This tool can be used to compare the schemas of two LDAP servers to identify schema elements that may be present in one but not the other, or elements that may be present in both servers but have differences between them.
Compares the LDAP schemas for the two directory servers using the default settings, which will identify any differences between the schemas.
compare-ldap-schemas --firstHostname ds1.example.com --firstPort 636 \
--firstUseSSL --firstBindDN "cn=Directory Manager" \
--firstBindPasswordFile /path/to/password.txt \
--secondHostname ds2.example.com --secondPort 636 --secondUseSSL \
--secondBindDN "cn=Directory Manager" \
--secondBindPasswordFile /path/to/password.txt
For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help
-V
--version
| Description | Display Directory Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
--firstHostname {host}
| Description | The IP address or resolvable name to use to connect to the directory server. If this is not provided, then a default value of 'localhost' will be used. |
| Default Value | localhost |
| Required | Yes |
| Multi-Valued | No |
--firstPort {port}
| Description | The port to use to connect to the directory server. If this is not provided, then a default value of 389 will be used. |
| Default Value | 389 |
| Required | Yes |
| Multi-Valued | No |
--firstBindDN {dn}
| Description | The DN to use to bind to the directory server when performing simple authentication. |
| Required | No |
| Multi-Valued | No |
--firstBindPassword {password}
| Description | The password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
--firstBindPasswordFile {path}
| Description | The path to the file containing the password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
--firstUseSSL
| Description | Use SSL when communicating with the directory server. |
--firstUseStartTLS
| Description | Use StartTLS when communicating with the directory server. |
--firstDefaultTrust
| Description | Use the JVM's default trust store, the server's default trust store, the server's topology registry, and optionally an additional trust store specified using the --trustStorePath argument to non-interactively determine whether to trust any certificate chain presented during TLS negotiation. If the chain cannot be trusted based on any of those sources, then negotiation will fail without prompting about whether to trust it. |
--firstTrustAll
| Description | Trust any certificate presented by the directory server. |
--firstKeyStorePath {path}
| Description | The path to the file to use as the key store for obtaining client certificates when communicating securely with the directory server. |
| Required | No |
| Multi-Valued | No |
--firstKeyStorePassword {password}
| Description | The password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
--firstKeyStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
--firstKeyStoreFormat {format}
| Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the key store file. |
| Required | No |
| Multi-Valued | No |
--firstTrustStorePath {path}
| Description | The path to the file to use as trust store when determining whether to trust a certificate presented by the directory server. |
| Required | No |
| Multi-Valued | No |
--firstTrustStorePassword {password}
| Description | The password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
--firstTrustStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
--firstTrustStoreFormat {format}
| Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the trust store file. |
| Required | No |
| Multi-Valued | No |
--firstCertNickname {nickname}
| Description | The nickname (alias) of the client certificate in the key store to present to the directory server for SSL client authentication. |
| Required | No |
| Multi-Valued | No |
--firstSASLOption {name=value}
| Description | A name-value pair providing information to use when performing SASL authentication. |
| Required | No |
| Multi-Valued | Yes |
--secondHostname {host}
| Description | The IP address or resolvable name to use to connect to the directory server. If this is not provided, then a default value of 'localhost' will be used. |
| Default Value | localhost |
| Required | Yes |
| Multi-Valued | No |
--secondPort {port}
| Description | The port to use to connect to the directory server. If this is not provided, then a default value of 389 will be used. |
| Default Value | 389 |
| Required | Yes |
| Multi-Valued | No |
--secondBindDN {dn}
| Description | The DN to use to bind to the directory server when performing simple authentication. |
| Required | No |
| Multi-Valued | No |
--secondBindPassword {password}
| Description | The password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
--secondBindPasswordFile {path}
| Description | The path to the file containing the password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
--secondUseSSL
| Description | Use SSL when communicating with the directory server. |
--secondUseStartTLS
| Description | Use StartTLS when communicating with the directory server. |
--secondDefaultTrust
| Description | Use the JVM's default trust store, the server's default trust store, the server's topology registry, and optionally an additional trust store specified using the --trustStorePath argument to non-interactively determine whether to trust any certificate chain presented during TLS negotiation. If the chain cannot be trusted based on any of those sources, then negotiation will fail without prompting about whether to trust it. |
--secondTrustAll
| Description | Trust any certificate presented by the directory server. |
--secondKeyStorePath {path}
| Description | The path to the file to use as the key store for obtaining client certificates when communicating securely with the directory server. |
