How to access / modify the eDirectory data over the terminal by using ldapvi


The Novell eDirectory supports LDAP (Light Weight Directory Access Protocol) and provides number of utilities, applications and APIs to communicate with it. But the ldapvi can be useful in some different scenarios, lets discuss about that.

The LDAPVI, name itself says everything about this utility. If you are a NIX user and familiar with VI editor, you will be able to use this utility( Basic knowledge of VI editor is required to use this utility). This utility supports almost VI functionalities which is the main benefit of it.

Now let me focus on some obvious questions...

What is LDAPVI?

The LDAPVI is not simply an editor. Its an utility which will take parameters to communicate with LDAP supported directory server and make a query to it. After querying the directory server, it will get some results which will be displayed in LDIF kind of format in editor. Where you can directly edit the resulted data and submit back to the server. Its really easy to do different LDAP operations by using LDAPVI and because of that its known as an interactive LDAP client for NIX terminals.

Why/When should we use LDAPVI?

I think there are only two ways to communicate with any directory server, 1st Server APIs and 2nd Command Line utils(which will also use same APIs). There are number of other applications which are designed by using these APIs and provide same functionalities ex. Web based utile, stand alone software etc. The ldapvi is one of them only, but it will be very useful in situations like Low-End hardware, Low network / Internet speed, Operating System without X(GUI) support, Bulk update etc.

Let me give you the brief about some situations...

  1. Low-End hardware, Low Network / Internet speed

    Nowadays network speed is not the issue, but if you are using some Low-End hardware or Low speed wireless network or network with lots of traffic. May be this will become the issue for you. In this situation ldapvi can be very useful for you. Like other GUI based applications, it doesn't put much load on hardware and if we compare it with web application, it requests only for data no any other HTML content or images.

  • Operating System without X (Graphical User Interface) Support

    If you are running Operating System without X and you want to do some operations with Directory Server. You will have only one option command line utilities(like ldapsearch/add/modify/delete, nds utils, ldapvi and others). Most of the utilities in previous list need little bit more efforts, knowledge & time as compare with ldapvi, but we can do it in very less time with basic knowledge of LDAP, LDIF & VI editor by using ldapvi.

  • Bulk updates

    If you are using tools / applications like web application, standalone, command line utilities to communicate with directory server and want to modify multiple records with different values. You will have to use iterative way, but ldapvi makes this possible in single iteration. The ldapvi loads all queried data into editor and provide the provision to use editor's functionalities like search and replace, regex etc to modify the data.

How to install and configure LDAPVI with eDirectory on SLES10?

There are two ways to install it, 1st Source and 2nd rpm package. To download & install it from source you can follow this link...

But if you want to install it from rpm package, you can search on openSUSE software site for particular distribution.

For example, Use this link to download package for SLES10 - i586 architecture...

Once it has been installed, you can simply use it like any normal command.

	user@novell:~>ldapvi --help

This command will give you the list of available command line options for ldapvi.


Here it will try to connect with default port(389) on localhost as anonymous user. In eDirectory by default anonymous search is allowed, so you will get all the records from the directory tree root in editor. Be careful if your tree size is very large, then you should use ldapvi with base -b command line option to specify search base. Otherwise it will take some time to load all the data. But by default eDirectory will not allow you to do any modifications as an anonymous user, so you will have to provide your identity with -D option to make any modifications.

	user@novell:~>ldapvi -D cn=admin,o=novell -b o=novell

This command will try to connect as an admin user and will prompt you for admin password. Once you provide password, you will get all the records from the base o=novell. Here you may get some error like...

	ldap_bind: Confidentiality required (13)

Because by default TLS option is enabled for simple bind with password. Its one of the encryption mechanism like SSL which will be discussed in second part. Lets first see how can we do this in plain text. To check the 'Require TLS for Simple Binds with Password' option is enabled or not you can use...

	user@novell:~>ldapconfig get<enter>

Here you will have to find 'Require TLS for Simple Binds with Password' option, by default it is enabled on eDirectory with value 'yes'. If this option is enabled, you will have to disable it by setting up value "no".

user@novell:~>ldapconfig set "Require TLS for Simple Binds with Password=no"<enter>


user@novell:~>ldapconfig set "Require TLS for Simple Binds with Password=no" localhost:389<enter>

Once this option will be disabled, you can do all other ldap operations by using ldapvi. Be careful your whole communication is being done in plain text format and you should not use this method from the outside of your network (preferable on the server network only). To use it from the outside of your network, you should use encrypted method which will be covered in next part.

For more information about ldapvi usage, you can go through the man pages or documentation...

Note: This article is specifically targeting NIX users and written with the best of my knowledge. Any kind of comments/suggestions are always welcome.


How To-Best Practice
Comment List
  • Given that this is an LDAP application, you should use LDAP syntax for the DNs, not Novell's x.500 dotted syntax.

    Haven't tried this util myself, but you could enable LDAP tracing on the server and see what it reports when you try to authenticate with it. That would at least give you something to go on.


  • Hello, I got the following feedback from the team:

    It looks as if you are using some utility called ldapvi.  From a quick read this appears to be used with the OpenLDAP server. You dump the information out locally then this tool modifies what was dumped then it gets merged back. The PM, however, is not familiar with this utility and its syntaxes and encourages you to open a call with support and they can look into it then. At this point it even is unclear if it would work with eDirectory.  We use a relational database called FLAIM.  It is not text based, therefore, does not allow 'direct manipulation' of data in the dib.

    However, we DO include the OpenLDAP tools (ldapsearch, ldapmodify, etc.) with an eDirectory installation to modify the database information via LDAP.  There are a number of others.  You would have no problems using these to accomplish your goals.

    Hope this helps!


    Caroline Oest

    Micro Focus Customer Experience Marketing

    If you find this post useful, give it a ‘Like’ or use ‘Verify Answer’

  • I tried this on my RHEL 7 system that has eDir 9.0.3 installed. After installing the application, I typed "ldapvi -D cn=admin,o=<Org> -b ou=users,o=<ORG>" but I just get "invalid credentials" when I type the password. I also tried using the eDirectory convention:
    "ldapvi -D cn=admin.o=<ORG> -b ou=users.o=<ORG>" but got the same result.

    Any ideas what I could be doing wrong?