Title: dsconfig
Author: Mark Craig
Generator: DocBook XSL-NS Stylesheets v1.76.1 <http://docbook.sf.net/>
Date: October 20, 2011
Manual: Tools Reference
Source: OpenDJ 2.5.0
Language: English
* Define some portability stuff
-----------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://bugs.debian.org/507673
http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-----------------------------------------------------------------
* set default formatting
-----------------------------------------------------------------
disable hyphenation
disable justification (adjust text to left margin only)
-----------------------------------------------------------------
* MAIN CONTENT STARTS HERE *
-----------------------------------------------------------------
\w'dsconfig [subcommand] 'u dsconfig [subcommand] [options]
This utility serves to configure a running directory server.
The dsconfig command is the primary command-line tool for viewing and editing OpenDJ configuration. When started without arguments, dsconfig prompts you for administration connection information, including the host name, administration port number, administrator bind DN and administrator password. The dsconfig command then connects securely to the directory server over the administration port. Once connected it presents you with a menu-driven interface to the server configuration.
When you pass connection information, subcommands, and additional options to dsconfig, the command runs in script mode and so is not interactive, though it can prompt you to ask whether to apply changes and whether to trust certificates (unless you use the --no-prompt and --trustAll options, respectively).
You can prepare dsconfig batch scripts by running the tool with the --commandFilePath option in interactive mode, then reading from the batch file with the --batchFile option in script mode. Batch files can be useful when you have many dsconfig commands to run and want to avoid starting the JVM and setting up a new connection for each command.
The dsconfig command categorizes directory server configuration into components, also called managed objects. Actual components often inherit from a parent component type. For example, one component is a Connection Handler. An LDAP Connection Handler is a type of Connection Handler. You configure the LDAP Connection Handler component to specify how OpenDJ directory server handles LDAP connections coming from client applications.
Configuration components have properties. For example, the LDAP Connection Handler component has properties such as listen-port and allow-start-tls. You can set the component\*(Aqs listen-port property to 389 to use the default LDAP port number. You can set the component\*(Aqs allow-start-tls property to true to permit LDAP client applications to use StartTLS. Much of the configuration you do with dsconfig involves setting component properties. The OpenDJ Configuration Reference covers all dsconfig component properties in detail, drawing on the documentation you also view when getting help through the dsconfig command.
The dsconfig command provides many subcommands. Use the following options to view help for subcommands.
See dsconfig Subcommands for details of individual subcommands.
dsconfig --help-all
Display all subcommands
dsconfig --help-core-server
Display subcommands relating to core server
dsconfig --help-database
Display subcommands relating to caching and back-ends
dsconfig --help-logging
Display subcommands relating to logging
dsconfig --help-replication
Display subcommands relating to replication
dsconfig --help-security
Display subcommands relating to authentication and authorization
dsconfig --help-user-management
Display subcommands relating to user management
For help with individual subcommands, either use dsconfig subcommand --help, or start dsconfig in interactive mode, without specifying a subcommand.
To view component properties, use the dsconfig list-properties command.
The following options are supported for all dsconfig subcommands.
--advanced
Allows the configuration of advanced components and properties
--connectTimeout {timeout}
Maximum length of time (in milliseconds) that can be taken to establish a connection. Use \*(Aq0\*(Aq to specify no time out. Default value: 30000
-h, --hostname {host}
Directory server hostname or IP address Default value: localhost.localdomain
-I, --adminUID {adminUID}
User ID of the global administrator to use to bind to the server. For the enable subcommand, if no global administrator was defined previously for any servers, the global administrator will be created using the UID provided. Default value: admin
-j, --adminPasswordFile {bindPasswordFile}
Global administrator password file
-K, --keyStorePath {keyStorePath}
Certificate key store path
-N, --certNickname {nickname}
Nickname of certificate for SSL client authentication
-o, --saslOption {name=value}
SASL bind options
-p, --port {port}
Directory server administration port number Default value: 4444
-P, --trustStorePath {trustStorePath}
-T, --trustStorePassword {trustStorePassword}
Certificate trust store PIN
-u, --keyStorePasswordFile {keyStorePasswordFile}
Certificate key store PIN file
-U, --trustStorePasswordFile {path}
Certificate trust store PIN file
-w, --adminPassword {bindPassword}
Password for the global administrator
-W, --keyStorePassword {keyStorePassword}
Certificate key store PIN
-X, --trustAll
Trust all server SSL certificates
--commandFilePath {path}
The full path to the file where the equivalent non-interactive commands will be written when this command is run in interactive mode.
--displayCommand
Display the equivalent non-interactive option on standard output when this command is run in interactive mode.
