OpenDJ 2.6.0 Release

OpenDJ 2.6.0 was released on July 4 while I was away at summer camp. In addition to bug fixes this latest stable release includes lots of new features — including native packages for Linux. See the 2.6.0 Release Notes for details.

The release of native packages for Linux, and the corresponding refactoring of the upgrade system, was a welcome present from the ForgeRock developers. Although I’m sure some admins had already rolled their own rpms for the server, Luddites like myself were waiting to see how the vendor handled the task.

Native packages address two very important issues for enteprise administrators: (1) the ensure consistency in the basic installation of the product across multiple servers; and (2) makes the update process less complex and more predictable.

That last point is extremely important where nonspecialists are involved in the update process.

The upgrade section in the 2.6.0 installation guide is a must read for anyone updating with either packages or the zip distribution.

The package follows Linux’s Filesystem Hierarchy Standard (FHS) by installing the software into /opt/opendj.

My preliminary testing showed that the install and post-install process had no obvious hiccups. While the installer defaults to granting root ownership of the server, changing that to non-root system user should be trivial even for junior admins (note that properly documenting that sort of thing should always be the responsibility of the directory services subject matter experts in an organization). Look here for my solution to the problem of needing to publish Java based directory services running as a non-root user over ports 389 and 636.

Java is, of course, a prereq for package installation on Linux. My recommendation is to install the latest OpenJDK 1.6 or 1.7 package available for your distro if it isn’t already there.

For those shops that prefer to install the server somewhere other than “/opt/opendj” I would recommend looking into the specific package manager’s relocation capabilties. The rpm utility, for example, provides a “- -relocate OLDBASE=NEWBASE” switch to change the installation base. Using this option you could change the install path from /opt/opendj to /data/app/opendj, using syntax like this:

rpm -ivh --relocate /opt=/data/app opendj-1.6.0-1.noarch.rpm

[Note that the relocate switch doesn’t work on all packages, and there’s no guarantee it will work for OpenDJ in the future — especially if the project eventually decides to follow the FHS.]

Keep in mind that the standard zip distribution is still available and that no one is forcing you to use native packages if you’re not comfortable making the switch now. In fact the new leads for my own company’s new IdM crew (who I often refer to as my “heirs”) have decided to continue using the zip distro because they remain unpersuaded it would provide a significant enough benefit to justify their changing existing processes right now.

Over the next week or two I’ll be updating my own posts that touch the installation process to take the availability of these packages into account. In addition I’ll be posting on some of the new features introduced in this latest version as I have the opportunity to explore them.

In the meantime. a big thank you to the OpenDJ development team for yet another milestone release of a truly awesome product.

Note: The release packages are available over at download.forgerock.com. The download is free once you’ve registered for a login account. Nightly builds continue to be available over at www.forgerock.org/opendj.html (the latest as of this writing is 2.7.0).

This entry was posted in Identity Management, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).