OpenDJ Logo

REST & LDAP Directory

Open Source: OpenDJ is the only 100% commercial open source LDAP directory server available on the market today. Feature overview.
Open Access: Our flexible data model lets developers choose REST, SCIM, LDAP, or Web Services for access
Open Architecture: 100% Java architecture supports the most demanding SLA environments with high throughput and low response times.

Practical bits

Downloads

Unstable Nightly Builds
Stable Enterprise Builds

Note that the nightly build is work in progress. We also have an archive of older OpenDJ releases.

Source code

OpenDJ is open source. You can check out the source code here.

The code is licensed under CDDL.

Official project repository
Our GitHub Mirror
Our Jenkins server

Get involved!

– Join the OpenDJ mailing list to ask questions, make suggestions, and tell us what you think of OpenDJ.

– Contribute to the development of OpenDJ by checking out the source code, add to our issue/bug tracker and hack away on contributions.

Get started!

Get the zip from the downloads page and unzip it to a folder of your choice. On your command line type:

cd opendj
./setup

The installation UI will fire up and 30 seconds later you can start the control panel like this:

control-panel

Features

OpenDJ feature overview

OpenDJ is optimized for performance at scale with data integrity and security. With millisecond response times and read/write performance in the tens of thousands per second, ForgeRock Directory Services satisfies the most rigorous performance requirements across industries, from telecom and financial services to large-scale consumer-facing applications.

OpenDJ stores identity data securely, with varying levels of authentication and authorization, including SSL, StartTLS, and certificate-based. Password and data encryption provide enterprises the means to securely deploy directory services on public clouds or use shared file systems infrastructures.

The encryption ensures the confidentiality and integrity of the data at rest which adds a critical layer of security from malicious attacks and potential breaches. All configuration changes are audited and archived, offering easy rollback to a working configuration. Businesses can have confidence in a service that will scale well beyond their business requirements.

By replicating data across multiple directory server instances, key customer, device, and user data is preserved in case of an outage. OpenDJ provides advanced replication options including multi-master, fractional, and assured. N-Way multi-master replication provides high-availability and disaster recovery capabilities. Fractional replication enables only specific attributes to replicate. Assured replication can guarantee data availability even in the remote scenario of a server crash.

OpenDJ also offers advanced backup and restore functions such as automated, compressed, signed, and encrypted backups that improve data reliability and security. Administrators can take advantage of the easiest replication setup in the industry to ensure a consistent data store and data availability across the organization

  • Provides access through REST API, SCIM, LDAP, and Web Services (DSMLv2) to ensure maximum interoperability with client applications
  • OpenDJ SDK for Java provides a library of classes and interfaces for accessing and implementing LDAP Directory Services
  • Enables delegated authentication to another LDAP directory service, such as Active Directory
  • Removes security risks associated with synchronizing passwords (e.g. transfer of cleartext passwords)

OpenDJ permits delegated authentication to another LDAP directory service, such as Active Directory, with passthrough authentication. Pass-through authentication removes the security risks associated with synchronizing passwords (including possible capture and transfer of clear text passwords).

With passthrough authentication, OpenDJ replays a user’s simple bind operation against the remote directory service. If the bind is successful, OpenDJ considers the user authenticated to perform subsequent operations like searches and updates in OpenDJ. IT organizations can leverage pre-existing investments in services like Active Directory to deliver secure identity across disparate systems.

By supporting the widely-adopted monitoring standards SNMP and JMX, OpenDJ can easily integrate into your existing monitoring infrastructure. Configure custom alerts to inform administrators about specific directory service events, such as password expiration, account lockout, backend database corruption detection, and much more. IT organizations get a transparent view into the status and performance of the directory.

OpenDJ’s GUI-based installer and control panel simplifies installation and server configuration down to a few minutes. The command line utilities enable complete access to all server management controls and monitoring, locally or remotely. OpenDJ provides data access through multiple protocols: REST, LDAP, and Web Services.

