Child pages
  • LDAP Stuff

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added group ACI.

Table of Contents


This document contains helpful LDAP tips and tricks.


ACI to restrict an attribute based on its existence of the attribute name as the value of another attribute (from Rob):

Code Block

(targetattr = "mail") (targetfilter =
(|(uoRestrictAttributeRestricted=mail)(uoRestrictAttributeInternal=mail))) (version 3.0;acl "Email privacy";deny (read,compare,search)(userdn = "ldap:///some dn" or userdn = "ldap:///some other dn");)

ACI to restrict attribute change in a group based on owner (from

Code Block
(targetattr = "member") (version 3.0; acl "Group Membership by owners"; allow (write) userdnattr = "owner" or groupdnattr = "owner";)

Search Rate

Code Block

./searchrate -s base --baseDN "ou=pple,dc=ucsf,dc=edu" -a -t 30 --filter "objectclass=*" --maxOutstandingRequests 500 --port 1389 -D "cn=directory manager" --bindPasswordFile ~/Programming/directory/dirmanager -A cn


Tree delete from the command line using OpenDS cli tools:

Code Block

ldapdelete --hostname localhost --port 1636 --bindDN "cn=Directory Manager" -j /home/opendsuser/odspwd --trustAll --useSSL --noPropertiesFile -J 1.2.840.113556.1.4.805 ou=people,dc=ucsf,dc=edu