Sun and OracleChannel SunHow to BuyLog InEnglish

Sun Java System Directory Server Enterprise Edition 6.3 Man Page Reference
  Search only this book
Search Help
Contained Within
Find More Documentation
Featured Support Resources
 Download this book in PDF (3673 KB)

dsconf(1M)

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Description | EXIT STATUS | Examples | Attributes | See Also

NAME

    dsconf – Manages Directory Server configuration

Synopsis

    install-path/ds6/bin/dsconf 
subcommand options

Description

    The dsconf command manages Directory Server configuration. It enables you to modify the configuration entries in cn=config.

    The server must be running in order for you to run dsconf.

SUBCOMMANDS

    The following subcommands are supported:

    dsconf accord-repl-agmt [-h host] [-p port] [-I USER_DN] [-W FILE] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Ensures the authentication properties of the destination suffix are in accord with those of the replication agreement.

    dsconf backup [-h host] [-p port] [-a] ARCHIVE_DIR

    Backs up Directory Server data (configuration data excluded).

    dsconf change-repl-dest [-h host] [-p port] [-A NEW_PROTOCOL] [-J] SUFFIX_DN HOST:PORT NEW_HOST:NEW_PORT

    Changes the remote replica pointed to by an existing replication agreement. The suffix DN and configuration of the existing agreement remain the same.

    dsconf create-encrypted-attr [-h host] [-p port] [--desc DESC] SUFFIX_DN ATTR_NAME [ATTR_NAME ...] ENCRYPTION_ALGO

    Declares that the values for an attribute are encrypted.

    dsconf create-index [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

    Declares that an attribute is indexed. The default index types for the attribute are equality and presence.

    dsconf create-plugin [-h host] [-p port] -H LIB_PATH -F INIT_FUNCT -Y TYPE [-G ARG]... PLUGIN_NAME

    Declares a new client plugin. The plugin state is disabled.

    dsconf create-repl-agmt [-h host] [-p port] [-A PROTOCOL] [-J] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Creates a replication agreement for existing suffix.

    dsconf create-repl-priority [-h host] [-p port] SUFFIX_DN PRIORITY_NAME PROP:VAL [PROP:VAL ...]

    Creates a prioritized replication rule on a master.

    dsconf create-suffix [-h host] [-p port] [-B NAME] [-L FILE] [-N] SUFFIX_DN [SUFFIX_DN ...]

    Creates a suffix.

    dsconf delete-encrypted-attr [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

    Declares that the values for an attribute are no longer encrypted.

    dsconf delete-index [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

    Declares that an attribute is no longer indexed.

    dsconf delete-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

    Declares that a plugin can not be used by the server any more.

    dsconf delete-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Deletes a replication agreement.

    dsconf delete-repl-priority [-h host] [-p port] SUFFIX_DN PRIORITY_NAME [PRIORITY_NAME ...]

    Deletes a prioritized replication rule.

    dsconf delete-suffix [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

    Deletes suffix configuration and data.

    dsconf demote-repl [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

    Demotes the role of an existing replicated suffix. A master is demoted to a hub, a hub is demoted to a consumer. To demote a master to a consumer, run the command twice.

    dsconf disable-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

    Disables a plugin.

    dsconf disable-repl [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

    Disables replication for a replicated suffix.

    dsconf disable-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Disables replication with another Directory Server.

    dsconf enable-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

    Enables a plugin.

    dsconf enable-repl [-h host] [-p port] [-d REPL_ID] ROLE SUFFIX_DN [SUFFIX_DN ...]

    Enables replication by assigning a role to an existing suffix.

    dsconf enable-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Enables replication with another Directory Server.

    dsconf export [-h host] [-p port] [-aQ] [-f FLAG] ... [-y [-C FILE]] [[-s DN] ... | [-x DN] ...] SUFFIX_DN [SUFFIX_DN...] LDIF_FILE

    Exports suffix data to LDIF format.

    dsconf get-index-prop [-h host] [-p port] [-T] SUFFIX_DN ATTR_NAME [PROP ...]

    Displays the value of an index configuration property.

    dsconf get-log-prop [-h host] [-p port] [-T] [-Z UNIT] LOG_TYPE [PROP ...]

    Displays server log property values.

    dsconf get-plugin-prop [-h host] [-p port] [-T] PLUGIN_NAME [PROP ...]

