Chris Ridd

Home Members Chris Ridd

Learn more about our upcoming Identity Summits

show less show more
Profile picture of Chris Ridd

@cjr

active 1 year, 1 month ago
Points balance: 495 ♪
Rank: Chris Ridd
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic Update schema in the forum Directory Services 2 years, 6 months ago

    At some point, the control panel became unable to correctly update schema – see OPENDJ-3410.

    I would also strongly suggest using ldapmodify.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic isMemberOf performance not scaling in the forum Directory Services 2 years, 9 months ago

    The stack traces suggest that you might benefit from adding the largest (but only the largest) static groups into an entry cache. There are examples of creating FIFO or Soft Reference entry caches in the docs.

    That will avoid DS repeatedly reading a group out of the database (or database cache), and decoding it into an Entry. Decoding attributes…[Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic userSMIMECertificate;binary:: Not Allow? in the forum Directory Services 2 years, 10 months ago

    I can reproduce this. Attempting to add the entry results in:

    # The LDAP modify request failed: 17 (Undefined Attribute Type)
    # Additional Information: Entry cn=test,dc=example,dc=com can not be added because BER encoding of userSMIMECertificate;binary attribute is not supported

    Removing the “;binary” from the attribute descriptions (keep the…[Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic PBKDF2 Stroage Scheme in the forum Directory Services 3 years, 10 months ago

    Hi, unfortunately no – PBKDF2 will always create new values with a fixed size salt and hash (8 and 20)

    However it looks like it is able to compare passwords with values that have longer salts, if that helps.

    The PKCS5S2 scheme uses a longer salt and hash (16 and 32) but does not have configurable iterations. Maybe that’s another option for you.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic objectclass needed for host attribute in the forum Directory Services 3 years, 11 months ago

    While extensibleObject will work, it allows any attribute. Our Developer’s Guide recommends against it in general.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic objectclass needed for host attribute in the forum Directory Services 3 years, 11 months ago

    Perhaps that’s all the hostObject objectClass is, that the OP found.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic objectclass needed for host attribute in the forum Directory Services 3 years, 11 months ago

    Our default schema defines the host attribute from RFC 4524, and the account objectClass (also from RFC 4524) allows the use of the host attribute. I don’t know where hostObject is defined.

    attributeTypes: ( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnoreMatch
    SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}…
    [Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic Password sync from othe ldap (oracle dsee) to openDJ 6 in the forum Directory Services 3 years, 11 months ago

    If you set your target users’ password policy on DJ to allow pre-encoded passwords, you should be able to read the password hashes from the ODSEE, and write them as-is into DJ.

    You’ll obviously need to make sure that ODSEE is storing its passwords in a compatible way with DJ. We know that things like the salted SHA mechanisms are compatible, but…[Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic OpenDJ 5.5.0 – Issue with assigning an attribute to ObjectClass in the forum Directory Services 4 years ago

    Yes, you will need to get comfortable using ldapmodify, and the string format of attributeTypes and objectClasses… (I usually take a look at the definitions in the existing schema files first!)

    Does the Updating Directory Schema section of the admin guide help at all? Please raise doc bugs if anything is not very clear.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic Block administrative connector 4444 for clients in the forum Directory Services 4 years ago

    Well, you could set the administration connector to just listen on 127.0.0.1, instead of the default 0.0.0.0.

    But, that will cause operational problems and I’d recommend against doing this. Various dsreplication subcommands connect to the administration connectors of remote servers in order to work, so doing this will prevent important things…[Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic ldap equal filtrer search for an attribute with alpha numeric value failing in the forum Directory Services 4 years, 1 month ago

    Your new test entries are different from your original test entries…

    As has been pointed out in the other thread, this is because you are using (misusing!) the LDAP “name” attribute type. DS is matching “activityA” in the “ou” attribute type, as “ou” is a subtype of “name”. See RFC 4519 section 2.20

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic run DS as non-root on port 389/636 in the forum Directory Services 4 years, 1 month ago

    Hi, we have a KB article discussing how to do this.

    How do I make DS/OpenDJ (All versions) listen on port 389 without being root?

    Hope that helps!

    Chris

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic OpendDJ creates multiple config.ldif backups during stop start operation in the forum Directory Services 5 years, 2 months ago

    There are a couple of undocumented system properties that control the archived-configs directory.

    org.opends.server.MaintainConfigArchive

    If this is unset, or anything apart from “false”, the archive will be maintained.

    org.opends.server.MaxConfigArchiveSize

    If this is not set, or set to <= 0, then there is no limit on the number of archived…[Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic Issue in dsreplication of CTS server after certificate renewal in the forum Directory Services 5 years, 3 months ago

    If this is an urgent issue and you have a support subscription, then you should raise a ticket with ForgeRock support.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic Diskspace utilization is high in CTS server in the forum Directory Services 5 years, 3 months ago

    Start with the link right at the top of this page called “Docs & Learning”.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic Diskspace utilization is high in CTS server in the forum Directory Services 5 years, 3 months ago

    It looks like your filesystem is read-only, which may be due to it being full.

    If you are running as a CTS server then you will almost certainly need to tune OpenDJ to account for the very high number of writes performed by OpenAM. Reducing the size of the changelog by changing the replication purge delay is a simple option, but you will need to…[Read more]

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic where I can find the installation files for OpenDJ 2.4.6 in the forum Directory Services 5 years, 3 months ago

    Just as a quick follow-up, we strongly advise anyone in the same situation with a support contract to raise a support ticket.

    For details on raising a support ticket please read Contacting ForgeRock support.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic where I can find the installation files for OpenDJ 2.4.6 in the forum Directory Services 5 years, 3 months ago

    Hi,

    I can’t find any download links at the moment. Please raise a support ticket with us and we’ll email you a copy in return.

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic in the forum Chris Ridd 5 years, 8 months ago

    Sorry, I can’t help with that client API. Maybe someone else in the forums uses it…

  • Profile picture of Chris Ridd

    Chris Ridd replied to the topic in the forum Chris Ridd 5 years, 8 months ago

    Hi,

    Unfortunately I’m not familiar with that API. The following page at MSDN seems to describe the LDAP dialect of their SQL query language: MSDN LDAP Dialect.

    The only obvious problem I can see is that you’re not constructing the DN correctly in the URL – “LDAP://LDAPserver:389/o=organisation/ou=internal/ou=users” should perhaps be…[Read more]

  • Load More
Profile Photo tiben Profile Photo zambon

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details