Administration Commands

dpadm(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Exit Status | Examples | Attributes | See Also

NAME

dpadm – Manage the administration of Directory Proxy Server

Synopsis

install-path/dps6/bin/dpadm 
 [subcommand] [global-options] [subcommand-options]
 [subcommand-operands]

Description

The dpadm command is the administration command for the Directory Proxy Server. Use the dpadm command with one of the subcommands described in this man page.

SUBCOMMANDS

The following subcommands are supported:

dpadm add-cert -i -W CERT_PW_FILE INSTANCE_PATH CERT_ALIAS CERT_FILE

Adds a certificate to the certificate database.

dpadm add-selfsign-cert [-i] [-W CERT_PW_FILE] [ -s DN | --name NAME [--org ORG] [--org-unit ORG-UNIT] [--city CITY] [--state STATE] [--country COUNTRY]] [--keyalg KEYALG] [--sigalg SIGALG] INSTANCE_PATH CERT_ALIAS

Creates a self-signed certificate and adds it to the certificate database.

dpadm autostart [--off [-i]] INSTANCE_PATH

Enables or disables Directory Proxy Server instance startup at system boot. This command is only available if you installed with Sun Java Enterprise System or native packages, and is not available on Windows.

dpadm backup INSTANCE_PATH ARCHIVE_DIR

Creates a backup archive of the Directory Proxy Server instance.

dpadm create [-i] [-p PORT] [-P SECURE_PORT] [-u USER_NAME -g GROUP_NAME] [-D DN] [-w PWD_FILE] INSTANCE_PATH

Creates a Directory Proxy Server Instance.

dpadm delete INSTANCE_PATH

Deletes an instance of Directory Proxy Server.

dpadm disable-service [-T TYPE] INSTANCE_PATH

Disables a Directory Proxy Server from being managed as a service. This command is on Windows distributions and Solaris native package distributions only.

dpadm enable-service [-T TYPE] INSTANCE_PATH [RESOURCE_GRP]

Enables a Directory Proxy Server instance to be managed as a service. This command is on Windows distributions and Solaris native package distributions only.

dpadm get-flags INSTANCE_PATH [FLAG...]

Displays the flag values for the Directory Proxy Server instance.

dpadm import-cert [-i] [-W CERT_PW_FILE] [-I INPUT_PW_FILE] INSTANCE_PATH CERT_FILE

Imports the public and private keys of a certificate in the certificate database.

dpadm info INSTANCE_PATH

Displays information about the status and configuration of the Directory Proxy Server instance.

dpadm list-certs [-i] [-C] [-W CERT_PW_FILE] INSTANCE_PATH

Lists all certificates in the certificate database.

dpadm remove-cert [-i] [-W CERT_PW_FILE] INSTANCE_PATH CERT_ALIAS

Removes a certificate from the certificate database.

dpadm renew-cert [-i] [-W CERT_PW_FILE] INSTANCE_PATH CERT_ALIAS CERT_FILE

Renews a certificate in the certificate database.

dpadm request-cert [-i] [-W CERT_PW_FILE] [ -s DN | --name NAME [--org ORG] [--org-unit ORG-UNIT] [--city CITY] [--state STATE] [--country COUNTRY]] [--sigalg SIGALG] [--keyalg KEYALG] [-o OUTPUT_FILE] INSTANCE_PATH CERT_ALIAS

Generates a certificate request.

dpadm restart [-i] [-W] [CERT_PW_FILE] [INSTANCE_PATH]

Restarts a Directory Proxy Server instance.

dpadm restore INSTANCE_PATH ARCHIVE_DIR

Restores a Directory Proxy Server instance from a backup archive.

dpadm set-flags [-i] [-W CERT_PW_FILE] INSTANCE_PATH FLAG=VAL [FLAG=VAL...]

Sets flag values for a Directory Proxy Server instance.

dpadm show-cert [-i] [-W CERT_PW_FILE] [-o OUTPUT_FILE] [-F FORMAT] INSTANCE_PATH [CERT_ALIAS]

Displays a certificate.

If no CERT_ALIAS is specified, the default server certificate is displayed.

dpadm split-ldif INSTANCE_PATH LDIF_FILEOUTPUT_FILE_DIR

Splits the LDIF file given by LDIF_FILE into multiple LDIF files according to the data distribution configured in Directory Proxy Server. One LDIF file is created for each data view defined in the LDIF_FILE file.

The LDIF files are stored in the OUTPUT_FILE_DIR directory and are automatically named after the data view, with the following format: OUTPUT_FILE_DIR.DATA_VIEW_NAME.ldif

The dpadm split-ldif command can be launched even if the Directory Proxy Server is running.

dpadm start [-Ei] [-W CERT_PW_FILE] INSTANCE_PATH

Starts a Directory Proxy Server instance.

dpadm stop INSTANCE_PATH

Stops a Directory Proxy Server instance.

GLOBAL OPTIONS

The following options are global, and are applicable to all commands and subcommands.

--?
--help

Displays instructions for accessing help.

-V
--version

Displays the current version of dpadm. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dpadm are not aligned, the version of each individual component is displayed.

-v
--verbose

Displays instructions for accessing verbose help.

SUBCOMMAND OPTIONS

The following options are applicable to the subcommands where they are specified.

-C
--ca

Lists Certificate Authority certificates only. The default is to list server certificates only.

--city CITY

Adds L=CITY to the subject DN. Default is none.

--country COUNTRY

Adds C=COUNTRY to the subject DN. The default is none.

-D DN
--rootDN DN

Defines the Proxy Manager DN. The default is cn=Proxy Manager.

-E
--safe

Starts Directory Proxy Server with the configuration used at the last successful startup.

-F FORMAT
--format FORMAT

Specifies the output format. The options are readable and ascii. The default is readable.

-g GROUP_NAME
--group GROUP_NAME

Specifies the group name for the owner of the server instance. The default is the name of the current group.

-i
--no-inter

Does not prompt for confirmation before performing the operation.

-I INPUT_PW_FILE
--input-pwd-fileINPUT_PW_FILE

Specifies the certificate password. The default is to prompt for a password.

--keyalg KEYALG

Specifies the key-pair generation algorithm (DSA or RSA).

--sigalg SIGALG

Specifies the signature algorithm used to sign the certificate. The signature algorithm depends on the underlying key-pair generation algorithm. The default signature algorithm is SHA1withDSA when the key algorithm is DSA, and MD5withRSA when the key algorithm is RSA.

--name NAME

Adds CN=NAME to the subject DN. The default is the hostname.

-O OUTPUT_PW_FILE
--output-pwd-file OUTPUT_PW_FILE

Reads the output password from the OUTPUT_FILE file. The default is a prompt for a password.

--o OUTPUT_FILE
--output OUTPUT_FILE

Stores the command results in the OUTPUT_FILE file. The default is stdout.

--off

Disables the autostart of an instance of Directory Proxy Server at system boot

--org ORG

Adds O=ORG to the subject DN. The default is none.

--org-unit ORG-UNIT

Adds O=ORG-UNIT to the subject DN. The default is none.

--p PORT
--port PORT

Specifies the port for LDAP traffic. The default is 389 or 1389.

--P SECURE_PORT
--secure-port SECURE_PORT

Specifies the secure SSL port for LDAP traffic. The default is 636 or 1636.

--S DN
--subjectDN DN

Specifies the subject DN. The default is cn=CERT_ALIAS cn=hostname.

--state STATE

Adds ST=STATE to the subject DN. Default is the hostname.

--T TYPE
--type TYPE

Service type. Can be SMF when using Solaris 10, or WIN_SERVICE when using Windows.

-u USER_NAME
--username USER_NAME

Specifies the user name for the owner of the server instance. The default is the name of the current user.

--W CERT_PW_FILE
--cert-pwd-file CERT_PW_FILE

Reads the certificate database password from the CERT_PW_FILE file. The default is a prompt for password.

--w PW_FILE
--pwd-file PW_FILE

Reads the password from the PW_FILE file. The default is a prompt for password.

SUBCOMMAND OPERANDS

The following operands are supported:

ARCHIVE_DIR

Specifies the path to the backup of the Directory Proxy Server instance.

CERT_ALIAS

Specifies the certificate alias.

CERT_FILE

Specifies the file that contains the certificate.

FLAG

Specifies a flag that represents a property operand when using the command dpadm get-flags. Possible flags: cert-pwd-prompt, jvm-args.

FLAG=VALUE

Specifies a flag and its value. The FLAG=VALUE operand can have the following values:

cert-pwd-prompt=off

Sets the certificate database password storage mode to on. The certificate database password is stored on the file system. This is the default value.

cert-pwd-prompt=on

Sets the certificate database password storage mode to off. The certificate database password is not stored on the file system. You are prompted to supply the certificate database password when needed.

jvm-args="arg1 arg2 ..."

These values are arguments passed to the Java Virtual Machine (JVM).

The default value is jvm-args=-Xmx250M -Xms250M.

-Xmxmemory is the maximum memory size for the JVM. The default value is -Xmx250M (250 MB).

-Xmsmemory is the startup memory size for the JVM. The default value is -Xms250M (250 MB). The startup memory size -Xmsmemory should be the same as the maximum memory size -Xmxmemory.

-XX:NewRatio=ratio is applicable to the Sun Hotspot JVM only, and is the ratio between old and young generation memory. The recommended value is -XX:NewRatio=1, which is equal old and young generation memory.

The -d flag specifies which JVM is used (32-bits or 64-bits). By default, Directory Proxy Server is launched with a 64-bit JVM, if available, and with a 32-bit JVM otherwise. If you want to override this behavior and specify the JVM, set the jvm-args flag to either d-32 or d-64, for example jvm-args=-Xmx250M -Xms250M -d32

You can use the jvm-args flag to pass a list of arguments to the JVM. For information about JVM arguments not described in this man page, see the java(1) man page.

INSTANCE_PATH

Specifies the path to the Directory Proxy Server instance.

LDIF_FILE

Specifies the LDIF file that is to be split by using the split_ldif subcommand.

OUTPUT_FILE_DIR

Specifies the directory where LDIF files are placed after being split by the split_ldif subcommand.

Exit Status

The following exit status values are returned:

0

Successful completion.

non-zero

An error occurred.

Examples

The following examples show how the dpadm command is used.

---

Example 1 Creating a Directory Proxy Server Instance




The following example shows how to create a Directory Proxy Server instance.

$ dpadm create /local/dps

---

---

Example 2 Starting a Directory Proxy Server Instance




The following example shows how to start a Directory Proxy Server instance.

$ dpadm start /local/dps

---

---

Example 3 Getting Information about a Directory Proxy Server Instance




The following example shows how to get information about a Directory Proxy Server instance.

$ dpadm info /local/dps

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-proxy
Stability Level	Evolving

See Also

dpconf(1M)

DPS 6.2  Last Revised April 16, 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Exit Status | Examples | Attributes | See Also

dpconf(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Description | Exit Status | Examples | Attributes | See Also

NAME

dpconf – Manage the configuration of Directory Proxy Server

Synopsis

install-path/dps6/bin/dpconf 
subcommand [global-options] [subcommand-options]
 [subcommand-operands]

Description

The dpconf command manages the configuration of Directory Proxy Server. An instance of Directory Proxy Server must be running in order for you to run the dpconf command.

SUBCOMMANDS

The following subcommands are supported:

dpconf add-jdbc-attr [-h host] [-p port] TABLE_NAME ATTR_NAME COLUMN_NAME

Add a JDBC attribute by using a SQL table.

dpconf add-virtual-transformation [-h host] [-p port] VIEW_NAME MODEL ACTION ATTR_NAME [PARAM...]

Add a virtual transformation to a data view.

dpconf attach-jdbc-data-source [-h host] [-p port] POOL_NAME SRC_NAME [SRC_NAME...]

Attach one or more JDBC data sources to a JDBC data source pool.

dpconf attach-ldap-data-source [-h host] [-p port] POOL_NAME SRC_NAME [SRC_NAME...]

Attach one or more LDAP data sources to an LDAP data source pool.

dpconf create-connection-handler [-h host] [-p port] NAME [NAME...]

Create one or more new connection handlers.

dpconf create-custom-search-size-limit [-h host] [-p port] POLICY_NAME LIMIT_NAME [LIMIT_NAME...]

Create one or more new custom search size limits for a resource limits policy.

dpconf create-jdbc-data-source [-h host] [-p port] -b DB_NAME -B DB_URL -J DRIVER_URL [-J DRIVER_URL]... -S DRIVER_CLASS SRC_NAME

Create a JDBC data source that corresponds to an existing JDBC database.

dpconf create-jdbc-data-source-pool [-h host] [-p port] NAME [NAME...]

Create one or more JDBC data source pools.

dpconf create-jdbc-data-view [-h host] [-p port] JDBC_VIEW_NAME POOL_NAME SUFFIX_DN

Create a data view that enables LDAP applications to view JDBC tables.

dpconf create-jdbc-object-class [-h host] [-p port] JDBC_VIEW_NAME OBJECTCLASS PRIMARY_TABLE [SECONDARY_TABLE...] DN_PATTERN

Create a JDBC object class and attach it to a JDBC data view. At least one JDBC table, the primary table, must be specified. Additional tables can be specified if the JDBC data view is to be a join data view of more than one JDBC table.

dpconf create-jdbc-table [-h host] [-p port] TABLE_NAME DB_TABLE

Create a JDBC table.

dpconf create-join-data-view [-h host] [-p port] JOIN_NAME PRIMARY_NAME SECONDARY_NAME SUFFIX_DN

Create a virtual data view that combines or aggregates two separate data views. One of these data views is the primary data view, and the other the secondary data view. Before you can create a join data view, you must define at least one join rule on the secondary data view. To define join rules, set the dn-join-rule or filter-join-rule properties of the secondary data view.

dpconf create-ldap-data-source [-h host] [-p port] NAME HOST:PORT

Create a new LDAP data source.

dpconf create-ldap-data-source-pool [-h host] [-p port] NAME [NAME...]

Create one or more new LDAP data source pools.

dpconf create-ldap-data-view [-h host] [-p port] VIEW_NAME POOL_NAME SUFFIX_DN

Create a new LDAP data view.

dpconf create-ldif-data-view [-h host] [-p port] VIEW_NAME LDIF_FILE_NAME SUFFIX_DN

Create a new LDIF data view.

dpconf create-request-filtering-policy [-h host] [-p port] NAME [NAME...]

Create one or more new request filtering policies.

dpconf create-resource-limits-policy [-h host] [-p port] NAME [NAME...]

Create one or more new resource limits policies.

dpconf create-search-data-hiding-rule [-h host] [-p port] POLICY_NAME RULE_NAME [RULE_NAME...]