    Displays plugin property values.

    dsconf get-repl-agmt-prop [-h host] [-p port] [-T] SUFFIX_DN HOST:PORT [PROP ...]

    Displays replication agreement property values.

    dsconf get-server-prop [-h host] [-p port] [-T] [-M UNIT] [-Z UNIT] [PROP ...]

    Displays server property values.

    dsconf get-suffix-prop [-h host] [-p port] [-T] [-M UNIT] [-Z UNIT] SUFFIX_DN [PROP ...]

    Displays suffix property values.

    dsconf help-properties [-r]

    Lists properties exposed by subcommands.

    dsconf import [-h host] [-p port] [-aK] [-f FLAG=VAL] ... [-x DN] ... LDIF_FILE [LDIF_FILE ...] SUFFIX_DN

    Populates existing suffixes with LDIF data.

    dsconf info

    Displays information about server configuration such as port number, suffix name, server mode and task states.

    dsconf init-repl-dest [-h host] [-p port] [-a] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Launches a total update of the remote replica from a local suffix.

    dsconf list-encrypted-attrs [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

    Lists encrypted attributes. When used with -v, this command displays additional information related to encrypted attributes.

    dsconf list-indexes [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

    Lists indexed attribute configuration. When used with -v, this command displays additional information related to indexes.

    dsconf list-plugins [-h host] [-p port] [-E] [-v]

    Lists plugins. When used with -v, this command displays additional information related to plugins.

    dsconf list-repl-agmts [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

    Lists replication agreements. When used with -v, this command displays additional information related to replication agreements.

    dsconf list-repl-priorities [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

    Lists prioritized replication rules. When used with -v, this command displays additional information related to prioritized replication rules.

    dsconf list-suffixes [-h host] [-p port] [-E] [-v]

    Lists suffixes. When used with -v, this command displays additional information related to suffixes. This includes the number of entries, the suffix role and the number of replication agreements, replication priority rules, indexes and encrypted attributes.

    dsconf promote-repl [-h host] [-p port] [-d REPL_ID] SUFFIX_DN [SUFFIX_DN ...]

    Promotes the role of an existing replicated suffix. A consumer is promoted to a hub, a hub is promoted to a master. To promote a consumer to a master, run the command twice.

    dsconf pwd-compat [-h host] [-p port] [-a] NEW_MODE

    Changes Directory Server password compatibility state.

    dsconf reindex [-h host] [-p port] [-a] [-t ATTR] ... SUFFIX_DN [SUFFIX_DN ...]

    Rebuilds index(es) of an existing suffix.

    dsconf restore [-h host] [-p port] [-a] ARCHIVE_DIR

    Restores Directory Server data from backup archive.

    dsconf rotate-log-now [-h host] [-p port] [-a] LOG_TYPE

    Closes and renames current log and creates fresh log.

    dsconf set-index-prop [-h host] [-p port] SUFFIX_DN ATTR_NAME PROP:VAL [PROP:VAL ...]

    Sets the index property value.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    dsconf set-log-prop [-h host] [-p port] LOG_TYPE PROP:VAL [PROP:VAL ...]

    Sets server log property value.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    dsconf set-plugin-prop [-h host] [-p port] PLUGIN_NAME PROP:VAL [PROP:VAL ...]

    Sets plugin property value.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    dsconf set-repl-agmt-prop [-h host] [-p port] SUFFIX_DN HOST:PORT PROP:VAL [PROP:VAL ...]

    Sets replication agreement property value.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    dsconf set-server-prop [-h host] [-p port] PROP:VAL [PROP:VAL ...]

    Sets server property value.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    dsconf set-suffix-prop [-h host] [-p port] SUFFIX_DN PROP:VAL [PROP:VAL ...]

    Sets suffix property value.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    dsconf show-repl-agmt-status [-h host] [-p port] [-I USER_DN] [-W FILE] SUFFIX_DN HOST:PORT

    Displays a comparison of a source and destination suffix configuration and the status of the replication agreement. When used with v, this command displays additional replication agreement information such as pending changes and delayed maximum duration.

    dsconf show-task-status [-h host] [-p port]

    Displays status of current directory server tasks. When used with v, this command displays additional information related to the task type.

    dsconf update-repl-dest-now [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

    Restarts replication updates after the destination server has been down by forcing updates to the remote replica from the local suffix.

