The Directory Server provides the following command-line utilities, which can be run directly in interactive, non-interactive, or script mode.
Command-Line Tools Description
audit-data-security Performs an internal task that examines all or a subset of entries in the server, writing a series of reports on potential risks with the data. Reports are written to the output directory organized by backend name and audit items.
authrate Perform repeated authentications against the Directory Server, where each authentication consists of a search to find a user followed by a bind to verify the credentials for that user.
backup Run full or incremental backups on one or more directory server backends. This utility also supports the use of a properties file to pass predefined command-line arguments. See Managing the File for more information.
base64 Encode raw data using the base64 algorithm or decode base64-encoded data back to its raw representation.
collect-support-data Collect and package system information useful in troubleshooting problems. The information is packaged as a ZIP archive that can be sent to a technical support representative.
config-diff Generate a summary of the configuration changes in a local or remote server instance. The tool can be used to compare configuration settings when troubleshooting issues, or when verifying configuration settings on new servers.
create-rc-script Create a Run Control (RC) script that may be used to start, stop, and restart the Directory Server on UNIX-based systems.
create-recurring-task Create a recurring task to run on the server. Tasks can be created for backups, LDIF exports, a statically defined task, or a third-party task.
create-recurring-task-chain Create a chain of recurring tasks to run on the server.
dbtest Inspect the contents of Directory Server backends that store their information in Oracle® Berkeley DB Java Edition databases.
deliver-one-time-password Submit a "deliver one-time password" extended request, OID, to the server which results in a the generation of a one-time password which is delivered out-of-band to the specified user. This tool can be used to test the UNBOUNDID-DELIVERED-OTP SASL mechanism.
dsconfig View and edit the Directory Server configuration.
dsjavaproperties Configure the JVM arguments used to run the Directory Server and associated tools. Before launching the command, edit the properties file located in config/ to specify the desired JVM options and JAVA_HOME environment variable.
dsreplication Manage data replication between two or more Directory Server instances.
dump-dns Obtain a listing of all of the DNs for all entries below a specified base DN in the Directory Server.
encode-password Encode user passwords with a specified storage scheme or determine whether a given clear-text value matches a provided encoded password.
encryption-settings Manage the server encryption settings database.
enter-lockdown-mode Request that the Directory Server enter lockdown mode, during which it only processes operations requested by users holding the lockdown-mode privilege.
export-ldif Export data from the Directory Server backend in LDIF form.
identify-references-to-missing-entries Identify entries containing one or more attributes that reference entries that do not exist. This may require the ability to perform unindexed searches and/or the ability to use the simple paged results control.
identify-unique-attribute-conflicts Identify unique attribute conflicts. The tool may identify values of one or more attributes that are supposed to exist only in a single entry but are found in multiple entries.
import-ldif Import LDIF data into the Directory Server backend.
ldap-diff Compare the contents of two LDAP servers.
ldap-result-code Display and query LDAP result codes.
ldapcompare Perform LDAP compare operations in the Directory Server.
ldapdelete Perform LDAP delete operations in the Directory Server.
ldapmodify Perform LDAP modify, add, delete, and modify DN operations in the Directory Server.
ldappasswordmodify Perform LDAP password modify operations in the Directory Server.
ldapsearch Perform LDAP search operations in the Directory Server.
ldif-diff Compare the contents of two LDIF files, the output being an LDIF file needed to bring the source file in sync with the target.
ldifmodify Apply a set of modify, add, and delete operations against data in an LDIF file.
ldifsearch Perform search operations against data in an LDIF file.
leave-lockdown-mode Request that the Directory Server leave lockdown mode and resume normal operation.
list-backends List the backends and base DNs configured in the Directory Server.
make-ldif Generate LDIF data based on a definition in a template file.
manage-account Access and alter password policy state properties for user entries.
manage-extension Install or update extension bundles. An extension bundle is a package of extension(s) that utilize the Server SDK to extend the functionality of the PingDirectory Server. Extension bundles are installed from a zip archive or file system directory. PingDirectory Server will be restarted if running to activate the extension(s).
manage-tasks Access information about pending, running, and completed tasks scheduled in the Directory Server.
migrate-ldap-schema Migrate schema information from an existing LDAP server into a PingDirectory Server instance.
migrate-sun-ds-config Update an instance of the PingDirectory Server to match the configuration of an existing Sun Java System 5.x, 6.x, or 7.x directory instance.
modrate Perform repeated modifications against a Directory Server.
move-subtree Move a subtree entries or a single entry from one server to another.
parallel-update Perform add, delete, modify, and modify DN operations concurrently using multiple threads.
profile-viewer View information in data files captured by the Directory Server profiler.
re-encode-entries Initiate a task that causes a local DB backend to re-encode all or a specified subset of the entries that it contains. The tool does not alter the entries themselves but provides a useful mechanism for applying significant changes to the way that entries are stored in the backend (e.g., to apply encoding changes if a feature like data encryption or uncached attributes or entries is enabled).
rebuild-index Rebuild index data within a backend based on the Berkeley DB Java Edition. Note that this tool uses different approaches to rebuilding indexes based on whether it is running in online mode (as a task) rather than in offline mode. Running in offline mode will often provide significantly better performance. Also note that running in online mode will prevent the server from using that index while the rebuild is in progress, so some searches may behave differently while a rebuild is active than when it is not.
remove-backup Safely remove a backup and optionally all of its dependent backups from the specified Directory Server backend.
restore Restore a backup of the Directory Server backend.
revert-update Returns a server to the version before the last update was performed.
review-license Review and/or indicate your acceptance of the product license.
scramble-ldif Obscure the contents of a specified set of attributes in an LDIF file.
search-and-mod-rate Perform repeated searches against an LDAP directory server and modify each entry returned.
searchrate Perform repeated searches against an LDAP directory server.
server-state View information about the current state of the Directory Server process.
setup Perform the initial setup for the Directory Server instance.
start-server Start the Directory Server.
status Display basic server information.
stop-server Stop or restart the Directory Server.
subtree-accessibility List or update the a set of subtree accessibility restrictions defined in the Directory Server.
sum-file-sizes Calculate the sum of the sizes for a set of files.
summarize-access-log Generate a summary of one or more access logs to display a number of metrics about operations processed within the server.
uninstall Uninstall the Directory Server.
update Update the Directory Server to a newer version by downloading and unzipping the new server install package on the same host as the server you wish to update. Then, use the update tool from the new server package to update the older version of the server. Before upgrading a server, you should ensure that it is capable of starting without severe or fatal errors. During the update process, the server is stopped if running, then the update is performed, and a check is made to determine if the newly updated server starts without major errors. If it cannot start cleanly, the update will be backed out and the server returned to its prior state. See the revert-update tool for information on reverting an update.
validate-acis Validates a set of access control definitions contained in an LDAP server (including Sun/Oracle DSEE instances) or an LDIF file to determine whether they are acceptable for use in the Directory Server. Note that the output generated by this tool will be in LDIF format, but each entry in the output will have exactly one ACI, so entries that have more than one ACI will appear multiple times in the output with different ACI values.
validate-file-signature Validate the signature information in a signed text file, such as a signed log file or a signed LDIF export.
validate-ldif Validate the contents of an LDIF file against the server schema.
verify-index Verify that indexes in a backend using the Oracle Berkeley DB Java Edition are consistent with the entry data contained in the database.