0N/A<?
xml version="1.0" encoding="UTF-8"?>
0N/A ! This work is licensed under the Creative Commons 0N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 0N/A ! To view a copy of this license, visit 0N/A ! or send a letter to Creative Commons, 444 Castro Street, 0N/A ! Suite 900, Mountain View, California, 94041, USA. 0N/A ! You can also obtain a copy of the license at 0N/A ! See the License for the specific language governing permissions 0N/A ! and limitations under the License. 0N/A ! If applicable, add the following below this CCPL HEADER, with the fields 0N/A ! enclosed by brackets "[]" replaced with your own identifying information: 0N/A ! Portions Copyright [yyyy] [name of copyright owner] 0N/A ! Copyright 2011-2015 ForgeRock AS. 0N/A<
chapter xml:
id='chap-admin-tools' 0N/A <
title>Administration Interfaces & Tools</
title>
0N/A <
para>OpenDJ server software installs with a cross-platform, Java Swing-based
0N/A Control Panel for many day-to-day tasks. OpenDJ server software also installs
0N/A command-line tools for configuration and management tasks.</
para>
0N/A <
para>This chapter is one of the few to include screen shots of the control
0N/A panel. Most examples make use of the command-line tools. Once you understand
0N/A the concepts, and how to perform a task using the command-line tools, you
0N/A no doubt need no more than to know where to start in the Control Panel to
0N/A accomplish what you set out to do.</
para>
0N/A <
para>At a protocol level, administration tools and interfaces connect to
0N/A servers through a different network port than that used to listen for traffic
0N/A from other client applications.</
para>
0N/A <
para>This chapter takes a quick look at the tools for managing directory
0N/A <
section xml:
id="control-panel">
0N/A <
title>Control Panel</
title>
0N/A <
indexterm><
primary>Control panel</
primary></
indexterm>
0N/A <
para>OpenDJ Control Panel offers a graphical user interface for
0N/A managing both local and remote servers. You choose the server to manage
0N/A when you start the Control Panel. The Control Panel connects to the
0N/A administration server port, making a secure LDAPS connection.</
para>
0N/A Start OpenDJ Control Panel by running the
0N/A xlink:
href="reference#control-panel-1" 0N/A ><
command>control-panel</
command></
link> command.
0N/A <
para>When you login to OpenDJ Control Panel, you authenticate over LDAP.
0N/A This means that if users can run the Control Panel, they can use it to manage
0N/A a running server. Yet, to start and stop the server process through OpenDJ
0N/A Control Panel, you must start the Control Panel on the system where OpenDJ
0N/A runs, as the user who owns the OpenDJ server files (such as the user who
0N/A installed OpenDJ). In other words, the OpenDJ Control Panel does not do
0N/A remote process management.</
para>
0N/A <
mediaobject xml:
id="figure-opendj-control-panel">
0N/A <
caption><
para>OpenDJ Control Panel displays key information about the
0N/A server.</
para></
caption>
0N/A <
para>Down the left side of OpenDJ Control Panel, notice what you can
0N/A <
term>Directory Data</
term>
0N/A <
para>Directory data provisioning is typically not something you do
0N/A by hand in most deployments. Usually entries are created, modified, and
0N/A deleted through specific directory client applications. The Manage
0N/A Entries window can be useful, however, both in the lab as you design
0N/A and test directory data, and also if you modify individual ACIs or
0N/A debug issues with particular entries.</
para>
0N/A <
mediaobject xml:
id="figure-manage-entries">
0N/A <
caption><
para>The Manage Entries window can check that your changes are
0N/A valid before sending the request to the directory.</
para></
caption>
0N/A <
para>Additionally, the Directory Data list makes it easy to create
0N/A a new base DN, and then import user data for the new base DN from LDIF.
