We have had several clients that want to know about entries that have attributes that contain duplicate values. We have written a tool that will locate the entries with duplicate values.
Pass in any attribute name ( as -A <Attribute to check>) and this program will generate a LDIF file either displaying or removing the values.
Although we have done some testing, we can not guarantee the program. We generate an LDIF file that you can review for correctness and to make sure this is what you want performed. Check the LDIF file.
If you attempt to remove a naming attribute, it will be commented out with a "#" in the file.
Some of the more interesting options#The -X value and -R# work as follows:
- -X Will remove all values (except for naming values) of an attribute
- -R# Where # is a sequence number of the attribute to remove. If there are two values, entering a one (1) will remove the first value, etc.
Running without -X or -R may provide a confidence that the values will be returned in the same order each time, but the LDAP RFC 4522 states "The set of attribute values is unordered. Implementations MUST NOT rely upon the ordering being repeatable."
Data Output#All out put is located in the same directory as the FindDupes.jar.
- output will go to stdout and also to data.ldif
- Using the -d option will put a lot of debug information into willeke-app-debug.log
Usage#The line below will generate the out pur as shown:
java -jar FindDupes.jar -v -h 192.x.x.x -p389 -Dcn=admin,ou=administration,dc=willeke,dc=com -w secretpassword -Acn -F (objectclass=inetorgperson) -bou=people,dc=willeke,dc=com dn: cn=TestMeDelete,ou=people,dc=willeke,dc=com # cn: TestMeDelete Naming value can not be removed! cn: OtherName dn: cn=VBratton,ou=people,dc=willeke,dc=com cn: Bratton Vivian # cn: VBratton Naming value can not be removed! dn: cn=mcenters,ou=people,dc=willeke,dc=com cn: Centers Melissa A # cn: mcenters Naming value can not be removed! dn: cn=Briich Stephanie D,ou=people,dc=willeke,dc=com # cn: Briich Stephanie D Naming value can not be removed! cn: Hogge cn: Beegle dn: cn=Andreessen Marc,ou=people,dc=willeke,dc=com cn: Andreessen, Marc # cn: Andreessen Marc Naming value can not be removed!
Usage: java -jar FindDupes.jar [ -Xdv ] [ -R <remove> ] [ -h <host> ] [ -p <port> ] -D <loginDN> [ -w <bindpassword> ] -b <baseDN> -A <Attribute to check> -F <filter> [ -e <keystore> ] [ -Z <encrypted connection> ] -X Remove ALL Values - Default=false -R Remove value - Default=0 -h host name or IP address - Default="localhost" -p host IP port number. - Default=389 -D the DN of the object used for authentication - Required Argument -w the password for the DN of the object used for authentication - Default="" -b the baseDN where entries are or the FDN of a single entry - Required Argument -A cn - Required Argument -F RFC-2254 compliant LDAP search filter - Required Argument -d enable API debug output - Default=false -e Path to a Java Keystore. A valid certificate in the keystore enables an encrypted TLS connection. See also the -Z option. - Default="" -v enable verbose output - Default=false -Z sets the type of encrypted connection. A Keystore must be specified with the -e option to enable an encrypted connection. SSL - Establishes an encrypted connection using SSL. The default port is 636 TLS - Establishes an encrypted connection using TLS. The default port is 389 - Default="TLS"