Child pages
  • OpenDJ 2.4.1 Release Notes
Skip to end of metadata
Go to start of metadata

Installation Notes

OpenDJ is a new LDAPv3 compliant directory service, developed for the Java platform, providing a high performance, highly available and secure store for the identities managed by enterprises. Its easy installation process, combined with the power of the Java platform makes of OpenDJ the simplest and fastest directory server to deploy and manage.

OpenDJ is a extension of the Sun Microsystems' initiated OpenDS project and offers a fully supported product for it.

For specifc information about installing OpenDJ 2.4.1 software, please see the Installation Guide .

To upgrade from a previous version, please check the Upgrade to OpenDJ 2.4.1 section below.

The software can be downloaded from the OpenDJ downloads page.

What's New in OpenDJ 2.4

While OpenDJ 2.4 is the first release of the ForgeRock hosted OpenDJ project, it derives from OpenDS, a 4 years old project and continues to extend it and deliver additional value.

Compared to the latest stable release of OpenDS (2.2.1), OpenDJ fixes a number of issues and provides the following additional features:

  • Support for Collective Attributes (RFC 3671, 3672) with specific enhancements, providing a mean to share attribute and values between entries
  • Improved Import performances and reliability
  • Optimized replication traffic routing to reduce overhead and increase reliability
  • Support for MS AD Permissive Modification Control
  • Support for multiple object class inheritance in the schema
  • Support for disk space monitoring in the server for the database, import and rebuild operations, preventing unexpected behaviors on full disks
  • Support for monitoring the use of indexes in filters
  • Support for analysis of attribute indexes
  • Support for limit in the number of persistent searches
  • New resource limit policy to throttle the operation rate
  • Support for Linux MD5 encrypted password, allowing a smooth migration from Files to LDAP naming services (OPENDJ-5)
  • Improved interoperability and support SHA2 encrypted passwords with variable salt length (OPENDJ-9)
  • Updated version of the Berkeley DB JE database providing better performance and control over database cache eviction (OPENDJ-11)
  • Now only support Java 1.6 JVM or higher

Upgrading to OpenDJ 2.4.1

There are 2 ways to upgrade from earlier version of OpenDJ or OpenDS to OpenDJ 2.4.1, with the upgrade command in the installed instance or from the Java WebStart Installer.

Before you proceed with upgrading, we recommend that you first do a full backup of your instance.

We also recommend that you download and run the script which resolves an issue in previous releases that are affecting the ability to upgrade smoothly.

Once you've downloaded the script, go in the instance directory and just run the script from there.

Note that you can run this script while the server is running, and even if you don't plan to upgrade now. The script just repairs a file that was not correctly generated in previous releases of OpenDS and OpenDJ.

To upgrade from the command line, download theOpenDJ 2.4.1 Zip file from the OpenDJ Downloads page and store it on a temporary location. Go in the existing instance directory and run the upgrade command ( ./upgrade ). Provide the path to the downloaded Zip file and choose to continue.

To upgrade from the Java WebStart Installer, go to the OpenDJ Downloads page and click on the OpenDJ Release 2.4.1 link. This will start QuickSetup and on the first screen you will be asked if you want to install a new instance or upgrade an existing one. Choose the second option, fill in the path and click next to review and finish the upgrade.

Once the upgrade is completed, do not forget to rebuild the dn2id index if you've upgraded from OpenDS 2.2. You can do this from the control-panel or with the rebuild-index command :

bin/rebuild-index [options] -i dn2id -b "dc=example,dc=com"

Note that you can only upgrade an instance if you own it.

Java Requirements

The OpenDJ software is written entirely in Java and therefore will run on any system matching the requirements below.

OpenDJ has been tested on Solaris Sparc, x86 and x64, various flavors of Linux, Windows, Mac OS X...

The OpenDJ directory services requires that the system have an installed version of at least Java SE 6.0 (Sun version 1.6.0_10) Java runtime environment (JRE). The preferred JRE is the latest version of Java SE 6.0 and if performances of the OpenDJ server is critical to you, we recommend at least the update 22 (which also includes a major security fix for TLS).

There are known issues with OpenDJ and OpenJDK 6 on Linux. If you are deploying on Linux, we recommend that you download and use Sun JRE.

Supported Locales

OpenDJ 2.4 has been translated into the following languages :

  • French
  • German
  • Japanese
  • Simplified Chinese
  • Spanish

Several messages are also translated into Catalan, Korean, Polish and Traditional Chinese.