0N/A You can also use the tools in the list to export user data to LDIF,
0N/A and to backup and restore user data.</
para>
0N/A <
para>The Manage Schema window lets you browse and modify the rules
0N/A that define how data is stored in the directory. You can add new schema
0N/A definitions such as new attribute types and new object classes while the
0N/A server is running, and the changes you make take effect immediately.</
para>
0N/A <
term>Indexes</
term>
0N/A <
para>The Manage Indexes window gives you a quick overview of all
0N/A the indexes currently maintained for directory attributes. To protect
0N/A your directory resources from being absorbed by costly searches on
0N/A unindexed attributes, you may choose to keep the default behavior,
0N/A preventing unindexed searches, instead adding indexes required by specific
0N/A applications. (Notice that if the number of user data entries is smaller
0N/A than the default resource limits, you can still perform what appear
0N/A to be unindexed searches. That is because the <
literal>dn2id</
literal>
0N/A index returns all user data entries without hitting a resource limit that
0N/A would make the search unindexed.)</
para>
0N/A <
para>OpenDJ Control Panel also allows you to verify and rebuild
0N/A existing indexes, which you may have to do after an upgrade operation,
0N/A or if you have reason to suspect index corruption.</
para>
0N/A <
term>Monitoring</
term>
0N/A <
para>The Monitoring list gives you windows to observe information
0N/A about the system, the JVM used, and indications about how the cache is
0N/A used, whether the work queue has been filling up, as well as details
0N/A about the database. You can also view the numbers and types of requests
0N/A arriving over the connection handlers, and the current tasks in progress
0N/A <
term>Runtime Options</
term>
0N/A <
para>If you did not set appropriate JVM runtime options during the
0N/A installation process, this is the list that allows you to do so through
0N/A the Control Panel.</
para>
0N/A <
section xml:
id="cli-overview">
0N/A <
title>Command-Line Tools</
title>
0N/A <
indexterm><
primary>Commands</
primary></
indexterm>
0N/A <
para>Before you try the examples in this guide, set your PATH to include
0N/A the OpenDJ directory server tools. Where the tools are located depends on
0N/A the operating system and on the packages used to install OpenDJ.</
para>
0N/A <
table xml:
id="cli-path-locations">
0N/A <
title>Paths To Administration Tools</
title>
0N/A <
entry>OpenDJ running on...</
entry>
0N/A <
entry>OpenDJ installed from...</
entry>
0N/A <
entry>Default path to tools...</
entry>
0N/A <
entry>Apple Mac OS X, Linux distributions, Oracle Solaris</
entry>
0N/A <
entry>WebStart, .zip</
entry>
0N/A <
entry>Linux distributions</
entry>
0N/A <
entry>.deb, .rpm</
entry>
0N/A <
entry>Microsoft Windows</
entry>
0N/A <
entry>WebStart, .zip</
entry>
0N/A <
entry><
filename>C:\path\to\opendj\bat</
filename></
entry>
0N/A <
entry>Oracle Solaris</
entry>
0N/A You find the installation and upgrade tools,
0N/A <
command>setup</
command>,
0N/A <
command>upgrade</
command>,
0N/A and <
command>uninstall</
command>,
0N/A in the parent directory of the other tools,
0N/A as these tools are not used for everyday administration.
0N/A For example, if the path to most tools is
0N/A you can find these tools in
0N/A For instructions on how to use the installation and upgrade tools, see the
0N/A xlink:
href="install-guide#install-guide" 0N/A ><
citetitle>Installation Guide</
citetitle></
link>.
0N/A <
para>All OpenDJ command-line tools take the <
option>--help</
option> option.</
para>
0N/A <
para>All commands call Java programs and therefore involve starting a
0N/A <
para>The following list uses the UNIX names for the tools. On Windows
0N/A all command-line tools have the extension .bat.</
para>
0N/A <
term><
link xlink:
href="reference#backup-1" 0N/A <
para>Backup or schedule backup of directory data.</
para>
0N/A <
term><
link xlink:
href="reference#base64-1" 0N/A <
para>Encode and decode data in base64 format.</
para>
0N/A <
para>Base64 encoding represents binary data in ASCII, and can be used to
0N/A encode character strings in LDIF, for example.</
para>
0N/A <
term><
link xlink:
href="reference#create-rc-script-1" 0N/A <
para>Generate a script you can use to start, stop, and restart the server
0N/A either directly or at system boot and shutdown. Use <
command>create-rc-script -f
0N/A <
replaceable>script-file</
replaceable></
command>.</
para>
0N/A <
term><
link xlink:
href="reference#dbtest-1" 0N/A <
para>Debug JE databases.</
para>
0N/A <
term><
link xlink:
href="reference#dsconfig-1" 0N/A <
para>The <
command>dsconfig</
command> command is the primary command-line
0N/A tool for viewing and editing OpenDJ configuration. When started without
0N/A arguments, <
command>dsconfig</
command> prompts you for administration
0N/A connection information. Once connected it presents you with a menu-driven
0N/A interface to the server configuration.</
para>
0N/A <
