REST & LDAP Directory
Open Source: OpenDJ is the only 100% commercial open source LDAP directory server available on the market today. Feature overview.
Open Access: Our flexible data model lets developers choose REST, LDAP, or Web Services for access
Open Architecture: 100% Java architecture supports the most demanding SLA environments with high throughput and low response times.
On this page:
OpenDJ feature overview
OpenDJ is optimized for performance at scale with data integrity and security. With millisecond response times and read/write performance in the tens of thousands per second, ForgeRock Directory Services satisfies the most rigorous performance requirements across industries, from telecom and financial services to large-scale consumer-facing applications.
OpenDJ stores identity data securely, with varying levels of authentication and authorization, including SSL, StartTLS, and certificate-based. Password and data encryption provide enterprises the means to securely deploy directory services on public clouds or use shared file systems infrastructures.
The encryption ensures the confidentiality and integrity of the data at rest which adds a critical layer of security from malicious attacks and potential breaches. All configuration changes are audited and archived, offering easy rollback to a working configuration. Businesses can have confidence in a service that will scale well beyond their business requirements.
By replicating data across multiple directory server instances, key customer, device, and user data is preserved in case of an outage. OpenDJ provides advanced replication options including multi-master, fractional, and assured. N-Way multi-master replication provides high-availability and disaster recovery capabilities. Fractional replication enables only specific attributes to replicate. Assured replication can guarantee data availability even in the remote scenario of a server crash.
OpenDJ also offers advanced backup and restore functions such as automated, compressed, signed, and encrypted backups that improve data reliability and security. Administrators can take advantage of the easiest replication setup in the industry to ensure a consistent data store and data availability across the organization
- Provides access through REST API, LDAP, and Web Services (DSMLv2) to ensure maximum interoperability with client applications
- OpenDJ SDK for Java provides a library of classes and interfaces for accessing and implementing LDAP Directory Services
- Enables delegated authentication to another LDAP directory service, such as Active Directory
- Removes security risks associated with synchronizing passwords (e.g. transfer of cleartext passwords)
OpenDJ permits delegated authentication to another LDAP directory service, such as Active Directory, with passthrough authentication. Pass-through authentication removes the security risks associated with synchronizing passwords (including possible capture and transfer of clear text passwords).
With passthrough authentication, OpenDJ replays a user’s simple bind operation against the remote directory service. If the bind is successful, OpenDJ considers the user authenticated to perform subsequent operations like searches and updates in OpenDJ. IT organizations can leverage pre-existing investments in services like Active Directory to deliver secure identity across disparate systems.
By supporting the widely-adopted monitoring standards SNMP and JMX, OpenDJ can easily integrate into your existing monitoring infrastructure. Configure custom alerts to inform administrators about specific directory service events, such as password expiration, account lockout, backend database corruption detection, and much more. IT organizations get a transparent view into the status and performance of the directory.
OpenDJ’s GUI-based installer and control panel simplifies installation and server configuration down to a few minutes. The command line utilities enable complete access to all server management controls and monitoring, locally or remotely. OpenDJ provides data access through multiple protocols: REST, LDAP, and Web Services.
OpenDJ fully complies with LDAPv3, and DSMLv2 standards to ensure maximum interoperability with client applications. The OpenDJ SDK provides a high-performance, easy-to-use library of classes and interfaces for accessing and implementing LDAP directory services. Administrators can leverage existing expertise to enhance and deploy OpenDJ without the need for external services.
The Common Audit Framework provides a means to log data consistently across the ForgeRock Identity Platform, including OpenDJ, and enables correlation of events and transactions. Audit topics, such as access and activity, can be configured independently delivering the data you want to the appropriate business services. In addition to the existing handlers for csv files, jdbc connections, and syslog, and Elasticsearch (part of the ELK stack).
- Password policies include a wide variety of password encryption schemes and customizable rules for password strength enforcement
- Account status notification and query tool
- Identity mapping for certificate or Kerberos-based authentication
- Task-based configuration lets you get started and configure a server within minutes
- Command line utilities offer complete server management and monitoring locally or remotely
- Provides advanced backup and restore functions such as automated, compressed, signed, and encrypted backups to improve data reliability and security
- Software is localized for English, French, German, Spanish, Japanese, Simplified Chinese
- 100% Java-based LDAPv3-compliant server is extremely efficient with minimal CPU, memory, and on-disk footprint, significantly reducing data center costs
- Simple RESTful API for managing all core functions
- All software and data are architecture-independent, so migration to a different OS or server is as simple as copying an instance to the new server
- Allows for access to code, community discussions and participation, and transparent roadmap information.
