Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun ONE Directory Server Resource Kit 5.2 Tools Reference 

Chapter 1

The Sun™ ONE Directory Server Resource Kit Tools Reference provides installation instructions for the Sun ONE Directory Server Resource Kit as well as usage information for the included engineering tools and application programming interfaces (API). This introductory chapter contains the following sections:


The Directory Server Resource Kit (DSRK) provides tools and API for deploying, accessing, tuning, and maintaining an installation of Sun ONE Directory Server. These utilities will help to implement and maintain a more robust server solution. The DSRK is comprised of three components:

The DSRK installation contains all the executables for running the tools as well as all the libraries needed for using the included LDAP SDKs (Software Development Kits).

The command-line tools and applications will help you test the performance of your Directory Server, and administer the contents of your directory. These tools are themselves based on the LDAP SDKs, and they were created to help Sun ONE development teams to test and validate the Sun ONE Directory Server.

The LDAP SDKs for C and Java™ make it simple to write client applications for your directory. These API expose all of the functions for connecting to an LDAP directory and accessing or modifying its entries. Use them to design and integrate directory functionality into your applications at the programmatic level.


Only the sample phone book application (discussed in Chapter 32, "JSP Directory Gateway Phonebook") requires the installation of further components. These components are also provided with the product and discussed in the aforementioned chapter.


The DSRK contains a set of tools that make a LDAP directory accessible using a command-line shell. This wide range of tools (including a sample application, Perl scripts, tag libraries and an LDAP command-line) can be used for directory access, performance testing, and maintenance. In addition, the commands that run these tools can be used to write scripts to automate the tasks. The following sections list the tools shipped with, and documented in, the DSRK. The tools are grouped within the book by functionality.


Many of the tools of the DSRK are command-line utilities whose functionality is available through options and parameters. You should be familiar with the syntax of commands for your particular shell and platform. For example, you may need to specify values that contain characters with special meaning to the command-line interpreter, such as space " ", asterisk "*", backslash "\", and so forth. Most shells require you to use quotation marks around values that contain special characters. One example is the space character in DNs (distinguished names):

"cn=Barbara Jensen,ou=Product Development,dc=siroe,dc=com"

Depending on your command-line interpreter, use either single or double quote marks for this purpose. Refer to your operating system documentation for more information.

The command examples given in this book are valid for most UNIX® shell environments. They rely on basic shell syntax and are usually applicable to all platforms with little modification.

Directory Access

The directory access commands provide the fundamental tools for accessing a LDAP directory. Use these commands to retrieve entries, view their attributes, and make modifications. These tools are based upon the Sun ONE LDAP SDK for C and make the functionality of this API available through their various options.

Table 1-1  Directory Access Commands





The ldapsearch Tool

Perform simple and complex searches to retrieve data.


The ldapmodify Tool

Modify the attribute values of one or more entries, or add new entries.


The ldapdelete Tool

Delete one or more entries given by their DN (distinguished name).


The ldapcompare Tool

Compare attribute values with those given on the command-line.


The ldapcmp Tool

Compare DNs and attribute values in entire subtrees of two directories.


The LDAPSubtdel Tool

Delete an entire subtree in a directory.


Directory Access Tools Using DSML

Same as ldapsearch but returns results in XML format.


Directory Access Tools Using DSML

Same as ldapmodify but takes input in XML format.

Performance Evaluation

The performance evaluation tools help you run tests to measure your server’s average response time to client requests. These tools perform repeated LDAP authentication, search, add, and delete operations to simulate actual usage. Use these tools before and after reconfiguring your directory to optimize performance. Run them regularly to monitor server response as directory size and usage evolves.

Table 1-2  Performance Evaluation Tools 





The idsktune Optimization Tool

Optimize your operating system and network settings for Sun ONE Directory Server.


The ldclt Stress Test Tool

A powerful and flexible LDAP client tool for testing directory servers.


The rsearch Search Tool

Measure the performance of search, compare, and delete operations.

LDAP v3 Tools

Lightweight Directory Access Protocol (LDAP) v3 specifies standards that provide both read and update access to a directory server.

Table 1-3  LDAP v3 Tools





The Search Performance Measurement Tool

Measure search performance under high server loads.


The Modify Performance Measurement Tool

Measure the performance of modification operations.


The Rate of Authentication Measurement Tool

Measure the performance of connecting and performing authentication.


The Add Performance Measurement Tool

Measure the performance of add operations for creating new entries.

LDIF Deployment

LDIF (LDAP Data Interchange Format) is the standard format for importing and exporting directory contents. The LDIF deployment tools process large LDIF files, either generating, modifying, or comparing the LDAP entries and attribute values they contain. Use these tools to deploy a testing environment and generate large test databases, to make global directory updates off line, and to synchronize multiple unconnected databases.

Table 1-4  LDIF Deployment Tools 





The Directory Server 4.x Instance Creation Tool

Use existing configuration files and interactive user input to generate an .inf file and create a new server instance (Directory Server 4.x only).

