OpenDJ is an LDAPv3 compliant directory service, developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.
You can download OpenDJ software from the OpenDJ download page. OpenDJ is free to download, evaluate, and use. You can even check out and modify the source code to build your own version if you prefer.
These release notes are written for everyone working with the OpenDJ 2.4.4 release. Read these notes before you install or upgrade OpenDJ software. These notes cover hardware and software prerequisites for installing and upgrading OpenDJ software. These notes list key features added and changed in this release. They also cover compatibility with previous releases and alert you to potential changes coming up that could affect your scripts and applications. Finally, these notes list both issues fixed since the previous release and known issues open at the time of release.
See the OpenDJ Installation Guide for more after you read these release notes. The installation guide covers installation and upgrade for OpenDJ directory server and OpenDJ DSML gateway. If you're planning to upgrade from OpenDJ 2.4.0 or OpenDS 2.2, make sure you run the opendj_patch4upgrade.sh script as described in the "Before you upgrade" section of the OpenDJ Installation Guide.
What's New In OpenDJ 2.4.4
Compared to the OpenDJ 2.4.3, OpenDJ 2.4.4 fixes a number of issues. OpenDJ 2.4.4 is an update release that does not include additional features.
This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.
Major changes to existing functionality
No functionality is deprecated in OpenDJ 2.4.4.
No functionality is planned to be deprecated at this time.
No functionality has been removed in OpenDJ 2.4.4.
No functionality is planned to be removed at this time.
OpenDJ Fixes, Limitations, and Known Issues
OpenDJ issues are tracked at https://bugster.forgerock.org/jira/browse/OPENDJ. This chapter covers the status of key issues at release 2.4.4.
Fixes since last release
The following issues were fixed since release 2.4.3.
- IcedTea-618: OpenDJ does not work properly with OpenJDK 6 on Linux distributions. A fix was committed for this issue on September 29, 2011, so a recent build would be required to benefit from the fix.
- OPENDJ-65: Host domain name lost from FQDN while enabling replication for a new replica using disreplication enable
- OPENDJ-213: External Changelog nightly tests are failing since last fixes in the ECL code. Debug logs show some exceptions in cookie string parsing...
- OPENDJ-223: Modify operation isn't replayed on replica exactly as on original server.
- OPENDJ-224: Replication fails when replication server is configured for a network interface which is not an alias of localhost/127.0.0.1
- OPENDJ-237: Password modification by deleting the value and adding a new one fails with unwilling to perform (would result in multiple password in the entry)
- OPENDJ-242: Password Policy State Extended Operation anomalies
- OPENDJ-254: The show-all-attributes flag breaks schema modification, when enabled.
- OPENDJ-263: Wrong search results when searching draft change log using filter of the form "(changeNumber>=xxxx)" where xxxx<firstChangeNumber
- OPENDJ-266: Extra white space in some of the schema files shipped with OpenDJ 2.4
- OPENDJ-274: Replication mishandles a Modify operation with multiple modifications on the same attribute.
- OPENDJ-277: Initialize GSSAPI extension after back ends and connectors
- OPENDJ-282: dsreplication enable fails with duplicate server ID, while it's about the same server being referenced.
- OPENDJ-293: InternalClientConnection memory leak when performing password modify/state extended operations or SASL binds
Release 2.4.4 has the following limitations, none of which are new since 2.4.0.
- OpenDJ directory server provides full LDAP v3 support, except for alias dereferencing, and limited support for LDAPv2.
- When you configure account lockout as part of password policy, OpenDJ locks an account after the specified number of consecutive authentication failures. Account lockout is not transactional across a replication topology, however.
- OpenDJ is not fully integrated with Microsoft Windows, yet OpenDJ directory server can be run as a service, and thus displayed in the Windows Services Control Panel.
- OpenDJ replication is designed to permit an unlimited number of replication servers in your topology. Project testing has, however, focused only on topologies of up to eight replication servers.
The following issues remained open at the time release 2.4.4 became available.
- OPENDJ-68: On T2000 systems, hardware SSL crypto acceleration is slower than software. To work around this issue: 1) add more request handlers to LDAP (for TLS) and LDAPS (for SSL) connection handlers; 2) disable hardware acceleration for server's JVM by removing the SunPKCS11 security provider from jre/lib/security/java.security.
- OPENDJ-88: Online backup of cn=config does not work
- OPENDJ-98: Searches on cn=monitor take a long time
- OPENDJ-109: jar files that are put into $OPENDJ_ROOT/lib/extensions are not visible in classpath
- OPENDJ-136: On Windows, upgrade fails with NPE during Verify phase
- OPENDJ-137: Registering OpenDJ as a Windows Service is not recommended.
- OPENDJ-145: Upgrade hangs if the OpenDJ is running and properties files is used.
- OPENDJ-169: Modifying ObjectClass in Control-Panel requires restart
- OPENDJ-208: Schema changes over LDAP allow duplicate attributes depending if the attribute is defined as single-valued or not
Furthermore when deploying for production, make sure that you follow the installation instructions on allowing OpenDJ to use at least 64K (65536) file descriptors, tuning the JVM appropriately, and increasing database cache size from the default of 10%.
For the latest status, query the OpenDJ bug database online at https://bugster.forgerock.org/jira/browse/OPENDJ.
Tested Operating Systems and Application Servers
OpenDJ software depends on the Java environment more than it depends on the underlying operating systems.
That said, OpenDJ 2.4.4 has been validated on the following operating systems.
- Apple Mac OS X 10.7
- Linux 2.6
- Microsoft Windows Server 2008
- Oracle Solaris 10
OpenDJ 2.4.4 DSML gateway has been validated on Apache Tomcat 6.
OpenDJ administrative tools and log messages have been translated into the following languages.
- Simplified Chinese
Several messages are also translated into Catalan, Korean, Polish and Traditional Chinese.
Note - Certain SEVERE and FATAL error messages are displayed in English only.
How to Report Problems and Provide Feedback
If you have questions regarding OpenDJ which are not answered by the documentation or here in the wiki, there is a mailing list which can be found at https://lists.forgerock.org/mailman/listinfo/opendj where you are likely to find an answer.
If you have found issues or reproducible bugs within OpenDJ 2.4.4, report them in https://bugster.forgerock.org.
When requesting help with a problem, please include the following information:
- Description of the problem, including when the problem occurs and its impact on your operation
- Machine type, operating system version, web container and version, JDK version, and OpenDJ release version, including any patches or other software that might be affecting the problem
- Steps to reproduce the problem
- Any error logs or core dumps
You can purchase OpenDJ support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to firstname.lastname@example.org, or call +47 21520108. To find a partner in your area, see http://www.forgerock.com/partners.html.