GLOBAL OPTIONS

    The following options are global, and are applicable to all commands and subcommands.

    -?
    --help

    Displays help information for a command or subcommand.

    -c
    --accept-cert

    Does not ask for confirmation before accepting non-trusted server certificates.

    -D USER_DN
    --user-dn USER_DN

    Binds as USER_DN. dsconf searches for a USER_DN value in the following order: First a a USER_DN specified in the command line, then a USER_DN set by using the environment variable $LDAP_ADMIN_USER. If none of these are found, the default is to bind as the user cn=Directory Manager.

    -e
    --unsecured

    Connects over LDAP with no secure connection. To connect over a clear connection by default, set the DIRSERV_UNSECURED environment variable.

    -h HOST
    --hostname HOST

    Connects to the directory on HOST. dsconf contacts the LDAP server on the specified host, which may be a host name or an IP address. dsconf searches for a HOST value in the following order: First a HOST specified on the command line, then a HOST set by using the environment variable $DIRSERV_HOST. If none of these are found, the default is to use the local host.

    For example, when mapping the IPv4 address 192.168.0.99 to IPv6, specify the HOST:PORT as follows: ::ffff:192.168.0.99.

    -i
    --no-inter

    Does not prompt for confirmation before performing the operation.

    -j
    --reject-cert

    Does not ask for confirmation before rejecting non-trusted server certificates (for current session only).

    -p PORT
    --port PORT

    Connects to directory on PORT. dsconf searches for a PORT value in the following order: First aPORT specified in the command line, then a PORT set by using the environment variable $DIRSERV_PORT. If none of these are found, the default is to use port 389.

    This option is mutually exclusive with -P,--secure-port.

    -P PORT
    --secure-port PORT

    Connects over SSL to the directory on PORT. The dpconf command searches for a PORT value in the following order:

    • A PORT specified in the command line

    • A PORT set by using the $DIR_SERV_PORT environment variable

    If none of these are found, the default is to use port 636.

    This option is mutually exclusive with -p,--port.

    -v
    --verbose

    Displays extra information.

    -V --version

    Displays the current version of dsconf. The version is provided in the format year.monthday.time. So version number 2007.1204.0035 was built on December 4th, 2007 at 00h35. If the components used by dsconf are not aligned, the version of each individual component is displayed.

    -w FILE
    --pwd-file FILE

    Binds using an LDAP password is read from FILE. dsconf searches for a password FILE value in the following order: A password or password file specified in the command line. A password file set by using the environment variable $LDAP_ADMIN_PWF. If none of these are found, the default is to prompt for the password.

    -y
    --decrypt-attr

    Decrypts encrypted attributes. The --decrypt-attr option is a boolean and is optional.

SUBCOMMAND OPTIONS

    The following options are applicable to the subcommands where they are specified.

    -A PROTOCOL
    --auth-protocol PROTOCOL

    Sets authentication protocol for replication agreements to PROTOCOL. For the create-repl-dest subcommand, the default value is clear. Other possible values are ssl-simple and ssl-client. For the change-repl-dest subcommand, the default value is the same as that of the HOST:PORT to which you are changing.

    -a
    --async

    Launches a task and returns the command line accessible immediately.

    -B NAME
    --db-name NAME

    Specifies a database name.

    -C FILE
    --cert-pwd-file FILE

    Reads certificate database password from FILE. The default is to prompt for password.

    -d REPL_ID
    --repl-id REPL_ID

    Specifies a replication ID for a master. It is only used when ROLE = master.

    --desc DESC

    Specifies a description DESC.

    -E
    --record

    Modifies the display output to show one property value per line.

    -F INIT_FUNC
    --init-func INIT_FUNC

    Sets initialization function for a plugin to INIT_FUNC.

    -f FLAG or -f FLAG=VAL
    --flags FLAG or --flags FLAG=VAL

    Customizes imported or exported LDIF.

    Import flags:

    chunk-size=INTEGER

    Sets the merge chunk size. Overrides the detection of when to start a new pass during import.

    incremental-output

    Specifies whether an output file will be generated for later use in importing to large replicated suffixes. Default is yes. Possible values are yes and no. This flag can only be used when the -K option is used. If this flag is not used, an output file will automatically be generated.

    incremental-output-file=PATH

    Sets the path of the generated output file for an incremental (appended) import. The output file is used for updating a replication topology. It is an LDIF file containing the difference between the replicated suffix and the LDIF file, and replication information.