Identi-TeaPodcast: Episode 4 – The Rodeo of Things
OpenDJ LDAP SDK
The OpenDJ LDAP SDK provides a set of modern, developer-friendly Java APIs as part of the OpenDJ product suite. The product suite includes the client SDK alongside command-line tools and sample code, a 100% pure Java directory server, and more. You can use OpenDJ SDK to create client applications for use with any server that complies with the, RFC 4510: Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map.
The OpenDJ LDAP SDK brings you easy-to-use connection management, connection pooling, load balancing, and all the standard LDAP operations to read and write directory entries. OpenDJ LDAP SDK also lets you build applications with capabilities defined in additional draft and experimental RFCs that are supported by modern LDAP servers.
Documentation for OpenDJ SDK
OpenDJ SDK Examples
The following LDAP example applications use the OpenDJ LDAP SDK synchronous APIs:
- LDAP search – illustrates how to perform an LDAP search operation using the synchronous APIs
- LDAP modify – illustrates how to perform an LDAP modify operation using the synchronous APIs
- LDAP server – illustrates how to implement a very simple LDAP server
- LDAP bind – illustrates how to bind to an LDAP server using the synchronous APIs
- LDAP SASL bind – illustrates how to implement a SASL PLAIN bind to an LDAP server
- Parse attributes – illustrates how to get an entry’s attribute values as objects
- Read LDAP schema – illustrates how to read and verify an LDAP server’s schema
- Read Root DSE – illustrates how to read an LDAP server’s capabilities and schema
- Search & bind – illustrates how to authenticate given a mail address and a password using the synchronous APIs
- Short life – illustrates how to create, update, rename, and delete an entry using the synchronous APIs
- Use LDAP Schema – illustrates how to validate an entry using the directory server LDAP schema using the synchronous APIs
- Use LDAP Controls – illustrates how to use supported LDAP controls
- Use LDAP Extended Operations – illustrates how to use supported LDAP extended operations
- Update group – illustrates how to add or remove a member from a static group using the synchronous APIs
- Use GenericControl – illustrates how to use
GenericControl to add a pre-read request control
- Get AD Change Notifications – illustrates how to use
GetADChangeNotifications to get change notifications from Active Directory
- Reset AD user password – illustrates how to reset a user password in Active Directory as Administrator, or change the password as the user
The following LDAP example applications use the OpenDJ LDAP SDK asynchronous APIs:
- LDAP search (async) – illustrates how to perform an LDAP search operation using the asynchronous APIs
- LDAP modify (async) – illustrates how to perform an LDAP modify operation using the asynchronous APIs
- LDAP proxy – illustrates how to implement a very simple LDAP proxy
- LDAP bind (async) – illustrates how to bind to an LDAP server using the asynchronous APIs
- Search & bind (async) – illustrates how to authenticate given a mail address and a password using the asynchronous APIs
- Short life (async) – illustrates how to create, update, rename, and delete an entry using the asynchronous APIs
- Use LDAP Schema (async) – illustrates how to validate an entry using the directory server LDAP schemausing the asynchronous APIs
- Rewrite proxy – illustrates how to rewrite DNs and attribute names in a proxy layer
- Update group (async) – illustrates how to add or remove a member from a static group using the asynchronous APIs
Documentation for OpenDJ SDK Examples
Javadoc for this module can be found here.
Android Contact Manager app
OpenDJ directory services give modern mobile applications easy access to directory data through a ForgeRock common REST interface. OpenDJ Contact Manager is an Android application that demonstrates use of OpenDJ directory server’s REST interface to search for and to read user resources. When you retrieve the resource for a user from OpenDJ directory server, OpenDJ Contact Manager lets you do the following:
- Add the user to your Android address book.
- Place a call to the user.
- Send email to the user.
- Send a text message (SMS) to the user.
- Geolocate the user’s address.
- Get the resource for the user’s manager.
The directory data itself is exposed as REST resources over HTTP using the directory HTTP connection handler, with a mapping from LDAP entries to REST resources configured in a file called http-config.json. For details about the OpenDJ REST interface and for examples showing how to use it, see the OpenDJ Administration Guide chapter, Performing RESTful Operations.