We ended up doing it ourselves. We exported the entire list of users from opendj, used a python script to create a modification LDIF, and then ran the ldif through opendj. don't forget to backup before and after: mkdir ~/backups chmod 774 -R backups /opt/opendj/bin/backup -hlocalhost --port 4444 --bindDN "cn=Directory Manager" --bindPassword xxxxxxx --backUpAll --backupDirectory ~/backups/ --start 0 import users using the online interface. Important note: For this quantity of users, we had to significantly increase an apache timeout setting. If we didn't, the inital import people would stop partway through. login to gluu: sudo service gluu-server24 login export (note: the seds format the inums so that they are one line each with no spaces in between) /opt/opendj/bin/ldapsearch -h localhost -p 4444 -Z -X -D "cn=directory manager" -w xxxxxxxxx -b "o=gluu" "objectclass=gluuperson" dn | sed ':a;N;$!ba;s/\n\n/\n/g' | sed ':a;N;$!ba;s/\n //g' > users.ldif Make a python script as follows to generate your update ldif: *filename* activateUsers.py: f = open('users.ldif') while True: dn=f.readline() if dn.strip()== "": break print dn.strip() print "changetype: modify" print "add: gluuStatus" print "gluuStatus: active" print Run the script and pipe output to your update file: python activateUsers.py > activate.ldif Modify the users: /opt/opendj/bin/ldapmodify -h localhost -p 4444 -Z -X -D "cn=directory manager" -w xxxxxxxxx -c -f activate.ldif