This chapter provides useful information about using the command-line tools available for Oracle Identity Management. It contains the following topics:
Many command-line tools require you to authenticate by providing a password. In some cases, you can provide the password in either of two ways:
In response to a prompt from the command.
Following an option on the command line
For security reasons, avoid supplying a password on the command line whenever possible. A password typed on the command line is visible on your screen and might appear in output from the ps command or in log files. When you supply a password at a prompt, it is not visible on the screen, in output from the ps command, or in log files.
The LDAP tools have been modified to disable the options -w password and -P password when the environment variable LDAP_PASSWORD_PROMPTONLY is set to TRUE or 1. If you use -q or -Q, respectively, the command prompts you for the user password or wallet password. Set this environment variable whenever possible. This feature affects the behavior of the following tools:
ldapadd (LDAP Data Add Tool)
ldapaddmt (Multi-Threaded LDAP Data Add Tool)
ldapbind (Authentication Validation Tool)
ldapcompare (Attribute Comparison Tool)
ldapdelete (LDAP Data Deletion Tool)
ldapmoddn (LDAP DN/RDN Modification Tool)
ldapmodify (LDAP Data Modification Tool)
ldapmodifymt (Multi-Threaded LDAP Data Modification Tool)
ldapsearch (LDAP Search Tool)
Note:
When you use the -q or -Q option and redirect or pipe the output of an LDAP command, you do not see the prompt on the command line. The command still accepts the password you provide. If there is no wallet password and you are using the -Q option, when prompted for the password, hit Enter.
If you use the -w password option with an LDAP tool when the environment variable LDAP_PASSWORD_PROMPTONLY is set to true, you see the following error message, followed by command usage help.
Command-line passwords are disabled for LDAP commands. Use -q option instead of -w <password>. You are prompted for the password.*
Similarly, If you use the -P password option with an LDAP tool when the environment variable LDAP_PASSWORD_PROMPTONLY is set to true, you see the following error message, followed by command usage help.
Command-line passwords are disabled for LDAP commands. Use -Q option instead of -P <password>. You are prompted for the password.
Before you begin using the Oracle Identity Management command-line tools, you must configure your environment. This involves setting the appropriate environment variables.
The syntax and examples provided in this guide require that you have the following environment variables set:
ORACLE_HOME - The location of non-writable files in your Oracle Identity Management installation.
ORACLE_INSTANCE - The location of writable files in your Oracle Identity Management installation.
NLS_LANG (APPROPRIATE_LANGUAGE.AL32UTF8) - The default language set at installation is AMERICAN_AMERICA.
WLS_HOME - The location where the WebLogic Server is installed. This environment variable is required for Oracle Directory Integration Platform commands but not Oracle Internet Directory commands.
PATH - The following directory locations should be added to your PATH:
ORACLE_HOME/bin
ORACLE_HOME/ldap/bin
ORACLE_HOME/ldap/admin