Archive/category: Directory Server

OpenDJ and the Fine Art of Impersonation

Directory servers are often used in multi-tier applications to store user profiles, preferences, or other information useful to the application.  Oftentimes the web application includes an administrative console to assist in the management of that data; allowing operations such as user creation or password reset.  Multi-tier environments pose a challenge, however, as it is difficult Read more

OpenDJ Access Control Explained

An OpenDJ implementation will contain certain data that you would like to explicitly grant or deny access to.  Personally identifiable information (PII) such as a user’s home telephone number, their address, birth date, or simply their email address might be required by certain team members or applications, but it might be a good idea to Read more

OpenDJ Attribute Uniqueness (and the Effects on OpenAM)

In real life we tend to value those traits that make us unique from others; but in an identity management deployment uniqueness is essential to the authentication process and should not be taken for granted. Case in point, attributes in OpenDJ may share values that you may or may not want (or need) to be unique. For Read more

Understanding OpenAM and OpenDJ Account Lockout Behaviors

The OpenAM Authentication Service can be configured to lock a user’s account after a defined number of log in attempts has failed.  Account Lockout is disabled by default, but when configured properly, this feature can be useful in fending off brute force attacks against OpenAM login screens. If your OpenAM environment includes an LDAP server Read more

It’s OK to Get Stressed Out with OpenAM

In fact, it’s HIGHLY recommended…. Performance testing and stress testing are closely related and are essential tasks in any OpenAM deployment. When conducting performance testing, you are trying to determine how well your system performs when subjected to a particular load. A primary goal of performance testing is to determine whether the system that you Read more

OpenDJ Indexes Explained

Suppose that you have an OpenDJ directory server with 300,000 entries.  And further suppose that the space consumed on your disk for said directory is 1.2 GB and made up of 114 database (*.jdb) files.  Suppose that you didn’t plan correctly and you are now running out of space on your hard drive.  What should Read more

The Case of the Mysteriously Creeping Database

While teaching a recent ForgeRock OpenDJ class, a student of mine observed an interesting behavior that at first seemed quite odd.  While rebuilding his attribute indexes, the student found that the overall database size seemed to grow each time he performed a reindex operation.  What seems obvious to me now sure made me scratch my head Read more

What do OpenDJ and McDonald’s Have in Common?

The OpenDJ directory server is highly scalable and can process all sorts of requests from different types of clients over various protocols.  The following diagram provides an overview of how OpenDJ processes these requests.  (See The OpenDJ Architecture for a more detailed description of each component.) Note:  The following information has been taken from ForgeRock’s OpenDJ Administration, Read more