About DS Tools

Client Tools

  • Add DS client command-line tools to your PATH: 

    $ export PATH=/path/to/opendj/bin:${PATH}
    PS C:\path\to> $env:PATH += ";C:\path\to\opendj\bat"

  • For reference information, use the --help option with any DS tool.

  • All commands call Java programs. This means every command starts a JVM, so it takes longer to start than a native binary.

Command[a] Description
addrate

Measure add and delete throughput and response time.

authrate

Measure bind throughput and response time.

base64

Encode and decode data in base64 format.

Base64-encoding represents binary data in ASCII, and can be used to encode character strings in LDIF, for example.

ldapcompare

Compare the attribute values you specify with those stored on entries in the directory.

ldapdelete

Delete entries from the directory.

ldapmodify

Modify the specified attribute values for the specified entries.

ldappasswordmodify

Modify user passwords.

ldapsearch

Search a branch of directory data for entries that match the LDAP filter you specify.

ldiffdiff

Display differences between two LDIF files, with the resulting output having LDIF format.

ldifmodify

Modify specified attribute values for specified entries in an LDIF file.

ldifsearch

Search a branch of data in LDIF for entries matching the LDAP filter you specify.

makeldif

Generate directory data in LDIF based on templates that define how the data should appear.

Also see makeldif-template.

modrate

Measure modification throughput and response time.

searchrate

Measure search throughput and response time.

[a] UNIX names for the commands. Equivalent Windows commands have .bat extensions.

Trusted Certificates

When a client tool initiates a secure connection to a server, the server presents its digital certificate. The tool must determine whether it trusts the server certificate and continues to negotiate a secure connection, or does not trust the server certificate and drops the connection. To trust the server certificate, the tool's truststore must contain the trusted certificate. The trusted certificate is a CA certificate, or the self-signed server certificate. The following table explains how the tools locate the truststore.

Truststore OptionTruststore Used

None

The default truststore, user.home/.opendj/keystore, where user.home is the Java system property. user.home is $HOME on Linux and UNIX, and %USERPROFILE% on Windows. The keystore password is OpenDJ. Neither the file name nor the password can be changed.

  • In interactive mode, DS command-line tools prompt for approval to trust an unrecognized certificate, and whether to store it in the default truststore for future use.

  • In silent mode, the tools rely on the default truststore.

-P {trustStorePath}

--trustStorePath {trustStorePath}

Only the specified truststore is used.

The tool fails with an error if the server certificate is not trusted.

Default Settings

You can set defaults in the ~/.opendj/tools.properties file as in the following example: 

hostname=localhost
port=1636
bindDN=uid=kvaughan,ou=People,dc=example,dc=com
useSsl=true

The file location on Windows is %UserProfile%\.opendj\tools.properties.

To override the settings, use the --noPropertiesFile option.

Read a different version of :