6330N/A<?
xml version="1.0" encoding="UTF-8"?>
6330N/A ! This work is licensed under the Creative Commons 6330N/A ! Attribution-NonCommercial-NoDerivs 3.0 Unported License. 6330N/A ! To view a copy of this license, visit 6330N/A ! or send a letter to Creative Commons, 444 Castro Street, 6330N/A ! Suite 900, Mountain View, California, 94041, USA. 6330N/A ! You can also obtain a copy of the license at 6330N/A ! See the License for the specific language governing permissions 6330N/A ! and limitations under the License. 6330N/A ! If applicable, add the following below this CCPL HEADER, with the fields 6330N/A ! enclosed by brackets "[]" replaced with your own identifying information: 6330N/A ! Portions Copyright [yyyy] [name of copyright owner] 6330N/A ! Copyright 2011-2012 ForgeRock AS 6330N/A ! Portions Copyright 2013 Jens Elkner 6330N/A version="5.0" xml:
lang="en" 6330N/A <
refentrytitle><
application>dsconfig</
application></
refentrytitle>
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//manvolnum[@name="v1m"])'/>
6330N/A <
refname><
application>dsconfig</
application></
refname>
6330N/A <
refpurpose>manage OpenDJ directory server configuration</
refpurpose>
6330N/A <
command>dsconfig</
command>
6330N/A <
arg choice="opt"><
replaceable>subcommand</
replaceable></
arg>
6330N/A <
arg choice="opt"><
replaceable>options</
replaceable></
arg>
6330N/AThis utility serves to configure a running directory server.
6330N/AThe <
command>dsconfig</
command> command is the primary command-line tool for
6330N/Aviewing and editing OpenDJ configuration. When started without arguments,
6330N/A<
command>dsconfig</
command> prompts you for administration connection
6330N/Ainformation, including the host name, administration port number, administrator
6330N/Abind DN and administrator password. The <
command>dsconfig</
command> command then
6330N/Aconnects securely to the directory server over the administration port. Once
6330N/Aconnected it presents you with a menu-driven interface to the server configuration.
6330N/AWhen you pass connection information, subcommands, and additional options to
6330N/A<
command>dsconfig</
command>, the command runs in script mode and so is not
6330N/Ainteractive, though it can prompt you to ask whether to apply changes and
6330N/Awhether to trust certificates (unless you use the <
option>--no-prompt</
option>
6330N/Aand <
option>--trustAll</
option> options, respectively).
6330N/AYou can prepare <
command>dsconfig</
command> batch scripts by running the tool
6330N/Awith the <
option>--commandFilePath</
option> option in interactive mode, then
6330N/Areading from the batch file with the <
option>--batchFile</
option> option in
6330N/Ascript mode. Batch files can be useful when you have many
6330N/A<
command>dsconfig</
command> commands to run and want to avoid starting the JVM
6330N/Aand setting up a new connection for each command.
6330N/AThe <
command>dsconfig</
command> command categorizes directory server
6330N/Aconfiguration into <
firstterm>components</
firstterm>, also called
6330N/A<
firstterm>managed objects</
firstterm>. Actual components often inherit from a
6330N/Aparent component type. For example, one component is a Connection Handler. An
6330N/ALDAP Connection Handler is a type of Connection Handler. You configure the LDAP
6330N/AConnection Handler component to specify how OpenDJ directory server handles LDAP
6330N/Aconnections coming from client applications.
6330N/AConfiguration components have <
firstterm>properties</
firstterm>. For example,
6330N/Athe LDAP Connection Handler component has properties such as
6330N/A<
literal>listen-port</
literal> and <
literal>allow-start-tls</
literal>. You can
6330N/Aset the component's <
literal>listen-port</
literal> property to
6330N/A<
literal>389</
literal> to use the default LDAP port number. You can set the
6330N/Acomponent's <
literal>allow-start-tls</
literal> property to
6330N/A<
literal>true</
literal> to permit LDAP client applications to use StartTLS. Much
6330N/Aof the configuration you do with <
command>dsconfig</
command> involves setting
6330N/Acomponent properties. The <
link 6330N/A><
citetitle>OpenDJ Configuration Reference</
citetitle></
link> covers all
6330N/A<
command>dsconfig</
command> component properties in detail, drawing on the
6330N/Adocumentation you also view when getting help through the
6330N/A<
command>dsconfig</
command> command.
6330N/A <
refsection xml:
id="dsconfig-getting-help">
6330N/A <
title>Getting Help</
title>
6330N/AThe <
command>dsconfig</
command> command provides many subcommands.
6330N/AUse the following options to view help for subcommands.