    Export flags:

    multiple-output-file

    Exports each suffix to a separate file.

    use-main-db-file

    Exports the main database file only.

    not-export-unique-id

    Does not export unique id values.

    output-not-folded

    Does not wrap long lines.

    not-print-entry-ids

    Does not export entry IDs.

    -G ARG
    --arguments ARG

    Sets plugin argument property to ARG.

    -H LIB_PATH
    --lib-path LIB_PATH

    Sets plugin library path to LIB_PATH.

    -I USER_DN
    --dest-bind-dn USER_DN

    Binds as USER_DN on destination suffix (Default: same as the DN used for source suffix)

    -J
    --no-accord

    For use with the create-repl-agmt and change-repl-dest subcommands. When the --no-accord option is used with either create-repl-agmt and change-repl-dest subcommands, the accord-repl-agmt subcommand is not performed.

    When creating a new replication agreement or when changing the destination server of a replication agreement, dsconf tries to run the accord-repl-agmt operation to ensure the authentication properties of the destination suffix are in accord with those of replication agreement. If the destination server is unavailable or takes time to respond, the time to operate the command would be longer than necessary unless the --no-accord subcommand option is used.

    -K
    --incremental

    Specifies that the contents of the imported LDIF file are appended to the existing LDAP entries. If this option is not specified, the contents of the imported file replace the existing entries.

    -L FILE
    --db-path FILE

    Specifies database directory and path.

    -M UNIT
    --unit-time UNIT

    Displays time in UNIT, where UNIT is one of: w, d, h, m, s (week, day, hour, minute, second).

    -N
    --no-top-entry

    Does not create a top entry for the suffix. By default, a top-level entry is created when a new suffix is created (on the condition that the suffix starts with dc=, c=, o= or ou=). This option changes the default behavior.

    -Q
    --no-repl

    Does not export additional data needed for replication.

    -r
    --attr-map

    Displays help properties and their corresponding attributes in cn=config.

    -s DN
    --include DN

    Exports all data under specified DN.

    -T
    --tab

    Displays information in a table format.

    -t ATTR
    --attr ATTR

    Reindexes the attribute ATTR (Default: All attributes).

    -W FILE
    --dest-pwd-file FILE

    Binds on a destination suffix using the password read from FILE. The default is the same FILE used for the source suffix.

    -x DN
    --exclude DN

    Does not import or export data contained under the specified DN.

    -Y TYPE
    --type TYPE

    Sets plugin type to TYPE, where TYPE is one of: database, extendedop, preoperation, postoperation, matchingrule, syntax, internalpreoperation, internalpostoperation, object, pwdstoragescheme, reverpwdstoragescheme, ldbmentryfetchstore, beprecommit, archive2ldbm.

    -Z UNIT
    --unit-size UNIT

    Displays memory size data in UNIT, where UNIT is one of: G, M, k, b (Gigabyte, Megabyte, kilobyte, byte).

Operands

    The following operands are supported:

    ARCHIVE_DIR

    Directory Server instance backup archive directory.

    ATTR_NAME

    Attribute name.

    ENCRYPTION_ALGO

    Algorithm to use for encryption. Possible values are: des, des3, rc2, rc4. These values signify respectively DES block cipher, Triple DES block cipher, RC2 block cipher, RC4 stream cipher.

    HOST:PORT

    Destination replicated suffix, defined by HOST and destination PORT.

    LDIF_FILE

    Path and filename for file in LDIF format.

    LOG_TYPE

    Type of log, where LOG_TYPE is one of: access, error, audit.

    NEW_MODE

    Desired mode for password compatibility policy. The default mode is DS5–compatible-mode. You can change it to to-DS6-migration-mode and then toto-DS6-mode.

    PLUGIN_NAME

    Plugin name. The plugin name is defined when the plugin is created.

    PRIORITY_NAME

    Name used to define or identify a prioritized replication rule.

    PROP

    Property name. For a list of PROP names and default values, use the command dsconf help-properties -v.

    PROP:VAL

    Property and corresponding value. For a list of PROP names and default values, use the command dsconf help-properties -v.

