Child pages
  • LDAP Stuff

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Table of Contents


This document contains helpful LDAP tips and tricks.


ACI to restrict an attribute based on its existence of the attribute name as the value of another attribute (from Rob):

Code Block
(targetattr = "mail") (targetfilter =(|(uoRestrictAttributeRestricted=mail)(uoRestrictAttributeInternal=mail))) (version 3.0;acl "Email privacy";deny (read,compare,search)(userdn = "ldap:///some dn" or userdn = "ldap:///some other dn");)

ACI to restrict attribute change in a group based on owner (from

Code Block
(targetattr = "member") (version 3.0; acl "Group Membership by owners"; allow (write) userdnattr = "owner" or groupdnattr = "owner";)

Search Rate

Code Block
./searchrate -s base --baseDN "ou=pple,dc=ucsf,dc=edu" -a -t 30 --filter "objectclass=*" --maxOutstandingRequests 500 --port 1389 -D "cn=directory manager" --bindPasswordFile ~/Programming/directory/dirmanager -A cn

Tree Delete

Tree delete from the command line using OpenDS cli tools:

Code Block
ldapdelete --hostname localhost --port 1636 --bindDN "cn=Directory Manager" -j /home/opendsuser/odspwd --trustAll --useSSL --noPropertiesFile -J 1.2.840.113556.1.4.805 ou=people,dc=ucsf,dc=edu