I use the command line a lot when interfacing with OpenDJ. One of the issues with this is that I often run into an issue with the BindDN user’s password has an “!” (bang) in it. As this is a special character in Unix/Linux command line, it will typically cause unexpected results.
With ldapsearch you can just leave the password parameter off and you will be prompted to provide the password. I have found that this is not the case with ldapmodify and ldapdelete. So, this can be problematic when trying to delete a user’s record.
Another work-around is to set up a tools.properties file in your user’s home directory. So, if you typically run these commands as a user named “opendj” then you would create the following file, in the opendj user’s home directory:
So, then to delete a user:
Create an ldif file containing the user’s DN and the change type:
ex. vi deleuser.ldif
Then run the ldapmodify command:
$ldapmodify -p 1389 -f deluser.ldif
You will be prompted for the password which you can type in and not worry about any conflicts with the OS command line.
7 thoughts on “LDAP Command Line Cheat #OpenDJ”
Both OpenDJ ldapsearch and ldapmodify do accept -w – which will trigger the password to be prompted.
Alternately, you can use -j so that the password is read from a file, that you can store and protect on your disk.
Great suggestions! Thanks Ludo!
Also you should consider quoting & properly escaping strings when used on the command line.
Great idea Brian. Thanks!
By any change you know how to change the hostname for an OpenDJ LDAP server?
I have been google and have not find any solution yet.
Want to change an existing and move it into a different IP subnet.
I am not sure that Ludo will see your question here but the chapter you are looking for is here.