    For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

    Multi-valued properties are identified by the M keyword. For a list of multi-valued properties, use the command dsconf help-properties | grep " M "

    Allowed values that are too wide for the help-properties output are listed below:

    LOG level (Access): acc-internal | default | acc-default_plus_referrals | acc-timing. For definitions of log levels, see the man page log(5dsconf).

    LOG level (Error): default | err-function-calls | err-search-args | err-connection | err-packets | err-search-filter | err-config-file | err-acl | err-ldbm | err-entry-parsing | err-housekeeping | err-replication | err-entry-cache | err-plugins | err-dsml | err-dsml-advanced. For definitions of log levels, see the man page log(5dsconf).

    PLG type and depends-on-type: database | extendedop | preoperation | postoperation | matchingrule | syntax | internalpreoperation | internalpostoperation | object | pwdstoragescheme | reverpwdstoragescheme | ldbmentryfetchstore | beprecommit | archive2ldbm

    RAG transport-compression: no-compression | default-compression | best-speed | best-compression

    SER dsml-client-auth-mode: client-cert-first | http-basic-only | client-cert-only

    ROLE

    Role of the replicated suffix , where ROLE is one of: master, hub, consumer.

    SUFFIX_DN

    Suffix DN (Distinguished Name)

Description

    Syntax values shown in lower case or partly in lower case are literal values.

    Those shown in upper case are syntax types, defined as follows:

    ATTR_NAME

    A valid attribute type name such as cn or objectClass.

    DN

    A valid distinguished name such as ou=People,dc=example,dc=com.

    DURATION

    A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.

    DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.

    INTEGER

    A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.

    INTERVAL

    An interval value of the form hhmm-hhmm 0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).

    LDAP_URL

    A valid LDAP URL as specified by RFC 2255.

    MEMORY_SIZE

    A memory size specified in gigabytes (G), megabytes (M),kilobytes (k), or bytes (b). Unlike DURATION properties, MEMORY_SIZE properties cannot combine multiple specifiers. However, MEMORY_SIZE properties allow decimal values, for example, 1.5M.

    OCTAL_MODE

    A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.

    PATH

    A valid, absolute file system path.

    STRING

    A DirectoryString value, as specified by RFC 2252.

    TIME

    A time of the form hhmm in 24-hour format, where hh stands for hours and mm stands for minutes.

EXIT STATUS

    The following exit status values are returned:

    0

    Successful completion.

    non-zero

    An error occurred.

Examples

    The following examples show how the dsconf command is used.

    Example 1 Create a Suffix


    $ dsconf create-suffix -h host -p port 
dc=example,dc=com

    In this example, non-default ports are specified.

    Check to see if the suffix has been created.


    $ dsconf list-suffixes -h host -p port -v
    Example 2 Import LDIF Data into the Suffix


    $ dsconf import -h host -p port 
/local/ds/ldif/example.ldif dc=example,dc=com
    Example 3 Index an Attribute

    In this example, the preferredLanguage attribute is going to be indexed.

    1. Create an index entry for the attribute. By default, the index matching types are equity and presence. 


      $ dsconf create-index -h host -p port 
dc=example,dc=com preferredLanguage

    2. Check that the index entry has been created


      $ dsconf get-index-prop -h host -p port 
dc=example,dc=com preferredLanguage

    3. Generate the index for the attribute.


      $ dsconf reindex -h host -p port 
-t preferredLanguage dc=example,dc=com
    Example 4 Back Up the Directory Server Data


    $ dsconf backup -h host -p port 
/tmp/backupArchiveDir

    For complete backup procedures, see the Sun Java System Directory Server Enterprise Edition Administration Guide.

    Example 5 Monitor and Change Cache Size for a Suffix

    1. Search for the string cache within the dsconf help properties:


      $ dsconf help-properties | grep cache

    2. Determine which property is most applicable and request more information. In the results of the preceding step, cache-mem-size seems to correspond. For additional information, use the verbose option:


      $ dsconf help-properties -v | grep entry-cache-size
SUF  entry-cache-size  rw MEMORY_SIZE (Ex: 3G,2m,200k,10000b)  
nsslapd-cachememsize
Cache size in term of memory space: (Default: 10M)

      Use the following information to interpret the results above:

      SUF

      This property applies to a suffix.

      entry-cache-size

      The name of the property

      rw

      You have read and write access to the property when using get-suffix-prop and set-suffix-prop.

