[ ldapvi macports opensso ]
WARNING - guru level information in this blog entry. Don't try ANY of this unless you're CERTAIN you know what you're doing. Editing OpenSSO's configuration directly can easily lead to an unusable deployment. You have been warned!
The Suretec guys blogged about ldapvi the other day, which prompted me to deploy ldapvi and point it at OpenSSO's embedded OpenDS instance.
Deploying ldapvi on a Mac is very simple, thanks to MacPorts. Just do
sudo port install ldapviNow you can point it at your OpenSSO deployment like so:
ldapvi -d --host ldap://localhost:50389 -D "cn=Directory Manager" -w password
I get a screen like this:
One neat feature is that ldapvi transparently deals with the base64 encoded XML data in the directory - you can see it if you search for sunKeyValue:;
Now you can do some serious configuration hacking, especially with vi's global search and replace! But remember, with great power comes great responsibility. Backup your configuration before you try anything, and restart OpenSSO after any change you make in the directory. OpenSSO caches its configuration, and it won't notice changes you make 'under the covers'.
![[Feed]](http://blogs.sun.com/roller/resources/superpat/feed-icon16x16.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
if ldapvi can access the embedded openDS instance, why LDAP Browser/Edit (http://www.mcs.anl.gov/~gawor/ldap/) cannot connect to it?
Posted by PeterUsusu on November 25, 2008 at 12:46 PM PST #
Hi Peter - any LDAP v3 client should be ok. I just tried the LDAP Browser from the link you provided and it works fine. Be sure to configure the connection correctly - default port for the embedded OpenDS is 50389, username is 'cn=Directory Manager' (without the quotes), same password as you specified for amadmin.
Posted by Pat Patterson on November 25, 2008 at 01:57 PM PST #