Skip to content

How To Guides

Jump to bottom Edit New page
Maxim Thomas edited this page Jan 23, 2024 · 3 revisions

Setup server

#with clean baseDN
./setup --addBaseEntry -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt 

#with sample data 
./setup --sampleData 100000 -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --cli --acceptLicense --no-prompt

Clean and reinstall server

bin/stop-ds 
rm -rf config/ db/ changelogDb/ logs/
./setup -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --addBaseEntry --cli --acceptLicense --no-prompt

Check server status

bin/status --bindDN "cn=Directory Manager" --bindPassword password

Backup and restore

bin/backup --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backUpAll --backupDirectory bak --start 0 && tail -f logs/errors
bin/restore --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --backupDirectory bak/userRoot/ --start 0 && tail -f logs/errors

Initialize replication between two servers

bin/dsreplication enable --host1 localhost --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 password --replicationPort1 2389 --host2 localhost --port2 4445 --bindDN2 "cn=Directory Manager" --bindPassword2 password --replicationPort2 2390 --adminUID admin --adminPassword password --baseDN dc=example,dc=com -X -n
bin/dsreplication initialize --baseDN dc=example,dc=com --adminUID admin --adminPassword password --hostSource localhost --portSource 4444 --hostDestination localhost --portDestination 4445 -X -n

Disable replication on server

bin/dsreplication disable --disableAll --port 4444 --hostname localhost --bindDN "cn=Directory Manager" --adminPassword password --trustAll --no-prompt

List all indexes

bin/backendstat show-index-status --backendID userRoot --baseDN dc=example,dc=com

Rebuild Degraded Indexes ONLINE

bin/rebuild-index --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --baseDN dc=example,dc=com --rebuildDegraded --trustAll

List the available protocols and cipher suites, read the supportedTLSProtocols and supportedTLSCiphers

bin/ldapsearch --hostname localhost --port 1636 --useSSL --trustAll --baseDN "" --searchScope base "(objectclass=*)" supportedTLSCiphers supportedTLSProtocols

Allow only TLSv1.2 ssl-protocol

#LDAPS / LDAP / HTTP Connection Handlers
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-connection-handler-prop --handler-name "LDAPS Connection Handler" --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Administration Connector
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-administration-connector-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt
#Crypto Manager
bin/dsconfig --hostname localhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword password set-crypto-manager-prop --add ssl-protocol:TLSv1.2 --trustAll --no-prompt

Use Self Signed Certificate

Create the store with the following command. You'll be asked to enter a password for the .pfx file.

openssl pkcs12 -export -out opendj.pfx -inkey private.key -in server.crt -certfile cachain.crt

Then when you run the container just set this environment variable with the pfx path and the password.

OPENDJ_SSL_OPTIONS="--usePkcs12keyStore /data/opendj.pfx --keyStorePassword PASSWORD"

Store LDAP catalog data in CASSANDRA noSQL cluster

export OPENDJ_JAVA_ARGS="-server -Ddatastax-java-driver.basic.contact-points.0=localhost:9042 -Ddatastax-java-driver.basic.load-balancing-policy.local-datacenter=datacenter1"

./setup --backendType cas -h localhost -p 1389 --ldapsPort 1636 --adminConnectorPort 4444 --enableStartTLS --generateSelfSignedCertificate --rootUserDN "cn=Directory Manager" --rootUserPassword password --baseDN dc=example,dc=com --sampleData 5000 --cli --acceptLicense --no-prompt

OpenDJ Logo

Latest release Build Deploy Issues Last commit License Downloads Docker Top language Code size in bytes

OpenDJ is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.

Add a custom sidebar
Clone this wiki locally