The Standard Schema LDIF Generator Tool

Generate random data for tests with the performance evaluation tools.


The Custom Schema LDIF Generator Tool

Generate random data for tests with legacy tools.


The Java-based LDIF Generator Utility

Another entry generator.


The LDIF Transformation Tool

Edit an LDIF file for global updates and extracts data for reports.


The LDIF Merge Tool

Simulate a multi-master merge using LDIF files.

The LDAP Compare and Modify Tool

Synchronizes differences between two directories.

Maintenance and Debugging

The maintenance and debugging tools help directory administrators to interpret logs and other trouble-shooting files. Use these tools to determine the causes of errors when they occur, as well as to perform preventive maintenance by monitoring directory usage and server statistics.

Table 1-5  Maintenance and Debugging Tools 




The Log Analyzer Tool

Interpret access logs and compile usages statistics.

The Replication Checker Tool

Verify whether two or more replicating servers are synchronized.

The Schema Migration Tool

Automate the process of updating your Sun ONE Directory Server 5.2 schema from 4.x.


The Search Operations Audit Tool

Replay search operations found in the directory access log.


The Core File Analyzer Tool

Debug a core file (Solaris platforms only).


The Database File Analyzer Tool

Create text output of Sun ONE Directory Server database files.

Open-source security tools

Network Security Services

Manage and debug security mechanisms used in client applications.

Unsupported Perl utilities

Unsupported Utilities

A set of Perl scripts provided in the installDir/unsupported/perl directory that provide examples of automated user and directory administration.

Sample Phonebook Application

With the JSP™ Directory Gateway (jdgw), you can design a web client to present directory contents in any browser. It consists of JavaServer™ Pages and an LDAP tag library. The JSP (which uses servlets to provide a web interface to access a directory server) use the LDAP tag library to write LDAP client servlets which then access a directory and generate the response in HTML. The sample application described in Chapter 32, "JSP Directory Gateway Phonebook" is a phone book called LookMeUp that searches for employee names in a corporate directory. Chapter 33, "Tag Library Reference" describes the tag libraries that can be used with the application.

NameFinder Application

NameFinder is a web-based tool to look up people in an Lightweight Directory Access Protocol (LDAP) database. The DSRK includes the web archive and other files related to deploying this application. Chapter 34, "NameFinder Application" describes these tools.

Java Naming and Directory Interface

Java™ Naming and Directory Interface (JNDI) is an API used to provide naming and directory functionality to applications written in the Java programming language. Using JNDI, Java applications can store and retrieve Java objects of any type. It provides methods for performing standard directory operations, such as associating attributes with objects and searching for objects using their attributes. The DSRK includes the Early Access 1 release of the JNDI DSML v2 Service Providers and the 1.0 release of the JNDI LDAP Booster Pack. Chapter 35, "Java Naming and Directory Interface" describes these tools.

Sun ONE Directory Server Plug-In

Chapter 36, "Attribute Value Uniqueness Plug-In" describes the Attribute Value Uniqueness plug-in which enforces the uniqueness of attribute values in a multi-master replication topology. This is an unsupported plug-in for Sun ONE Directory Server 5.2 only.


The DSRK bundles version 5.11 of the Sun ONE LDAP SDK for C. Use this library to write C or C++ client applications that take full advantage of the performance of the Sun ONE Directory Server. The API also includes extensions that give access to the latest features in Directory Server 5.2.


Because they are built around the core functions of the LDAP v2 and v3 standards, the API can be used to interact with any conforming LDAP server. This API conforms to IETF standard “LDAP Application Programming Interface,” defined by RFC 1823 and now revised by draft-ietf-ldapext-ldap-c-api-05.

The API is defined by the header files that declare all of the functions, data types and code values that are available in the binaries. The complete API is documented in the Sun ONE LDAP SDK for C Programming Guide. The SDK also includes sample code that demonstrates how to call most of the functions.


The Sun ONE LDAP SDK for C is a binary release of the open source LDAP SDK for C source code available through Updated releases are also available at:

Sun ONE LDAP SDK for Java

The DSRK bundles version 4.15 of the Sun ONE LDAP SDK for Java. The SDK consists of binary jar files containing all packages, classes and methods of the API. Equivalent in functionality to the SDK for C, Java client applications use this API to interact with LDAP directories. Whereas the Java Naming and Directory Interface™ (JNDI) provides a protocol-independent abstraction of directory services, this API exposes the LDAP-specific operations for direct access to an LDAP directory server. Use the classes and methods of the API to develop LDAP-enabled applets or applications for the J2EE™ platform or any of the Java platforms.


The Sun ONE LDAP SDK for Java conforms to the IETF standard “Java LDAP Application Program Interface,” defined by draft-ietf-ldapext-ldap-java- api-15.

The Java API is documented in the Sun ONE LDAP SDK for Java Programming Guide. However, the Programming Guide does not include all of the latest updates to the API. Please refer to the corresponding Javadoc™ pages for the latest reference information.


The source code is also available as open source through, and updated releases are available at:

Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.