      MEMORY_SIZE

      Use memory size values as described in this man page.

      nsslapd-cachememsize

      The attribute under cn=config to which this property applies.

      (Default: 10M)

      The default value of this property

    3. Determine the current value of entry-cache-size:


      $ dsconf get-suffix-prop -h host -p port 
dc=example,dc=com entry-cache-size 
entry-cache-size : 10M

    4. Change the value of entry-cache-size to 12M:


      $ dsconf set-suffix-prop -h host -p port 
dc=example,dc=com entry-cache-size:12M

    5. Check that the value has been changed:


      $ dsconf get-suffix-prop -h host -p port 
dc=example,dc=com entry-cache-size
entry-cache-size : 12M
    Example 6 Export to LDIF While Using Filters


    $ dsconf export -h host -p port 
-f not-print-entry-ids -s ou=people,dc=example,dc=com 
 -s ou=contractors,dc=example,dc=com dc=example,dc=com 
/local/ds/ldif/export.ldif

    This example shows a command that:

    • Uses the flag not-print-entry-ids to request that entry IDs are not exported.

    • Exports data from two suffixes ou=people,dc=example,dc=com and ou=contractors,dc=example,dc=com into one LDIF file /local/ds/ldif/export.ldif.

    Example 7 Rotate the Access Log and Modify the Rotation Delay for the Access Log

    If you have a log which is getting very large, you can rotate the log. Rotation backs up the existing log file and creates a fresh log file. In this example, the access log is rotated.

    1. Rotate the access log by using the command:


      $ dsconf rotate-log-now -h host -p port access

    2. You can now modify the delay between log rotations for the access log.

      Find the property which sets maximum log size:


      $ dsconf help-properties -v | grep LOG

      The output from the previous command shows that the required property is rotation-interval.

    3. To see the default setting for rotation-interval: 


      $ dsconf get-log-prop -h host -p port 
access rotation-interval

      The default is one day 1d.

    4. To increase the rotation delay to two days, use the command:


      $ dsconf set-log-prop -h host -p port 
access rotation-interval:2d
    Example 8 Configure Replication in a Two-Master Topology

    This procedure configures replication on a topology with two severs, and both are masters. Replication is configured first on one master, then on the second master. Master 1 is located on server1.example:1389. Master 2 is located on server2.example:2389.

    1. On server 1: Create a suffix


      $ dsconf create-suffix -h server1.example -p 1389 
dc=example,dc=com

    2. On Server 1: Populate the suffix with LDIF data


      $ dsconf import -a -h server1.example -p 1389 
/opt/SUNWdsee/ds6/ldif/Example.ldif dc=example,dc=com

      If the import takes a long time, you can obtain status on the import operation using:


      $ dsconf info -h server1.example -p 1389

      or


      $ dsconf show-task-status -h server1.example -p 1389 -v

      Alternatively, you can view the status of the task while it is running by omitting the -a option in the command.

    3. On Server 1: Enable replication on Master 1. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.


      $ dsconf enable-repl -h server1.example -p 1389 
-d 1 master dc=example,dc=com

    4. On server 2: Create a suffix


      $ dsconf create-suffix -h server2.example -p 2389 dc=example,dc=com

    5. On Server 2: Enable replication on Master 2. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.


      $ dsconf enable-repl -h server2.example -p 2389 
-d 2 master dc=example,dc=com

    6. On Server 1: Create a replication agreement from Master 1 to Master 2. 


      $ dsconf create-repl-agmt -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

    7. On Server 2: Create a replication agreement from Master 2 to Master 1


      $ dsconf create-repl-agmt -h server2.example -p 2389 
dc=example,dc=com server1.example:1389

    8. On Server 1: Check that the replication agreement status is OK.


      $ dsconf show-repl-agmt-status -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

      If the status is not OK, then accord the replication agreement. 


      $ dsconf accord-repl-agmt -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

    9. On Server 1: From Master 1, initialize replication on Master 2. This step initializes Master 2 with the data contained in the suffix on Master 1 and starts replication.


      $ dsconf init-repl-dest -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

    The replication agreements in both directions are now active and replication is running.

Attributes

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE 

    ATTRIBUTE VALUE 

    Availability 

    SUNWldap-directory-client 

    Stability Level 

    Evolving 

See Also

DS 6.3  Last Revised 7 Dec 2007

NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | Operands | Description | EXIT STATUS | Examples | Attributes | See Also