Available Command-Line Tools

The following command-line tools are provided with the UnboundID LDAP SDK for Java. Click on each tool name for usage information for that tool.

authrate

Perform repeated authentications against an LDAP directory server, where each authentication consists of a search to find a user followed by a bind to verify the credentials for that user.

base64

Encode raw data using the base64 algorithm or decode base64-encoded data back to its raw representation.

collect-support-data

Collect and package system information useful in troubleshooting problems. The information is packaged as a zip archive that can be sent to a technical support representative.

deliver-one-time-password

Generate and deliver a one-time password to a user through some out-of-band mechanism. That password can then be used to authenticate via the UNBOUNDID-DELIVERED-OTP SASL mechanism.

deliver-password-reset-token

Generate and deliver a single-use token to a user through some out-of-band mechanism. The user can provide that token to the password modify extended request in lieu of the user's current password in order to select a new password.

dump-dns

Obtain a listing of all of the DNs for all entries below a specified base DN in the Directory Server.

generate-schema-from-source

Generate LDAP schema that may be used to store objects from a properly-annotated class contained in the Java classpath. The schema elements will be written to the file in LDIF form.

generate-source-from-schema

Generate source code for a Java class that may be used to represent data stored in an LDAP directory server. The source code will be generated using information read from the directory server schema, and will contain an appropriate set of annotations required to use that class with the LDAP SDK persistence framework.

generate-totp-shared-secret

Generate a shared secret that may be used to generate time-based one-time password (TOTP) authentication codes for use in authenticating with the UNBOUNDID-TOTP SASL mechanism, or in conjunction with the validate TOTP password extended operation.

identify-references-to-missing-entries

This tool may be used to identify entries containing one or more attributes which reference entries that do not exist. This may require the ability to perform unindexed searches and/or the ability to use the simple paged results control.

identify-unique-attribute-conflicts

This tool may be used to identify unique attribute conflicts. That is, it may identify values of one or more attributes which are supposed to exist only in a single entry but are found in multiple entries.

in-memory-directory-server

A simple LDAP directory server which holds all of its information in memory and can be used for basic testing purposes. It can be created and managed programmatically using the com.unboundid.ldap.listener.InMemoryDirectoryServer class.

indent-ldap-filter

Parses a provided LDAP filter string and displays it a multi-line form that makes it easier to understand its hierarchy and embedded components. If possible, it may also be able to simplify the provided filter in certain ways (for example, by removing unnecessary levels of hierarchy, like an AND embedded in an AND).

ldap-debugger

Intercept and decode LDAP communication.

ldap-result-code

Display and query LDAP result codes.

ldapcompare

Perform compare operations in an LDAP directory server. Compare operations may be used to efficiently determine whether a specified entry has a given value.

ldapdelete

Delete one or more entries from an LDAP directory server. You can provide the DNs of the entries to delete using named arguments, as trailing arguments, from a file, or from standard input. Alternatively, you can identify entries to delete using a search base DN and filter.

ldapmodify

Apply a set of add, delete, modify, and/or modify DN operations to a directory server. Supply the changes to apply in LDIF format, either from standard input or from a file specified with the 'ldifFile' argument. Change records must be separated by at least one blank line.

ldappasswordmodify

Update the password for a user in an LDAP directory server using the password modify extended operation (as defined in RFC 3062), a standard LDAP modify operation, or an Active Directory-specific modification.

ldapsearch

Process one or more searches in an LDAP directory server.

ldif-diff

Compare the contents of two files containing LDIF entries. The output will be an LDIF file containing the add, delete, and modify change records needed to convert the data in the source LDIF file into the data in the target LDIF file.

ldifmodify

Apply a set of changes (including add, delete, modify, and modify DN operations) to a set of entries contained in an LDIF file. The changes will be read from a second file (containing change records rather than entries), and the updated entries will be written to a third LDIF file. Unlike ldapmodify, the ldifmodify cannot read the changes to apply from standard input.

ldifsearch

Search one or more LDIF files to identify entries matching a given set of criteria.

manage-account

Retrieve or update information about the current state of a user account. Processing will be performed using the password policy state extended operation, and you must have the password-reset privilege to use this extended operation.

manage-certificates

Manage certificates and private keys in a JKS or PKCS #12 key store.

modrate

Perform repeated modifications against an LDAP directory server.

move-subtree

Move all entries in a specified subtree from one server to another.

oid-lookup

Search the OID registry to retrieve information about items that match a given OID or name.

parallel-update

Use multiple concurrent threads to apply a set of add, delete, modify, and modify DN operations read from an LDIF file.

register-yubikey-otp-device

Registers a YubiKey OTP device with the Directory Server for a specified user so that the device may be used to authenticate that user in conjunction with the UNBOUNDID-YUBIKEY-OTP SASL mechanism. Alternately, it may be used to deregister one or more YubiKey OTP devices for a user so that they may no longer be used to authenticate that user.

search-and-mod-rate

Perform repeated searches against an LDAP directory server and modify each entry returned.

searchrate

Perform repeated searches against an LDAP directory server.

split-ldif

Splits a single LDIF file into multiple sets by separating entries below a specified base DN into different mutually-exclusive collections of entries. A number of algorithms are available to determine how entries should be split, and entries outside the split base DN may be included in all sets or added to a dedicated LDIF file.

subtree-accessibility

List or update the set of subtree accessibility restrictions defined in the Directory Server.

summarize-access-log

Examine one or more access log files from Ping Identity, UnboundID, or Nokia/Alcatel-Lucent 8661 server products to display a number of metrics about operations processed within the server.

test-ldap-sdk-performance

Provides a mechanism to help test the performance of the LDAP SDK.

tls-cipher-suite-selector

Provides information about the TLS cipher suites that are supported by the JVM and selects a recommended set of suites for secure communication.

transform-ldif

Apply one or more changes to entries or change records read from an LDIF file, writing the updating records to a new file. This tool can apply a variety of transformations, including scrambling attribute values, redacting attribute values, excluding attributes or entries, replacing existing attributes, adding new attributes, renaming attributes, and moving entries from one subtree to another.

validate-ldap-schema

Validate an LDAP schema read from one or more LDIF files.

validate-ldif

Validate the contents of an LDIF file against the server schema.