The in-memory-directory-server Command-Line Tool

A simple LDAP directory server which holds all of its information in memory and can be used for basic testing purposes. It can be created and managed programmatically using the com.unboundid.ldap.listener.InMemoryDirectoryServer class.

Usage

in-memory-directory-server {arguments}

Connectivity Arguments

• -p {port} / --port {port} — The port on which the server should listen for client requests. If a value is specified, then it must be an integer between 1 and 65535. If no port is specified, then the server will automatically select a free port to use.
  The specified value must not be less than 0 or greater than 65,535.
  
  
• -Z / --useSSL — Indicates that the server should encrypt all communication using SSL. If this argument is provided, then the '--keyStorePath' and '--keyStorePassword' arguments must also be given, and the '--useStartTLS' argument must not be given.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -q / --useStartTLS — Indicates that the server should support the use of the StartTLS extended operation to encrypt all subsequent communication. If this argument is provided, then the '--keyStorePath' and '--keyStorePassword' arguments must also be given, and the '--useSSL' argument must not be given.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -K {path} / --keyStorePath {path} — The path to the Java key store file that will be used to obtain the certificate to use for SSL communication. This may only be provided if either the '--useSSL' or '--useStartTLS' argument is also given, and cannot be provided if the '--generateSelfSignedCertificate' argument is given.
  The specified path must refer to a file that exists.
  
  
• -W {password} / --keyStorePassword {password} — The password to use to access the contents of the SSL key store. This may only be provided if either the '--useSSL' or '--useStartTLS' argument is also given.
  
  
• --keyStoreType {type} — The key store type.
  
  
• --generateSelfSignedCertificate — Generate a self-signed certificate instead of using a certificate from a key store. This may only be provided if either the '--useSSL' or '--useStartTLS' argument is also given, and cannot be provided if the '--keyStorePath' argument is given.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -P {path} / --trustStorePath {path} — The path to the Java trust store file that will be used to determine whether to trust any client certificates presented to the server. This may only be provided if either the '--useSSL' or '--useStartTLS' argument is given, but if SSL or StartTLS is to be used and no trust store path is specified, then the server will automatically trust any client certificate presented to it.
  The specified path must refer to a file that exists.
  
  
• -T {password} / --trustStorePassword {password} — The password to use to access the contents of the SSL trust store. This may only be provided if the '--trustStorePath' argument is also given. If a trust store path is specified but no trust store password is given, then the server will attempt to access the trust store contents without a password.
  
  
• --trustStoreType {type} — The trust store type.
  
  
• --sslClientAuthPolicy {prohibited|optional|required} — The policy that the server should use for requesting client certificates during TLS negotiation. If this is 'prohibited' (or not specified), then the server will not ask clients to present a certificate chain. If this is 'optional', then the server will ask clients to present a certificate chain but will continue with TLS negotiation if the client does not present one. If this is 'required', then the server will ask clients to present a certificate chain and will abort TLS negotiation if the client does not present one.
  A provided value should be one of the following: 'optional', 'prohibited', 'required'.
  
  
• --maxConcurrentConnections {value} — The maximum number of concurrent connections that the server will allow at any time. If this is not provided, then the server will not impose any limit on the number of concurrent connections.
  The specified value must not be less than 1 or greater than 2,147,483,647.
  
  
• --dontStart — Indicates that the server should not be started. This is only intended for internal testing purposes, since a command-line server that can't be started isn't very useful.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  

Data Arguments

• -b {baseDN} / --baseDN {baseDN} — The base DN to use for the server. Only entries at or below one of the defined base DNs may be created in the server. At least one base DN must be defined, but multiple base DNs may be specified as separate arguments.
  A provided value must be able to be parsed as an LDAP distinguished name as described in RFC 4514.
  
  
• -l {path} / --ldifFile {path} — The path to an LDIF file containing an initial set of data to use to populate the server. If this is not provided, then the server will initially be empty.
  The specified path must refer to a file that exists.
  
  
• -D {bindDN} / --additionalBindDN {bindDN} — An additional DN that may be used to bind to the server even if the specified user does not exist in the data set. If this is provided, then the '--additionalBindPassword' argument must also be given.
  A provided value must be able to be parsed as an LDAP distinguished name as described in RFC 4514.
  