OpenDJ fully complies with LDAPv3, and DSMLv2 standards to ensure maximum interoperability with client applications. The OpenDJ SDK provides a high-performance, easy-to-use library of classes and interfaces for accessing and implementing LDAP directory services. Administrators can leverage existing expertise to enhance and deploy OpenDJ without the need for external services.

The Common Audit Framework provides a means to log data consistently across the ForgeRock Identity Platform, including OpenDJ, and enables correlation of events and transactions. Audit topics, such as access and activity, can be configured independently delivering the data you want to the appropriate business services. In addition to the existing handlers for csv files, jdbc connections, and syslog, and Elasticsearch (part of the ELK stack).

  • Password policies include a wide variety of password encryption schemes and customizable rules for password strength enforcement
  • Account status notification and query tool
  • Identity mapping for certificate or Kerberos-based authentication
  • Task-based configuration lets you get started and configure a server within minutes
  • Command line utilities offer complete server management and monitoring locally or remotely
  • Provides advanced backup and restore functions such as automated, compressed, signed, and encrypted backups to improve data reliability and security
  • Software is localized for English, French, German, Spanish, Japanese, Simplified Chinese
  • All relevant LDAPv3 standard RFC specifications and extensions
  • FIPS 180-1, FIPS 180-2 NIST encryption standards
  • For a full list please see the documentation appendix F.
  • 100% Java-based LDAPv3-compliant server is extremely efficient with minimal CPU, memory, and on-disk footprint, significantly reducing data center costs
  • Simple RESTful API for managing all core functions
  • All software and data are architecture-independent, so migration to a different OS or server is as simple as copying an instance to the new server
  • Allows for access to code, community discussions and participation, and transparent roadmap information.
OpenDJ Slides and video

OpenDJ Introduction

OpenDJ and REST

Identity Disorder Podcast: Episode 3 – It’s All About The Context

OpenDJ Resources
Sub-Projects

Sub-projects of OpenDJ

OpenDJ LDAP SDK

The OpenDJ LDAP SDK provides a set of modern, developer-friendly Java APIs as part of the OpenDJ product suite. The product suite includes the client SDK alongside command-line tools and sample code, a 100% pure Java directory server, and more. You can use OpenDJ SDK to create client applications for use with any server that complies with the, RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map.

The OpenDJ LDAP SDK brings you easy-to-use connection management, connection pooling, load balancing, and all the standard LDAP operations to read and write directory entries. OpenDJ LDAP SDK also lets you build applications with capabilities defined in additional draft and experimental RFCs that are supported by modern LDAP servers.

Documentation for OpenDJ SDK

Javadoc for this module can be found here. Read the developer guide for a deeper understanding of LDAP application development, as well as a detailed over of LDAP itself.

OpenDJ SDK Examples

The following LDAP example applications use the OpenDJ LDAP SDK synchronous APIs:

  • LDAP search – illustrates how to perform an LDAP search operation using the synchronous APIs
  • LDAP modify – illustrates how to perform an LDAP modify operation using the synchronous APIs
  • LDAP server – illustrates how to implement a very simple LDAP server
  • LDAP bind – illustrates how to bind to an LDAP server using the synchronous APIs
  • LDAP SASL bind – illustrates how to implement a SASL PLAIN bind to an LDAP server
  • Parse attributes – illustrates how to get an entry’s attribute values as objects
  • Read LDAP schema – illustrates how to read and verify an LDAP server’s schema
  • Read Root DSE – illustrates how to read an LDAP server’s capabilities and schema
  • Search & bind – illustrates how to authenticate given a mail address and a password using the synchronous APIs
  • Short life – illustrates how to create, update, rename, and delete an entry using the synchronous APIs
  • Use LDAP Schema – illustrates how to validate an entry using the directory server LDAP schema using the synchronous APIs
  • Use LDAP Controls – illustrates how to use supported LDAP controls
  • Use LDAP Extended Operations – illustrates how to use supported LDAP extended operations
  • Update group – illustrates how to add or remove a member from a static group using the synchronous APIs
  • Use GenericControl – illustrates how to use
    GenericControl to add a pre-read request control
  • Get AD Change Notifications – illustrates how to use
    GetADChangeNotifications to get change notifications from Active Directory
  • Reset AD user password – illustrates how to reset a user password in Active Directory as Administrator, or change the password as the user

