How To
export VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenDJ/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)"
echo "last release: $VERSION"
curl -L https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/$VERSION/opendj-$VERSION.zip --output opendj.zip
unzip opendj
cd opendj#with clean baseDN
./setup --addBaseEntry -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt
#with sample data
./setup --sampleData 100000 -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt bin/stop-ds
rm -rf {config,db,changelogDb,logs}
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --addBaseEntry --cli --acceptLicense --no-prompt bin/status --bindDN "cn=Directory Manager" --bindPassword passwordbin/backup --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backUpAll --backupDirectory bak --start 0 && tail -f logs/errors
bin/restore --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backupDirectory bak/userRoot/ --start 0 && tail -f logs/errorsbin/dsreplication enable --host1 localhost --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 2389 --host2 localhost --port2 4445 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 2390 --adminUID admin --adminPassword password --baseDN dc=example,dc=com -X -n
bin/dsreplication initialize --baseDN dc=example,dc=com --adminUID admin --adminPassword password --hostSource localhost --portSource 4444 --hostDestination localhost --portDestination 4445 -X -nbin/dsreplication disable --disableAll --port 4444 --hostname localhost --bindDN "cn=Directory Manager" --adminPassword password --trustAll --no-promptbin/backendstat show-index-status --backendID userRoot --baseDN dc=example,dc=combin/rebuild-index --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --baseDN dc=example,dc=com --rebuildDegraded --trustAllList the available protocols and cipher suites, read the supportedTLSProtocols and supportedTLSCiphers
bin/ldapsearch --hostname localhost --port 1636 --useSSL --trustAll --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers supportedTLSProtocols#LDAPS / LDAP / HTTP Connection Handlers
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-connection-handler-prop --handler-name "LDAPS Connection Handler" --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Administration Connector
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-administration-connector-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Crypto Manager
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-crypto-manager-prop --add ssl-protocol:TLSv1.2 --trustAll --no-promptCreate the store with the following command. You'll be asked to enter a password for the .pfx file.
openssl pkcs12 -export -out opendj.pfx -inkey private.key -in server.crt -certfile cachain.crtThen when you run the container just set this environment variable with the pfx path and the password.
OPENDJ_SSL_OPTIONS="--usePkcs12keyStore /data/opendj.pfx --keyStorePassword PASSWORD"export OPENDJ_JAVA_ARGS="-server -Ddatastax-java-driver.basic.contact-points.0=localhost:9042 -Ddatastax-java-driver.basic.load-balancing-policy.local-datacenter=datacenter1"
#setup without backend
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --cli --acceptLicense --no-prompt
#create backend with keyspace: ldap_example_com
bin/dsconfig create-backend \
--hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password \
--backend-name=userRoot \
--type cas --set db-directory:ldap_example_com \
--set base-dn:dc=example,dc=com \
--set enabled:true \
--no-prompt --trustAll#setup without backend
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --cli --acceptLicense --no-prompt
#create backend jdbc:postgresql://localhost:5432/database_name?user=postgres&password=password
bin/dsconfig create-backend \
--hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password \
--backend-name=userRoot \
--type jdbc --set db-directory:jdbc:postgresql://localhost:5432/database_name?user=postgres\&password=password \
--set base-dn:dc=example,dc=com \
--set enabled:true \
--no-prompt --trustAllexport OPENDJ_JAVA_ARGS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=9000"
bin/start-ds- REST Access to OpenDJ Directory Server
- How to delegate password reset permissions
- How to Run OpenDJ based Embedded LDAP in Spring Boot Application
- How To Run OpenDJ in Kubernetes
- How to Setup OpenDJ with BCFKS FIPS Key Store Type support
- TIP: How to Persist OpenDJ Docker Container Data Between Restarts
OpenDJ is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.