  
• -w {password} / --additionalBindPassword {password} — The password that should be used to authenticate when using the DN specified with the '--additionalBindDN' argument.
  
  
• -s / --useDefaultSchema — Indicates that the server should use a default set of standard schema.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -S {path} / --useSchemaFile {path} — The path to a file or directory containing schema definitions to use for the server. If the path specified is a file, then it must be an LDIF file containing a single entry that is a valid LDAP subschema subentry. If the path specified is a directory, then any files contained in it will be examined in lexicographic order by name to create an aggregate schema.
  The specified path must refer to a file that exists.
  
  
• --doNotValidateSchemaDefinitions — Do not attempt to validate any custom schema definitions provided using the --useSchemaFile argument. By default, the server will examine custom schema definitions and report any issues that it identifies. Note that even if the server does identify one or more issues with the provided schema, it will still attempt to use that schema to the best of its ability.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --doNotGenerateOperationalAttributes / --do-not-generate-operational-attributes — Do not automatically maintain any operational attributes (including entryDN, entryUUID, subschemaSubentry, creatorsName, createTimestamp, modifiersName, and modifyTimestamp) in entries.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -I {attr} / --equalityIndex {attr} — Maintain an equality index for the specified attribute. The server must be configured to use a schema (which may optionally be the default standard schema), and the specified attribute type must be defined in the schema.
  
  
• -c {count} / --maxChangeLogEntries {count} — The maximum number of LDAP changelog entries that should be maintained by the server. If this is not provided, then the server will not maintain a changelog.
  The specified value must not be less than 0 or greater than 2,147,483,647.
  
  
• --sizeLimit {value} — The maximum number of entries that the server may return to a single search request. If this is not provided, then the server will not impose any size limit for search operations.
  The specified value must not be less than 1 or greater than 2,147,483,647.
  
  
• --passwordAttribute {attr} — The name or OID of an attribute type that will hold user passwords for authentication. If this is not provided, then a default of 'userPassword' will be used. This may be provided multiple times to specify multiple password attributes.
  
  
• --defaultPasswordEncoding {scheme} — The default scheme that should be used for encoding new passwords. Allowed values include MD5, SMD5, SHA, SSHA, SHA256, SSHA256, SHA384, SSHA384, SHA512, SSHA512, CLEAR, BASE64, and HEX. If this is not specified, then clear-text passwords will not be encoded.
  A provided value should be one of the following: 'sha384', 'sha256', 'ssha384', 'clear', 'base64', 'sha512', 'ssha256', 'sha', 'ssha512', 'ssha', 'hex', 'smd5', 'md5'.
  
  
• --allowedOperationType {type} — A type of operation that the server will allow. Allowed values include add, bind, compare, delete, extended, modify, modify-dn, and search. This may be provided multiple times to specify multiple allowed operation types. If this is not provided, then all types of operations will be allowed.
  A provided value should be one of the following: 'add', 'modify', 'compare', 'search', 'bind', 'modify-dn', 'delete', 'extended'.
  
  
• --authenticationRequiredOperationType {type} — A type of operation that the server will only allow on connections that are authenticated. Allowed values include add, compare, delete, extended, modify, modify-dn, and search. This may be provided multiple times to specify multiple authentication required operation types. If this is not provided, then authentication will not be required for any type of operation.
  A provided value should be one of the following: 'add', 'modify', 'compare', 'search', 'modify-dn', 'delete', 'extended'.
  
  
• --vendorName {value} — The value to include in the vendorName argument of the server root DSE.
  
  
• --vendorVersion {value} — The value to include in the vendorVersion argument of the server root DSE.
  
  