The following LDAP example applications use the OpenDJ LDAP SDK asynchronous APIs:

  • LDAP search (async) – illustrates how to perform an LDAP search operation using the asynchronous APIs
  • LDAP modify (async) – illustrates how to perform an LDAP modify operation using the asynchronous APIs
  • LDAP proxy – illustrates how to implement a very simple LDAP proxy
  • LDAP bind (async) – illustrates how to bind to an LDAP server using the asynchronous APIs
  • Search & bind (async) – illustrates how to authenticate given a mail address and a password using the asynchronous APIs
  • Short life (async) – illustrates how to create, update, rename, and delete an entry using the asynchronous APIs
  • Use LDAP Schema (async) – illustrates how to validate an entry using the directory server LDAP schemausing the asynchronous APIs
  • Rewrite proxy – illustrates how to rewrite DNs and attribute names in a proxy layer
  • Update group (async) – illustrates how to add or remove a member from a static group using the asynchronous APIs

Documentation for OpenDJ SDK Examples

Javadoc for this module can be found here.

Android Contact Manager app

OpenDJ directory services give modern mobile applications easy access to directory data through a ForgeRock common REST interface. OpenDJ Contact Manager is an Android application that demonstrates use of OpenDJ directory server’s REST interface to search for and to read user resources. When you retrieve the resource for a user from OpenDJ directory server, OpenDJ Contact Manager lets you do the following:

  • Add the user to your Android address book.
  • Place a call to the user.
  • Send email to the user.
  • Send a text message (SMS) to the user.
  • Geolocate the user’s address.
  • Get the resource for the user’s manager.

The directory data itself is exposed as REST resources over HTTP using the directory HTTP connection handler, with a mapping from LDAP entries to REST resources configured in a file called http-config.json. For details about the OpenDJ REST interface and for examples showing how to use it, see the OpenDJ Administration Guide chapter, Performing RESTful Operations.

address-book

Source repository

http://sources.forgerock.org/browse/commons/mobile/contact-manager/trunk

Anonymous access

The source can be checked out anonymously from SVN with this command:

$ svn checkout https://svn.forgerock.org/commons/mobile/contact-manager/trunk contactmanager

Developer access

Everyone can access the Subversion repository via HTTP, but Committers must checkout the Subversion repository via HTTPS.

$ svn checkout https://svn.forgerock.org/commons/mobile/contact-manager/trunk contactmanager

To commit changes to the repository, execute the following command to commit your changes (svn will prompt you for your password)

$ svn commit --username your-username -m "A message"

Access from behind a firewall

For those users who are stuck behind a corporate firewall which is blocking HTTP access to the Subversion repository, you can try to access it via the developer connection:

$ svn checkout https://svn.forgerock.org/commons/mobile/contact-manager/trunk contactmanager

Access through a proxy

The Subversion client can go through a proxy, if you configure it to do so. First, edit your “servers” configuration file to indicate which proxy to use. The file’s location depends on your operating system. On Linux or Unix it is located in the directory “~/.subversion”. On Windows it is in “%APPDATA%\Subversion”. (Try “echo %APPDATA%”, note this is a hidden directory.)

There are comments in the file explaining what to do. If you don’t have that file, get the latest Subversion client and run any command; this will cause the configuration directory and template files to be created.

Example: Edit the ‘servers’ file and add something like:

[global]
http-proxy-host = your.proxy.name
http-proxy-port = 3128
OpenDJ blog posts

©2016 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?