Create one or more new search data hiding rules for a request filtering policy.

dpconf create-user-mapping [-h host] [-p port] NAME USER_DN USER_PWD_FILE

Create a new user mapping.

dpconf delete-connection-handler [-h host] [-p port] NAME [NAME...]

Delete existing connection handlers.

dpconf delete-custom-search-size-limit [-h host] [-p port] POLICY_NAME LIMIT_NAME [LIMIT_NAME...]

Delete existing custom search size limit for a resource limits policy.

dpconf delete-jdbc-data-source [-h host] [-p port] NAME [NAME...]

Delete one or more JDBC data sources.

dpconf delete-jdbc-data-source-pool [-h host] [-p port] NAME [NAME...]

Delete one or more JDBC data source pools.

dpconf delete-jdbc-data-view [-h host] [-p port] NAME [NAME...]

Delete one or more JDBC data views.

dpconf delete-jdbc-object-class [-h host] [-p port] JDBC_VIEW_NAME OBJECTCLASS [OBJECTCLASS...]

Delete one or more JDBC object classes.

dpconf delete-jdbc-table [-h host] [-p port] NAME [NAME...]

Delete one or more JDBC tables.

dpconf delete-join-data-view [-h host] [-p port] JOIN_NAME

Delete a join data view.

dpconf delete-ldap-data-source [-h host] [-p port] NAME [NAME...]

Delete existing LDAP data sources.

dpconf delete-ldap-data-source-pool [-h host] [-p port] NAME [NAME...]

Delete existing LDAP data source pools.

dpconf delete-ldap-data-view [-h host] [-p port] VIEW_NAME [VIEW_NAME...]

Delete existing LDAP data views.

dpconf delete-ldif-data-view [-h host] [-p port] VIEW_NAME [VIEW_NAME...]

Delete existing LDIF data views.

dpconf delete-request-filtering-policy [-h host] [-p port] NAME [NAME...]

Delete existing request filtering policies.

dpconf delete-resource-limits-policy [-h host] [-p port] NAME [NAME...]

Delete existing resource limits policies.

dpconf delete-search-data-hiding-rule [-h host] [-p port] POLICY_NAME RULE_NAME [RULE_NAME...]

Delete an existing search data hiding rule.

dpconf delete-user-mapping [-h host] [-p port] NAME [NAME...]

Delete existing user mappings.

dpconf detach-jdbc-data-source [-h host] [-p port] POOL_NAME SRC_NAME [SRC_NAME...]

Detach JDBC data sources from a JDBC data source pool.

dpconf detach-ldap-data-source [-h host] [-p port] POOL_NAME SRC_NAME [SRC_NAME...]

Detach LDAP data sources from an LDAP data source pool.

dpconf get-access-log-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] [PROP...]

View the properties of the access log.

dpconf get-attached-ldap-data-source-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] POOL_NAME SRC_NAME [PROP...]

View the properties of an attached LDAP data source.

dpconf get-connection-handler-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a connection handler.

dpconf get-custom-search-size-limit-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] POLICY_NAME LIMIT_NAME [PROP...]

View the properties of custom search size limits for a resource limits policy.

dpconf get-error-log-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of the error log.

dpconf get-jdbc-attr-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] TABLE_NAME ATTR_NAME [PROP...]

View the properties of a JDBC attribute.

dpconf get-jdbc-data-source-pool-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a JDBC data source pool.

dpconf get-jdbc-data-source-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a JDBC data source.

dpconf get-jdbc-data-view-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a JDBC data view.

dpconf get-jdbc-object-class-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a JDBC object class.

dpconf get-jdbc-table-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] TABLE_NAME [PROP]

View the properties of a JDBC table.

dpconf get-join-data-view-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] JOIN_NAME [PROP...]

View the properties of a join data view.

dpconf get-ldap-data-source-pool-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of an LDAP data source pool.

dpconf get-ldap-data-source-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of an LDAP data source.

dpconf get-ldap-data-view-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] VIEW_NAME [PROP...]

View the properties of an LDAP data view.

dpconf get-ldap-listener-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of the LDAP listener.

dpconf get-ldaps-listener-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] [PROP...]

View the properties of the LDAPS listener.

dpconf get-ldif-data-view-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] VIEW_NAME [PROP...]

View the properties of an LDIF data view.

dpconf get-request-filtering-policy-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a request filtering policy.

dpconf get-resource-limits-policy-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of the resource limits policy

dpconf get-search-data-hiding-rule-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] POLICY_NAME RULE_NAME [PROP...]

View the properties of search data hiding rules for a request filtering policy.

dpconf get-server-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] [PROP...]

View the properties of a Directory Proxy Server.

dpconf get-user-mapping-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] NAME [PROP...]

View the properties of a user mapping.

dpconf get-virtual-aci-prop [-h host] [-p port] [PROP...]

View the properties of the data view defined to provide access to virtual ACIs.

dpconf get-virtual-transformation-prop [-h host] [-p port] [-M UNIT] [-Z UNIT] VIEW_NAME TRANSFORMATION_NAME [PROP...]

View the properties of a virtual transformation. Virtual transformation properties that can be specified include action, attr-name, model, internal-value and view-value.

dpconf help-properties [-r]

View information about the properties exposed by subcommands.

dpconf info

Display information about server configuration.

dpconf list-attached-jdbc-data-sources [-h host] [-p port] [-E] [POOL_NAME...]

List JDBC data sources that are attached to a data source pool.

dpconf list-attached-ldap-data-sources [-h host] [-p port] [-E] [POOL_NAME...]

List LDAP data sources that are attached to a data source pool.

dpconf list-connection-handlers [-h host] [-p port] [-E]

List the existing connection handlers.

dpconf list-custom-search-size-limits [-h host] [-p port] [-E] [POLICY_NAME...]

List the existing custom search size limits for a resource limits policy.

dpconf list-jdbc-attrs [-h host] [-p port] [-E] [TABLE_NAME...]

List the JDBC attributes that have been defined using SQL tables.

dpconf list-jdbc-data-source-pools [-h host] [-p port] [-E]

List the existing JDBC data source pools.

dpconf list-jdbc-data-sources [-h host] [-p port] [-E]

List the existing JDBC data sources.

dpconf list-jdbc-object-classes [-h host] [-p port] [-E] [JDBC_VIEW_NAME...]

List the JDBC object classes that are attached to a JDBC data view.

dpconf list-jdbc-tables [-h host] [-p port] [-E]

List all JDBC tables.

dpconf list-join-data-views [-h host] [-p port] [-E]

List the existing join data views.

dpconf list-ldap-data-source-pools [-h host] [-p port] [-E]

List the existing LDAP data source pools.

dpconf list-ldap-data-sources [-h host] [-p port] [-E]

List the existing LDAP data sources.

dpconf list-ldap-data-views [-h host] [-p port] [-E]

List the existing LDAP data views.

dpconf list-ldif-data-views [-h host] [-p port] [-E]

List the existing LDIF data views.

dpconf list-request-filtering-policies [-h host] [-p port] [-E]

List the existing request filtering policies.

dpconf list-resource-limits-policies [-h host] [-p port] [-E]

List the existing resource limits policies.

dpconf list-search-data-hiding-rules [-h host] [-p port] [-E] [POLICY_NAME...]

List the existing search data hiding rules for a request filtering policy.

dpconf list-user-mappings [-h host] [-p port] [-E]

List the existing user mappings.

dpconf list-virtual-transformations [-h host] [-p port] [-E] [VIEW_NAME...]

List the virtual transformations that are defined on a data view.

dpconf remove-jdbc-attr [-h host] [-p port] TABLE_NAME ATTR_NAME [ATTR_NAME...]

Delete a JDBC attribute.

dpconf remove-virtual-transformation [-h host] [-p port] VIEW_NAME TRANSFORMATION_NAME [TRANSFORMATION_NAME...]

Delete a virtual transformation.

dpconf rotate-log-now [-h host] [-p port] LOG_TYPE

Launch the rotation of a log file.

dpconf set-access-log-prop [-h host] [-p port] PROP:VAL [PROP:VAL...]

Change the properties of the access log. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-attached-ldap-data-source-prop [-h host] [-p port] POOL_NAME SRC_NAME PROP:VAL [PROP:VAL...]

Change the properties of an attached LDAP data source. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-connection-handler-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of a connection handler. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-custom-search-size-limit-prop [-h host] [-p port] POLICY_NAME LIMIT_NAME PROP:VAL [PROP:VAL...]

Change the properties of custom search size limits for a resource limits policy. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-error-log-prop [-h host] [-p port] PROP:VAL [PROP:VAL...]

Change the properties of the error log. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-jdbc-attr-prop [-h host] [-p port] TABLE_NAME ATTR_NAME PROP:VAL [PROP:VAL...]

Change the properties of a JDBC attribute. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-jdbc-data-source-pool-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of a JDBC data source pool. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-jdbc-data-source-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of a JDBC data source. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-jdbc-data-view-prop [-h host] [-p port] VIEW_NAME PROP:VAL [PROP:VAL...]

Change the properties of a JDBC data view. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-jdbc-object-class-prop [-h host] [-p port] JDBC_VIEW_NAME OBJECTCLASS PROP:VAL [PROP:VAL...]

Change the properties of a JDBC object class. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-jdbc-table-prop [-h host] [-p port] TABLE_NAME PROP:VAL [PROP:VAL...]

Change the properties of a JDBC table. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-join-data-view-prop [-h host] [-p port] VIEW_NAME PROP:VAL [PROP:VAL...]

Change the properties of a join data view. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-ldap-data-source-pool-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of an LDAP data source pool. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-ldap-data-source-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of an LDAP data source. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

set-ldap-data-view-prop [-h host] [-p port] VIEW_NAME PROP:VAL [PROP:VAL...]

Change the properties of an LDAP data view. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-ldap-listener-prop [-h host] [-p port] PROP:VAL [PROP:VAL...]

Change the properties of the LDAP listener. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-ldaps-listener-prop [-h host] [-p port] PROP:VAL [PROP:VAL...]

Change the properties of the LDAPS listener. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-ldif-data-view-prop [-h host] [-p port] VIEW_NAME PROP:VAL [PROP:VAL...]

Change the properties of an LDIF data view. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-request-filtering-policy-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of a request filtering policy. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-resource-limits-policy-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of a resource limits policy. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-search-data-hiding-rule-prop [-h host] [-p port] POLICY_NAME RULE_NAME PROP:VAL [PROP:VAL...]

Change the properties of search data hiding rules for a request filtering policy. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-server-prop [-h host] [-p port] PROP:VAL [PROP:VAL...]

Change the properties of a Directory Proxy Server instance. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-user-mapping-prop [-h host] [-p port] NAME PROP:VAL [PROP:VAL...]

Change the properties of a user mapping. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-virtual-aci-prop [-h host] [-p port] PROP:VAL [PROP:VAL...]

Change the properties of the data view defined to provide access to virtual ACIs. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dpconf set-virtual-transformation-prop [-h host] [-p port] VIEW_NAME TRANSFORMATION_NAME PROP:VAL [PROP:VAL...]

Change the properties of a virtual transformation that was defined on the data view. If you do not specify a VAL, the value of the property is reset.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

GLOBAL OPTIONS

The following options are global to all commands and subcommands:

-?
--help

Displays help information for a command or subcommand.

-c
--accept-cert

Does not ask for confirmation before accepting untrusted server certificates.

-D USER_DN
--user-dn USER_DN

Binds as USER_DN. The dpconf command searches for a USER_DN value in the following order:

• A USER_DN specified in the command line

• A USER_DN set by using the $LDAP_ADMIN_USER environment variable

If none of these are found, the default is to bind as the cn=Proxy Manager user.

-e
--unsecured

Connects over LDAP with no secure connection. To connect over a clear connection by default, set the DIR_PROXY_UNSECURED environment variable.

-h HOST
--hostname HOST

Connects to the proxy server on HOST. The dpconf command searches for a HOST value in the following order:

• A HOST specified in the command line

• A HOST set by using the $DIR_PROXY_HOST environment variable

If none of these are found, the default is to use the local host.

-i
--no-inter

Does not ask for confirmation or passwords.

-j
--reject-cert

Does not ask for confirmation before rejecting untrusted server certificates in this session.

-p PORT
--port PORT

Connects to the proxy on PORT. The dpconf command searches for a PORT value in the following order:

• A PORT specified in the command line

• A PORT set by using the $DIR_PROXY_PORT environment variable

If none of these are found, the default is to use port 389.

This option is mutually exclusive with -P,--secure-port.

-P PORT
--secure-port PORT

Connects over SSL to the proxy on PORT. The dpconf command searches for a PORT value in the following order:

• A PORT specified in the command line

• A PORT set by using the $DIR_PROXY_PORT environment variable

If none of these are found, the default is to use port 1636.

This option is mutually exclusive with -p,--port.

-r
--attr-map

Displays help properties and their corresponding attributes in cn=config.

-v
--verbose

Displays extra information. This option is especially useful in the list subcommands. For an example of the use of the verbose option, see Example 5.

-V--version

Displays the current version of dpconf. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dpconf are not aligned, the version of each individual component is displayed.

-w FILE
--pwd-file FILE

Specifies that the LDAP password is read from FILE. The dpconf command searches for a password FILE value in the following order:

• A password or password file specified in the command line

• A password file set by using the $LDAP_ADMIN_PWF environment variable

If none of these are found, the default is to prompt for the password.

SUBCOMMAND OPTIONS

The following options can be used with the subcommands:

-b
--db-name

The name of the JDBC database for which you create a JDBC data source.

-B
--db-url

The URL to the JDBC database for which you create a JDBC data source.

-E
--record

Modifies the display output to show one property value per line.

-J
--driver-url

The URL to the JDBC driver.

-M UNIT
--unit-time UNIT

Display time data with UNIT unit. The value for UNIT can be M, w, d, h, m, s, or ms (month, week, day, hour, minute, second, or milisecond).

-S
--driver-class

The class of the JDBC driver.

-Z UNIT
--unit-size UNIT

Display memory size data with UNIT unit. The value for UNIT can be T, G, M, k, or b (Terabyte, Gigabyte, Megabyte, kilobyte, or byte).

SUBCOMMAND OPERANDS

The following operands can be used with the subcommands:

ACTION

Describes what a transformation does to its target entry or entries. The following transformation actions are possible:

• add-attr Add a new attribute. The value of the new attribute is defined by the PARAM operand.

• add-attr-value Add a calculated value to an existing attribute. The value that must be added is defined by the PARAM operand.