| Required | No |
| Multi-Valued | No |
--secondKeyStorePassword {password}
| Description | The password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
--secondKeyStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
--secondKeyStoreFormat {format}
| Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the key store file. |
| Required | No |
| Multi-Valued | No |
--secondTrustStorePath {path}
| Description | The path to the file to use as trust store when determining whether to trust a certificate presented by the directory server. |
| Required | No |
| Multi-Valued | No |
--secondTrustStorePassword {password}
| Description | The password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
--secondTrustStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
--secondTrustStoreFormat {format}
| Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the trust store file. |
| Required | No |
| Multi-Valued | No |
--secondCertNickname {nickname}
| Description | The nickname (alias) of the client certificate in the key store to present to the directory server for SSL client authentication. |
| Required | No |
| Multi-Valued | No |
--secondSASLOption {name=value}
| Description | A name-value pair providing information to use when performing SASL authentication. |
| Required | No |
| Multi-Valued | Yes |
--firstSchemaEntryDN {dn}
| Description | The DN of the subschema subentry in the first server that contains the definitions to examine. If this is not specified, then the entry referenced by the subschemaSubentry attribute in the server's root DSE will be used. |
| Required | No |
| Multi-Valued | No |
--secondSchemaEntryDN {dn}
| Description | The DN of the subschema subentry in the second server that contains the definitions to examine. If this is not specified, then the entry referenced by the subschemaSubentry attribute in the server's root DSE will be used. |
| Required | No |
| Multi-Valued | No |
--schemaElementType {elementType}
| Description | The types of schema elements to examine. Allowed values include attribute-syntaxes, matching-rules, attribute-types, object-classes, dit-content-rules, dit-structure-rules, name-forms, and matching-rule-uses. This may be provided multiple times to include multiple specific schema element types. If this argument is not provided, then all schema element types will be considered. |
| Required | No |
| Multi-Valued | Yes |
--getExtendedSchemaInfo
| Description | Use the extended schema info request control, which may be used to retrieve additional information about schema element definitions from a Ping Identity Directory Server. |
--ignoreDescriptions
| Description | Indicates that the tool should ignore differences in descriptions when comparing schema elements. |
--ignoreExtensions
| Description | Indicates that the tool should ignore differences in extensions when comparing schema elements. |
--includeElementsWithNameMatchingPrefix {prefix}
| Description | Indicates that the tool should only examine schema elements with names that match the specified prefix. This argument may be provided multiple times to specify multiple include prefixes. If no include or exclude prefixes are specified, then names will not be used when considering which elements to examine. |
| Required | No |
| Multi-Valued | Yes |
--excludeElementsWithNameMatchingPrefix {prefix}
| Description | Indicates that the tool should not examine schema elements with names that match the specified prefix. This argument may be provided multiple times to specify multiple exclude prefixes. If no include or exclude prefixes are specified, then names will not be used when considering which elements to examine. |
| Required | No |
| Multi-Valued | Yes |
--includeElementsWithExtensionValue {name=value}
| Description | Indicates that the tool should only examine schema elements with an extension that has the specified name and value. This argument may be provided multiple times to specify multiple include extension values. If no include or exclude extension values are specified, then extensions will not be used when considering which elements to examine. |
| Required | No |
| Multi-Valued | Yes |
--excludeElementsWithExtensionValue {name=value}
| Description | Indicates that the tool should no examine schema elements with an extension that has the specified name and value. This argument may be provided multiple times to specify multiple exclude extension values. If no include or exclude extension values are specified, then extensions will not be used when considering which elements to examine. |
| Required | No |
| Multi-Valued | Yes |
--interactive
| Description | Launch the tool in interactive mode. |
--outputFile {path}
| Description | Write all standard output and standard error messages to the specified file instead of to the console. |
| Required | No |
| Multi-Valued | No |
--appendToOutputFile
| Description | Indicates that the tool should append to the file specified by the --outputFile argument if it already exists. If this argument is not provided and the output file already exists, it will be overwritten. |
--teeOutput
| Description | Write all standard output and standard error messages to the console as well as to the specified output file. The --outputFile argument must also be provided. |
--propertiesFilePath {path}
| Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
| Required | No |
| Multi-Valued | No |
--generatePropertiesFile {path}
| Description | Write an empty properties file that may be used to specify default values for arguments. |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
| Description | Suppress output listing the arguments obtained from a properties file. |