How To - OpenIdentityPlatform/OpenDJ GitHub Wiki

Get last version

export VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenDJ/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)" 
echo "last release: $VERSION"
curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj.zip
unzip opendj
cd opendj

Setup server

#with clean baseDN
./setup --addBaseEntry -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt 

#with sample data 
./setup --sampleData 100000 -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt 

Clean and reinstall server

bin/stop-ds 
rm -rf config/ db/ changelogDb/ logs/
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --addBaseEntry --cli --acceptLicense --no-prompt 

Check server status

bin/status --bindDN "cn=Directory Manager" --bindPassword password

Backup and restore

bin/backup --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backUpAll --backupDirectory bak --start 0 && tail -f logs/errors
bin/restore --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backupDirectory bak/userRoot/ --start 0 && tail -f logs/errors

Initialize replication between two servers

bin/dsreplication enable --host1 localhost --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 2389 --host2 localhost --port2 4445 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 2390 --adminUID admin --adminPassword password --baseDN dc=example,dc=com -X -n
bin/dsreplication initialize --baseDN dc=example,dc=com --adminUID admin --adminPassword password --hostSource localhost --portSource 4444 --hostDestination localhost --portDestination 4445 -X -n

Disable replication on server

bin/dsreplication disable --disableAll --port 4444 --hostname localhost --bindDN "cn=Directory Manager" --adminPassword password --trustAll --no-prompt

List all indexes

bin/backendstat show-index-status --backendID userRoot --baseDN dc=example,dc=com

Rebuild Degraded Indexes ONLINE

bin/rebuild-index --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --baseDN dc=example,dc=com --rebuildDegraded --trustAll

List the available protocols and cipher suites, read the supportedTLSProtocols and supportedTLSCiphers

bin/ldapsearch --hostname localhost --port 1636 --useSSL --trustAll --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers supportedTLSProtocols

Allow only TLSv1.2 ssl-protocol

#LDAPS / LDAP / HTTP Connection Handlers
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-connection-handler-prop --handler-name "LDAPS Connection Handler" --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Administration Connector
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-administration-connector-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Crypto Manager
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-crypto-manager-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt

Use Self Signed Certificate

Create the store with the following command. You'll be asked to enter a password for the .pfx file.

openssl pkcs12 -export -out opendj.pfx -inkey private.key -in server.crt -certfile cachain.crt

Then when you run the container just set this environment variable with the pfx path and the password.

OPENDJ_SSL_OPTIONS="--usePkcs12keyStore /data/opendj.pfx --keyStorePassword PASSWORD"

Store LDAP catalog data in CASSANDRA noSQL cluster

export OPENDJ_JAVA_ARGS="-server -Ddatastax-java-driver.basic.contact-points.0=localhost:9042 -Ddatastax-java-driver.basic.load-balancing-policy.local-datacenter=datacenter1"

./setup --backendType cas -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --sampleData 5000 --cli --acceptLicense --no-prompt