Using Command-Line Tools

Oracle Internet Directory provides several types of command-line tools for manipulating directory entries and attributes--for example:

• LDAP tools, for altering objects in text files written in the LDAP Data Interchange Format (LDIF)

• A catalog management tool, for making existing attributes indexable

• Various tools to help you synchronize multiple directories in your enterprise

Many of the command-line tools act on objects that are in text files written in the LDAP Data Interchange Format (LDIF).

Note: To use the command-line tools, set the following environment variables: ORACLE_HOME ORACLE_SID or a proper TNS CONNECT string NLS_LANG (APPROPRIATE_LANGUAGE.AL32UTF8). The default language set at installation is AMERICAN_AMERICA. PATH and CLASSPATH. In the PATH and CLASSPATH environment variables, specify the Oracle LDAP binary--that is, ORACLE_HOME/bin--before the UNIX binary directory.

See Also: "LDAP Data Interchange Format (LDIF) Syntax" for information on formatting an LDIF file

This section contains these topics:

• Command-Line Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers

• Command-Line Tools for Managing Entries and Attributes

• Command-Line Tools for Performing Bulk Operations

• Command-Line Tools for Managing Replication

• Command-Line Tools for Managing Directory Synchronization and Provisioning

• OID Migration Tool (ldifmigrator)

• OID Database Statistics Tool (oidstats.sh)

• OID Database Password Utility (oidpasswd)

Command-Line Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers

Table 4-6 lists and describes the various command-line tools for starting, stopping, and monitoring Oracle Internet Directory servers and points you to more information about each one.

Table 4-6  Tools for Starting, Stopping, and Monitoring Oracle Internet Directory Servers

Tool	Description	More Information
OID Control Utility (OIDCTL)	Use this tool to the start and stop the server. The commands are interpreted and executed by the OID Monitor process.	"Oracle Internet Directory Architecture" for a conceptual description "The OID Control Utility (oidctl) Syntax" for syntax and usage notes
OID Monitor (OIDMON)	Use this tool to initiate, monitor, and terminate the LDAP server processes. If you install a replication server, then OID Monitor controls it. When you issue commands through OID Control Utility (OIDCTL) to start or stop directory server instances, your commands are interpreted by this process.	"Oracle Internet Directory Architecture" for a conceptual description "The OID Monitor (oidmon) Syntax" for syntax and usage notes

Command-Line Tools for Managing Entries and Attributes

Table 4-7 lists and describes the command-line tools for managing entries and attributes, and points you to further information.

Table 4-7  Tools for Managing Entries

Tool	Description	More Information
Catalog Management Tool (catalog.sh)	Oracle Internet Directory uses indexes to make attributes available for searches. When Oracle Internet Directory is installed, the entry cn=catalogs lists available attributes that can be used in a search. Only those attributes that have an equality matching rule can be indexed. If you want to use additional attributes in search filters, you must add them to the catalog entry. You can do this at the time you create the attribute by using Oracle Directory Manager. However, if the attribute already exists, then you can index it only by using the Catalog Management tool. Useful in creating and dropping the indexes.	"The Catalog Management Tool (catalog.sh) Syntax" for syntax and usage notes "Indexing an Attribute by Using Command-Line Tools" "Indexing an Attribute by Using Oracle Directory Manager"
ldapadd	Use this tool to add entries one at a time.	"ldapadd Syntax"
ldapaddmt	Use this tool to add several entries concurrently by using this shared-server tool.	"ldapaddmt Syntax"
ldapbind	Use this tool to authenticate user/client to a directory server.	"ldapbind Syntax"
ldapcompare	Use this tool to see whether an entry contains a specified attribute value.	"ldapcompare Syntax"
ldapdelete	Use this tool to delete entries.	"ldapdelete Syntax"
ldapmoddn	Use this tool to modify the DN or RDN of an entry, rename an entry or a subtree, or move an entry or a subtree under a new parent.	"ldapmoddn Syntax"
ldapmodify	Use this tool to create, update, and delete attribute data for an entry.	"ldapmodify Syntax"
ldapmodifymt	Use this tool to modify several entries concurrently by using this shared-server tool.	"ldapmodifymt Syntax"
ldapsearch	Use this tool to search for directory entries.	"ldapsearch Syntax"

Command-Line Tools for Performing Bulk Operations

Table 4-8 lists and describes the command-line tools for performing bulk operations, and points you to further information.

Table 4-8  Command-Line Tools for Performing Bulk Operations

Tool	Description	More Information
bulkdelete	Use this tool to delete a subtree efficiently	"bulkdelete Syntax"
bulkload	Use this tool to load and append large numbers of entries to Oracle Internet Directory through LDIF files	"bulkload Syntax"
bulkmodify	Use this tool to modify a large number of existing entries efficiently	"bulkmodify Syntax"
ldifwrite	Use this tool to copy data from the directory information base into an LDIF file that can be read by any LDAP-compliant directory server. You can use ldifwrite in conjunction with bulkload. You can also use ldifwrite to back up information from all or part of a directory.	"ldifwrite Syntax"

Command-Line Tools for Managing Replication

Table 4-9 lists and describes the command-line tools for managing replication, and points you to further information.