• attr-value-mapping Map one attribute to another attribute to provide the attribute value. The value is defined by the internal-value and view-value PARAM operands.

• def-value Add a default value to an existing attribute. The value that must be added is defined by the PARAM operand.

• remove-attr Remove an attribute.

• remove-attr-value Remove a value from an existing attribute. This action is usually used in the case of multi-value attributes when one of the values should be removed.

ATTR_NAME

The name of a virtual attribute or JDBC attribute to be added or removed.

COLUMN_NAME

The name of a column in an SQL table.

DB_TABLE

The name of an SQL table.

DN_PATTERN

The pattern that should be used to construct a DN from a JDBC table.

HOST

Contacts the LDAP server on the specified host, which may be a host name or an IP address.

For example, when mapping the IPv4 address 192.168.0.99 to IPv6, pass the -h option with its argument as -h ::ffff:192.168.0.99.

JDBC_VIEW_NAME

The name of a JDBC data view.

JOIN_NAME

The name of a join data view.

LDIF_FILE_NAME

The name of a file on the Directory Proxy Server that contains the LDIF data.

LIMIT_NAME

The name of a custom search size limit.

LOG_TYPE

The type of log, log type can be access or error.

MODEL

The direction in which a transformation action will be applied. The transformation model can be one of mapping, read, or write.

A mapping transformation is applied during the request, and its inverse is applied during the response. A write transformation is applied during the request, but not during the response. A write transformation changes the physical data in storage. A read transformation is applied only during the response to a request.

NAME

The name of an object to be created or deleted, or the name of an object for which you are getting or setting properties.

OBJECTCLASS

The name of a JDBC object class.

PARAM

The parameters to be applied to a virtual transformation. Depending on the transformation, PARAM can be one or more of the following:

• value specifies the value of the virtual attribute for all transformation actions other than attrValueMapping.

• internal-value:value used only with the attrValueMapping transformation action. Specifies the value of the virtual attribute that should be written to the physical data source.

• view-value:value used only with the attrValueMapping transformation action. Specifies the value of the virtual attribute that should be returned to the client.

POLICY_NAME

The name of the resource limits policy or request filtering policy to which limits or rules are to be applied.

POOL_NAME

The name of an existing LDAP or JDBC data source pool.

PORT

The port number of the object to be created.

PRIMARY_NAME

The name of the primary data view that is the source for a join data view.

PRIMARY_TABLE

The name of the primary table in a JDBC database.

PROP

The name of the property. For a list of property names and values, use this command:

dpconf help-properties.

The rws and rwd keywords of a property indicate whether changes to the property require the server to be restarted. If a property has an rws (read, write, static) keyword, the server must be restarted when the property is changed. If a property has an rwd (read, write, dynamic) keyword, modifications to the property are implemented dynamically (without restarting the server).

For multi-valued properties, use the syntax PROP+:VAL to add a value, and PROP-:VAL to remove a value.

Multi-valued properties are identified by the M keyword. For a list of multi-valued properties, use this command:

dpconf help-properties | grep " M "

RULE_NAME

The name of a search data hiding rule.

SECONDARY_NAME

The name of the secondary data view that is the source for a join data view.

SECONDARY_TABLE

The name of the secondary table in a JDBC database.

SRC_NAME

The name of an LDAP or JDBC data source.

SUFFIX_DN

The DN of the suffix represented by the data view.

TABLE_NAME

The name of a JDBC table.

TRANSFORMATION_NAME

The name of a virtual transformation.

USER_DN

The DN of the user to be mapped.

USER_PWD_FILE

The name of the password file, or the value - meaning to prompt for the password.

VAL

The new value of the property. For a complete list of property names and values, use the command dpconf help-properties -v.

When the VAL operand is used for passwords, it can have the following values:

• The name of the password file.

• The value -, meaning to prompt for the password.

VIEW_NAME

The name of a data view.

Description

Syntax values shown in lower case or partly in lower case are literal values.

Those shown in upper case are syntax types, defined as follows:

ATTR_NAME

A valid attribute type name such as cn or objectClass.

BOOLEAN

true or false.

DN

A valid distinguished name such as ou=People,dc=example,dc=com.

DURATION

A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.

DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.

EMAIL_ADDRESS

A valid e-mail address.

HOST_NAME

An IP address or host name.

INTEGER

A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.

INTERVAL

An interval value of the form hhmm-hhmm 0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).

IP_RANGE

An IP address or range of address in one of the following formats:

• IP address in dotted decimal form.

• IP address and bits, in the form of network number/mask bits.

• IP address and quad, in the form of a pair of dotted decimal quads.

• All address. A catch-all for clients that are note placed into other, higher priority groups.

• 0.0.0.0. This address is for groups to which initial membership is not considered. For example, for groups that clients switch to after their initial bind.

• IP address of the local host.

LDAP_URL

A valid LDAP URL as specified by RFC 2255.

MEMORY_SIZE

A memory size specified in gigabytes (G), megabytes (M),kilobytes (k), or bytes (b). Unlike DURATION properties, MEMORY_SIZE properties cannot combine multiple specifiers. However, MEMORY_SIZE properties allow decimal values, for example, 1.5M.

NAME

A valid cn (common name).

OCTAL_MODE

A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.

PASSWORD_FILE

The full path to the file from which the bind password should be read.

PATH

A valid, absolute file system path.

STRING

A DirectoryString value, as specified by RFC 2252.

SUPPORTED_SSL_CIPHER

An SSL cipher supported by the server. See the Reference for a list of supported ciphers.

SUPPORTED_SSL_PROTOCOL

An SSL protocol supported by the server. See the Reference for a list of supported protocols.

TIME

A time of the form hhmm in 24-hour format, where hh stands for hours and mm stands for minutes.

Exit Status

The following exit status values are returned:

0

Successful completion

non-zero

An error occurred

Examples

This section contains examples of how the dpconf command is used.

---

Example 1 Getting Help With a Subcommand




This example shows how to get help for using a subcommand:

$ dpconf create-connection-handler -? Usage: dpconf create-connection-handler NAME [NAME ...] Create new connection handlers For global options, use dpconf --help. NAME The name of a connection handler For more information, see dpconf(1M).

---

---

Example 2 Getting Information About Properties




This example shows how to get information about the properties of the resource limits policy.

• To view the properties exposed by all of the dpconf subcommands, run this command:

  $ dpconf help-properties

---

---

Example 3 Getting Properties for Access Logs




This example shows how to get the access log properties, specifying that the log-rotation-size property is quoted in bytes.

$ dpconf get-access-log-prop -h host -p port -Z b default-log-level : info log-file-name : logs/access log-file-perm : 600 log-level-client-connections : - log-level-client-disconnections : - log-level-client-operations : - log-level-connection-handlers : - log-level-data-sources : - log-level-data-sources-detailed : - log-rotation-frequency : 1h log-rotation-policy : size log-rotation-size : 104,857,600b log-rotation-start-day : 1 log-rotation-start-time : 0000 log-search-filters : false max-log-files : 10

---

---

Example 4 Customizing Search Limits




This example shows how to define customized limits for search operations, based on the search base and search scope.

1. Create a custom search limit.

   $ dpconf create-custom-search-size-limit -h host -p port POLICY-NAME LIMIT-NAME

2. Set the criteria for the custom search limit.

   $ dpconf set-custom-search-size-limit-prop -h host -p port POLICY-NAME LIMIT-NAME one-level-search-base-dn:VALUE subtree-search-base-dn:VALUE

3. Define the limit for the number of results returned when a search meets one of the above criteria.

   $ dpconf set-custom-search-size-limit-prop -h host -p port POLICY-NAME CUSTOM-SEARCH-LIMIT-NAME search-size-limit:VALUE

4. View the properties of a custom search limit.

   $ dpconf get-custom-search-size-limit-prop -h host -p port POLICY-NAME LIMIT-NAME

---

---

Example 5 Comparing Properties of Connection Handlers




This example shows how to view the properties of one connection handler and how to compare the properties of a set of connection handlers.

1. View all of the properties of one connection handler.

   $ dpconf get-connection-handler-prop -h host -p port CONNECTION-HANDLER-NAME

   These are the default properties of a connection handler:

   allowed-auth-methods : anonymous allowed-auth-methods : sasl allowed-auth-methods : simple allowed-ldap-ports : ldap allowed-ldap-ports : ldaps bind-dn-filters : any data-view-routing-custom-list : - data-view-routing-policy : all-routable description : - domain-name-filters : any enable-data-view-affinity : false ip-address-filters : any is-enabled : false is-ssl-mandatory : false priority : 99 request-filtering-policy : no-filtering resource-limits-policy : no-limits user-filter : any

2. View the key properties and relative priorities of all of the connection handlers.

   $ dpconf list-connection-handlers -v Name is-enabled priority description -------------------------- ---------- -------- --------------------------- anonymous false 99 unauthenticated connections myconnectionhandler true 99 - default connection handler true 100 default connection handler

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-proxy
Stability Level	Evolving

See Also

dpadm(1M), dsconf(1M), and dsadm(1M)

DPS 6.2  Last Revised April 10, 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Description | Exit Status | Examples | Attributes | See Also

dsadm(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Exit Status | Examples | Attributes | See Also

NAME

dsadm – Manages a Directory Server instance

Synopsis

install-path/ds6/bin/dsadm 
subcommand options

Description

The dsadm command is the local administration command for Directory Server instances. Use the dsadm command with any of the subcommands described in this man page.

dsadm must be used while the server is stopped (except subcommands dsadm info, dsadm stop and dsadm restart). It must be run from the local machine where the server instance is located. This command must be run by the username that is the Operating System owner of the server instance, or by root.

SUBCOMMANDS

The following subcommands are supported:

dsadm add-cert [-Ci] [-W CERT_PW_FILE] INSTANCE_PATH CERT_ALIAS CERT_FILE

Adds a certificate to the certificate database.

dsadm add-selfsign-cert [-i] [-W CERT_PW_FILE] [-S DN] INSTANCE_PATH CERT_ALIAS

OR

dsadm add-selfsign-cert [-i] [-W CERT_PW_FILE] [--name NAME ] [--org ORG] [--org-unit ORG-UNIT] [--city CITY] [--state STATE] [--country COUNTRY] INSTANCE_PATH CERT_ALIAS

Creates a self-signed certificate and adds it to the certificate database.

dsadm autostart [--off [-i]] INSTANCE_PATH

Enables or disables Directory Server instance startup at system boot. This command is only available if you installed with Sun Java Enterprise System or native packages, and is not available on Windows. This command must be run as root.

dsadm backup [-f FLAG] ... INSTANCE_PATH ARCHIVE_DIR

Creates a backup archive of the Directory Server instance.

dsadm create [-BiG] [-u USER_NAME] -g GROUP_NAME] [-h HOST_NAME [-p PORT] [-P SSL_PORT] [-D DN] [-w PW_FILE] INSTANCE_PATH

Creates a Directory Server instance.

dsadm delete INSTANCE_PATH

Deletes a Directory Server instance.

dsadm disable-service [-T TYPE] INSTANCE_PATH

Disables a Directory Server instance from being managed as a service. This command is available on Windows distributions and on Solaris native package distributions only. The command must be run as root.

dsadm enable-service [-T TYPE] INSTANCE_PATH [RESOURCE_GRP]

Enables a Directory Server instance to be managed as a service. This command is available on Windows distributions and on Solaris native package distributions only. The command must be run as root.

dsadm export [-biQ] [-s DN] ... [-x DN] ... [-f FLAG] ... [-y [-w CERT_PW_FILE]] INSTANCE_PATH SUFFIX_DN [ SUFFIX_DN ...] LIDF_FILE

Exports suffix to LDIF format.

dsadm export-cert [-i] [-w CERT_PW_FILE] [-o OUTPUT_FILE] [-O OUTPUT_PW_FILE] INSTANCE_PATH CERT_ALIAS

Exports an encrypted copy of the certificate and its public and private keys from the certificate database.

dsadm generate-legacy-scripts [ -i ] INSTANCE_PATH

Generates legacy scripts in a Directory Server instance. This command is not available on Windows.

dsadm get-flags INSTANCE_PATH [FLAG ...]

Displays the flag values for the Directory Server instance.

dsadm import [-biK] [-x DN] ... [-f FLAG=VAL] ... [-y [-W CERT_PW_FILE]] INSTANCE_PATH LDIF_FILE [LDIF_FILE ...] SUFFIX_DN

Populates an existing suffix with LDIF data.

dsadm import-cert [-i] [-W CERT_PW_FILE] [-I INPUT_PW_FILE] INSTANCE_PATH CERT_FILE

Adds a new certificate and its keys to the certificate database.

dsadm import-selfsign-cert [-i] [-W CERT_PW_FILE] [-I INPUT_PW_FILE] INSTANCE_PATH CERT_FILE

Adds a new self-signed certificate and its keys to the certificate database.

dsadm info INSTANCE_PATH

Displays Directory Server instance status and some configuration information.

dsadm list-certs [-Ci] [-W CERT_PW_FILE] INSTANCE_PATH

Lists all certificates in the certificate database.

dsadm reindex [-bl] -t ATTR_INDEX [-t ATTR_INDEX ...] INSTANCE_PATH SUFFIX_DN

Regenerates existing indexes.

dsadm remove-cert [-i] [-W CERT_PW_FILE] INSTANCE_PATH CERT_ALIAS

Removes a certificate from the certificate database. The instance must be stopped before running this command.

dsadm renew-cert [-i] [-W CERT_PW_FILE] INSTANCE_PATH CERT_ALIAS CERT_FILE

Replaces a certificate, but keeps the existing private key. The instance must be stopped before running this command.

dsadm renew-selfsign-cert [-i] [-W CERT_PW_FILE] INSTANCE_PATH CERT_ALIAS

Renews a self-signed certificate in the certificate database. The instance must be stopped before running this command.

dsadm repack [-b backend] INSTANCE_PATH SUFFIX_DN [SUFFIX_DN...]

Repacks or compacts an existing suffix. The -b option enables you to specify the name of the back end instead of the suffix name. At least one suffix DN or one back end name must be specified. The instance must be stopped before running this command.

dsadm request-cert [-i] [-W CERT_PW_FILE] -s DN [-F FORMAT] [-o OUTPUT_FILE] INSTANCE_PATH
Or:
dsadm request-cert [-i] [-W CERT_PW_FILE] --name NAME [--org ORG] [--org-unit ORG-UNIT] [--city CITY] [--state STATE] [--country COUNTRY] [-F FORMAT] [-o OUTPUT_FILE] INSTANCE_PATH

Generates a certificate request.

dsadm restart [-i] [-W CERT_PW_FILE] INSTANCE_PATH

Restarts a Directory Server instance.

dsadm restore [-i] INSTANCE_PATH ARCHIVE_DIR

Restores Directory Server instance from a backup archive.

dsadm set-flags [-i] [-W CERT_PW_FILE] INSTANCE_PATH FLAG=VAL [FLAG=VAL ...]

