Skip to end of metadata
Go to start of metadata

Ninja is new command line tool bundled with midPoint. Implemented features are based on "repo-ninja", but code was rewritten from the ground up. This tool comes in handy when one needs to export or import objects from/to midPoint. Operations can be done on top of repository (DB) layer or through REST API. Access through DB layer can be very powerful, especially in cases when UI fails. For example when midPoint fails to start because of configuration issue or objects data corruption. Another great example is "administrator" user lockout.

Users of this tool need to be aware that using repository layer, access is not validated using authorisations, model component is not used during processing and changes are not audited. It allows you to obtain or modify data in an otherwise unusable midPoint. Ninja also plan to support some other operations like listing keys from keystore, enforcing objects reencryption with new key, DB schema validation, password reset or user unlock.

Ninja comes with also with shell and bat scripts located in midPoint installation directory, eg. <midpoint>/bin/ These scripts will preset midpoint.home to default midPoint home folder, eg. <midpoint>/var.

Connecting to midPoint

Connection options:

  • using midpoint.home
  • using REST service (not yet implemented)

midpoint.home connection

This type of connection initialises repository layer of midpoint and operates on top of DB as new midPoint node. Mostly only one option is needed and that's specification of midpoint.home directory using -m option. This is not sufficient if config.xml uses datasource definition. Ninja then doesn't know how to connect to DB. For this case one have to use options to specify url ( -U ), username ( -u ) and password ( -p or -P ). These options can also be used to override JDBC url, username and password specified in config.xml.

REST connection

Not yet implemented.

Supported operations

Currently supports three operations:

  • import
  • export
  • verify (midPoint 3.9 or later)
  • keys
  • count
  • delete

Ninja can be started using standart java -jar or via bundles shell/bat script. Bundled scripts will automatically fill in path to for midPoint home option -m. There's also a difference between usage when pointing ninja to correct JDBC drivers. Example use with java -jar option:

Example use with bundled shell script:

Error rendering macro 'code': Invalid value specified for parameter 'lang'
<MIDPOINT_INSTALLATION_PATH>/bin/ -j <JDBC_DRIVER_JAR> [general options] [command] [command options]


Import command allow users to import objects from SYSOUT or file (either plain XML or compressed ZIP, which may contain multiple files). One can define oid, multiple types or filter to filter imported objects. Example of import from XML file using 4 threads with raw and overwrite option using explicit midpoint.home folder path:



Export command allows users to export objects to SYSOUT or file (either plain XML or compressed ZIP). One can define oid, multiple types or filter to filter exported objects. Export objects to compressed zip file using 4 threads:




MidPoint 3.9 and later

Command that verifies objects in midPoint repository. It displays warnings about objects to SYSOUT or file. Similarly to export, one can define oid, multiple types or filter to filter verified objects. Simple usage to verify all objects in the repository for all warnings:

Example: verify all objects in repository for all warnings

There is a -w switch that can be used to select specific warnings to display. Currently it only supports values deprecated and plannedRemoval. Following command will show warnings about planned removal of items used by all objects in the repository:


Example: verify all objects in repository for planned removal of items



List keys in with aliases from keystore located in midpoint.home.


Full help

Full help
  • No labels