LDAP Command Line Cheat #OpenDJ

I use the command line a lot when interfacing with OpenDJ. One of the issues with this is that I often run into an issue with the BindDN user’s password has an “!” (bang) in it. As this is a special character in Unix/Linux command line, it will typically cause unexpected results.

With ldapsearch you can just leave the password parameter off and you will be prompted to provide the password. I have found that this is not the case with ldapmodify and ldapdelete. So, this can be problematic when trying to delete a user’s record.

Another work-around is to set up a tools.properties file in your user’s home directory. So, if you typically run these commands as a user named “opendj” then you would create the following file, in the opendj user’s home directory:

~/.opendj/tools.properties
hostname=directory.example.com
port=1389
bindDN=uid=kvaughn,ou=People,dc=example,dc=com
ldapcompare.port=1389
ldapdelete.port=1389
ldapmodify.port=1389
ldappasswordmodify.port=1389
ldapsearch.port=1389

So, then to delete a user:

Create an ldif file containing the user’s DN and the change type:

ex. vi deleuser.ldif
dn: uid=newuser,ou=People,dc=example,dc=com
changetype: delete

Then run the ldapmodify command:

$ldapmodify -p 1389 -f deluser.ldif

You will be prompted for the password which you can type in and not worry about any conflicts with the OS command line.

7 thoughts on “LDAP Command Line Cheat #OpenDJ”

  1. Both OpenDJ ldapsearch and ldapmodify do accept -w – which will trigger the password to be prompted.
    Alternately, you can use -j so that the password is read from a file, that you can store and protect on your disk.

  2. Ludo,

    By any change you know how to change the hostname for an OpenDJ LDAP server?
    I have been google and have not find any solution yet.

    Want to change an existing and move it into a different IP subnet.

    Thanks,
    Yoom

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top