OpenDJ is an LDAPv3 compliant directory service, developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.
You can download OpenDJ software from the OpenDJ download page. OpenDJ is free to download, evaluate, and use. You can even check out and modify the source code to build your own version if you prefer.
These release notes are written for everyone working with the OpenDJ 2.4.5 release. Read these notes before you install or upgrade OpenDJ software. These notes cover hardware and software prerequisites for installing and upgrading OpenDJ software. These notes list key features added and changed in this release. They also cover compatibility with previous releases and alert you to potential changes coming up that could affect your scripts and applications. Finally, these notes list both issues fixed since the previous release and known issues open at the time of release.
See the OpenDJ Installation Guide for more after you read these release notes. The installation guide covers installation and upgrade for OpenDJ directory server and OpenDJ DSML gateway. If you're planning to upgrade from OpenDJ 2.4.0 or OpenDS 2.2, make sure you run the opendj_patch4upgrade.sh script as described in the "Before you upgrade" section of the OpenDJ Installation Guide.
What's New In OpenDJ 2.4.5
Compared to the OpenDJ 2.4.4, OpenDJ 2.4.5 fixes a number of issues. OpenDJ 2.4.5 is an update release that does not include additional features.
This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.
Changes to existing functionality
The fix for OPENDJ-410 requires that you rebuild the ds-sync-hist index after upgrade, but before restarting OpenDJ.
No functionality is deprecated in OpenDJ 2.4.5.
No functionality is planned to be deprecated at this time.
No functionality has been removed in OpenDJ 2.4.5.
No functionality is planned to be removed at this time.
OpenDJ Fixes, Limitations, and Known Issues
OpenDJ issues are tracked at https://bugster.forgerock.org/jira/browse/OPENDJ. This chapter covers the status of key issues at release 2.4.5.
Fixes since last release
The following issues were fixed since release 2.4.4.
- OPENDJ-349: manage-account returns Seconds Until Idle Account Lockout: 0 (zero) if the last log on date is more than 24 days before the idle lock out interval.
- OPENDJ-387: dsreplication initialize-all reports negative percentage of completion
- OPENDJ-400: ControlPanel issue with values containing \n (such as sunxmlkeyvalue)
- OPENDJ-401: Replication fails with Java 7.
- OPENDJ-410: Frequent corruption in ds-sync-hist ordering index.
- OPENDJ-413: verify-index with "-c" option doesn't work for certain indexes
- OPENDJ-420: Rare SSLExceptions while handling LDAPS connections and big LDAP searches
Release 2.4.5 has the following limitations, none of which are new since 2.4.0.
- OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.
- When you configure account lockout as part of password policy, OpenDJ locks an account after the specified number of consecutive authentication failures. Account lockout is not transactional across a replication topology, however.
- OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ directory server can be run as a service, and thus displayed in the Windows Services Control Panel.
- OpenDJ replication is designed to permit an unlimited number of replication servers in your topology. Project testing has, however, focused only on topologies of up to eight replication servers.
The following issues remained open at the time release 2.4.5 became available.
- OPENDJ-68: On T2000 systems, hardware SSL crypto acceleration is slower than software. To work around this issue: 1) add more request handlers to LDAP (for TLS) and LDAPS (for SSL) connection handlers; 2) disable hardware acceleration for server's JVM by removing the SunPKCS11 security provider from jre/lib/security/java.security.
- OPENDJ-88: Online backup of cn=config does not work
- OPENDJ-98: Searches on cn=monitor take a long time
- OPENDJ-109: jar files that are put into $OPENDJ_ROOT/lib/extensions are not visible in classpath
- OPENDJ-136: On Windows, upgrade fails with NPE during Verify phase
- OPENDJ-137: Registering OpenDJ as a Windows Service is not recommended.
- OPENDJ-145: Upgrade hangs if the OpenDJ is running and properties files is used.
- OPENDJ-169: Modifying ObjectClass in Control-Panel requires restart
- OPENDJ-208: Schema changes over LDAP allow duplicate attributes depending if the attribute is defined as single-valued or not
- OPENDJ-249: dsreplication disable --disableAll error removing contents of "cn=admin data"
- OPENDJ-270: dsreplication disable takes a long time
- OPENDJ-301: Unauthenticated rebuild indexes only shuts down the backend
- OPENDJ-312: Control Panel Restore Verify Backup fails with a NPE if no base DN
- OPENDJ-314: OpenDJ as Windows Service can not be stopped using control-panel
- OPENDJ-315: OpenDJ not restart when enable as automatic windows service after reboot
- OPENDJ-318: QuickSetup upgrade does not start server if upgrade completed checked
- OPENDJ-320: log-file-permissions ignores group permissions
- OPENDJ-322: Binary encoding option causing problems in replace operations
- OPENDJ-323: If you attempt to rebuild an index that doesn't exist while OpenDJ is running then the backend is left offline
- OPENDJ-332: In Replication server Replication Server 9989 15435: replication servers 127.0.1.1:10989 and 127.0.0.1:10989 have the same ServerId : 12360
- OPENDJ-334: PermissiveModifyRequestControl not replicated which may cause divergence
- OPENDJ-340: dsreplication disable takes --bindDN, but --adminPassword instead of --bindPassword
- OPENDJ-344: Upgrade fails when there's an extension with additional JAR dependency.
- OPENDJ-347: Misleading error when running setup
- OPENDJ-365: Potential deadlock in JE backend while performing a mix of update operations
- OPENDJ-390: ConcurrentModificationException during backup all
- OPENDJ-398: Misleading replication messages: "Replication server XXXX was attempting to connect to replication server YYYY but has disconnected in handshake phase"
- OPENDJ-399: DirectoryException thrown processing of virtual static groups during backend initialization
- OPENDJ-405: Upgrade fails in many cases when configuration modified in the server to upgrade.
- OPENDJ-412: Blocked persistent searches may block all worker threads
Furthermore when deploying for production, make sure that you follow the installation instructions on allowing OpenDJ to use at least 64K (65536) file descriptors, tuning the JVM appropriately, and increasing database cache size from the default of 10%.
For the latest status, query the OpenDJ bug database online at https://bugster.forgerock.org/jira/browse/OPENDJ.
Tested Operating Systems and Application Servers
OpenDJ software depends on the Java environment more than it depends on the underlying operating systems.
That said, OpenDJ 2.4.5 has been validated on the following operating systems.
- Apple Mac OS X 10.7
- Linux 2.6 and later
- Microsoft Windows Server 2008
- Oracle Solaris 10
OpenDJ 2.4.5 DSML gateway has been validated on Apache Tomcat 6.
OpenDJ administrative tools and log messages have been translated into the following languages.
- Simplified Chinese
Several messages are also translated into Catalan, Korean, Polish and Traditional Chinese.
Note - Certain SEVERE and FATAL error messages are displayed in English only.
How to Report Problems and Provide Feedback
If you have questions regarding OpenDJ which are not answered by the documentation or here in the wiki, there is a mailing list which can be found at https://lists.forgerock.org/mailman/listinfo/opendj where you are likely to find an answer.
If you have found issues or reproducible bugs within OpenDJ 2.4.5, report them in https://bugster.forgerock.org.
When requesting help with a problem, please include the following information:
- Description of the problem, including when the problem occurs and its impact on your operation
- Machine type, operating system version, web container and version, JDK version, and OpenDJ release version, including any patches or other software that might be affecting the problem
- Steps to reproduce the problem
- Any error logs or core dumps
You can purchase OpenDJ support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to email@example.com, or call +47 2108 1746. To find a partner in your area, see http://www.forgerock.com/partners.html.