• To compare the entries in two Directory Server instances, use ldap-diff.

    In the following example, the utility uses a single distinguished name (DN) input file for the source and target servers, so that no search filter is used. Ignore the userpassword attribute because of the password storage scheme that uses a one-way hashing algorithm.

    $ bin/ldap-diff --outputLDIF difference.ldif \ 
      --sourceHost server1.example.com --sourcePort 1389 \ 
      --sourceBindDN "cn=Directory Manager" --sourceBindPassword secret1 \ 
      --targetHost server2.example.com --targetPort 2389 \ 
      --targetBindDN "cn=Directory Manager" --targetBindPassword secret2 \ 
      --baseDN "dc=example,dc=com" --sourceDNsFile input-file.ldif \ 
      --targetDNsFile input-file.ldif "^userpassword"