Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

25Nov/082

OpenSSO and ldapvi

WARNING - guru level information in this blog entry. Don't try ANY of this unless you're CERTAIN you know what you're doing. Editing OpenSSO's configuration directly can easily lead to an unusable deployment. You have been warned!

The Suretec guys blogged about ldapvi the other day, which prompted me to deploy ldapvi and point it at OpenSSO's embedded OpenDS instance.

Deploying ldapvi on a Mac is very simple, thanks to MacPorts. Just do

sudo port install ldapvi

Now you can point it at your OpenSSO deployment like so:

ldapvi -d --host ldap://localhost:50389 -D "cn=Directory Manager" -w password

I get a screen like this:

One neat feature is that ldapvi transparently deals with the base64 encoded XML data in the directory - you can see it if you search for sunKeyValue:;

Now you can do some serious configuration hacking, especially with vi's global search and replace! But remember, with great power comes great responsibility. Backup your configuration before you try anything, and restart OpenSSO after any change you make in the directory. OpenSSO caches its configuration, and it won't notice changes you make 'under the covers'.

Filed under: OpenSSO Leave a comment
Comments (2) Trackbacks (0)
  1. if ldapvi can access the embedded openDS instance, why LDAP Browser/Edit (http://www.mcs.anl.gov/~gawor/ldap/) cannot connect to it?

  2. Hi Peter – any LDAP v3 client should be ok. I just tried the LDAP Browser from the link you provided and it works fine. Be sure to configure the connection correctly – default port for the embedded OpenDS is 50389, username is ‘cn=Directory Manager’ (without the quotes), same password as you specified for amadmin.


Leave a comment

No trackbacks yet.