Logging Arguments

• -A / --accessLogToStandardOut — Indicates that access log information should be written to standard output. This cannot be used in conjunction with the '--accessLogFile' argument. If neither argument is provided, then no access logging will be performed.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -a {path} / --accessLogFile {path} — The path to a file to which access log information should be written about operations processed by the server. This cannot be used in conjunction with the '--accessLogToStandardOut' argument. If neither argument is provided, then no access logging will be performed.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• --jsonAccessLogToStandardOut — Indicates that JSON-formatted access log information should be written to standard output. This cannot be used in conjunction with the '--jsonAccessLogFile' argument. If neither argument is provided, then no access logging will be performed.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --jsonAccessLogFile {path} — The path to a file to which JSON-formatted access log information should be written about operations processed by the server. This cannot be used in conjunction with the '--jsonAccessLogToStandardOut' argument. If neither argument is provided, then no JSON-formatted access logging will be performed.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• --ldapDebugLogToStandardOut — Indicates that LDAP debug log information should be written to standard output. This cannot be used in conjunction with the '--ldapDebugLogFile' argument. If neither argument is provided, then no LDAP debug logging will be performed.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -d {path} / --ldapDebugLogFile {path} — The path to a file to which detailed information should be written about the LDAP communication performed by the server. This cannot be used in conjunction with the '--ldapDebugLogToStandardOut' argument. If neither argument is provided, then no LDAP debug logging will be performed.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• -C {path} / --codeLogFile {path} — The path to a file to which the server should write generated code that may be used to recreate the requests received from clients. If this argument is not provided, then no code logging will be performed.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  

Additional Arguments

• --interactive — Launch the tool in interactive mode.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -H / --help — Display usage information for this program.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• -V / --version — Display version information for this program.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --propertiesFilePath {path} — The path to a properties file used to specify default values for arguments not supplied on the command line.
  The specified path must refer to a file that exists.
  
  
• --generatePropertiesFile {path} — Write an empty properties file that may be used to specify default values for arguments.
  The specified path must refer to a file which may or may not exist, but whose parent directory must exist.
  
  
• --noPropertiesFile — Do not obtain any argument values from a properties file.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  
• --suppressPropertiesFileComment — Suppress output listing the arguments obtained from a properties file.
  This argument is not allowed to have a value. If this argument is included in a set of arguments, then it will be assumed to have a value of 'true'. If it is absent from a set of arguments, then it will be assumed to have a value of 'false'.
  
  

Dependent Argument Sets

• If the --doNotValidateSchemaDefinitions argument is provided, then the --useSchemaFile argument must also be provided.
• If the --additionalBindDN argument is provided, then the --additionalBindPassword argument must also be provided.
• If the --additionalBindPassword argument is provided, then the --additionalBindDN argument must also be provided.
• If the --useSSL argument is provided, then at least one of the following arguments must also be provided: --keyStorePath, --generateSelfSignedCertificate
• If the --keyStorePath argument is provided, then the --keyStorePassword argument must also be provided.
• If the --keyStorePassword argument is provided, then the --keyStorePath argument must also be provided.
• If the --keyStoreType argument is provided, then the --keyStorePath argument must also be provided.
• If the --useStartTLS argument is provided, then at least one of the following arguments must also be provided: --keyStorePath, --generateSelfSignedCertificate
• If the --keyStorePath argument is provided, then at least one of the following arguments must also be provided: --useSSL, --useStartTLS
• If the --generateSelfSignedCertificate argument is provided, then at least one of the following arguments must also be provided: --useSSL, --useStartTLS
• If the --trustStorePath argument is provided, then at least one of the following arguments must also be provided: --useSSL, --useStartTLS
• If the --trustStorePassword argument is provided, then the --trustStorePath argument must also be provided.
• If the --trustStoreType argument is provided, then the --trustStorePath argument must also be provided.

Exclusive Argument Sets

• The following arguments cannot be used together: --useDefaultSchema, --useSchemaFile
• The following arguments cannot be used together: --useSSL, --useStartTLS
• The following arguments cannot be used together: --keyStorePath, --generateSelfSignedCertificate
• The following arguments cannot be used together: --accessLogToStandardOut, --accessLogFile
• The following arguments cannot be used together: --jsonAccessLogToStandardOut, --jsonAccessLogFile
• The following arguments cannot be used together: --ldapDebugLogToStandardOut, --ldapDebugLogFile
• The following arguments cannot be used together: --propertiesFilePath, --noPropertiesFile

Examples

• Creates an initially-empty directory server instance listening on an automatically-selected port that will allow entries below 'dc=example,dc=com' and will not perform any logging or schema validation.

    in-memory-directory-server --baseDN dc=example,dc=com

• Creates a directory server instance listening on port 1389 that is initially populated with the data from the file test.ldif and will allow only entries below 'dc=example,dc=com'. It will write a record of operations processed to file access.log and will use a default set of standard schema definitions.

    in-memory-directory-server --baseDN dc=example,dc=com --port 1389 \
         --ldifFile test.ldif --accessLogFile access.log --useDefaultSchema