title: OpenDJ Administration link: https://onemoretech.wordpress.com/2012/03/21/opendj-administration/ author: lembobro description: post_id: 2357 created: 2012/03/21 14:08:00 created_gmt: 2012/03/21 18:08:00 comment_status: closed post_name: opendj-administration status: publish post_type: post

OpenDJ Administration

Been exploring OpenDJ ("son of OpenDS") in depth today for an actual project. Really looking to gain full mastery quickly, some resources below.

The latest release of OpenDJ is 2.4.5 and can be found here. All formats for core documentation (including an Administration Guide) are here. This is production grade code that could easily replace competing products like DSEE/ODSEE. Ludo provides the evidence. Given his track record (Ludo led the team responsible for developing DSEE and OpenDS in their final form at Sun), his assessment carries a lot of weight.

I've already learned how to configure things like search entry and time limits, as well as how to make the look through limit unlimited (you set the property to "0" instead of "-1" or "unlimited" as in the case of DSEE). Also discovered I can update the schema in bulk by simply editing (or creating) a 99-user.ldif, just like we do with DSEE's 99user.ldif.

Right now I'm looking at writing a script to do mass index creation and modification: again, just as I did with DSEE. The syntax of the commands is different, but so far it looks like all the capabilities are there. One wrinkle I found is the "index entry limit" property, which defaults to 4000 entries on every index. Really seems like allidsthreshold (still in DSEE but thankfully removed from 389 Directory) gone berserk to me. Got to decide how to handle that from a strategic point of view. I may just set it to 0 and see what happens (because the default would definitely result in some unwelcome behavior, I think).

Some notes: Things to do before loading data.

1. Set look through limit to unlimited ("0").

2. Increase search limit and search time.

3. Turn off schema and syntax checking.

4. Allow pre-encoded passwords in root and default password policies.

Things to deal with/consider:

1. Running the directory on port 389 as a non-root user (or do we just run it as root?).

2. Scripting bulk creation/modification of indexes for quick prep of new user directories.

3. File system conventions (what's my standard path? /opt/opendj/ds-user1 sounds good...).

4. Configuring log files, replication, etc. Pretty much all the stuff it took me 10 years to master on Netscape/iPlanet/Sun. Maybe someone will write a book on this, or offer a distance learning class. Something to think about. Right now my own plan is to put together a command line cheat sheet like I did for DSEE. Look for it soon.

Copyright 2004-2019 Phil Lembo