OpenDJ & High Availability
OpenDJ is a powerful LDAP server based on the popular OpenDS server.
OpenDJ supports multi-master replication, failure auto-detection and recovery. The replication setup is extensively documented and fairly simple to setup.
Apache Karaf
Apache Karaf is a customizable OSGi container with excellent support for application deployment. The default Karaf installation is very lightweight with a minimal set of libraries installed. Karaf supports ‘features’ which are groups of bundles (JAR files with OSGi headers) that collectively implement a given functionality. Features may also depend on other features.
OpenDJ on Apache Karaf
The OpenDJ distribution by ForgeRock comes either in the form of a standalone tar.gz archive or a web archive that can be deployed on a servlet container (Tomcat, Jetty).
For OSGi application requiring an LDAP server, this creates an extra requirement on the infrastructure setup. In these cases, it would be ideal to deploy OpenDJ as just another feature of the main application in Karaf similarly to how an ActiveMQ broker is deployed.
The opendj-osgi project on GitHub implements exactly this. It takes the existing OpenDJ package and adapts it for Karaf adding a features.xml to it and a custom startup driver.
To deploy it on Karaf, download the project from GitHub, build it, launch Karaf and deploy the codice-opendj feature:
$ git clone git://github.com/codice/opendj-osgi.git
Optionally, remove/rename the file which creates the default users upon startup:
rm embedded/opendj-embedded-server/src/main/resources/default-users.ldif
Build & install to the local maven repository cache:
$ mvn clean install
Start karaf and deploy the opendj-embedded feature:
$ cd ${KARAF_BASE}
$ bin/karaf
karaf@root> addurl mvn:org.codice.opendj.embedded/opendj-embedded-app/1.0.1-SNAPSHOT/xml/features
karaf@root> features:install -v opendj-embedded
Apache Karaf will first look into the local maven repository cache to resolve the features URL and it will be able to locate the features.xml and the associated bundles.
Now, you can hopefully connect to OpenDJ using an LDAP browser (e.g. Apache Directory Studio). The default root user username is ‘cn=admin’ and the default password for the root user is ‘secret’.
Optional tasks
Download the OpenDJ distribution from http://www.forgerock.org/opendj.html to access the scripts under the bin/ directory.
Deployment in a child container
If you plan on deploying the application on the same Karaf instance, then it is recommended to run the LDAP server in a child container rather than the same container as the application. This will allow to stop & restart the application container without having to stop and restart the OpenDJ server.
karaf@root> admin:clone -s 8103 -rs 44446 -r 1101 root opendj karaf@root> admin:start opendj karaf@root> admin:connect opendj karaf@root> addurl mvn:org.codice.opendj.embedded/opendj-embedded-app/1.0.1-SNAPSHOT/xml/features karaf@root> features:install -v opendj-embedded
admin:create could also have been used, but in this case, any changes to the root configuration directory would need to be replicated to the new instance configuration directory too.
Administrative username & password
You may want to change the default administrator username ‘cn=admin’ to the more conventional ‘cn=Directory Manager’.
Create a file named ‘user.ldif’ with the following content:
dn: cn=Directory Manager,cn=Root DNs,cn=config changetype: modify replace: ds-cfg-alternate-bind-dn ds-cfg-alternate-bind-dn: cn=Directory Manager
Import the user.ldif file:
$ bin/ldapmodify -h server1 -p 1389 -D "cn=admin" -w secret -a -f user.ldif $ bin/ldapmodify -h server2 -p 1389 -D "cn=admin" -w secret -a -f user.ldif
Set the root user password:
$ bin/ldappasswordmodify -h server1 -p 1389 -D "cn=Directory Manager" -w secret -c secret -n newPassword $ bin/ldappasswordmodify -h server2 -p 1389 -D "cn=Directory Manager" -w secret -c secret -n newPassword
Base DN
Enable the base DN in all servers by running the following command in all servers:
$ bin/dsconfig set-backend-prop --backend-name userRoot --add base-dn:dc=mydomain,dc=com --hostname server1 --port 4444 --bindDN "cn=Directory Manager" --bindPassword secret --trustAll --noPropertiesFile --no-prompt $ bin/dsconfig set-backend-prop --backend-name userRoot --add base-dn:dc=mydomain,dc=com --hostname server2 --port 4444 --bindDN "cn=Directory Manager" --bindPassword secret --trustAll --noPropertiesFile --no-prompt
Create the following LDIF file:
dn: dc=mydomain,dc=com objectClass: domain objectClass: top dc: mydomain
Import the LDIF file to all servers:
$ bin/ldapmodify -h server1 -p 1389 -D "cn=Directory Manager" -w secret -a -f domain.ldif $ bin/ldapmodify -h server2 -p 1389 -D "cn=Directory Manager" -w secret -a -f domain.ldif
Replicated setup
Assuming that OpenDJ is running in Karaf in servers ‘server1’ & ‘server2’, we need to setup and initialize the cluster.
Setup replication by running the following commands on one of the servers:
$ bin/dsreplication enable --baseDN "dc=mydomain,dc=com" --adminUID admin --adminPassword secret --host1 server1 --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 secret --replicationPort1 8989 --host2 server2 --port2 4444 --bindDN2 "cn=Directory Manager" --bindPassword2 secret --replicationPort2 8989 --trustAll --no-prompt
The call will setup a common user (UID ‘admin’) in both servers. It will also open the replication port 8989 on both servers.
Initialize replicated servers:
$ bin/dsreplication initialize-all --baseDN dc=mydomain,dc=com --adminUID admin --adminPassword secret --hostname server1 --port 4444 --trustAll --no-prompt