Perform repeated authentications against an LDAP directory server, where each authentication consists of a search to find a user followed by a bind to verify the credentials for that user.
authrate --hostname server.example.com --port 389 \
--bindDN uid=admin,dc=example,dc=com --bindPassword password \
--baseDN dc=example,dc=com --scope sub --filter "(uid=user.[1-1000000])" \
--credentials password --numThreads 10
authrate --generateSampleRateFile variable-rate-data.txt
-V
--version
| Description | Display Directory Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--hostname {host}
| Description | The IP address or resolvable name to use to connect to the directory server. If this is not provided, then a default value of 'localhost' will be used. |
| Default Value | localhost |
| Required | Yes |
| Multi-Valued | Yes |
-p {port}
--port {port}
| Description | The port to use to connect to the directory server. If this is not provided, then a default value of 389 will be used. |
| Default Value | 389 |
| Required | Yes |
| Multi-Valued | No |
-D {dn}
--bindDN {dn}
| Description | The DN to use to bind to the directory server when performing simple authentication. |
| Required | No |
| Multi-Valued | No |
-w {password}
--bindPassword {password}
| Description | The password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
-j {path}
--bindPasswordFile {path}
| Description | The path to the file containing the password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
--promptForBindPassword
| Description | Indicates that the tool should interactively prompt the user for the bind password. |
-Z
--useSSL
| Description | Use SSL when communicating with the directory server. |
-q
--useStartTLS
| Description | Use StartTLS when communicating with the directory server. |
-X
--trustAll
| Description | Trust any certificate presented by the directory server. |
-K {path}
--keyStorePath {path}
| Description | The path to the file to use as the key store for obtaining client certificates when communicating securely with the directory server. |
| Required | No |
| Multi-Valued | No |
-W {password}
--keyStorePassword {password}
| Description | The password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
-u {path}
--keyStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
--promptForKeyStorePassword
| Description | Indicates that the tool should interactively prompt the user for the password to use to access the key store contents. |
--keyStoreFormat {format}
| Description | The format (e.g., jks, jceks, pkcs12, etc.) for the key store file. |
| Required | No |
| Multi-Valued | No |
-P {path}
--trustStorePath {path}
| Description | The path to the file to use as trust store when determining whether to trust a certificate presented by the directory server. |
| Required | No |
| Multi-Valued | No |
-T {password}
--trustStorePassword {password}
| Description | The password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
--promptForTrustStorePassword
| Description | Indicates that the tool should interactively prompt the user for the password to use to access the trust store contents. |
--trustStoreFormat {format}
| Description | The format (e.g., jks, jceks, pkcs12, etc.) for the trust store file. |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | The nickname (alias) of the client certificate in the key store to present to the directory server for SSL client authentication. |
| Required | No |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | A name-value pair providing information to use when performing SASL authentication. |
| Required | No |
| Multi-Valued | Yes |
--useSASLExternal
| Description | Use the SASL EXTERNAL mechanism to authenticate. |
--helpSASL
| Description | Provide information about the supported SASL mechanisms, including the properties available for use with each. |
-b {dn}
--baseDN {dn}
| Description | The base DN to use for the searches. It may be a simple DN or a value pattern to specify a range of DNs (e.g., "uid=user.[1-1000],ou=People,dc=example,dc=com"). See https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/util/ValuePattern.html for complete details about the value pattern syntax. This must be provided. |
| Required | Yes |
| Multi-Valued | No |
-s {scope}
--scope {scope}
| Description | The scope to use for the searches. It should be 'base', 'one', 'sub', or 'subord'. If this is not provided, a default scope of 'sub' will be used. |
| Allowed Values |
sub subord base one |
| Default Value | SUB |
| Required | No |
| Multi-Valued | No |
-f {filter}
--filter {filter}
| Description | The filter to use for the searches. It may be a simple filter or a value pattern to specify a range of filters (e.g., "(uid=user.[1-1000])"). See https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html?com/unboundid/util/ValuePattern.html for complete details about the value pattern syntax. This must be provided. |
| Required | Yes |
| Multi-Valued | No |
-A {name}
--attribute {name}
| Description | The name of an attribute to include in entries returned from the searches. Multiple attributes may be requested by providing this argument multiple times. If no return attributes are specified, then entries will be returned with all user attributes. |
| Required | No |
| Multi-Valued | Yes |
-C {password}
--credentials {password}
| Description | The password to use when binding as the users returned from the searches. This must be provided. |
| Required | Yes |
| Multi-Valued | No |
-B
--bindOnly
