --baseDN dc=example,dc=com
Rebuild Degraded Indexes ONLINE
bin/rebuild-index --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --baseDN dc=example,dc=com --rebuildDegraded --trustAll
List the available protocols and cipher suites, read the supportedTLSProtocols and supportedTLSCiphers
bin/ldapsearch --hostname localhost --port 1636 --useSSL --trustAll --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers supportedTLSProtocols
Allow only TLSv1.2 ssl-protocol
#LDAPS / LDAP / HTTP Connection Handlers
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-connection-handler-prop --handler-name "LDAPS Connection Handler" --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Administration Connector
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-administration-connector-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Crypto Manager
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-crypto-manager-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
Use Self Signed Certificate
Create the store with the following command. You'll be asked to enter a password for the .pfx file.
openssl pkcs12 -export -out opendj.pfx -inkey private.key -in server.crt -certfile cachain.crt
Then when you run the container just set this environment variable with the pfx path and the password.
OPENDJ_SSL_OPTIONS="--usePkcs12keyStore /data/opendj.pfx --keyStorePassword PASSWORD"
Store LDAP catalog data in CASSANDRA noSQL cluster
export OPENDJ_JAVA_ARGS="-server -Ddatastax-java-driver.basic.contact-points.0=localhost:9042 -Ddatastax-java-driver.basic.load-balancing-policy.local-datacenter=datacenter1"
#setup without backend
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --cli --acceptLicense --no-prompt
#create backend with keyspace: ldap_example_com
bin/dsconfig create-backend \
--hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password \
--backend-name=userRoot \
--type cas --set db-directory:ldap_example_com \
--set base-dn:dc=example,dc=com \
--set enabled:true \
--no-prompt --trustAll
Debug instance
export OPENDJ_JAVA_ARGS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=9000"
bin/start-ds
- REST Access to OpenDJ Directory Server
- How to delegate password reset permissions
- How to Run OpenDJ based Embedded LDAP in Spring Boot Application
- How To Run OpenDJ in Kubernetes
- How to Setup OpenDJ with BCFKS FIPS Key Store Type support
- TIP: How to Persist OpenDJ Docker Container Data Between Restarts