OpenSSO and ldapvi
WARNING - guru level information in this blog entry. Don’t try ANY of this unless you’re CERTAIN you know what you’re doing. Editing OpenSSO’s configuration directly can easily lead to an unusable deployment. You have been warned!
The Suretec guys blogged about ldapvi the other day, which prompted me to deploy ldapvi and point it at OpenSSO’s embedded OpenDS instance.
Deploying ldapvi on a Mac is very simple, thanks to MacPorts. Just do
sudo port install ldapvi
Now you can point it at your OpenSSO deployment like so:
ldapvi -d --host ldap://localhost:50389 -D "cn=Directory Manager" -w password
I get a screen like this: 
One neat feature is that ldapvi transparently deals with the base64 encoded XML data in the directory - you can see it if you search for sunKeyValue:; 
Now you can do some serious configuration hacking, especially with vi's global search and replace! But remember, with great power comes great responsibility. Backup your configuration before you try anything, and restart OpenSSO after any change you make in the directory. OpenSSO caches its configuration, and it won't notice changes you make 'under the covers'.
Comments
PeterUsusu
if ldapvi can access the embedded openDS instance, why LDAP Browser/Edit (http://www.mcs.anl.gov/~gawor/ldap/) cannot connect to it?
Pat Patterson
Hi Peter - any LDAP v3 client should be ok. I just tried the LDAP Browser from the link you provided and it works fine. Be sure to configure the connection correctly - default port for the embedded OpenDS is 50389, username is 'cn=Directory Manager' (without the quotes), same password as you specified for amadmin.
Leave a Comment
Your email address will not be published. Required fields are marked *