Table 4-9  Command-Line Tools for Managing Replication

Tool	Description	More Information
Replication Environment Management Tool	This tool ensures that Oracle9i Advanced Replication is properly configured for directory replication. In the event of a directory replication failure, this tool looks for the problems and seeks to rectify them. If it cannot solve the problem, then it gives you a report of the nature of the problem and points you to a possible solution.	"The Replication Environment Management Tool" for syntax and examples
OID Reconciliation Tool	When a replication conflict arises, Oracle directory replication server places the change in the retry queue and tries to apply it from there for a specified number of times. If it fails after that specified number, then the replication server puts the change in the human intervention queue. From there, the replication server repeats the change application process at less frequent intervals while awaiting your action. At this point, you need to: Examine the change in the human intervention queues Reconcile the conflicting changes on the consumer with those on the supplier by using the OID Reconciliation Tool Place the change either back into the retry queue or into the purge queue	"About the OID Reconciliation Tool" "The OID Reconciliation Tool" for syntax and an explanation of how OID Reconciliation Tool works
Human Intervention Queue Manipulation Tool	Once you have reconciled conflicting changes by using the OID Reconciliation Tool, the Human Intervention Queue Manipulation Tool enables you to move them from the human intervention queue to either the retry queue or the purge queue. Moving the change to the purge queue means that there are no further attempts to re-apply the change log entry.	"About the Human Intervention Queue Manipulation Tool" "The Human Intervention Queue Manipulation Tool" for syntax

Command-Line Tools for Managing Directory Synchronization and Provisioning

Table 4-10 lists and describes the command-line tools for managing directory synchronization and provisioning, and points you to further information.

Table 4-10  Command-Line Tools for Managing Directory Synchronization and Provisioning

Tool	Description	More Information
Directory Integration and Provisioning Assistant	This tool assists you in performing all operations in the Oracle Directory Integration and Provisioning platform.	"The Directory Integration and Provisioning Assistant"
Provisioning Subscription Tool	Use this tool to administer provisioning profile entries in the directory, including creating, disabling, enabling, deleting, monitoring, and clearing errors	"The Provisioning Subscription Tool (oidprovtool) Syntax"
ldapuploadagentfile.sh	Use this tool to load mapping and configuration information when you are synchronizing directories.	"The ldapUploadAgentFile.sh Tool Syntax"
ldapcreateconn.sh	Use this tool to create a synchronization profile	"The ldapCreateConn.sh Tool Syntax"
oidmdelp	Use this tool to deregister a synchronization profile	"The ldapDeleteConn.sh Tool Syntax"
stopodis	In a client-only installation where the monitor and oidctl tools are not available, you can start the Oracle directory integration and provisioning server without the oidctl tool	"The StopOdiServer.sh Tool Syntax"
schemasync	Use this tool to synchronize schema elements--namely attributes and object classes--between an Oracle directory server and third-party LDAP directories	"The schemasync Tool Syntax"

OID Migration Tool (ldifmigrator)

Use this tool to migrate data from application-specific repositories into Oracle Internet Directory.

See Also: "The OID Migration Tool (ldifmigrator) Syntax" for instructions on using this tool

OID Database Statistics Tool (oidstats.sh)

Use this tool to analyze the various database ods schema objects to estimate the statistics. You must run this utility whenever there are significant changes in directory data--including the initial load of data into the directory.

If you load data into the directory by any means other than the bulkload tool (bulkload.sh), then you must run the OID Database Statistics Collection tool after loading. Statistics collection is essential for the Oracle Optimizer to choose an optimal plan in executing the queries corresponding to the LDAP operations. You can run OID Database Statistics Collection tool at any time, without shutting down any of the OID daemons.

See Also: "OID Database Statistics Collection Tool (oidstats.sh) Syntax"

OID Database Password Utility (oidpasswd)

The OID Database Password Utility is used to:

• Change the password to the Oracle Internet Directory database.

  Oracle Internet Directory uses a password when connecting to an Oracle database. The default for this password matches the value you specified during installation for the Oracle Application Server administrator's password. You can change this password by using the OID Database Password Utility.

• Create a wallet, named oidlpwdldap1, for the Oracle Internet Directory database password, and a wallet, named oidpwdrsid, for the Oracle directory replication server password.

  The sid is obtained not from the environment variable SID but from the connected database.

  With the create_wallet=true option, you need to provide the ODS password to authenticate yourself to the ODS database before the ODS wallet can be generated. Note that the default ODS password is the same as that for the Oracle Application Server administrator.

• Unlock a locked directory super user account, namely, cn=orcladmin.

  See Also: "OID Database Password Utility (oidpasswd) Syntax"