ldap

Finally got around to upgrading my OpenDS 2.2.0 to OpenDJ 2.4.3.

Clean upgrade - just followed the OpenDJ wiki.

Only change I had to make was from

./bin/rebuild-index -i dn2id -b "dc=example,dc=com"

to

./bin/rebuild-index --rebuildAll -b "dc=example,dc=com"

Rebuilding the dn2id index only left the sync-conflict index for my root backend in degraded mode.

Finally got around to upgrading my OpenDS 2.2.0 to OpenDJ 2.4.3.

Clean upgrade - just followed https://wikis.forgerock.org/confluence/display/OPENDJ/OpenDJ+Installatio...

Only change I had to make was from

./bin/rebuild-index -i dn2id -b "dc=example,dc=com"

to

./bin/rebuild-index --rebuildAll -b "dc=example,dc=com"

I wanted to use LDAP to give access to the nexus repository manager from sonatype for those users who need more access than just browsing.

Note from Dominic on Freenode#opends:

Allow LDIF imports of encoded passwords: config/config.ldif, under cn=Default Password Policy,cn=Password Policies,cn=config

change ds-cfg-allow-pre-encoded-passwords : true

When using spring-ldap - if you get a NoClassDefFoundError for com.sun.jndi.ldap.ctl.ResponseControlFactory then you need the ldap booster pack (currently 1.0).

This is available from Sun:

http://java.sun.com/products/jndi/downloads/index.html

Go to the JNDI 1.2.1 page and grab JNDI/LDAP Booster Pack 1.0 (ldapbp-1_0.zip)

Unzip and then install as an artifact:

LDAP authentication started giving:

(9)Bad file descriptor: Could not open password file: (null)

This is because apache 2.2 needs to be told what provider.

Add:

AuthBasicProvider ldap

In addition - to be allowed to use require valid-user add:

AuthzLDAPAuthoritative off

So - in full - the old config:

<Location /location>
  AuthName "Auth NAme"
  AuthType Basic
  AuthLDAPURL ldap://host:port/basedn?attribute
  require valid-user
</Location>

changes to