Sets flags for a Directory Server instance.

dsadm show-access-log -A DURATION INSTANCE_PATH

OR

dsadm show-access-log -L LAST_LINES INSTANCE_PATH

Displays the contents of the access log.

dsadm show-cert [-i] [-W CERT_PW_FILE] [-o OUTPUT_FILE] [-F FORMAT] INSTANCE_PATH [CERT_ALIAS]

Displays a certificate.

dsadm show-error-log -A DURATION INSTANCE_PATH

OR

dsadm show-error-log -L LAST_LINES INSTANCE_PATH

Displays the contents of the error log.

dsadm start [-Ei] [-W CERT_PW_FILE] INSTANCE_PATH

Starts a Directory Server instance.

dsadm stop INSTANCE_PATH

Stops a Directory Server instance.

GLOBAL OPTIONS

The following options are global, and are applicable to all commands and subcommands.

--?
--help

Displays help information for a command or subcommand.

-V
--version

Displays the current version of dsadm. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dsadm are not aligned, the version of each individual component is displayed.

SUBCOMMAND OPTIONS

The following options are applicable to the subcommands where they are specified.

-A DURATION
--max-age DURATION

Specifies the maximum age of lines to be returned from the access log or the error log. For example, to search for all entries younger than 24 hours, use -A 24h.

-B
--below

Creates the Directory Server instance in an existing directory, specified by the INSTANCE_PATH. The existing directory must be empty. On UNIX machines, the user who runs this command must be root, or must be the owner of the existing directory. If the user is root, the instance will be owned by the owner of the existing directory.

--C
--ca

Specifies a Certificate Authority certificate is to be used, or that the command should display information about CA certificates.

--city CITY

Adds L=CITY to the subject DN. Default is none.

--country COUNTRY

Adds C=COUNTRY to the subject DN. The default is none.

-D DN
--rootDN DN

Defines the Directory Manager DN. The default is cn=Directory Manager.

-E
--safe

Starts Directory Server with the configuration used at the last successful startup.

-F FORMAT
--format FORMAT

Specifies output format. For dsadm request-cert, the default is der, and the other possible output format is ascii. .For dsadm show-cert, the default is readable, and other possible output formats are ascii and der.

-f FLAG
--flags FLAG or FLAG=VAL

Customized values for options.

Possible flags for the dsadm backup subcommand are as follows.

verify-db

Check database integrity.

Possible flags for the dsadm export subcommand are as follows.

minimal-encode

Perform minimal base64 encoding.

multiple-output-file

Generate multiple LDIF output files.

not-export-unique-id

Do not export the unique ID generated on import.

not-folded-output

Do not fold long lines.

no-num-version

Delete the initial line specifying the LDIF version, version: 1, for backward compatibility.

not-print-entry-ids

Do not include entry IDs in the LDIF output.

use-main-db-file

Only export from the main database file.

Possible flags for the dsadm import subcommand are as follows.

chunk-size

Merge chunk size.

incremental-output-file

Import LDIF generated during incremental import.

-G
--no-legacy-scripts

Does not create legacy scripts. If you do not use this option, command scripts that are similar to 5.x command scripts are created in the server instance.

-g GROUP_NAME
--groupname GROUP_NAME

Sets the server instance owner's group ID. The default is the user's current UNIX group. This option is not available on Windows.

-h HOST_NAME
--hostname HOST_NAME

Specifies the hostname. The default is the name of the current host system.

-I INPUT_PW_FILE
--input-pwd-file INPUT_PW_FILE

Reads the input file password in the INPUT_PW_FILE file. The default is a prompt for password.

-i
--no-inter

Does not prompt for confirmation before performing the operation.

-K
--incremental

Specifies that the contents of the imported LDIF file are appended to the existing LDAP entries. If this option is not specified, the contents of the imported file replace the existing entries.

-L LAST_LINES
--last-lines LAST_LINES

Specifies the number of lines to be returned from the access log or the error log. LAST_LINES must be an integer. For example, to return the last 50 lines, use -L 50. If no value is specified, the default number of lines returned is 20.

--l
--vlv

Specifies VLV (browsing) index.

--name NAME

Adds CN=NAME to the subject DN.

--O OUTPUT_PW_FILE
--output-pwd-file OUTPUT_PW_FILE

Reads the output password from the OUTPUT_FILE file. The default is a prompt for password.

--o OUTPUT_FILE
--output OUTPUT_FILE

Stores the command results in the OUTPUT_FILE file. The default is stdout, standard output.

--off

Disables server instance startup at system boot.

--org ORG

Adds O=ORG to the subject DN. The default is none.

--org-unit ORG-UNIT

Adds O=ORG-UNIT to the subject DN. The default is none.

--P SSL_PORT
--ssl-port SSL_PORT

Specifies the secure SSL port for LDAP traffic. The default is 636 if dsadm is run by the root user, or 1636 if dsadm is run by a non-root user.

--p PORT
--port PORT

Specifies the port for LDAP traffic. The default is 389 if dsadm is run by the root user, or 1389 if dsadm is run by a non-root user.

--Q --no-repl

Specifies that additional data needed for replication is not included in the export.

--S DN
--subject DN

Specifies the subject DN. The default depends on the subcommand used, and is either CN=hostname or CN=CERT_ALIAS.

--s DN
--include DN

Exports data from suffix DN.

--state STATE

Adds ST=STATE to the subject DN. Default is none.

--T TYPE
--type TYPE

Service type. Can be CLUSTER when using Sun Cluster, SMF when using Solaris 10, or WIN_SERVICE when using Windows.

--t ATTR_INDEX
--attr ATTR_INDEX

Specifies attribute index ATTR_INDEX

--u USER_NAME
--username USER_NAME

Sets the server instance owner user ID. The default is the current UNIX user name. This option is not available on Windows.

--W CERT_PW_FILE
--cert-pwd-file CERT_PW_FILE

Reads certificate database password from CERT_PW_FILE. The default is to prompt for password.

--w PW_FILE
--pwd-file PW_FILE

Sets the password file for the Directory Manager (-D). The default is to prompt for password.

--x DN
--exclude DN

Excludes the specified DN from the command.

--y
--decrypt-attr

Decrypts encrypted attributes.

Operands

The following operands are supported:

ARCHIVE_DIR

Specifies the path to the backup of the Directory Server instance.

CERT_ALIAS

Certificate alias name. A user-specified name that identifies a certificate.

CERT_FILE

Specifies the file that contains the certificate.

FLAG

Specifies a flag that represents a property operand when using the command dsadm get-flags. Possible flag: cert-pwd-prompt.

FLAG=VAL

Specifies a property flag operand and its value when using the command dsadm set-flags.

cert-pwd-prompt flag possible values are: off on. Default: off. By default the dsadm command generates a certificate database password when creating a server instance. This password is stored, allowing dsadm to access the certificate database when necessary, for example, when the server starts listening for SSL connections. When the cert-pwd-prompt flag is changed to on, the dsadm command prompts for the certificate database password when needed.

INSTANCE_PATH

Path of the Directory Server instance.

LDIF_FILE

Filename of LDIF file.

RESOURCE_GRP

Cluster resource group. Required for CLUSTER service, not applicable for other types of services.

SUFFIX_DN

Suffix DN (Distinguished name).

Exit Status

The following exit status values are returned:

0

Successful completion.

non-zero

An error occurred.

Examples

The following examples show how the dsadm command is used.

---

Example 1 Creating a Directory Server Instance




$ dsadm create -p 6389 -P 6636 /local/ds

This command creates the server instance files in the directory /local/ds. The server instance is owned by the UNIX user who creates the command.

In this example, the LDAP port is specified as 6389, and the secure port is specified as 6636. If you do not specify port numbers, the default port numbers 389 and 636 (for root user) or 1389 and 1636 (for not-root user) are used. If you do not specify port numbers and the default port numbers are already being used, the dsadm create command aborts.

---

---

Example 2 Starting a Directory Server Instance




The server instance path is /local/ds.

$ dsadm start /local/ds

---

---

Example 3 Getting Information About a Directory Server instance




This command shows information such as the owner, ports, and current state of the server instance. The instance path is /local/ds.

$ dsadm info /local/ds

---

---

Example 4 Importing an LDIF File




Import an LDIF file, specifying that no user confirmation is required, and giving the suffix DN.

$ dsadm import -i /local/ds /local/ds/ldif/example.ldif \ dc=example,dc=com

---

---

Example 5 Exporting an LDIF File




Export a suffix to an LDIF file.

$ dsadm export -x ou=People,dc=example,dc=com /local/ds \ dc=example,dc=com /local/ds/ldif/export.ldif

This command shows all data in the suffix dc=example,dc=com, excluding data in the subsuffix ou=People,dc=example,dc=com

---

---

Example 6 Backing Up a Directory Server Instance




This command backs up the suffix data and the configuration data. The instance path is /local/ds and the archive directory is /local/dsbackup/20060722 .

$ dsadm backup /local/ds /local/dsbackup/20060722

---

---

Example 7 Regenerating Attribute Indexes




To regenerate the existing cn and uid indexes:

$ dsadm reindex -t cn -t uid /local/ds dc=example,dc=com

---

---

Example 8 Renewing a Certificate




Use the following command to renew an existing server certificate with a new server certificate from your Certificate Authority.

$ dsadm renew-cert /local/ds cert_alias /local/certfiles/new-cert

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory
Stability Level	Evolving

See Also

dsconf(1M)

DS 6.2  Last Revised April 16, 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Exit Status | Examples | Attributes | See Also

dsccmon(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Environment Variables | Exit Status | Attributes | See Also

NAME

dsccmon – Monitor servers registered with Directory Service Control Center

Synopsis

install-path/dscc6/bin/dsccmon 
 [subcommand] [options]

Description

The dsccmon command is used to monitor servers registered with Directory Service Control Center. Use the dsccmon command with the subcommands described in this man page.

SUBCOMMANDS

The following subcommands are supported:

dsccmon view-repl-agmts

Show monitoring information about the replication agreements between Directory Server instances.

The format of this subcommand is:

dsccmon view-repl-agmts [-d seconds] [-b] [-s suffix-dn]…

dsccmon view-servers

Show monitoring information about registered servers.

The format of this subcommand is:

dsccmon view-servers [-d seconds] [-t] [-E]

dsccmon view-suffixes

Show monitoring information about suffixes supported by registered servers.

The usage of this subcommand is:

dsccmon view-suffixes [-d seconds] [-b] [-G] [-s suffix-dn]…

GLOBAL OPTIONS

The following options apply to all commands and subcommands:

-?
--help

Display usage for the command or for the specified subcommand.

-D user-dn
--user-dn user-dn

Bind using the specified user-dn.

By default, the value of the environment variable LDAP_ADMIN_USER is used. If LDAP_ADMIN_USER is not defined, cn=admin,cn=Administrators,cn=dcc is used.

-a
--all

Display hidden suffixes or servers, such as the server and suffixes used by Directory Service Control Center to manage metainformation about the directory service.

-h hostname
--hostname hostname

Connect to the Directory Service Control Center registry on the specified host or IP address.

By default, the value of the environment variable DSCC_HOST is used. If DSCC_HOST is not defined, localhost is used.

For example, when mapping the IPv4 address 192.168.0.99 to IPv6, pass the -h option with its argument as -h ::ffff:192.168.0.99.

-p port-number
--port port-number

Connect to the Directory Service Control Center registry on the specified port.

By default, the value of the environment variable DSCC_PORT is used. If DSCC_PORT is not defined, 3998 is used.

-u uid
--username uid

Bind using cn=uid,cn=Administrators,cn=dcc.

By default, the value of the environment variable LDAP_ADMIN_USER is used. If LDAP_ADMIN_USER is not defined, cn=admin,cn=Administrators,cn=dcc is used.

-V
--version

Displays the current version of dsccmon. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dsccmon are not aligned, the version of each individual component is displayed.

-v
--verbose

Display extra information for debugging purposes.

-w file
--pwd-file file

Bind using the password specified in file.

By default, the value of the environment variable LDAP_ADMIN_PWF is used. If LDAP_ADMIN_PWF is not defined, dsccmon prompts for a password.

SUBCOMMAND OPTIONS

The following options apply to the subcommands where they are specified:

-E
--error

Display detailed server error information.

-G
--genid

Display generation IDs.

-b
--brief

Do not display nonessential data, such as headers and notes.

-d seconds
--period seconds

Update monitoring information each specified number of seconds.

-s suffix-dn
--suffix suffix-dn

Display information for the specified suffix only.

-t
--ipath

Display the server instance path.

Environment Variables

The following environment variables are supported:

DSCC_HOST

Bind to the registry on this host.

DSCC_PORT

Bind to the registry on this port number.

LDAP_ADMIN_PWF

Read the bind password from this file.

LDAP_ADMIN_USER

Bind with this user DN or uid.

Exit Status

The following exit status values are returned:

0

Successful completion

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-console-cli
Stability Level	Evolving

See Also

dsccreg(1M)

DS 6.2  Last Revised May 23, 2006

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Environment Variables | Exit Status | Attributes | See Also

dsccreg(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Environment Variables | Exit Status | Attributes | See Also

NAME

dsccreg – Register servers with Directory Service Control Center

Synopsis

install-path/dscc6/bin/dsccreg 
 [subcommand] [options]

Description

The dsccreg command is used to register server instances on the local system with Directory Service Control Center, which may be remote. Use the dsccreg command with the subcommands described in this man page.

SUBCOMMANDS

The following subcommands are supported:

dsccreg add-server

Add a server instance to the Directory Service Control Center registry.

The format of this subcommand is:

dsccreg add-server [-B instance-user-dn] [-G instance-pwd-file]
 [-d desc] [-H local-host] instance-path

dsccreg list-servers

List server instances registered with Directory Service Control Center.

The format of this subcommand is:

dsccreg list-servers [-a] [-C]

dsccreg remove-server

Remove a server instance from the Directory Service Control Center registry.

The usage of this subcommand is:

dsccreg remove-server [-B instance-user-dn] [-G instance-pwd-file]
 [-H local-host] instance-path

GLOBAL OPTIONS

The following options apply to all commands and subcommands:

-?
--help

Display usage for the command or for the specified subcommand.

-D user-dn
--user-dn user-dn

Bind using the specified user-dn.

