DS 7.2.0


The following are deprecated and likely to be removed in a future release.

Deprecated since DS 7.2

  • The ds-pwp-last-login-time attribute, which has directory string syntax, is deprecated.

    Use the new ds-last-login-time attribute instead. For an example, see Active accounts.

  • Support for CSV, Elasticsearch, JDBC, JMS, Splunk, and Syslog access logs is deprecated.

  • Support for REST to LDAP API documentation in Swagger 2.0 format is deprecated.

  • The DSML gateway is deprecated.

    For deployments that require HTTP access to directory data, consider REST to LDAP as an alternative.

Deprecated since DS 7.1

  • The previous format for password file options is deprecated. The options remain supported until removal, but are now hidden in online help. This affects the following options:

    Deprecated form Use this form















    (1) The --keyStorePasswordFilePath and --trustStorePasswordFilePath options apply only to the setup. They retain the path to the file in the configuration. The other options copy the cleartext password at setup time.

  • The dsrepl add-local-server-to-pre-7-0-topology command --masterKeyPairCertAlias and --rootCaCertAlias options are deprecated. The command now finds the certificates by introspecting the configuration.

    The options are now hidden in online help.

Deprecated since DS 7.0

  • Support for SNMP.

    DS software provides better options for monitoring servers, including support for Prometheus, Graphite, LDAP, and JMX. For details, see Monitoring.

    DS server software also includes a sample monitoring dashboard for Prometheus and Grafana, which is described in opendj/samples/grafana/README.md.

  • The pwdValidatorPolicy object class.

    For subentry password policies, use the object classes derived from ds-pwp-validator instead.

  • Reversible password storage schemes, and the cn=admin data base DN and adminData backend used to support them. This includes the following password storage schemes:

    • 3DES

    • AES

    • Blowfish

    • RC4

  • The ds-rlim-lookthrough-limit setting is deprecated.

Deprecated since DS 6.5

  • The HTTP monitoring endpoint, /admin/monitor.

    Use /metrics/api or /metrics/prometheus instead.

  • The following replication monitoring metrics:

    • LDAP metrics:

      • ds-mon-approx-oldest-change-not-synchronized

      • ds-mon-approximate-delay

      • ds-mon-missing-changes

    • Prometheus metrics:

      • ds_replication_changelog_connected_replicas_approx_oldest_change_not_synchronized_seconds

      • ds_replication_changelog_connected_replicas_approximate_delay_seconds

      • ds_replication_changelog_connected_replicas_missing_changes

    In mixed topologies, a directory server version 6 or earlier connected to a replication server version 6.5 or later cannot consume messages about other servers going offline. The monitoring framework reflects this as a delay on the directory server that could not consume the message.

    The delay is calculated correctly again once all servers in the topology are upgraded to at least version 6.5, or when the offline server comes back online and has seen a change to directory data.

    Monitor replication delay instead of using the deprecated metrics. For details, see Replication delay (LDAP) or Replication delay (Prometheus).

Copyright © 2010-2022 ForgeRock, all rights reserved.