6330N/ASee <
link linkend="dsconfig-subcommands-ref"><
citetitle 6330N/A>dsconfig Subcommands</
citetitle></
link> for details of individual subcommands.
6330N/A <
term><
command>dsconfig --help-all</
command></
term>
6330N/A <
para>Display all subcommands</
para>
6330N/A <
term><
command>dsconfig --help-core-server</
command></
term>
6330N/A <
para>Display subcommands relating to core server</
para>
6330N/A <
term><
command>dsconfig --help-database</
command></
term>
6330N/A <
para>Display subcommands relating to caching and back-ends</
para>
6330N/A <
term><
command>dsconfig --help-logging</
command></
term>
6330N/A <
para>Display subcommands relating to logging</
para>
6330N/A <
term><
command>dsconfig --help-replication</
command></
term>
6330N/A <
para>Display subcommands relating to replication</
para>
6330N/A <
term><
command>dsconfig --help-security</
command></
term>
6330N/A <
para>Display subcommands relating to authentication and authorization</
para>
6330N/A <
term><
command>dsconfig --help-user-management</
command></
term>
6330N/A <
para>Display subcommands relating to user management</
para>
6330N/AFor help with individual subcommands, either use <
command>dsconfig <
replaceable 6330N/A>subcommand</
replaceable> --help</
command>, or start <
command>dsconfig</
command>
6330N/Ain interactive mode, without specifying a subcommand.
6330N/ATo view component properties, use the <
command>dsconfig list-properties</
command>
6330N/A <
refsection xml:
id="dsconfig-general-options">
6330N/A <
title>Generally Applicable Options</
title>
6330N/AThe following options are supported for all <
command>dsconfig</
command> subcommands.
6330N/A <
term><
option>--advanced</
option></
term>
6330N/AAllows the configuration of advanced components and properties.
6330N/A <
title>LDAP Connection Options</
title>
6330N/A xpointer='xpointer(//para[@name="l-remote"]/*)'/>
6330N/A <
term><
option>-I, --adminUID</
option> <
replaceable 6330N/A class="parameter">adminUID</
replaceable></
term>
6330N/AUser ID of the global administrator to use to bind to the server. For the
6330N/A<
command>enable</
command> subcommand, if no global administrator was defined
6330N/Apreviously for any servers, the global administrator will be created using the
6330N/AUID provided. (Default: admin).
6330N/A xpointer='xpointer(//para[@name="l-auth"]/*[not(@name="lc-dn")])'/>
6330N/A <
term><
option>--commandFilePath</
option> <
replaceable 6330N/A class="parameter">path</
replaceable></
term>
6330N/AThe full path to the file where the equivalent non-interactive commands will be
6330N/Awritten when this command is run in interactive mode.
6330N/A <
term><
option>--displayCommand</
option></
term>
6330N/ADisplay the equivalent non-interactive option on standard output when this
6330N/Acommand is run in interactive mode.</
para>
6330N/A <
term><
option>-F, --batchFilePath</
option> <
replaceable 6330N/A class="parameter">batchFilePath</
replaceable></
term>
6330N/APath to a batch file containing a set of dsconfig commands to be executed.
6330N/A <
term><
option>-n, --no-prompt</
option></
term>
6330N/AUse non-interactive mode. If data in the command is missing, the user is not
6330N/Aprompted and the command exits with an error.
6330N/A xpointer='xpointer(//para[@name="l-props"]/*)'/>
6330N/A xpointer='xpointer(//para[@name="l-misc"]/*[not(@name="lc-enc")])'/>
6330N/A <
title>General Options</
title>
6330N/A xpointer='xpointer(//para[@name="l-general"]/*)'/>
6330N/A <
refsection xml:
id="dsconfig-subcommands-ref">
6330N/A <
title>dsconfig Subcommands</
title>
6330N/AThis section covers individual <
command>dsconfig</
command> subcommands.
6330N/ASubcommands let you create, list, and delete entire configuration components,
6330N/Aand also let you get and set component properties. Subcommands therefore have
6330N/Anames that reflect these five actions.</
para>
6330N/A <
para>create-<
replaceable>component</
replaceable></
para>
6330N/A <
para>list-<
replaceable>component</
replaceable>s</
para>
6330N/A <
para>delete-<
replaceable>component</
replaceable></
para>
6330N/A <
para>get-<
replaceable>component</
replaceable>-prop</
para>
6330N/A <
para>set-<
replaceable>component</
replaceable>-prop</
para>
6330N/AComponent properties for the <
command>dsconfig</
command> command are covered in
6330N/A><
citetitle>OpenDJ Configuration Reference</
citetitle></
link>.
