Embedded DS Repository

By default, IDM uses the conf/repo.ds.json file to start an embedded DS instance. The embedded DS repository is not supported in production environments.

The embedded DS server uses the embedded DS keystore, and has the following configuration by default:

  • hostname - localhost

  • ldapPort - 31389

  • ldapsPort - 31636

  • bindDN - uid=admin

  • bindPassword - 5up3r53cr3t

  • adminPort - 34444

You can query the embedded repository directly by using the LDAP command-line utilities provided with DS:

This command returns all the objects in the repository of a default IDM project: 

/path/to/opendj/bin/ldapsearch \
--hostname localhost \
--port 31636 \
--bindDN uid=admin \
--bindPassword 5up3r53cr3t \
--baseDN "dc=openidm,dc=forgerock,dc=com" \
--useSSL \
--trustAll \
"(objectclass=*)"
dn: dc=openidm,dc=forgerock,dc=com
objectClass: domain
objectClass: top
dc: openidm

dn: ou=links,dc=openidm,dc=forgerock,dc=com
objectClass: organizationalUnit
objectClass: top
ou: links

dn: ou=internal,dc=openidm,dc=forgerock,dc=com
objectClass: organizationalUnit
objectClass: top
ou: internal

dn: ou=users,ou=internal,dc=openidm,dc=forgerock,dc=com
objectClass: organizationalUnit
objectClass: top
ou: users
...

For more information about the DS command-line utilities, see the DS Tools Reference.

To change the administrative port of the embedded DS server, add an adminPort property to your project's conf/repo.ds.json file before you start IDM. To change any of the other default values, add an ldapConnectionFactories property, as shown in the following example.

This excerpt of a repo.ds.json sets the administrative port to 4444. The example changes the bind password to MyPassw0rd but shows the structure of the entire ldapConnectionFactories property for reference: 

{
  "embedded": true,
  "maxConnectionAttempts" : 5,
  "adminPort": 4444,
  "ldapConnectionFactories": {
    "bind": {
      "primaryLdapServers": [{ "hostname": "localhost", "port": 31389 }]
    },
    "root": {
      "authentication": {
        "simple": { "bindDn": "uid=admin", "bindPassword": "MyPassw0rd" }
      }
    }
  },
  ...
}

It is not necessary to add the entire ldapConnectionFactories block to your configuration file but you must respect the JSON structure. For example, to change only the hostname, you would need to add at least the following: 

{
  ...
  "ldapConnectionFactories": {
    "bind": {
      "primaryLdapServers": [{ "hostname": "my-hostname" }]
    }
  },
  ...
}

If you don't include an ldapConnectionFactories object, IDM installs an embedded DS server with the default configuration.

Read a different version of :