By default, the value of the environment variable LDAP_ADMIN_USER is used. If LDAP_ADMIN_USER is not defined, cn=admin,cn=Administrators,cn=dcc is used.

-h hostname
--hostname hostname

Connect to the Directory Service Control Center registry on the specified host or IP address.

By default, the value of the environment variable DSCC_HOST is used. If DSCC_HOST is not defined, localhost is used.

For example, when mapping the IPv4 address 192.168.0.99 to IPv6, pass the -h option with its argument as -h ::ffff:192.168.0.99.

-i
--no-inter

Do not prompt for confirmation before restarting servers.

-p port-number
--port port-number

Connect to the Directory Service Control Center registry on the specified port.

By default, the value of the environment variable DSCC_PORT is used. If DSCC_PORT is not defined, 3998 is used.

-u uid
--username uid

Bind using cn=uid,cn=Administrators,cn=dcc.

By default, the value of the environment variable LDAP_ADMIN_USER is used. If LDAP_ADMIN_USER is not defined, cn=admin,cn=Administrators,cn=dcc is used.

-V
--version

Displays the current version of dsccreg. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dsccreg are not aligned, the version of each individual component is displayed.

-v
--verbose

Display extra information for debugging purposes.

-w file
--pwd-file file

Bind using the password specified in file.

By default, the value of the environment variable LDAP_ADMIN_PWF is used. If LDAP_ADMIN_PWF is not defined, dsccreg prompts for a password.

SUBCOMMAND OPTIONS

The following options apply to the subcommands where they are specified:

-B instance-user-dn
--inst-user-dn instance-user-dn

Use the specified bind DN to bind to the instance specified by instance-path.

By default, the dsccreg command uses cn=Directory Manager.

-C
--check-access

Verify that each registered server instance is accessible from Directory Service Control Center.

-G instance-pwd-file
--inst-pwd-file instance-pwd-file

Use the password in the specified file to bind to the instance specified by instance-path.

By default, the dsccreg command prompts for the password.

-H hostname
--current-host hostname

Use the specified host name as the local host.

By default, the dsccreg command uses the local host name returned by the operating system.

-a
--all

Display hidden servers, such as the server used by Directory Service Control Center to manage metainformation about the directory service.

-d desc
--description desc

Use the specified text desc as the description for the server instance.

Operands

The following subcommand operands are supported:

instance-path

Full path to the server instance.

Environment Variables

The following environment variables are supported:

DSCC_HOST

Bind to the registry on this host.

DSCC_PORT

Bind to the registry on this port number.

LDAP_ADMIN_PWF

Read the bind password from this file.

LDAP_ADMIN_USER

Bind with this user DN or uid.

Exit Status

The following exit status values are returned:

0

Successful completion

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-console-cli
Stability Level	Evolving

See Also

dsccmon(1M)

DS 6.2  Last Revised May 24, 2006

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Environment Variables | Exit Status | Attributes | See Also

dsccsetup(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also

NAME

dsccsetup – Set up Directory Service Control Center

Synopsis

install-path/dscc6/bin/dsccsetup 
 [subcommand] [options]

Description

The dsccsetup command is used to register Directory Service Control Center with Sun Java Web Console (DSCC), and to register local agents of the administration framework. Use the dsccsetup command with the subcommands described in this man page.

SUBCOMMANDS

The following subcommands are supported:

dsccsetup ads-create [-w file]

Initialize the DSCC registry, a local Directory Server instance for private use by DSCC to store configuration information. DSCC requires that this instance reside locally on the host where you run DSCC. Therefore, if you replicate the data in the instance for high availablity, set up one DSCC per replica host.

If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.

The default port numbers used by the instance are 3998 for LDAP, and 3999 for LDAPS.

The default instance path is /var/opt/SUNWdsee/dscc6/dcc/ads on Solaris systems, /var/opt/sun/dscc6/dcc/ads on HP-UX and Red Hat systems, and C:\Program Files\Sun\DSEE\var\dscc6\dcc\ads on Windows systems.

The base DN for the suffix containing configuration information is cn=dscc. Use the dsccsetup status subcommand to read actual values for the DSCC registry instance.

dsccsetup ads-delete

Delete the Directory Server instance used by DSCC to store configuration information.

Use the -i when not using the command interactively.

dsccsetup cacao-reg [-t]

Register the local DSCC agent with the Common Agent Container, cacao.

Use the -t option if you want to restart the Common Agent Container manually at a later time.

dsccsetup cacao-unreg

Remove the local DSCC agent registration information from cacao.

dsccsetup console-reg [-t]

Register DSCC with the web application container, Sun Java Web Console.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console manually at a later time.

dsccsetup console-unreg [-t]

Remove DSCC from Sun Java Web Console.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console manually at a later time.

dsccsetup dismantle [-t]

Dismantle the DSCC administration framework, running the cacao-unreg, console-unreg, and ads-delete subcommands.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console, and the Common Agent Container manually at a later time.

dsccsetup initialize [-t] [-w file]

Initialize the DSCC administration framework, running the ads-create, console-reg, and cacao-reg subcommands.

Use the -i when not using the command interactively.

Use the -t option if you want to restart Sun Java Web Console, or the Common Agent Container manually at a later time.

If you do not provide the Directory Manager password for the DSCC registry in the file passed to the -w option, the command prompts for the password.

dsccsetup status

Display whether DSCC has been registered with Sun Java Web Console, and with the Common Agent Container. Also, display whether the DSCC registry has been initialized.

dsccsetup mfwk-reg [-t]

Register the local Directory Server monitoring agent for Java Enterprise System Monitoring Framework with the Common Agent Container, cacao.

Use the -t option if you want to restart the Common Agent Container manually at a later time.

dsccsetup mfwk-unreg

Remove the local Directory Server monitoring agent registration information from cacao.

GLOBAL OPTIONS

The following options apply to all commands and subcommands:

-?
--help

Display usage for the command or for the specified subcommand.

-i
--no-inter

Do not prompt for confirmation before performing the operation.

-V
--version

Displays the current version of dsccsetup. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dsccsetup are not aligned, the version of each individual component is displayed.

-v
--verbose

Display extra information for debugging purposes.

SUBCOMMAND OPTIONS

The following options apply to the subcommands where they are specified:

-t
--norestart

Do not restart the Common Agent Container or Sun Java Web Console after performing the operation.

You can restart the Common Agent Container using the cacaoadm command. You can restart the Sun Java Web Console using the smcwebserver command.

-w file
--pwd-file file

Use the Directory Service Manager password specified in file.

By default, dsccsetup prompts for a password.

Exit Status

The following exit status values are returned:

0

Successful completion

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-console-agent
Stability Level	Unstable

See Also

cacaoadm(1M), smcwebserver(1M)

DS 6.2  Last Revised September 29 , 2006

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Exit Status | Attributes | See Also

dsconf(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Description | EXIT STATUS | Examples | Attributes | See Also

NAME

dsconf – Manages Directory Server configuration

Synopsis

install-path/ds6/bin/dsconf 
subcommand options

Description

The dsconf command manages Directory Server configuration. It enables you to modify the configuration entries in cn=config.

The server must be running in order for you to run dsconf.

SUBCOMMANDS

The following subcommands are supported:

dsconf accord-repl-agmt [-h host] [-p port] [-I dest-bind-dn] [-W dest-pw-file] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Ensures the authentication properties of the destination suffix are in accord with those of the replication agreement.

dsconf backup [-h host] [-p port] [-a] ARCHIVE_DIR

Backs up Directory Server data (configuration data excluded).

dsconf change-repl-dest [-h host] [-p port] [-A NEW_PROTOCOL] SUFFIX_DN HOST:PORT NEW_HOST:NEW_PORT

Changes the remote replica pointed to by an existing replication agreement. The suffix DN and configuration of the existing agreement remain the same.

dsconf create-encrypted-attr [-h host] [-p port] [--desc DESC] SUFFIX_DN ATTR_NAME [ATTR_NAME ...] ENCRYPTION_ALGO

Declares that the values for an attribute are encrypted.

dsconf create-index [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

Declares that an attribute is indexed. The default index types for the attribute are equality and presence.

dsconf create-plugin [-h host] [-p port] -H LIB_PATH -F INIT_FUNCT -Y TYPE [-G ARG]... PLUGIN_NAME

Declares a new client plugin. The plugin state is disabled.

dsconf create-repl-agmt [-h host] [-p port] [-A PROTOCOL] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Creates a replication agreement for existing suffix.

dsconf create-repl-priority [-h host] [-p port] SUFFIX_DN PRIORITY_NAME PROP:VAL [PROP:VAL ...]

Creates a prioritized replication rule on a master.

dsconf create-suffix [-h host] [-p port] [-B NAME] [-L FILE] [-N] SUFFIX_DN [SUFFIX_DN ...]

Creates a suffix.

dsconf delete-encrypted-attr [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

Declares that the values for an attribute are no longer encrypted.

dsconf delete-index [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

Declares that an attribute is no longer indexed.

dsconf delete-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

Declares that a plugin can not be used by the server any more.

dsconf delete-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Deletes a replication agreement.

dsconf delete-repl-priority [-h host] [-p port] SUFFIX_DN PRIORITY_NAME [PRIORITY_NAME ...]

Deletes a prioritized replication rule.

dsconf delete-suffix [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

Deletes suffix configuration and data.

dsconf demote-repl [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

Demotes the role of an existing replicated suffix. A master is demoted to a hub, a hub is demoted to a consumer. To demote a master to a consumer, run the command twice.

dsconf disable-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

Disables a plugin.

dsconf disable-repl [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

Disables replication for a replicated suffix.

dsconf disable-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Disables replication with another Directory Server.

dsconf enable-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

Enables a plugin.

dsconf enable-repl [-h host] [-p port] [-d REPL_ID] ROLE SUFFIX_DN [SUFFIX_DN ...]

Enables replication by assigning a role to an existing suffix.

dsconf enable-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Enables replication with another Directory Server.

dsconf export [-h host] [-p port] [-aQ] [-f FLAG] ... [[-s DN] ... | [-x DN] ...] SUFFIX_DN [SUFFIX_DN...] LDIF_FILE

Exports suffix data to LDIF format.

dsconf get-index-prop [-h host] [-p port] [-T] SUFFIX_DN ATTR_NAME [PROP ...]

Displays the value of an index configuration property.

dsconf get-log-prop [-h host] [-p port] [-T] [-Z UNIT] LOG_TYPE [PROP ...]

Displays server log property values.

dsconf get-plugin-prop [-h host] [-p port] [-T] PLUGIN_NAME [PROP ...]

Displays plugin property values.

dsconf get-repl-agmt-prop [-h host] [-p port] [-T] SUFFIX_DN HOST:PORT [PROP ...]

Displays replication agreement property values.

dsconf get-server-prop [-h host] [-p port] [-T] [-M UNIT] [-Z UNIT] [PROP ...]

Displays server property values.

dsconf get-suffix-prop [-h host] [-p port] [-T] [-M UNIT] [-Z UNIT] SUFFIX_DN [PROP ...]

Displays suffix property values.

dsconf help-properties [-r]

Lists properties exposed by subcommands.

dsconf import [-h host] [-p port] [-aK] [-f FLAG=VAL] ... [-x DN] ... LDIF_FILE [LDIF_FILE ...] SUFFIX_DN

Populates existing suffixes with LDIF data.

dsconf info

Displays information about server configuration such as port number, suffix name, server mode and task states.

dsconf init-repl-dest [-h host] [-p port] [-a] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Launches a total update of the remote replica from a local suffix.

dsconf list-encrypted-attrs [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists encrypted attributes. When used with -v, this command displays additional information related to encrypted attributes.

dsconf list-indexes [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists indexed attribute configuration. When used with -v, this command displays additional information related to indexes.

dsconf list-plugins [-h host] [-p port] [-E] [-v]

Lists plugins. When used with -v, this command displays additional information related to plugins.

dsconf list-repl-agmts [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists replication agreements. When used with -v, this command displays additional information related to replication agreements.

dsconf list-repl-priorities [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists prioritized replication rules. When used with -v, this command displays additional information related to prioritized replication rules.

dsconf list-suffixes [-h host] [-p port] [-E] [-v]

Lists suffixes. When used with -v, this command displays additional information related to suffixes. This includes the number of entries, the suffix role and the number of replication agreements, replication priority rules, indexes and encrypted attributes.

dsconf promote-repl [-h host] [-p port] [-d REPL_ID] SUFFIX_DN [SUFFIX_DN ...]

Promotes the role of an existing replicated suffix. A consumer is promoted to a hub, a hub is promoted to a master. To promote a consumer to a master, run the command twice.

dsconf pwd-compat [-h host] [-p port] [-a] NEW_MODE

Changes Directory Server password compatibility state.

dsconf reindex [-h host] [-p port] [-a] [-t ATTR] ... SUFFIX_DN [SUFFIX_DN ...]

Rebuilds index(es) of an existing suffix.

dsconf restore [-h host] [-p port] [-a] ARCHIVE_DIR

Restores Directory Server data from backup archive.

dsconf rotate-log-now [-h host] [-p port] [-a] LOG_TYPE

Closes and renames current log and creates fresh log.

dsconf set-index-prop [-h host] [-p port] SUFFIX_DN ATTR_NAME PROP:VAL [PROP:VAL ...]

Sets the index property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-log-prop [-h host] [-p port] LOG_TYPE PROP:VAL [PROP:VAL ...]

Sets server log property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-plugin-prop [-h host] [-p port] PLUGIN_NAME PROP:VAL [PROP:VAL ...]

Sets plugin property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-repl-agmt-prop [-h host] [-p port] SUFFIX_DN HOST:PORT PROP:VAL [PROP:VAL ...]

Sets replication agreement property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-server-prop [-h host] [-p port] PROP:VAL [PROP:VAL ...]

Sets server property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-suffix-prop [-h host] [-p port] SUFFIX_DN PROP:VAL [PROP:VAL ...]

Sets suffix property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf show-repl-agmt-status [-h host] [-p port] [-I dest-bind-dn] [-W dest-pw-file] SUFFIX_DN HOST:PORT

Displays a comparison of a source and destination suffix configuration and the status of the replication agreement. When used with v, this command displays additional replication agreement information such as pending changes and delayed maximum duration.

dsconf show-task-status [-h host] [-p port]

Displays status of current directory server tasks. When used with v, this command displays additional information related to the task type.

dsconf update-repl-dest-now [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Restarts replication updates after the destination server has been down by forcing updates to the remote replica from the local suffix.

GLOBAL OPTIONS

The following options are global, and are applicable to all commands and subcommands.

-?
--help

Displays help information for a command or subcommand.

