This tool may be used to identify unique attribute conflicts. That is, it may identify values of one or more attributes which are supposed to exist only in a single entry but are found in multiple entries.
Identify any values of the uid attribute that are not unique across all entries below dc=example,dc=com.
identify-unique-attribute-conflicts --hostname server.example.com --port 389 \
--bindDN uid=john.doe,ou=People,dc=example,dc=com --bindPassword password \
--baseDN dc=example,dc=com --attribute uid --simplePageSize 100
For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help
-V
--version
| Description | Display Directory Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--hostname {host}
| Description | The IP address or resolvable name to use to connect to the directory server. If this is not provided, then a default value of 'localhost' will be used. |
| Default Value | localhost |
| Required | Yes |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | The port to use to connect to the directory server. If this is not provided, then a default value of 389 will be used. |
| Default Value | 389 |
| Required | Yes |
| Multi-Valued | No |
-D {dn}
--bindDN {dn}
| Description | The DN to use to bind to the directory server when performing simple authentication. |
| Required | No |
| Multi-Valued | No |
-w {password}
--bindPassword {password}
| Description | The password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
-j {path}
--bindPasswordFile {path}
| Description | The path to the file containing the password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
| Required | No |
| Multi-Valued | No |
--promptForBindPassword
| Description | Indicates that the tool should interactively prompt the user for the bind password. |
-Z
--useSSL
| Description | Use SSL when communicating with the directory server. |
-q
--useStartTLS
| Description | Use StartTLS when communicating with the directory server. |
--defaultTrust
| Description | Use the JVM's default trust store, the server's default trust store, the server's topology registry, and optionally an additional trust store specified using the --trustStorePath argument to non-interactively determine whether to trust any certificate chain presented during TLS negotiation. If the chain cannot be trusted based on any of those sources, then negotiation will fail without prompting about whether to trust it. |
-X
--trustAll
| Description | Trust any certificate presented by the directory server. |
-K {path}
--keyStorePath {path}
| Description | The path to the file to use as the key store for obtaining client certificates when communicating securely with the directory server. |
| Required | No |
| Multi-Valued | No |
-W {password}
--keyStorePassword {password}
| Description | The password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
-u {path}
--keyStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the key store contents. |
| Required | No |
| Multi-Valued | No |
--promptForKeyStorePassword
| Description | Indicates that the tool should interactively prompt the user for the password to use to access the key store contents. |
--keyStoreFormat {format}
| Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the key store file. |
| Required | No |
| Multi-Valued | No |
-P {path}
--trustStorePath {path}
| Description | The path to the file to use as trust store when determining whether to trust a certificate presented by the directory server. |
| Required | No |
| Multi-Valued | No |
-T {password}
--trustStorePassword {password}
| Description | The password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | The path to the file containing the password to use to access the trust store contents. |
| Required | No |
| Multi-Valued | No |
--promptForTrustStorePassword
| Description | Indicates that the tool should interactively prompt the user for the password to use to access the trust store contents. |
--trustStoreFormat {format}
| Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the trust store file. |
| Required | No |
| Multi-Valued | No |
--verifyCertificateHostnames
| Description | Indicates that the tool should verify that the hostname or IP addressed used to establish connections ot the LDAP server matches an address for which the server's TLS certificate was issued. |
-N {nickname}
--certNickname {nickname}
| Description | The nickname (alias) of the client certificate in the key store to present to the directory server for SSL client authentication. |
| Required | No |
| Multi-Valued | No |
--enableSSLDebugging
| Description | Enable Java's low-level support for debugging SSL/TLS communication. This is equivalent to setting the 'javax.net.debug' property to 'all'. |
-o {name=value}
--saslOption {name=value}
| Description | A name-value pair providing information to use when performing SASL authentication. |
| Required | No |
| Multi-Valued | Yes |
--useSASLExternal
| Description | Use the SASL EXTERNAL mechanism to authenticate. |
--helpSASL
| Description | Provide information about the supported SASL mechanisms, including the properties available for use with each. |
-b {dn}
--baseDN {dn}
| Description | The search base DN(s) to use to find entries with attributes for which to find uniqueness conflicts. At least one base DN must be specified. |
| Required | Yes |
| Multi-Valued | Yes |
-f {filter}
--filter {filter}
| Description | A filter that will be used to identify the set of entries in which to identify uniqueness conflicts. If this is not specified, then all entries containing the target attribute(s) will be examined. |
| Required | No |
| Multi-Valued | No |
-A {attr}
--attribute {attr}
| Description | The attributes for which to find uniqueness conflicts. At least one attribute must be specified, and each attribute must be indexed for equality searches. |
| Required | Yes |
| Multi-Valued | Yes |
-m {behavior}
--multipleAttributeBehavior {behavior}
| Description | Indicates the behavior to exhibit if multiple unique attributes are provided. Allowed values are 'unique-within-each-attribute' (indicates that each value only needs to be unique within its own attribute type), 'unique-across-all-attributes-including-in-same-entry' (indicates that each value needs to be unique across all of the specified attributes), 'unique-across-all-attributes-except-in-same-entry' (indicates each value needs to be unique across all of the specified attributes, except that multiple attributes in the same entry are allowed to share the same value), and 'unique-in-combination' (indicates that every combination of the values of the specified attributes must be unique across each entry). |
| Default Value | unique-within-each-attribute |
| Required | No |
| Multi-Valued | No |
-z {num}
--simplePageSize {num}
| Description | The maximum number of entries to retrieve at a time when attempting to find uniqueness conflicts. This requires that the authenticated user have permission to use the simple paged results control, but it can avoid problems with the server sending entries too quickly for the client to handle. By default, the simple paged results control will not be used. |
| Upper Bound | 2147483647 |
| Required | No |
| Multi-Valued | No |
-l {num}
--timeLimitSeconds {num}
| Description | The time limit in seconds that will be used for search requests attempting to identify conflicts for each value of any of the unique attributes. This time limit is used to avoid sending expensive unindexed search requests that can consume significant server resources. If any of these search operations fails in a way that indicates the requested time limit was exceeded, the tool will abort its processing. A value of zero indicates that no time limit will be enforced. If this argument is not provided, a default time limit of 10 will be used. |
| Upper Bound | 2147483647 |
| Default Value | 10 |
| Required | No |
| Multi-Valued | No |
--interactive
| Description | Launch the tool in interactive mode. |
--outputFile {path}
| Description | Write all standard output and standard error messages to the specified file instead of to the console. |
| Required | No |
| Multi-Valued | No |
--appendToOutputFile
| Description | Indicates that the tool should append to the file specified by the --outputFile argument if it already exists. If this argument is not provided and the output file already exists, it will be overwritten. |
--teeOutput
| Description | Write all standard output and standard error messages to the console as well as to the specified output file. The --outputFile argument must also be provided. |
--propertiesFilePath {path}
| Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
| Required | No |
| Multi-Valued | No |
--generatePropertiesFile {path}
| Description | Write an empty properties file that may be used to specify default values for arguments. |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
| Description | Suppress output listing the arguments obtained from a properties file. |