6330N/AMany subcommands let you set property values. Notice in the reference for the
6330N/Asubcommands below that specific options are available for handling multi-valued
6330N/Aproperties. Whereas you can assign a single property value using the
6330N/A<
option>--set</
option> option, you assign multiple values to a multi-valued
6330N/Aproperty using the <
option>--add</
option> option. You can reset the values of
6330N/Athe multi-valued property using the <
option>--reset</
option> option.
6330N/ASome property values take a time duration. Durations are expressed as numbers
6330N/Afollowed by units. For example <
literal>1 s</
literal> means one second, and
6330N/A<
literal>2 w</
literal> means two weeks. Some durations have minimum granularity
6330N/Aor maximum units, so you cannot necessary specify every duration in milliseconds
6330N/Aor weeks for example. Some durations allow you to use a special value to mean
6330N/Aunlimited. Units are specified as follows.
6330N/A <
para><
literal>ms</
literal>: milliseconds</
para>
6330N/A <
para><
literal>s</
literal>: seconds</
para>
6330N/A <
para><
literal>m</
literal>: minutes</
para>
6330N/A <
para><
literal>h</
literal>: hours</
para>
6330N/A <
para><
literal>d</
literal>: days</
para>
6330N/A <
para><
literal>w</
literal>: weeks</
para>
6330N/A # press ^C after 2-3 seconds 6330N/A # TODO: fix linebreaks on dashes (like stack-size) 6330N/A<!-- End Of Generated stuff --> 6330N/AMuch of the <
citetitle>OpenDJ Administration Guide</
citetitle> consists of
6330N/A<
command>dsconfig</
command> examples with text in between. This section
6330N/AThe following example starts <
command>dsconfig</
command> in interactive,
6330N/Amenu-driven mode on the default port of the current host.
6330N/A>$ </
prompt><
command>dsconfig -h `hostname` -p 4444 -D "cn=Directory Manager" \
6330N/A -w password</
command></
literallayout>
6330N/A>>>> OpenDJ configuration console main menu
6330N/AWhat do you want to configure?
6330N/A1) Access Control Handler 21) Log Publisher
6330N/A2) Access Log Filtering Criteria 22) Log Retention Policy
6330N/A3) Account Status Notification Handler 23) Log Rotation Policy
6330N/A4) Administration Connector 24) Matching Rule
6330N/A5) Alert Handler 25) Monitor Provider
6330N/A6) Attribute Syntax 26) Password Generator
6330N/A7) Backend 27) Password Policy
6330N/A8) Certificate Mapper 28) Password Storage Scheme
6330N/A9) Connection Handler 29) Password Validator
6330N/A10) Crypto Manager 30) Plugin
6330N/A11) Debug Target 31) Plugin Root
6330N/A12) Entry Cache 32) Replication Domain
6330N/A13) Extended Operation Handler 33) Replication Server
6330N/A14) External Changelog Domain 34) Root DN
6330N/A15) Global Configuration 35) Root DSE Backend
6330N/A16) Group Implementation 36) SASL Mechanism Handler
6330N/A17) Identity Mapper 37) Synchronization Provider
6330N/A18) Key Manager Provider 38) Trust Manager Provider
6330N/A19) Local DB Index 39) Virtual Attribute
6330N/A20) Local DB VLV Index 40) Work Queue
6330N/AThe following examples demonstrates generating a batch file that corresponds to
6330N/Aan interactive session enabling the debug log. The example then demonstates
6330N/Ausing a modified batch file to disable the debug log.
6330N/A>$ </
prompt><
command>dsconfig --hostname `hostname` --port 4444 \
6330N/A --bindDN "cn=Directory Manager" --bindPassword password \
6330N/A# Session operation number: 1
6330N/Adsconfig set-log-publisher-prop \
6330N/A --publisher-name File-Based\ Debug\ Logger \
6330N/A --bindDN cn=Directory\ Manager \
6330N/A --publisher-name File-Based\ Debug\ Logger \
6330N/A --bindDN cn=Directory\ Manager \
6330N/ANotice that the original command file looks like a shell script with the bind
6330N/Apassword value replaced by asterisks. To pass the content as a batch file to
6330N/A<
command>dsconfig</
command>, strip <
literal>dsconfig</
literal> itself, and
6330N/Ainclude the bind password for the administrative user (or replace that option
6330N/Awith an alternative, such as reading the password from a file).
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//refsection[@name="env"])'/>
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//refsection[@name="exit-0-gt0"])'/>
6330N/A <
xi:
include href="common.xml" xpointer='xpointer(//refsection[@name="seeAlso"])'/>