-c
--accept-cert

Does not ask for confirmation before accepting non-trusted server certificates.

-D USER_DN
--user-dn USER_DN

Binds as USER_DN. dsconf searches for a USER_DN value in the following order: First a a USER_DN specified in the command line, then a USER_DN set by using the environment variable $LDAP_ADMIN_USER. If none of these are found, the default is to bind as the user cn=Directory Manager.

-e
--unsecured

Connects over LDAP with no secure connection. To connect over a clear connection by default, set the DIRSERV_UNSECURED environment variable.

-h HOST
--hostname HOST

Connects to the directory on HOST. dsconf contacts the LDAP server on the specified host, which may be a host name or an IP address. dsconf searches for a HOST value in the following order: First a HOST specified on the command line, then a HOST set by using the environment variable $DIRSERV_HOST. If none of these are found, the default is to use the local host.

For example, when mapping the IPv4 address 192.168.0.99 to IPv6, specify the HOST:PORT as follows: ::ffff:192.168.0.99.

-i
--no-inter

Does not prompt for confirmation before performing the operation.

-j
--reject-cert

Does not ask for confirmation before rejecting non-trusted server certificates (for current session only).

-p PORT
--port PORT

Connects to directory on PORT. dsconf searches for a PORT value in the following order: First aPORT specified in the command line, then a PORT set by using the environment variable $DIRSERV_PORT. If none of these are found, the default is to use port 389.

This option is mutually exclusive with -P,--secure-port.

-P PORT
--secure-port PORT

Connects over SSL to the directory on PORT. The dpconf command searches for a PORT value in the following order:

• A PORT specified in the command line

• A PORT set by using the $DIR_SERV_PORT environment variable

If none of these are found, the default is to use port 636.

This option is mutually exclusive with -p,--port.

-v
--verbose

Displays extra information.

-V --version

Displays the current version of dsconf. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by dsconf are not aligned, the version of each individual component is displayed.

-w FILE
--pwd-file FILE

Binds using an LDAP password is read from FILE. dsconf searches for a password FILE value in the following order: A password or password file specified in the command line. A password file set by using the environment variable $LDAP_ADMIN_PWF. If none of these are found, the default is to prompt for the password.

SUBCOMMAND OPTIONS

The following options are applicable to the subcommands where they are specified.

-A PROTOCOL
--auth-protocol PROTOCOL

Sets authentication protocol for replication agreements to PROTOCOL. For the create-repl-dest subcommand, the default value is clear. Other possible values are ssl-simple and ssl-client. For the change-repl-dest subcommand, the default value is the same as that of the HOST:PORT to which you are changing.

-a
--async

Launches a task and returns the command line accessible immediately.

-B NAME
--db-name NAME

Specifies a database name.

-d REPL_ID
--repl-id REPL_ID

Specifies a replication ID for a master. It is only used when ROLE = master.

--desc DESC

Specifies a description DESC.

-E
--record

Modifies the display output to show one property value per line.

-F INIT_FUNC
--init-func INIT_FUNC

Sets initialization function for a plugin to INIT_FUNC.

-f FLAG or -f FLAG=VAL
--flags FLAG or --flags FLAG=VAL

Customizes imported or exported LDIF.

Import flags:

chunk-size=INTEGER

Sets the merge chunk size. Overrides the detection of when to start a new pass during import.

incremental-output

Specifies whether an output file will be generated for later use in importing to large replicated suffixes. Default is yes. Possible values are yes and no. This flag can only be used when the -K option is used. If this flag is not used, an output file will automatically be generated.

incremental-output-file=PATH

Sets the path of the generated output file for an incremental (appended) import. The output file is used for updating a replication topology. It is an LDIF file containing the difference between the replicated suffix and the LDIF file, and replication information.

Export flags:

multiple-output-file

Exports each suffix to a separate file.

use-main-db-file

Exports the main database file only.

not-export-unique-id

Does not export unique id values.

output-not-folded

Does not wrap long lines.

not-print-entry-ids

Does not export entry IDs.

-G ARG
--arguments ARG

Sets plugin argument property to ARG.

-H LIB_PATH
--lib-path LIB_PATH

Sets plugin library path to LIB_PATH.

-I USER_DN
--dest-bind-dn USER_DN

Binds as USER_DN on destination suffix (Default: same as the DN used for source suffix)

-K
--incremental

Specifies that the contents of the imported LDIF file are appended to the existing LDAP entries. If this option is not specified, the contents of the imported file replace the existing entries.

-L FILE
--db-path FILE

Specifies database directory and path.

-M UNIT
--unit-time UNIT

Displays time in UNIT, where UNIT is one of: w, d, h, m, s (week, day, hour, minute, second).

-N
--no-top-entry

Does not create a top entry for the suffix. By default, a top-level entry is created when a new suffix is created (on the condition that the suffix starts with dc=, c=, o= or ou=). This option changes the default behavior.

-Q
--no-repl

Does not export additional data needed for replication.

-r
--attr-map

Displays help properties and their corresponding attributes in cn=config.

-s DN
--include DN

Exports all data under specified DN.

-T
--tab

Displays information in a table format.

-t ATTR
--attr ATTR

Reindexes the attribute ATTR (Default: All attributes).

-W FILE
--dest-pwd-file FILE

Binds on a destination suffix using the password read from FILE. The default is the same FILE used for the source suffix.

-x DN
--exclude DN

Does not import or export data contained under the specified DN.

-Y TYPE
--type TYPE

Sets plugin type to TYPE, where TYPE is one of: database, extendedop, preoperation, postoperation, matchingrule, syntax, internalpreoperation, internalpostoperation, object, pwdstoragescheme, reverpwdstoragescheme, ldbmentryfetchstore, beprecommit, archive2ldbm.

-Z UNIT
--unit-size UNIT

Displays memory size data in UNIT, where UNIT is one of: G, M, k, b (Gigabyte, Megabyte, kilobyte, byte).

Operands

The following operands are supported:

ARCHIVE_DIR

Directory Server instance backup archive directory.

ATTR_NAME

Attribute name.

ENCRYPTION_ALGO

Algorithm to use for encryption. Possible values are: des, des3, rc2, rc4. These values signify respectively DES block cipher, Triple DES block cipher, RC2 block cipher, RC4 stream cipher.

HOST:PORT

Destination replicated suffix, defined by HOST and destination PORT.

LDIF_FILE

Path and filename for file in LDIF format.

LOG_TYPE

Type of log, where LOG_TYPE is one of: access, error, audit.

NEW_MODE

Desired mode for password compatibility policy. The default mode is DS5–compatible-mode. You can change it to to-DS6-migration-mode and then toto-DS6-mode.

PLUGIN_NAME

Plugin name. The plugin name is defined when the plugin is created.

PRIORITY_NAME

Name used to define or identify a prioritized replication rule.

PROP

Property name. For a list of PROP names and default values, use the command dsconf help-properties -v.

PROP:VAL

Property and corresponding value. For a list of PROP names and default values, use the command dsconf help-properties -v.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

Multi-valued properties are identified by the M keyword. For a list of multi-valued properties, use the command dsconf help-properties | grep " M "

Allowed values that are too wide for the help-properties output are listed below:

LOG level (Access): acc-internal | default | acc-default_plus_referrals | acc-timing. For definitions of log levels, see the man page log(5dsconf).

LOG level (Error): default | err-function-calls | err-search-args | err-connection | err-packets | err-search-filter | err-config-file | err-acl | err-ldbm | err-entry-parsing | err-housekeeping | err-replication | err-entry-cache | err-plugins | err-dsml | err-dsml-advanced. For definitions of log levels, see the man page log(5dsconf).

PLG type and depends-on-type: database | extendedop | preoperation | postoperation | matchingrule | syntax | internalpreoperation | internalpostoperation | object | pwdstoragescheme | reverpwdstoragescheme | ldbmentryfetchstore | beprecommit | archive2ldbm

RAG transport-compression: no-compression | default-compression | best-speed | best-compression

SER dsml-client-auth-mode: client-cert-first | http-basic-only | client-cert-only

ROLE

Role of the replicated suffix , where ROLE is one of: master, hub, consumer.

SUFFIX_DN

Suffix DN (Distinguished Name)

Description

Syntax values shown in lower case or partly in lower case are literal values.

Those shown in upper case are syntax types, defined as follows:

ATTR_NAME

A valid attribute type name such as cn or objectClass.

BOOLEAN

true or false.

DN

A valid distinguished name such as ou=People,dc=example,dc=com.

DURATION

A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.

DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.

EMAIL_ADDRESS

A valid e-mail address.

HOST_NAME

An IP address or host name.

INTEGER

A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.

INTERVAL

An interval value of the form hhmm-hhmm 0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).

IP_RANGE

An IP address or range of address in one of the following formats:

• IP address in dotted decimal form.

• IP address and bits, in the form of network number/mask bits.

• IP address and quad, in the form of a pair of dotted decimal quads.

• All address. A catch-all for clients that are note placed into other, higher priority groups.

• 0.0.0.0. This address is for groups to which initial membership is not considered. For example, for groups that clients switch to after their initial bind.

• IP address of the local host.

LDAP_URL

A valid LDAP URL as specified by RFC 2255.

MEMORY_SIZE

A memory size specified in gigabytes (G), megabytes (M),kilobytes (k), or bytes (b). Unlike DURATION properties, MEMORY_SIZE properties cannot combine multiple specifiers. However, MEMORY_SIZE properties allow decimal values, for example, 1.5M.

NAME

A valid cn (common name).

OCTAL_MODE

A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.

PASSWORD_FILE

The full path to the file from which the bind password should be read.

PATH

A valid, absolute file system path.

STRING

A DirectoryString value, as specified by RFC 2252.

SUPPORTED_SSL_CIPHER

An SSL cipher supported by the server. See the Reference for a list of supported ciphers.

SUPPORTED_SSL_PROTOCOL

An SSL protocol supported by the server. See the Reference for a list of supported protocols.

TIME

A time of the form hhmm in 24-hour format, where hh stands for hours and mm stands for minutes.

EXIT STATUS

The following exit status values are returned:

0

Successful completion.

non-zero

An error occurred.

Examples

The following examples show how the dsconf command is used.

---

Example 1 Create a Suffix




$ dsconf create-suffix -h host -p port dc=example,dc=com

In this example, non-default ports are specified.

Check to see if the suffix has been created.

$ dsconf list-suffixes -h host -p port -v

---

---

Example 2 Import LDIF Data into the Suffix




$ dsconf import -h host -p port /local/ds/ldif/example.ldif dc=example,dc=com

---

---

Example 3 Index an Attribute




In this example, the preferredLanguage attribute is going to be indexed.

1. Create an index entry for the attribute. By default, the index matching types are equity and presence.

   $ dsconf create-index -h host -p port dc=example,dc=com preferredLanguage

2. Check that the index entry has been created

   $ dsconf get-index-prop -h host -p port dc=example,dc=com preferredLanguage

3. Generate the index for the attribute.

   $ dsconf reindex -h host -p port -t preferredLanguage dc=example,dc=com

---

---

Example 4 Back Up the Directory Server Data




$ dsconf backup -h host -p port /tmp/backupArchiveDir

For complete backup procedures, see the Sun Java System Directory Server Enterprise Edition 6.2 Administration Guide.

---

---

Example 5 Monitor and Change Cache Size for a Suffix




1. Search for the string cache within the dsconf help properties:

   $ dsconf help-properties | grep cache

2. Determine which property is most applicable and request more information. In the results of the preceding step, cache-mem-size seems to correspond. For additional information, use the verbose option:

   $ dsconf help-properties -v | grep entry-cache-size SUF entry-cache-size rw MEMORY_SIZE (Ex: 3G,2m,200k,10000b) nsslapd-cachememsize Cache size in term of memory space: (Default: 10M)

   Use the following information to interpret the results above:

   SUF

   This property applies to a suffix.

   entry-cache-size

   The name of the property

   rw

   You have read and write access to the property when using get-suffix-prop and set-suffix-prop.

   MEMORY_SIZE

   Use memory size values as described in this man page.

   nsslapd-cachememsize

   The attribute under cn=config to which this property applies.

   (Default: 10M)

   The default value of this property

3. Determine the current value of entry-cache-size:

   $ dsconf get-suffix-prop -h host -p port dc=example,dc=com entry-cache-size entry-cache-size : 10M

4. Change the value of entry-cache-size to 12M:

   $ dsconf set-suffix-prop -h host -p port dc=example,dc=com entry-cache-size:12M

5. Check that the value has been changed:

   $ dsconf get-suffix-prop -h host -p port dc=example,dc=com entry-cache-size entry-cache-size : 12M

---

---

Example 6 Export to LDIF While Using Filters




$ dsconf export -h host -p port -f not-print-entry-ids -s ou=people,dc=example,dc=com -s ou=contractors,dc=example,dc=com dc=example,dc=com /local/ds/ldif/export.ldif

This example shows a command that:

• Uses the flag not-print-entry-ids to request that entry IDs are not exported.

• Exports data from two suffixes ou=people,dc=example,dc=com and ou=contractors,dc=example,dc=com into one LDIF file /local/ds/ldif/export.ldif.

---

---

Example 7 Rotate the Access Log and Modify the Rotation Delay for the Access Log




If you have a log which is getting very large, you can rotate the log. Rotation backs up the existing log file and creates a fresh log file. In this example, the access log is rotated.

1. Rotate the access log by using the command:

   $ dsconf rotate-log-now -h host -p port access

2. You can now modify the delay between log rotations for the access log.

   Find the property which sets maximum log size:

   $ dsconf help-properties -v | grep LOG

   The output from the previous command shows that the required property is rotation-interval.

3. To see the default setting for rotation-interval:

   $ dsconf get-log-prop -h host -p port access rotation-interval

   The default is one day 1d.

4. To increase the rotation delay to two days, use the command:

   $ dsconf set-log-prop -h host -p port access rotation-interval:2d

---

---

Example 8 Configure Replication in a Two-Master Topology




This procedure configures replication on a topology with two severs, and both are masters. Replication is configured first on one master, then on the second master. Master 1 is located on server1.example:1389. Master 2 is located on server2.example:2389.

1. On server 1: Create a suffix

   $ dsconf create-suffix -h server1.example -p 1389 dc=example,dc=com

2. On Server 1: Populate the suffix with LDIF data

   $ dsconf import -a -h server1.example -p 1389 /opt/SUNWdsee/ds6/ldif/Example.ldif dc=example,dc=com

   If the import takes a long time, you can obtain status on the import operation using:

   $ dsconf info -h server1.example -p 1389

   or

   $ dsconf show-task-status -h server1.example -p 1389 -v

   Alternatively, you can view the status of the task while it is running by omitting the -a option in the command.

