Home > Directory Server, OpenDJ > The OpenDJ Architecture

The OpenDJ Architecture

An understanding of the components that make up the OpenDJ Architecture is useful for administering, configuring, or troubleshooting the OpenDJ server.

The following information has been taken from ForgeRock’s OpenDJ Administration, Maintenance and Tuning Class and has been used with the permission of ForgeRock.

The OpenDJ server has been developed using a modular architecture in which most or all components are written to a well-defined specification.  This image above provides an overview of these components.  The following sections provide a brief description of some of the more prevalent components shown in this image.

Configuration Handler

The OpenDJ Configuration Handler is responsible for managing configuration information within OpenDJ’s configuration files (i.e. config.ldif).  Configuration information may impact one or more components; as such, the Configuration Handler is responsible for notifying appropriate components when a configuration change occurs.

Connection Handlers

Connection and request handlers manage all interaction with LDAP clients. This includes accepting new connections and reading and responding to client.  Connection handlers are responsible for any special processing that might be required for this communication, including managing encryption or performing protocol translation.  It is possible to have multiple concurrent implementations active at any given time and as such, OpenDJ includes connection handlers which support various forms of communication that clients use to interact with the server (JMX, LDAP, LDAPS, LDIF, SNMP).  Administrators have the ability to enable or disable these connection handlers to support their client environment.

Note:  ForgeRock is currently working on REST and JSON interfaces to provide direct access to directory server data.

Backend Databases

Connection handlers place client requests onto OpenDJ’s Work Queue.  Worker threads detect requests placed on the work queue and are responsible for performing the processing necessary to respond to the request.  Today’s directory servers must be able to handle a tremendous number of requests in a short period of time; as such, OpenDJ’s Work Queue has been built to be both highly efficient and provide high performance.

A backend database serves as a repository for searching, retrieving, and storing directory data.  OpenDJ supports multiple backends including those considered typical databases (such as Oracle, MySql, and Berekely DB) as well as file-based and memory-based backends.  There can be multiple backend databases active at any given time, each of which handle mutually exclusive subsets of data (selection of the appropriate database is based on the root suffix specified in the operation).  OpenDJ facilitates interaction with these backends and provides tools for enabling, disabling, creating, removing, backing up, and restoring the databases independently from each other without impacting other backends.

Note:  Backends may consist of local or remote repositories (i.e. the database is stored on a remote machine).  This can be found in cases where the backend interacts with a proxy or a virtual server.  Support for proxy and virtual server backends are scheduled for a future release.

Loggers

OpenDJ has a robust logging capability that allows server information to be retained in various repositories.  The most common loggers are as follows:

  • Access Logger – stores server operations (binds, searches, modifications, etc.)
  • Error Logger – stores warnings, errors, and significant events that occur with the server
  • Debug Logger – records debug information when the server is run with debugging enabled and Java assertions are active.

Multiple loggers can be configured for each of these and each logger may be actively storing different information (filtered or not) in different formats in different repositories.

Note:  Some error loggers can be used as an alerting mechanism to actively notify administrators of potential problems.

SASL Handlers

The LDAP protocol supports two methods that clients may use to authenticate to the server:

SASL is an authentication framework that supports multiple authentication mechanisms including ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GSSAPI, and PLAIN.

OpenDJ includes a set of handlers that implement each of these SASL mechanisms in order to determine the identity of the client.

Access Control

OpenDJ contains an access control module that is used to determine if a client is permitted to perform a particular request or not.

Password Storage

OpenDJ includes several password storage modules that can be used to obscure user passwords using a reversible or one-way algorithm.  Password storage schemes encode new passwords provided by users so that they are stored in an encoded manner. This makes it difficult or impossible for someone to determine the clear-text passwords from the encoded values.  They can also be used to determine whether a clear-text password provided by a client matches the encoded value stored in the server.

Password Complexity

OpenDJ includes a series of modules that define logic used to determine whether a user’s password meets minimum requirements or not.

Syntax and Matching Rules

Attributes must follow a particular syntax and search filters determine matches based on a set of matching rules.  OpenDJ contains a set of syntaxes and matching rules that define the logic for dealing with different kinds of attributes.

Database Cache

Interacting with data in memory is much faster than interacting with data on disk.  As such, OpenDJ includes a database caching module that loads directory data into memory.

Check out ForgeRock’s website for more information on OpenDJ or click here if you are interested in attending one of ForgeRock’s upcoming training classes.

  1. Ivan Saez
    July 5, 2013 at 9:54 am

    Hi,

    According to https://wikis.forgerock.org/confluence/display/OPENDJ/OpenDJ+User+FAQ
    Mysql (or someother external db) is not supported. What is the conclusive information about this? I would like to use Mysql as an external store for OpenAM/OpenDJ.

    regards,

    Ivan

    • idmdude
      July 27, 2013 at 7:57 am

      Hello Ivan, the FAQ is correct, OpenDJ does not support an alternate, external DB (such as MySQL) as a backend. This is mainly due to performance reasons.

      In the future, ForgeRock foresees adding “virtual directory” features to the product that would allow you to aggregate data from multiple sources (such as MySQL) and provide one view to your LDAP or REST clients, but this does not replace the Berkeley Java DB backend.

      ForgeRock’s Matt Swift provides more information on this (and reasons why ForgeRock has not elected to use alternate backends) at the following URL: https://lists.forgerock.org/pipermail/opendj/2012-January/001252.html.

      Hope this helps,

  1. July 25, 2012 at 12:29 pm
  2. August 8, 2012 at 6:36 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: