Wednesday, July 20, 2011

[Servers] Setup and provide basic LDAP Server using OpenDS

Hi Friends,
Many times we need to integrate LDAP server with our softwares for user authentication. This blog will explain how to setup a basic LDAP server on a machine using OpenDS.

For the basics, LDAP is Lightweight Directory Access Protocol more on which can be read on LDAP: Wikipedia. OpenDS is one LDAP Server which can be downloaded from this link of . I will recommend to download the zip version which contains setup script.

Download and extract this to a directory lets say D:/pFiles/OpenDS. Now run setup.bat which will launch the installation..

Make sure you have already setup a proper hostname for your system. Like for me I have chosen rkg.test and put it in hosts file.
Just press next and fill server settings. Give a port number which is more than 1024; this is because ports between 0-1024(not an exact figure) are reserved and sometimes blocked in intranet. I chose 11389 for this installation. Choose the Root User DN which will be used to connect to LDAP and for all other admin tasks like create/edit/delete etc. DN stands for Distinguished Name. 

For a basic server we don't need to setup replication so just leave the options as it is in next screen.

Now fill the Directory Data, Here we will Base DN which is must when we try to connect to LDAP through our softwares. Optionally we can install sample data if we want. 
Click next and Review the settings.

Now finish the installation. We can here choose to run this as service, optionally.

After setup is finished Launch Control Panel. Control panel is where we can manage all the entries. Clicking on the button will prompt to fill Bind DN which is nothing but Root User DN and password.

This will connect to Control panel where we can see all the options provided to manage OpenDS.

Click on Manage Entries and we will see a new screen where we can view the tree of all the entries. We can modify/delete/add any entry.

After our all the entries are setup now we are ready to use this LDAP for any integration needed. Now the most important thing, features which OpenDS is providing to us(Probably I should have listed them before in this post, but I feel this position better since now we have a basic understanding how LDAP looks like :D)
This listing is directly copied from from this page

Directory Server Features

The OpenDS directory server is an LDAPv3 compliant directory server written entirely in Java. The directory server includes the following high-level functionality:
  • Full LDAPv3 compliance (RFC 4510–4519) with support for numerous standard and experimental extensions
  • High performance and space effective data storage
  • Ease of configuration and administration

    • A highly extensible administrative framework that enables you to customize most of the features listed below.
    • An administration connector that manages all administration traffic to the server. The administration connector enables the separation of user traffic and administration traffic to simplify logging and monitoring, and to ensure that administrative commands take precedence over commands that manipulate user data.
    • A graphical control panel that displays server status information and enables you to perform basic server and data administration.
    • Several command-line utilities to assist with configuration, administration tasks, basic monitoring, and data management. The main configuration utility (dsconfig) provides an interactive mode that walks you through most configuration tasks.
  • An advanced replication mechanism

    • Enhanced multi-master replication across directory server instances
    • An assured replication feature that ensures high availability of data and immediacy of data availability for specific deployment requirements
    • Fractional replication capabilities
    • Support for an external change log that publicizes all changes that have occurred in a directory server database
  • An extensible security model

    • Support for various levels of authentication and confidentiality
    • Access to resources based on privileges
    • An advanced access control mechanism
  • Multi-faceted monitoring capabilities
  • Rich user management functionality

    • Password policies
    • Identity mapping
    • Account status notification
  • A DSML to LDAP gateway
Read and Enjoy
Ravi Kumar Gupta


  1. Als Mitarbeiter von Dell finde ich Ihr Artikel ueber LDAP Server sehr behilflich. Mit OpenDS wird die Einrichtung fliessend laufen.

  2. Good article..

    It is given in the Opends documentation that the changelog is automatically enabled during replication. I successfully implemented replication between two independent LDAPS. But the change log feature is not enabled.

    Can u explain how to work with the change log ?

    Software Engineer
    Fischer Systems India Pvt Ltd.

  3. I want to know how to install OpenDS i'm done with configuration =
    but after before it finishes, it says that my firewall preventing this prog=
    ram. It says check the firewall if it is blocking the port 4444. but my fir=
    ewall is disabled for a long time, i also disabled my antivirus when i inst=
    all it. I hope you can help, I am on windows. Thanks!

  4. Khaild, Check if there are any other firewall installed. If not.. then try to enable firewall and make an exception for port 4444.. hope this works.

  5. Suraj, I did not work on replication. However, I will try to see that and let you know.