OpenDJ Logo

REST & LDAP Directory

Open Source: OpenDJ is the only 100% commercial open source LDAP directory server available on the market today. Feature overview.
Open Access: Our flexible data model lets developers choose REST, SCIM, LDAP, or Web Services for access
Open Architecture: 100% Java architecture supports the most demanding SLA environments with high throughput and low response times.

Practical bits

Downloads

Unstable Nightly Builds
Stable Enterprise Builds

Note that the nightly build is work in progress. We also have an archive of older OpenDJ releases.

Source code

OpenDJ is open source. You can check out the source code here.

The code is licensed under CDDL.

Official project repository
Our GitHub Mirror
Our Jenkins server

Get involved!

– Join the OpenDJ mailing list to ask questions, make suggestions, and tell us what you think of OpenDJ.

– Contribute to the development of OpenDJ by checking out the source code, add to our issue tracker and hack away on contributions.

Get started!

Get the zip from the downloads page and unzip it to a folder of your choice. On your command line type:

cd opendj
./setup

The installation UI will fire up and 30 seconds later you can start the control panel like this:

control-panel

Features

OpenDJ feature overview

  • OpenDJ provides industry-leading performance with sub-millisecond read/write response times and low latency throughput, up to hundreds of thousands of operations per second
  • Supports HA deployments with N-way multi-master replication, including data centers with geographic separation for managing failover and disaster recovery
  • Meets the most rigorous SLA requirements, from telco subscriber systems to mission-critical enterprise environments
  • Provides access through REST API, SCIM, LDAP, and Web Services (DSMLv2) to ensure maximum interoperability with client applications
  • OpenDJ SDK for Java provides a library of classes and interfaces for accessing and implementing LDAP Directory Services
  • N-way multi-master replication ensures high-availability and disaster recovery capabilities
  • Assured replication can guarantee data availability in the event of server failure
  • Supports WAN-optimized replication for increased bandwidth efficiency
  • Secures all data including passwords through a wide variety of encryption mechanisms
  • Supports multiple levels of authentication and authorization policies including SSL, StartTLS, and Certificate
  • All configuration changes are audited and archived, offering easy rollback to a working configuration
  • Enables delegated authentication to another LDAP directory service, such as Active Directory
  • Removes security risks associated with synchronizing passwords (e.g. transfer of cleartext passwords)
  • Password policies include a wide variety of password encryption schemes and customizable rules for password strength enforcement
  • Account status notification and query tool
  • Identity mapping for certificate or Kerberos-based authentication
  • Task-based configuration lets you get started and configure a server within minutes
  • Command line utilities offer complete server management and monitoring locally or remotely
  • Provides advanced backup and restore functions such as automated, compressed, signed, and encrypted backups to improve data reliability and security
  • Supports widely adopted monitoring standards SNMP and JMX, for easy integration into your existing monitoring infrastructure
  • Configure custom alerts to inform administrators about specific directory service events, such as password expiration, access controls disablement, and backend database corruption
  • Securely audits all operations within the environment
  • Supports filtered logs that capture the “who, what, when, and where” of operations, based on user-defined criteria
  • Software is localized for English, French, German, Spanish, Japanese, Simplified Chinese
  • All relevant LDAPv3 standard RFC specifications and extensions
  • FIPS 180-1, FIPS 180-2 NIST encryption standards
  • For a full list please see the documentation appendix D.
  • 100% Java-based LDAPv3-compliant server is extremely efficient with minimal CPU, memory, and on-disk footprint, significantly reducing data center costs
  • Simple RESTful API for managing all core functions
  • All software and data are architecture-independent, so migration to a different OS or server is as simple as copying an instance to the new server
  • Allows for access to code, community discussions and participation, and transparent roadmap information.
OpenDJ Slides and video

OpenDJ Introduction, slides

The Power of OpenDJ and REST

OpenDJ Resources
Sub-Projects

Sub-projects of OpenDJ

OpenDJ LDAP SDK

The OpenDJ LDAP SDK provides a set of modern, developer-friendly Java APIs as part of the OpenDJ product suite. The product suite includes the client SDK alongside command-line tools and sample code, a 100% pure Java directory server, and more. You can use OpenDJ SDK to create client applications for use with any server that complies with the, RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map.

The OpenDJ LDAP SDK brings you easy-to-use connection management, connection pooling, load balancing, and all the standard LDAP operations to read and write directory entries. OpenDJ LDAP SDK also lets you build applications with capabilities defined in additional draft and experimental RFCs that are supported by modern LDAP servers.

Documentation for OpenDJ SDK

Javadoc for this module can be found here. Read the developer guide for a deeper understanding of LDAP application development, as well as a detailed over of LDAP itself.

OpenDJ SDK Examples

The following LDAP example applications use the OpenDJ LDAP SDK synchronous APIs:

  • LDAP search – illustrates how to perform an LDAP search operation using the synchronous APIs
  • LDAP modify – illustrates how to perform an LDAP modify operation using the synchronous APIs
  • LDAP server – illustrates how to implement a very simple LDAP server
  • LDAP bind – illustrates how to bind to an LDAP server using the synchronous APIs
  • LDAP SASL bind – illustrates how to implement a SASL PLAIN bind to an LDAP server
  • Parse attributes – illustrates how to get an entry’s attribute values as objects
  • Read LDAP schema – illustrates how to read and verify an LDAP server’s schema
  • Read Root DSE – illustrates how to read an LDAP server’s capabilities and schema
  • Search & bind – illustrates how to authenticate given a mail address and a password using the synchronous APIs
  • Short life – illustrates how to create, update, rename, and delete an entry using the synchronous APIs
  • Use LDAP Schema – illustrates how to validate an entry using the directory server LDAP schema using the synchronous APIs
  • Use LDAP Controls – illustrates how to use supported LDAP controls
  • Use LDAP Extended Operations – illustrates how to use supported LDAP extended operations
  • Update group – illustrates how to add or remove a member from a static group using the synchronous APIs
  • Use GenericControl – illustrates how to use
    GenericControl to add a pre-read request control
  • Get AD Change Notifications – illustrates how to use
    GetADChangeNotifications to get change notifications from Active Directory
  • Reset AD user password – illustrates how to reset a user password in Active Directory as Administrator, or change the password as the user

The following LDAP example applications use the OpenDJ LDAP SDK asynchronous APIs:

  • LDAP search (async) – illustrates how to perform an LDAP search operation using the asynchronous APIs
  • LDAP modify (async) – illustrates how to perform an LDAP modify operation using the asynchronous APIs
  • LDAP proxy – illustrates how to implement a very simple LDAP proxy
  • LDAP bind (async) – illustrates how to bind to an LDAP server using the asynchronous APIs
  • Search & bind (async) – illustrates how to authenticate given a mail address and a password using the asynchronous APIs
  • Short life (async) – illustrates how to create, update, rename, and delete an entry using the asynchronous APIs
  • Use LDAP Schema (async) – illustrates how to validate an entry using the directory server LDAP schemausing the asynchronous APIs
  • Rewrite proxy – illustrates how to rewrite DNs and attribute names in a proxy layer
  • Update group (async) – illustrates how to add or remove a member from a static group using the asynchronous APIs

Documentation for OpenDJ SDK Examples

Javadoc for this module can be found here.

Android Contact Manager app

OpenDJ directory services give modern mobile applications easy access to directory data through a ForgeRock common REST interface. OpenDJ Contact Manager is an Android application that demonstrates use of OpenDJ directory server’s REST interface to search for and to read user resources. When you retrieve the resource for a user from OpenDJ directory server, OpenDJ Contact Manager lets you do the following:

  • Add the user to your Android address book.
  • Place a call to the user.
  • Send email to the user.
  • Send a text message (SMS) to the user.
  • Geolocate the user’s address.
  • Get the resource for the user’s manager.

The directory data itself is exposed as REST resources over HTTP using the directory HTTP connection handler, with a mapping from LDAP entries to REST resources configured in a file called http-config.json. For details about the OpenDJ REST interface and for examples showing how to use it, see the OpenDJ Administration Guide chapter, Performing RESTful Operations.

address-book

Source repository

http://sources.forgerock.org/browse/commons/mobile/contact-manager/trunk

Anonymous access

The source can be checked out anonymously from SVN with this command:

$ svn checkout https://svn.forgerock.org/commons/mobile/contact-manager/trunk contactmanager

Developer access

Everyone can access the Subversion repository via HTTP, but Committers must checkout the Subversion repository via HTTPS.

$ svn checkout https://svn.forgerock.org/commons/mobile/contact-manager/trunk contactmanager

To commit changes to the repository, execute the following command to commit your changes (svn will prompt you for your password)

$ svn commit --username your-username -m "A message"

Access from behind a firewall

For those users who are stuck behind a corporate firewall which is blocking HTTP access to the Subversion repository, you can try to access it via the developer connection:

$ svn checkout https://svn.forgerock.org/commons/mobile/contact-manager/trunk contactmanager

Access through a proxy

The Subversion client can go through a proxy, if you configure it to do so. First, edit your “servers” configuration file to indicate which proxy to use. The file’s location depends on your operating system. On Linux or Unix it is located in the directory “~/.subversion”. On Windows it is in “%APPDATA%\Subversion”. (Try “echo %APPDATA%”, note this is a hidden directory.)

There are comments in the file explaining what to do. If you don’t have that file, get the latest Subversion client and run any command; this will cause the configuration directory and template files to be created.

Example: Edit the ‘servers’ file and add something like:

[global]
http-proxy-host = your.proxy.name
http-proxy-port = 3128
OpenDJ blog posts

©2016 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?