Note: Certain error messages (specifically, the SEVERE and FATAL messages) are displayed in English only.

Software Environment Limitations and Recommendations

The OpenDJ 2.4.1 software has some limitations that might affect the initial deployment of your directory server. Follow the recommendations for deployments in this section.
Administrators also should appropriately tune the OpenDJ directory server and its Java Virtual Machine (JVM) to ensure that adequately sized hardware is made available to support heavy write operations. For more information, see Configuring the JVM and Java Options.

OpenDJ 2.4.1 Limitations

The OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.

Account lockout is working on a per server basis only.

OpenDJ 2.4.1 is not fully integrated with the Windows environment. However, it can be run as a service and is therefore displayed in the Windows Services Control Panel.

Although the OpenDJ software has been designed for n-way multi-master replication, testing has focused on up to eight replication servers in a topology.

Upgrade from OpenDS 2.2 or OpenDJ 2.4.0 has been mostly tested on Solaris, MacOSX and Linux. For Windows, it is recommended to start with a fresh installation of the OpenDJ software.

When upgrading from OpenDS 2.2, you need to rebuild the dn2id index after the upgrade. To do so, run the rebuild-index command: bin/rebuild-index <some options> -i dn2id -b "<your suffix>". For more information regarding the rebuild-index command see rebuild-index reference documentation.

OpenDJ Software Recommendations

The default settings of the OpenDJ directory server are targeted initially at evaluators or developers who are running equipment with a limited amount of resources. For this reason, you should tune the Java virtual machine (JVM) and the directory server itself to improve scalability and performance, particularly for write operations. For more information, see Configuring the JVM and Java Options.
The OpenDJ directory server provides better performance when the database files are cached entirely into memory.

Related Documentation

OpenDJ documentation is sparse and work in progress but, most of the documentation of the OpenDS project is still applicable.
More specifically the OpenDS 2.2 Administration Guide, CommandLine Usage Guide, Deployment Guide.

Known Issues

  • OpenDJ can hang when the system is configured for LDAP then DNS (OpenDS #4593) 
  • During an Upgrade to OpenDJ 2.4.1, the upgrade process may report an error when migrating schema customization. This is due to a defect in the upgraded release. Check the Upgrading to OpenDJ 2.4.1 section above for more information.

Fixed Issues from OpenDJ 2.4.0


  • OPENDJ-17 - Generated RC script does not run if run as other than root.
  • OPENDJ-27 - Schema parsing fails with extensions (X-xxxx) on Syntaxes, but also when spaces are missing
  • OPENDJ-47 - Extensible filters which use dnAttributes are not processed correctly when there is an existing index for the named attribute
  • OPENDJ-48 - Draft ECL: lastChangeNumber still not calculated correctly
  • OPENDJ-50 - ECL base object search operations on cn=changelog take a long time if the change log is big
  • OPENDJ-54 - Account Status Notifications (password changed/reset) are not sent for the Password Modify Extended Operation
  • OPENDJ-55 - Failing modify operations causing memory leak
  • OPENDJ-59 - search with paged result control issue
  • OPENDJ-69 - Binary option not included in userCertificate attribute in change log entries.
  • OPENDJ-70 - Build does not create the proper reference schema in the config/upgrade directory
  • OPENDJ-71 - The "container" objectclass used by ECL top entry is missing in the schema.
  • OPENDJ-72 - cn=Changelog DENY ACI is bad
  • OPENDJ-73 - Memory leak in DITCacheMap
  • OPENDJ-74 - Fix potential dropped cursor while iterating through replication state DB
  • OPENDJ-75 - Combine RFC 3672 and relative subtree specification syntax
  • OPENDJ-77 - Infinite recursive loop in relative time matching rule compare method.
  • OPENDJ-79 - Fix OpenDS issue 4583: during a search op, ACI with targetfilter and targetattrs gets evaluated wrongly
  • OPENDJ-80 - Draft change log DB handler thread spins constantly when the draft change log is big
  • OPENDJ-83 - ECL: changeInitiatorsName and potentially changeTime are wrong for delete operations


  • OPENDJ-56 - Update 2.4 branch to JE 4.1.7
  • OPENDJ-76 - Consider adding collective attributes to entries after virtual attributes are added.
  • No labels