| Description | Indicates that the tool should only perform bind operations without the initial search. If this argument is provided, then the base DN pattern will be used to obtain the bind DNs. |
-a {authType}
--authType {authType}
| Description | The type of authentication to perform. Allowed values are: SIMPLE, CRAM-MD5, DIGEST-MD5, and PLAIN. If no value is provided, then SIMPLE authentication will be performed. |
| Default Value | simple |
| Required | Yes |
| Multi-Valued | No |
--authorizationIdentityRequestControl
| Description | Indicates that bind requests should include the authorization identity request control as described in RFC 3829. |
--passwordPolicyRequestControl
| Description | Indicates that bind requests should include the password policy request control as described in draft-behera-ldap-password-policy-10. |
--searchControl {oid}[:{criticality}[:{stringValue}|::{base64Value}]]
| Description | Indicates that search requests should include the specified request control. This may be provided multiple times to include multiple search request controls. |
| Required | No |
| Multi-Valued | No |
--bindControl {oid}[:{criticality}[:{stringValue}|::{base64Value}]]
| Description | Indicates that bind requests should include the specified request control. This may be provided multiple times to include multiple modify request controls. |
| Required | No |
| Multi-Valued | No |
-t {num}
--numThreads {num}
| Description | The number of threads to use to perform the authentication processing. If this is not provided, then a default of one thread will be used. |
| Upper Bound | 2147483647 |
| Default Value | 1 |
| Required | Yes |
| Multi-Valued | No |
-i {num}
--intervalDuration {num}
| Description | The length of time in seconds between output lines. If this is not provided, then a default interval of five seconds will be used. |
| Upper Bound | 2147483647 |
| Default Value | 5 |
| Required | Yes |
| Multi-Valued | No |
-I {num}
--numIntervals {num}
| Description | The maximum number of intervals for which to run. If this is not provided, then the tool will run until it is interrupted. |
| Upper Bound | 2147483647 |
| Default Value | 2147483647 |
| Required | Yes |
| Multi-Valued | No |
-r {auths-per-second}
--ratePerSecond {auths-per-second}
| Description | The target number of authorizations to perform per second. It is still necessary to specify a sufficient number of threads for achieving this rate. If neither this option nor --variableRateData is provided, then the tool will run at the maximum rate for the specified number of threads. |
| Upper Bound | 2147483647 |
| Required | No |
| Multi-Valued | No |
--variableRateData {path}
| Description | The path to a file containing information that can be used to cause the tool to vary the target rate over time. Use the generateSampleRateFile argument to generate a sample rate definition file with comments that describe the required format for this file. |
| Required | No |
| Multi-Valued | No |
--generateSampleRateFile {path}
| Description | The path to a sample variable data rate file that should be generated. This file will contain comments that describe the expected format for the file to use with the variableRateData argument. |
| Required | No |
| Multi-Valued | No |
--warmUpIntervals {num}
| Description | The number of intervals to complete before beginning overall statistics collection. Specifying a nonzero number of warm-up intervals gives the client and server a chance to warm up without skewing performance results. |
| Upper Bound | 2147483647 |
| Default Value | 0 |
| Required | Yes |
| Multi-Valued | No |
--timestampFormat {format}
| Description | Indicates the format to use for timestamps included in the output. A value of 'none' indicates that no timestamps should be included. A value of 'with-date' indicates that both the date and the time should be included. A value of 'without-date' indicates that only the time should be included. |
| Default Value | none |
| Required | Yes |
| Multi-Valued | No |
--suppressErrorResultCodes
| Description | Indicates that information about the result codes for failed operations should not be displayed. |
-c
--csv
| Description | Generate output in CSV format rather than a display-friendly format |
-R {value}
--randomSeed {value}
| Description | Specifies the seed to use for the random number generator. |
| Lower Bound | -2147483648 |
| Upper Bound | 2147483647 |
| Required | No |
| Multi-Valued | No |
--interactive
| Description | Launch the tool in interactive mode. |
--outputFile {path}
| Description | Write all standard output and standard error messages to the specified file instead of to the console. |
| Required | No |
| Multi-Valued | No |
--appendToOutputFile
| Description | Indicates that the tool should append to the file specified by the --outputFile argument if it already exists. If this argument is not provided and the output file already exists, it will be overwritten. |
--teeOutput
| Description | Write all standard output and standard error messages to the console as well as to the specified output file. The --outputFile argument must also be provided. |
--propertiesFilePath {path}
| Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
| Required | No |
| Multi-Valued | No |
--generatePropertiesFile {path}
| Description | Write an empty properties file that may be used to specify default values for arguments. |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
| Description | Suppress output listing the arguments obtained from a properties file. |