-F, --batchFilePath {batchFilePath}
Path to a batch file containing a set of dsconfig commands to be executed
-n, --no-prompt
Use non-interactive mode. If data in the command is missing, the user is not prompted and the command exits with an error.
--noPropertiesFile
No properties file will be used to get default command line argument values
--propertiesFilePath {propertiesFilePath}
Path to the file containing default property values used for command line arguments
-Q, --quiet
Do not write progress information to standard output
-s, --script-friendly
Use script-friendly mode
-v, --verbose
Use verbose mode
--version
Display version information
-?, -H, --help
Display usage information
This section covers individual dsconfig subcommands.
Subcommands let you create, list, and delete entire configuration components, and also let you get and set component properties. Subcommands therefore have names that reflect these five actions.
\h'-04'\(bu\h'+03'\c .\}
\h'-04'\(bu\h'+03'\c .\}
\h'-04'\(bu\h'+03'\c .\}
\h'-04'\(bu\h'+03'\c .\}
\h'-04'\(bu\h'+03'\c .\}
0
The command completed successfully.
> 0
An error occurred.
Much of the OpenDJ Administration Guide consists of dsconfig examples with text in between. This section therefore remains short.
The following example starts dsconfig in interactive, menu-driven mode on the default port of the current host.
.\}
$ dsconfig -h `hostname` -p 4444 -D "cn=Directory Manager" -w password >>>> OpenDJ configuration console main menu What do you want to configure? 1) Access Control Handler 23) Log Rotation Policy 2) Account Status Notification Handler 24) Matching Rule 3) Administration Connector 25) Monitor Provider 4) Alert Handler 26) Network Group 5) Attribute Syntax 27) Network Group QOS Policy 6) Backend 28) Password Generator 7) Certificate Mapper 29) Password Policy 8) Connection Handler 30) Password Storage Scheme 9) Crypto Manager 31) Password Validator 10) Debug Target 32) Plugin 11) Entry Cache 33) Plugin Root 12) Extended Operation Handler 34) Replication Domain 13) Extension 35) Replication Server 14) External Changelog Domain 36) Root DN 15) Global Configuration 37) Root DSE Backend 16) Group Implementation 38) SASL Mechanism Handler 17) Identity Mapper 39) Synchronization Provider 18) Key Manager Provider 40) Trust Manager Provider 19) Local DB Index 41) Virtual Attribute 20) Local DB VLV Index 42) Work Queue 21) Log Publisher 43) Workflow 22) Log Retention Policy 44) Workflow Element q) quit Enter choice:
The following examples demonstrates generating a batch file that corresponds to an interactive session enabling the debug log. The example then demonstates using a modified batch file to disable the debug log.
.\}
$ dsconfig --hostname `hostname` --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --commandFilePath ~/enable-debug-log.batch ... $ cat ~/enable-debug-log.batch # dsconfig session start date: 19/Oct/2011:08:52:22 +0000 # Session operation number: 1 # Operation date: 19/Oct/2011:08:55:06 +0000 dsconfig set-log-publisher-prop \e --publisher-name File-Based\e Debug\e Logger \e --set enabled:true \e --hostname opendj.example.com \e --port 4444 \e --trustStorePath /path/to/OpenDJ/config/admin-truststore \e --bindDN cn=Directory\e Manager \e --bindPassword ****** \e --no-prompt $ cp ~/enable-debug-log.batch ~/disable-debug-log.batch $ vi ~/disable-debug-log.batch $ cat ~/disable-debug-log.batch set-log-publisher-prop \e --publisher-name File-Based\e Debug\e Logger \e --set enabled:false \e --hostname opendj.example.com \e --port 4444 \e --trustStorePath /path/to/OpenDJ/config/admin-truststore \e --bindDN cn=Directory\e Manager \e --bindPassword password \e --no-prompt $ dsconfig --batchFilePath ~/disable-debug-log.batch --no-prompt set-log-publisher-prop --publisher-name File-Based Debug Logger --set enabled:false --hostname opendj.example.com --port 4444 --trustStorePath /path/to/OpenDJ/config/admin-truststore --bindDN cn=Directory Manager --bindPassword password --no-prompt $
Notice that the original command file looks like a shell script with the bind password value replaced by asterisks. To pass the content as a batch file to dsconfig, strip dsconfig itself, and include the bind password for the administrative user (or replace that option with an alternative, such as reading the password from a file).
Mark Craig
Author.
Nemanja Lukić
Author.
Copyright \(co 2011 ForgeRock AS
[IMAGE]
This work is licensed under the \m[blue]Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License\m[].
To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
Trademarks are the property of their respective owners.
UNLESS OTHERWISE MUTUALLY AGREED BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.