OpenDR is an open-source LDAP v3 directory server written in Rust. It focuses on protocol correctness, LMDB-backed storage, replication, TLS, SASL authentication paths, monitoring, and operator-ready deployment workflows.

When is OpenDR a good fit?

OpenDR is a good fit when teams need a modern Rust directory server, LDAP protocol work, directory-backed identity integration, or a foundation for enterprise identity and access tooling.

How is OpenDR different from older LDAP servers?

OpenDR uses a Rust implementation, an FSM-based listener path, LMDB-backed storage, explicit production-readiness gates, Prometheus-compatible monitoring, and a documented RFC and interoperability matrix.

Rust LDAP v3 directory server

OpenDR

Name: OpenDR
Availability: InStock
Author: ForgeOps LABS

Open-source directory infrastructure for teams that need LDAP protocol depth, LMDB-backed performance, replication, secure transport, observability, and production evidence in a modern Rust codebase.

View architecture View source Read docs

Rust LDAP v3directory server implementation

1.17 usREADME baseline for LMDB entry lookup

10Mlargest completed OpenDR LDAPCon-shaped fixture

433tests recorded in project documentation

Key features

Directory protocol depth without legacy implementation drag

OpenDR is not just an LDAP-shaped demo. The project includes protocol operations, schema work, storage, replication, monitoring, and operational runbooks that matter when directory services sit on the critical path.

LDAP v3 operations

Bind, search, add, modify, delete, ModifyDN, compare, StartTLS, Password Modify, WhoAmI, Cancel, paged results, sorting, and persistent search paths.

LMDB-backed storage

Memory-mapped storage, compact entry IDs, attribute indexes, transactional writes, and durable backup and restore workflows.

FSM listener path

Connection, BER decoder, auth, search, write, compare, extended operation, replication, and backend transaction state machines.

Secure transport and auth

TLS, StartTLS, SASL paths, access controls, rate limiting, audit logging, and production profile checks for hardened deployments.

Replication

Provider-consumer and multi-master modes with changelog tracking, cookie-based resume, refresh-and-persist delivery, and state persistence.

Operations visibility

Prometheus-compatible metrics, JSON health checks, read-only management console, release gates, and troubleshooting runbooks.

Operational views

Observable by default, verifiable before release

The implementation exposes health, metrics, and release evidence surfaces so operators can reason about runtime behavior instead of treating the directory as a black box.

JSON health

Health response

status: healthybackend: healthyreplication_provider: healthyuptime_seconds: 3600

Metrics

Prometheus metrics

ldap_operations_total{operation="search"}ldap_operation_duration_seconds{operation="bind"}ldap_connections_activeldap_replication_lag_seconds

Evidence

Release gates

cargo test --workspace --no-fail-fastscripts/ldap_interop_gate.shscripts/perf_regression_gate.shscripts/fuzz_gate.sh

Architecture

Protocol handling stays explicit from socket to storage

OpenDR routes client traffic through listener runtimes, BER parsing, LDAP operation state machines, schema validation, and a durable LMDB backend. Replication uses listener-based LDAP Sync semantics rather than a separate hidden data path.

Explore the architecture

1LDAP client

2Listener

3BER decoder

4Operation FSMs

5LMDB backend

Performance

LMDB storage and Rust hot paths for directory workloads

Published project notes include microsecond-scale LMDB lookup baselines, nanosecond-scale password verification, indexed-search targets, and completed OpenDR-only 10M-entry benchmark artifacts.

OpenLDAP-shaped 10M run completed with zero failures.
Prometheus and health endpoints expose runtime signals.
Release gates include load, fuzz, interop, and rollback evidence.

Review performance notes

OpenDR baseline

Search118k ops/s

Auth172k ops/s

Modify8.1k ops/s

Why OpenDR

A stronger fit when LDAP behavior is part of the product

Existing LDAP servers are proven and broad. OpenDR is useful when a team needs implementation control, modern Rust ergonomics, protocol testability, and a directory foundation that can move with a custom enterprise product.

Rust implementation, FSM runtime, LMDB indexes, replication, metrics, release gates, and public documentation create a practical starting point for identity-heavy platform work.

Compare fit

FAQ

Practical answers for identity and platform teams

OpenDR is best understood as both an open-source directory server and proof of deep protocol engineering capability.

Is OpenDR a replacement for every existing LDAP server?

No. Mature servers still make sense when ecosystem familiarity and vendor support are the main requirement. OpenDR is strongest when Rust implementation control, protocol work, and product-specific directory engineering matter.

What makes the implementation notable?

The project combines an FSM listener path, LMDB storage, schema validation, TLS and SASL paths, replication, monitoring, and a documented production-readiness checklist.

Can ForgeOps LABS build around OpenDR?

Yes. OpenDR demonstrates the kind of enterprise integration depth ForgeOps LABS can bring to identity, access, platform tooling, and protocol-heavy software products.

Build with ForgeOps LABS

Need directory services, identity integrations, or protocol-heavy software?

OpenDR shows the depth ForgeOps LABS can bring to enterprise software: backend systems, cloud deployment, developer tooling, product surfaces, and operations-ready infrastructure.

hello@forgeopslabs.com OpenDR source