para>When you pass connection information, subcommands, and additional
0N/A options to <
command>dsconfig</
command>, the command runs in script mode
0N/A and so is not interactive.</
para>
0N/A <
para>You can prepare <
command>dsconfig</
command> batch scripts by running
0N/A the tool with the <
option>--commandFilePath</
option> option in interactive
0N/A mode, then reading from the batch file with the
0N/A <
option>--batchFile</
option> option in script mode. Batch files can be
0N/A useful when you have many <
command>dsconfig</
command> commands to run
0N/A and want to avoid starting the JVM and setting up a new connection for
0N/A each command.</
para>
0N/A <
para>In addition to the <
link xlink:
href="reference#dsconfig-1" 0N/A that covers subcommands, the <
link xlink:
show="new" 0N/A xlink:
href="${configRefBase}" 0N/A ><
citetitle>Configuration Reference</
citetitle></
link> covers the
0N/A properties you can set using the <
command>dsconfig</
command>
0N/A <term><link xlink:href="admin-guide#dsframework-1" 0N/A <para>Manage server registration, server groups, and administrative 0N/A <
term><
link xlink:
href="reference#dsjavaproperties-1" 0N/A <
para>Apply changes you make to
0N/A runtime options.</
para>
0N/A <
term><
link xlink:
href="reference#dsreplication-1" 0N/A <
para>Configure data replication between directory servers to keep their
0N/A contents in sync.</
para>
0N/A <
term><
link xlink:
href="reference#encode-password-1" 0N/A <
para>Encode a clear text password according to one of the available
0N/A storage schemes.</
para>
0N/A <
term><
link xlink:
href="reference#export-ldif-1" 0N/A <
para>Export directory data to LDAP Data Interchange Format, a standard,
0N/A portable, text-based representation of directory content.</
para>
0N/A <
term><
link xlink:
href="reference#import-ldif-1" 0N/A <
para>Load LDIF content into the directory, overwriting existing
0N/A <
term><
link xlink:
href="reference#ldapcompare-1" 0N/A <
para>Compare the attribute values you specify with those stored on
0N/A entries in the directory.</
para>
0N/A <
term><
link xlink:
href="reference#ldapdelete-1" 0N/A <
para>Delete one entry or an entire branch of subordinate entries in the
0N/A <
term><
link xlink:
href="reference#ldapmodify-1" 0N/A <
para>Modify the specified attribute values for the specified
0N/A <
para>Use the <
command>ldapmodify</
command> command with the
0N/A <
option>-a</
option> option to add new entries.</
para>
0N/A <
term><
link xlink:
href="reference#ldappasswordmodify-1" 0N/A <
para>Modify user passwords.</
para>
0N/A <
term><
link xlink:
href="reference#ldapsearch-1" 0N/A <
para>Search a branch of directory data for entries matching the LDAP
0N/A filter that you specify.</
para>
0N/A <
term><
link xlink:
href="reference#ldif-diff-1" 0N/A <
para>Display differences between two LDIF files, with the resulting output
0N/A having LDIF format.</
para>
0N/A <
term><
link xlink:
href="reference#ldifmodify-1" 0N/A <
para>Similar to the <
command>ldapmodify</
command> command, modify
0N/A specified attribute values for specified entries in an LDIF file.</
para>
0N/A <
term><
link xlink:
href="reference#ldifsearch-1" 0N/A <
para>Similar to the <
command>ldapsearch</
command> command, search a branch
0N/A of data in LDIF for entries matching the LDAP filter you specify.</
para>
0N/A <
term><
link xlink:
href="reference#list-backends-1" 0N/A <
para>List backends and base DNs served by OpenDJ.</
para>
0N/A <
term><
link xlink:
href="reference#make-ldif-1" 0N/A <
para>Generate directory data in LDIF, based on templates that define how
0N/A the data should appear.</
para>
0N/A <
para>The <
command>make-ldif</
command> command is designed to help you
0N/A quickly generate test data that mimics data you expect to have in
0N/A production, but without compromising private information.</
para>
0N/A <
term><
link xlink:
href="reference#manage-account-1" 0N/A <
para>Lock and unlock user accounts, and view and manipulate password
0N/A policy state information.</
para>
0N/A <
term><
link xlink:
href="reference#manage-tasks-1" 0N/A <
para>View information about tasks scheduled to run in the server, and
0N/A cancel specified tasks.</
para>
0N/A <
term><
link xlink:
href="reference#rebuild-index-1" 0N/A <
para>Rebuild an index stored in a JE backend.</
para>
0N/A <
term><
link xlink:
href="reference#restore-1" 0N/A <
para>Restore user data from backup.</
para>
0N/A <
term><
link xlink:
href="reference#start-ds-1" 0N/A <
para>Start OpenDJ directory server.</
para>
0N/A <
term><
link xlink:
href="reference#status-1" 0N/A <
para>Display information about the server.</
para>
0N/A <
term><
link xlink:
href="reference#stop-ds-1" 0N/A <
para>Stop OpenDJ directory server.</
para>
0N/A <
term><
link xlink:
href="reference#verify-index-1" 0N/A <
para>Verify that an index stored in a JE backend is not corrupt.</
para>
0N/A <
term><
link xlink:
href="reference#windows-service" 0N/A (Windows only)</
term>
0N/A <
para>Register OpenDJ as a Windows Service.</
para>