3. On Server 1: Enable replication on Master 1. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.

   $ dsconf enable-repl -h server1.example -p 1389 -d 1 master dc=example,dc=com

4. On server 2: Create a suffix

   $ dsconf create-suffix -h server2.example -p 2389 dc=example,dc=com

5. On Server 2: Enable replication on Master 2. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.

   $ dsconf enable-repl -h server2.example -p 2389 -d 2 master dc=example,dc=com

6. On Server 1: Create a replication agreement from Master 1 to Master 2.

   $ dsconf create-repl-agmt -h server1.example -p 1389 dc=example,dc=com server2.example:2389

7. On Server 2: Create a replication agreement from Master 2 to Master 1

   $ dsconf create-repl-agmt -h server2.example -p 2389 dc=example,dc=com server1.example:1389

8. On Server 1: Check that the replication agreement status is OK.

   $ dsconf show-repl-agmt-status -h server1.example -p 1389 dc=example,dc=com server2.example:2389

   If the status is not OK, then accord the replication agreement.

   $ dsconf accord-repl-agmt -h server1.example -p 1389 dc=example,dc=com server2.example:2389

9. On Server 1: From Master 1, initialize replication on Master 2. This step initializes Master 2 with the data contained in the suffix on Master 1 and starts replication.

   $ dsconf init-repl-dest -h server1.example -p 1389 dc=example,dc=com server2.example:2389

The replication agreements in both directions are now active and replication is running.

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Evolving

See Also

dsadm(1M)

DS 6.2  Last Revised April 12, 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Description | EXIT STATUS | Examples | Attributes | See Also

dsee_deploy(1M)

NAME | Synopsis | Description | SUBCOMMANDS | Options | Exit Status | Attributes | See Also

NAME

dsee_deploy – deploy Directory Server Enterprise Edition software

Synopsis

./dsee_deploy install -c component -i install_path
 [OPTIONS]

install-path/dsee6/bin/dsee_deploy 
 uninstall -c component -i install_path [OPTIONS]

Description

The dsee_deploy command installs Directory Server Enterprise Edition software from zip distributions rather than native packages, and registers server software with the Cacao common agent container to allow remote administration. The dsee_deploy command also removes registration information from the Cacao common agent container, and removes Directory Server Enterprise Edition software installed from the zip distribution.

Software installed from a zip distribution does not require that you have super user or administrator access to the system. The software is self-contained and need not have dependencies outside the install path you choose.

SUBCOMMANDS

The following subcommands are supported:

install

Install component software.

Use the command unpacked with the product distribution.

uninstall

Remove component software.

Use the command placed under install-path/dsee6/bin/ by the install subcommand.

Options

The following options are supported:

-c component
--component component

Install or remove the specified combination of Directory Server Enterprise Edition component products. The component may be one of the following values. The default value is ALL.

ALL

Install or remove Directory Proxy Server and Directory Server software, including server administration, and LDAP client command-line tools, and Directory Server Resource Kit software.

DPS

Install or remove Directory Proxy Server software, including command-line administration tools.

DPSCONFIG

Install or remove Directory Proxy Server command-line administration tools.

DPSSERVER

Install or remove Directory Proxy Server software.

DS

Install or remove Directory Server software, including server administration and LDAP client command-line tools, and Directory Server Resource Kit software.

DSCONFIG

Install or remove Directory Server command-line administration tools.

DSRK

Install or remove Directory Server Resource Kit software, including LDAP client command-line tools.

DSSERVER

Install or remove Directory Server software.

LDAPTOOLS

Install or remove LDAP client command-line tools.

-h
--help

Display the usage message for the command.

-I
--no-inter

Install in non-interactive mode, accepting the license text without confirmation. This mode is useful for silent installation.

-i install_path
--install-path install_path

Install or remove Directory Server Enterprise Edition software under the specified file system directory.

If the specified file system directory does not exist at installation time, the dsee_deploy command attempts to create it.

-N
--no-cacao

Do not use or configure the Cacao common agent container.

If specified, you may use the dsconf(1M) command to manage Directory Server and the dpconf(1M) command to manage Directory Proxy Server, but not Directory Service Control Center.

-O
--non-overwrite

Never overwrite files during installation.

-p cacao_port
--cacao-port cacao_port

Configure the Cacao common agent container used for remote management to listen for JMX management communications on the specified port number.

If specified, the port must not be in use.

If no Cacao common agent contain port is specified, the default value is 11162.

-v
--verbose

Display extra messages during software installation and removal.

Exit Status

The following exit values are returned:

0

Successful completion.

1

The unzip command could not be found.

2

The install_path file system directory could not be created.

3

The install_path is not a file system directory.

4

Permission was denied to create the install_path file system directory.

5

A component_product name was not recognized.

6

The specified cacao_port could not be used.

7

There was an internal memory error.

8

The unzip command returned an error.

9

The server(s) installed could not be registered with the Cacao common agent container.

10

A required zip file, normally located in the dsee_data/ file system directory next to the dsee_deploy command, could not be found.

11

The cacaoadm command issued to configure the Cacao common agent container failed.

12

The number of parameters was invalid.

Make sure you have specified at least all mandatory options.

13

The dsee_deploy command failed to configure the Cacao common agent container.

14

The dsee_deploy command failed to start the Cacao common agent container.

15

The specified subcommand was not valid.

16

The Cacao common agent container could not be removed.

17

The specified Cacao common agent container port is already in use.

18

An invalid option was specified.

19

An option was incorrectly specified more than once.

20

Permission to the specified file system directory was denied.

21

The dsee_deploy command, necessary for uninstallation, could not be copied to under the specified install_path.

22

A subcommand was missing. The dsee_deploy requires that you specify a subcommand (install | uninstall).

23

The -N option is not for use with the uninstall subcommand.

24

The -O option is not for use with the uninstall subcommand.

25

The -p option is not for use with the uninstall subcommand.

26

The Cacao common agent container is already configured. Use the -N option.

27

The specified component is not installed in the specified location, and therefore cannot be removed.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	Zip distributions only
Stability Level	Evolving

See Also

cacaoadm(1M), unzip(1)

DSEE 6.2  Last Revised June 18, 2007

NAME | Synopsis | Description | SUBCOMMANDS | Options | Exit Status | Attributes | See Also

dsmig(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Exit Status | Examples | Attributes | See Also

NAME

dsmig – Migrates a Directory Server Instance

Synopsis

install-path/ds6/bin/dsmig 
subcommand [options] [operands]

Description

The dsmig command is the migration command for a single Directory Server instance. Use the dsmig command with any of the subcommands described in this man page.

dsmig migrates a Directory Server 5.1 instance to a Directory Server 6.2 instance.

dsmig must be run from the local machine on which the new instance will be located. If the new instance exists, migration subcommands are carried out on that instance. If the new instance does not exist, dsmig creates the new instance with the parameters specified in the global options.

SUBCOMMANDS

The following subcommands are supported.

dsmig info

Displays information on the status of each migration step.

The format of the subcommand is:

dsmig info NEW_INSTANCE_PATH

dsmig migrate-all

Migrates the old instance to the new instance in a single step. This subcommand essentially combines the functionality of all the other subcommands.

The format of the subcommand is:

dsmig migrate-all [-R] [-N] [-c] [-j] [-e | -Z]
 [-D USER_DN] [-w PWD_FILE] [-v] OLD_INSTANCE_PATH
 NEW_INSTANCE_PATH

dsmig migrate-config

Migrates the configuration from the old instance to the new instance.

The format of the subcommand is:

dsmig migrate-config [-R] [-N] [-c] [-j] [-e | -Z]
 [-D USER_DN] [-w PWD_FILE] [-v] OLD_INSTANCE_PATH
 NEW_INSTANCE_PATH

dsmig migrate-data

Migrates the data from the old instance to the new instance. Migrating the change logs of the old instance is optional. Migration of the NetscapeRoot database must be specified as this database is not migrated by default.

The format of the subcommand is:

dsmig migrate-data [-R] [-N] [-v] OLD_INSTANCE_PATH
 NEW_INSTANCE_PATH

dsmig migrate-schema

Migrates the schema from the old instance to the new instance.

The format of the subcommand is:

dsmig migrate-schema [-v] OLD_INSTANCE_PATH NEW_INSTANCE_PATH

dsmig migrate-security

Migrates the security files from the old instance to the new instance.

The format of the subcommand is:

dsmig migrate-security [-v] OLD_INSTANCE_PATH NEW_INSTANCE_PATH

GLOBAL OPTIONS

The following options are global, and are applicable to all commands and subcommands.

--?
---help

Displays help information for a command or subcommand.

--i
---no-inter

Does not request confirmation before executing the command.

--p PORT
---port PORT

The port used for LDAP traffic. The default LDAP port is 389 or 1389.

--P SSL_PORT
---secure-port SSL_PORT

The port used for secure LDAP traffic. The default secure LDAP port is 636 or 1636.

SUBCOMMAND OPTIONS

The following options are applicable to the subcommands where they are specified.

--c
---accept-cert

Specifies that confirmation should not be requested before accepting non-trusted server certificates.

-D USER_DN
--user-dn USER_DN

Defines the Directory Manager DN. The default is cn=Directory Manager.

--e
---unsecured

Specifies an unsecured connection over LDAP. If this option is not used, a secure LDAP connection using StartTLS is made by default.

--j
---reject-cert

Specifies that confirmation should not be requested before rejecting non-trusted server certificates (for this session only.)

--N
---netscapeRoot

Specifies that data for the “o=netscapeRoot“ suffix must be migrated. If this option is used with the migrate-config subcommand, it refers to the suffix configuration data. If this option is used with the migrate-data subcommand, it refers to the netscapeRoot database. Using the option with the migrate-all subcommand means that neither the configuration data nor the database is migrated.

--R
---replication

Specifies that replication data should be migrated. If this option is used with the migrate-config subcommand, it refers to replication configuration data. If this option is used with the migrate-data subcommand, it refers to replication changelogs. Using the option with the migrate-all subcommand means that both replication configuration data and changelogs are migrated.

--v
---verbose

Specifies that additional messages are displayed.

--w PWD_FILE
---pwd-file PWD_FILE

The file from which the Directory Manager password should be read. If this option is not specified, the command prompts for the password.

-Z
--secured

Specifies an SSL connection over LDAP.

SUBCOMMAND OPERANDS

The following operands are applicable to the subcommands where they are specified.

-OLD_INSTANCE_PATH

Specifies the path to the 5.1 instance.

-NEW_INSTANCE_PATH

Specifies the path to the 6.0 instance.

Exit Status

The following exit status values are returned:

0

Successful completion.

non-zero

An error occurred.

Examples

The following examples show how the dsmig command is used.

---

Example 1 Migrating the schema




$ dsmig migrate-schema -p 6389 -P 6636 /local/ds52pX/slapd-old_52_instance /local/new_ds61_instance/

This command migrates the schema from the old Directory Server instance to the new 6.0 instance.

In this example, the LDAP port is specified as 6389, and the secure port is specified as 6636. If you do not specify port numbers, the default port numbers 389 and 636 (for root user) or 1389 and 1636 (for not-root user) are used. If you do not specify port numbers and the default port numbers are already being used, the dsmig command aborts.

---

---

Example 2 Migrating the configuration




$ dsmig migrate-config -N /local/ds52pX/slapd-old_52_instance /local/new_ds61_instance/

This command migrates the configuration from the old Directory Server instance to the new instance.

In this example, configuration data for the “o=netscapeRoot“ suffix and replication configuration data are migrated.

---

---

Example 3 Migrating the data




$ dsmig migrate-data -R -N /local/ds52pX/slapd-old_52_instance /local/new_ds61_instance/

This command migrates the data from the old Directory Server instance to the new instance.

In this example, the replication change logs are not migrated. The NetscapeRoot database is migrated.

---

---

Example 4 Migrating everything in a single step




$ dsmig migrate-all -R -N /local/ds52pX/slapd-old_52_instance /local/new_ds61_instance/

In this example, replication configuration data is not migrated. Data for the “o=netscapeRoot“ suffix is migrated.

---

---

Example 5 Obtaining migration status information




$ dsmig info /local/new_ds61_instance/ Old instance path : /local/ds52pX/slapd-old_52_instance New instance path : /local/new_ds61_instance Schema Migration : Completed Security Migration : Not completed Config Migration : Completed except NetscapeRoot and Replication configuration Data Migration : Not completed

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Evolving

See Also

dsconf(1M)

DS 6.2  Last Revised June 18, 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Exit Status | Examples | Attributes | See Also

dsrepair(1M)

NAME | Synopsis | Description | SUBCOMMANDS | Options | Exit Status | Attributes

NAME

dsrepair – repair replicated directory entries

Synopsis

install-path/ds6/support_tools/bin/dsrepair 
subcommand [options] arguments

Description

The dsrepair command makes it possible to repair entries that prevent replication from preceeding normally. You must enable the replication repair plug-in to use the dsrepair command.

Use the dsrepair command only under the supervision of qualified support personnel.

The dsrepair command functions only in non-secure mode, with simple authentication.

The dsrepair command is not available on Windows systems, though it can be run against a Directory Server instance on a Windows system.

SUBCOMMANDS

The following subcommands are supported:

dsrepair add-entry [options] suffix entry.ldif

Adds the entry specified in the entry.ldif file to the specified suffix.

If an entry or tombstone entry having the same DN or nsUniqueID already exists, or if the parent entry does not exist, add-entry fails.

dsrepair begin-repair-mode [options] suffix

Puts the specified suffix in repair mode such that the only modify operations allowed are those performed using the dsrepair command.

Read operations continue normally while the suffix is in repair mode.

dsrepair delete-entry [options] suffix entry.ldif

Deletes the entry specified in the entry.ldif file from the specified suffix, and any tombstone associated with the entry.

If no entry or tombstone entry having the same DN or nsUniqueID already exists, or the specified entry has child entries, delete-entry fails.

dsrepair end-repair-mode [options] suffix

Returns the specified suffix from repair mode to its normal replication mode.

dsrepair replace-entry [options] suffix entry.ldif

Replaces an entry in the directory with the content specified in the entry.ldif file.

If no entry having the DN or nsUniqueID exists, or the entries returned for based on the DN and nsUniqueID are different, replace-entry fails.

dsrepair update-ruv [options] suffix csn

Replaces the maximum change sequence number (CSN) in a replication update vector (RUV) element with the specified csn string.

Options

The following options are supported:

-D bindDN
--bind-dn bindDN

Use the specified bind DN to authenticate to the directory server.

