About DS Tools

Client Tools

  • Add DS client command-line tools to your PATH:

    $ export PATH=/path/to/opendj/bin:${PATH}
    PS C:\path\to> $env:PATH += ";C:\path\to\opendj\bat"
  • For reference information, use the --help option with any DS tool.

  • All commands call Java programs. This means every command starts a JVM, so it takes longer to start than a native binary.

Command[a] Description

Measure add and delete throughput and response time.


Measure bind throughput and response time.


Encode and decode data in base64 format.

Base64-encoding represents binary data in ASCII, and can be used to encode character strings in LDIF, for example.


Compare the attribute values you specify with those stored on entries in the directory.


Delete entries from the directory.


Modify the specified attribute values for the specified entries.


Modify user passwords.


Search a branch of directory data for entries that match the LDAP filter you specify.


Display differences between two LDIF files, with the resulting output having LDIF format.


Modify specified attribute values for specified entries in an LDIF file.


Search a branch of data in LDIF for entries matching the LDAP filter you specify.


Generate directory data in LDIF based on templates that define how the data should appear.

Also see makeldif-template.


Measure modification throughput and response time.


Measure search throughput and response time.

[a] UNIX names for the commands. Equivalent Windows commands have .bat extensions.

Trusted Certificates

When a client tool initiates a secure connection to a server, the server presents its digital certificate. The tool must determine whether it trusts the server certificate and continues to negotiate a secure connection, or does not trust the server certificate and drops the connection. To trust the server certificate, the tool's truststore must contain the trusted certificate. The trusted certificate is a CA certificate, or the self-signed server certificate. The following table explains how the tools locate the truststore.

Truststore OptionTruststore Used


The default truststore, user.home/.opendj/keystore, where user.home is the Java system property. user.home is $HOME on Linux and UNIX, and %USERPROFILE% on Windows. The keystore password is OpenDJ. Neither the file name nor the password can be changed.

  • In interactive mode, DS command-line tools prompt for approval to trust an unrecognized certificate, and whether to store it in the default truststore for future use.

  • In silent mode, the tools rely on the default truststore.

-P {trustStorePath}

--trustStorePath {trustStorePath}

Only the specified truststore is used.

The tool fails with an error if the server certificate is not trusted.

Default Settings

You can set defaults in the ~/.opendj/tools.properties file as in the following example:


The file location on Windows is %UserProfile%\.opendj\tools.properties.

To override the settings, use the --noPropertiesFile option.

Read a different version of :