The default is cn=Directory Manager.

-h host
--hostname host

Contact the LDAP server on the specified host, which may be a host name or an IP address.

For example, when mapping the IPv4 address 192.168.0.99 to IPv6, pass the -h option with its argument as -h ::ffff:192.168.0.99.

The default is localhost.

-p port
--port port

Contact the LDAP server on the specified port.

The default is 389.

-w file
--pwd-file file

Use the bind password in the specified file.

If this option is not specified, the dsrepair command prompts for the password.

Exit Status

The following exit values are returned:

0

Successful completion.

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Evolving

DS 6.2  Last Revised April 12, 2007

NAME | Synopsis | Description | SUBCOMMANDS | Options | Exit Status | Attributes

idsktune(1M)

NAME | Synopsis | Description | Options | Extended Description | Exit Status | Attributes

NAME

idsktune – generate system tuning recommendations for running Directory Server Enterprise Edition server software

Synopsis

./idsktune  [-q] [-D] [-v] [-c] [-i install-path]

Description

The idsktune command checks patch levels and kernel parameter settings for the system on which Directory Server or directory client applications run, making tuning recommendations as it performs the checks. Run the command as super user to obtain the widest range of tuning recommendations.

The idsktune command is delivered next to the dsee_deploy command with zip distribution software only.

The idsktune command suggests changes you make to the system, but does not itself make any changes. You must fix at least all ERROR conditions identified by the idsktune command.

The idsktune command reports as missing all patches recommended at the time of release and not installed on the system, even patches for packages not installed on the system.

Options

The idsktune command supports the following options.

-c

Display tuning recommendations only for directory client applications.

Default is to display recommendations for both directory client applications and for Directory Server.

-D

Run in debug mode, displaying messages to showing commands the idsktune command runs internally, preceded by DEBUG.

-i install-path

Check the specified installation directory to ensure enough space is available.

-q

Run in quiet mode, reporting only information about key system prerequisites and essential settings.

-v

Display the version information about the build and exit.

Extended Description

The idsktune command verifies and reports on the following settings depending on the underlying system.

Operating system and kernel versions

• Solaris^TM and Red Hat version numbers

• Solaris kernel build date

• Solaris, and HP-UX patches

Memory and disk space

• Physical memory size

• Swap space or swap partition size

• Memory resource limits

• File descriptor resource limits

Scheduler settings

• Maximum threads per process for HP-UX

• Maximum files for HP-UX

TCP settings

Many of the following are system-specific TCP tuning settings.

• Listen backlog queue size

• tcbhashsize, tcbhashnum and tcp_msl

• sominconn and somaxconn

• ipport_userreserved_min

• tcp_close_wait_interval and tcp_time_wait_interval

• tcp_keepalive_interval

• tcp_max_listen

• tcp_conn_request_max

• tcp_conn_req_max_q and tcp_conn_req_max_q0

• tcp_rexmit_interval_initial

• net.inet.ip.portrange.hifirst and tcp_smallest_anon_port

• tcp_slow_start_initial

• net.inet.tcp.delayed_ack and tcp_deferred_ack_interval

• link_speed on /dev/hme

Tuning system settings, especially network stack settings, involves considering potentially not just directory applications and Directory Server, but also other applications running on the system and in the environment. In general, however, implementing the recommendations optimizes directory performance whether the system is dedicated to Directory Server or shared with other applications.

Exit Status

The idsktune command exits with status 0 if it completes successfully and no ERRORs are found. Otherwise, it exists with non-zero status.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	Zip distribution only
Stability Level	Evolving

DSRK 6.0  Last Revised October 16, 2006

NAME | Synopsis | Description | Options | Extended Description | Exit Status | Attributes

ns-accountstatus(1M)

NAME | Synopsis | Description | Options | Exit Status | Examples | Attributes | See Also

NAME

ns-accountstatus – show whether an account is active

Synopsis

install-path/ds6/bin/ns-accountstatus 
 [-D rootDN] {-w password |  -w - |  -j filename} [-p port]
 [-h host] -I accountDN

Description

The ns-accountstatus command shows whether the account corresponding to an entry is active. The command can also be used to show whether the accounts corresponding to a role are active.

Options

The following options are supported:

-?

Display the usage message.

-D rootDN

Bind using the Directory Manager (directory super user) rootDN.

When this option is not specified, the default bind DN, cn=Directory Manager, is used.

-h host

Bind to the specified host on which the Directory Server instance runs.

Default: localhost.

-I accountDN

Determine account status for the entry or role having Distinguished Name accountDN.

-j filename

Read the bind password for simple authentication from filename.

-p port

Bind to the specified port on which the Directory Server instance listens.

Default: 389.

-w –

Bind with simple authentication, specifying the password interactively.

-w password

Bind with simple authentication using the specified password.

Exit Status

The following exit values are returned:

0

Successful completion.

1

An error occurred.

On error, verbose error messages are displayed on standard output.

Examples

The examples in this section use sample data from the Example-roles.ldif file.

---

Example 1 Examining Status of an Entry




The following command checks the status of Barbara Jensen's entry.

$ ./ns-accountstatus -D "cn=Directory Manager" -j /tmp/pwd.txt \ > -I uid=bjensen,ou=people,dc=example,dc=com uid=bjensen,ou=people,dc=example,dc=com activated.

---

---

Example 2 Examining Status of a Role




The following command checks the status of the Directory Administrators role.

$ ./ns-accountstatus -D "cn=Directory Manager" -j /tmp/pwd.txt \ > -I "cn=Directory Administrators,dc=example,dc=com" cn=Directory Administrators,dc=example,dc=com activated.

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Stable

See Also

ns-activate(1M), ns-inactivate(1M)

DS 6.2  Last Revised September 5, 2006

NAME | Synopsis | Description | Options | Exit Status | Examples | Attributes | See Also

ns-activate(1M)

NAME | Synopsis | Description | Options | Exit Status | Examples | Attributes | See Also

NAME

ns-activate – activate accounts

Synopsis

install-path/ds6/bin/ns-activate 
 [-D rootDN] {-w password |  -w - |  -j filename} [-p port]
 [-h host] -I accountDN

Description

The ns-activate command activates an account corresponding to an entry. The command can also be used to activate accounts sharing a role.

Options

The following options are supported:

-?

Display the usage message.

-D rootDN

Bind using the Directory Manager (directory super user) rootDN.

When this option is not specified, the default bind DN, cn=Directory Manager, is used.

-h host

Bind to the specified host on which the Directory Server instance runs.

Default: localhost.

-I accountDN

Activate the account for the entry or accounts corresponding to the role having Distinguished Name accountDN.

-j filename

Read the bind password for simple authentication from filename.

-p port

Bind to the specified port on which the Directory Server instance listens.

Default: 389.

-w –

Bind with simple authentication, specifying the password interactively.

-w password

Bind with simple authentication using the specified password.

Exit Status

The following exit values are returned:

0

Successful completion.

1

An error occurred.

On error, verbose error messages are displayed on standard output.

Examples

The examples in this section use sample data from the Example-roles.ldif file.

---

Example 1 Activating an Inactive Account Entry




The following command activates Barbara Jensen's account.

$ ./ns-activate -D "cn=Directory Manager" -j /tmp/pwd.txt \ > -I uid=bjensen,ou=people,dc=example,dc=com uid=bjensen,ou=people,dc=example,dc=com activated.

---

---

Example 2 Activating an Inactive Account Role




The following command activates the Directory Administrators role.

$ ./ns-activate -D "cn=Directory Manager" -j /tmp/pwd.txt \ > -I "cn=Directory Administrators,dc=example,dc=com" cn=Directory Administrators,dc=example,dc=com activated.

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Stable

See Also

ns-accountstatus(1M), ns-inactivate(1M)

DS 6.2  Last Revised September 5, 2006

NAME | Synopsis | Description | Options | Exit Status | Examples | Attributes | See Also

ns-inactivate(1M)

NAME | Synopsis | Description | Options | Exit Status | Examples | Attributes | See Also

NAME

ns-inactivate – inactivate accounts

Synopsis

install-path/ds6/bin/ns-inactivate 
 [-D rootDN] {-w password |  -w - |  -j filename} [-p port]
 [-h host] -I accountDN

Description

The ns-inactivate command inactivates an account corresponding to an entry. The command can also be used to inactivate accounts sharing a role.

Options

The following options are supported:

-?

Display the usage message.

-D rootDN

Bind using the Directory Manager (directory super user) rootDN.

When this option is not specified, the default bind DN, cn=Directory Manager, is used.

-h host

Bind to the specified host on which the Directory Server instance runs.

Default: localhost.

-I accountDN

Inactivate the account for the entry or accounts corresponding to the role having Distinguished Name accountDN.

-j filename

Read the bind password for simple authentication from filename.

-p port

Bind to the specified port on which the Directory Server instance listens.

Default: 389.

-w –

Bind with simple authentication, specifying the password interactively.

-w password

Bind with simple authentication using the specified password.

Exit Status

The following exit values are returned:

0

Successful completion.

1

An error occurred.

On error, verbose error messages are displayed on standard output.

Examples

The examples in this section use sample data from the Example-roles.ldif file.

---

Example 1 Inactivating an Account Entry




The following command inactivates Barbara Jensen's account.

$ ./ns-activate -D "cn=Directory Manager" -j /tmp/pwd.txt \ > -I uid=bjensen,ou=people,dc=example,dc=com uid=bjensen,ou=people,dc=example,dc=com inactivated.

---

---

Example 2 Inactivating an Account Role




The following command inactivates the Directory Administrators role.

$ ./ns-activate -D "cn=Directory Manager" -j /tmp/pwd.txt \ > -I "cn=Directory Administrators,dc=example,dc=com" cn=Directory Administrators,dc=example,dc=com inactivated.

---

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Stable

See Also

ns-accountstatus(1M), ns-activate(1M)

DS 6.2  Last Revised September 5, 2006

NAME | Synopsis | Description | Options | Exit Status | Examples | Attributes | See Also

replcheck(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Extended Description | Exit Status | Attributes

NAME

replcheck – diagnose and repair some replication failures

Synopsis

install-path/ds6/support_tools/bin/replcheck 
subcommand options

Description

The replcheck command allows you to diagnose and repair a replication halt. Use the replcheck command with one of the options described in this man page.

SUBCOMMANDS

The following subcommands are supported:

replcheck diagnose [-D DN] [-w PW_FILE] [-L LOG_DIR] [-v] TOPOLOGY_FILE

Diagnoses the cause of the replication breakage and summarizes the proposed repair actions.

replcheck fix [-D DN] [-w PW_FILE] [-L LOG_DIR] [-v] TOPOLOGY_FILE

Fixes the replication breakage.

GLOBAL OPTIONS

The following options are global, and are applicable to all commands and subcommands.

--?
--help

Displays help information for a command or subcommand.

-V--version

Displays the current version of replcheck. The version is provided in the format year.day.time. So version number 2006.178.0035 was built on the 178th day of 2006 at 00h35. If the components used by replcheck are not aligned, the version of each individual component is displayed.

SUBCOMMAND OPTIONS

The following options are applicable to the subcommands where they are specified.

-D bindDN
--bind-dn bindDN

Use the specified bind DN to authenticate to the directory server.

The default is cn=Directory Manager.

-L dir-path
--log-dir dir-path

Creates a replcheck.log log file in this directory.

If this option is not specified, the replcheck.log log file will be created in the home directory.

-v
--verbose

Displays additional information.

-w password-file
--pwd-file file

Use the bind password in the specified password-file.

If this option is not specified, the replcheck command prompts for the password.

Operands

The following operands are supported:

TOPOLOGY_FILE

Specifies the path to the file that describes the replication topology.

This file contains one record for each line in the following format: hostname:port:suffix_dn[:label]. The optional label field provides a name that appears in any messages that are displayed or logged. If you do not specify a label, the hostname:port are used instead.

For example, the following topology file describes a replication topology consisting of two hosts:

host1:389:dc=example,dc=com:Paris host2:489:dc=example,dc=com:New York

---

Note –

The replcheck command must access the servers in the topology using their non-secure ports. The topology file can not specify an SSL port.

---

Extended Description

I

The replcheck command diagnoses and repairs a replication halt. The replcheck diagnose subcommand compares the RUVs for each of the servers in your replication topology to determine if the masters are synchronized. If the search results show that all of the consumer replica in-memory RUVs are evolving on time or not evolving but equal to those on the supplier replicas, the tool will conclude that a replication halt is not occurring.

However, if the command determines that the consumer RUVs do not change at all over time, then the replcheck diagnose subcommand displays the repair operation it would do and exits without making the repair. Then, you can launch the replcheck fix subcommand to repair the replication halt. For example, the command determines that replication is blocked on the entry associated with CSN 24 if a supplier has a CSN of 40, while the consumer has a CSN of 23 that does not evolve at all over time.

The replcheck command can repair two types of replication halt:

• The entry at which replication is halted, in our previous example CSN 24, exists on the supplier but not on the consumer. The replcheck command takes the entry from the instance that is at least more up-to-date than the consumer and then pushes it to the consumer.

• The entry at which replication is halted, CSN 24, is unknown to supplier A. This can occur if a server is reinitialized or a replication agreement is deleted, resulting in a consumer becoming out of date and breaking replication . The replcheck command looks at other servers in the topology to see if the CSN is recognized. If it finds the CSN on a new supplier, such as supplier B, it creates a replication agreement with supplier B and lets replication send the entry, CSN 24, to the consumer.

Exit Status

The following exit status values are returned:

0

Successful completion.

non-zero

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory-client
Stability Level	Evolving

DS 6.2  Last Revised March 15, 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Extended Description | Exit Status | Attributes

schema_push(1M)

NAME | Synopsis | Description | Attributes | See Also

NAME

schema_push – ensure manually modified schema are replicated to consumers

Synopsis

install-path/ds6/bin/schema_push 
instance-path 

Description

When schema modifications are made manually by editing the .ldif files such as 99user.ldif directly, the schema_push command should be run to update the modification time used by replication. This ensures that the modified schema are replicated to the consumers.

The instance-path argument is the path to the instance where you updated schema files, such as /local/ds.

---

Note –

When using the command on Windows systems, you may need to include Perl in your PATH, as shown in the following example.

C:\ds6\bin>set PATH=%PATH%;C:\dsee6\perl5\bin C:\ds6\bin>perl schema_push C:\servers\ds\

---

Once the script has been run, you must restart the server to trigger the schema replication.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWldap-directory
Stability Level	Stable

See Also

dsadm(1M)

DS 6.2  Last Revised September 22, 2006

NAME | Synopsis | Description | Attributes | See Also