Provided by: python3-lib389_3.1.2+dfsg1-1_all 
NAME
dsconf
SYNOPSIS
dsconf [-h] [-v] [-j] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN] [-Z] instance
{backend,backup,chaining,config,directory_manager,logging,monitor,plugin,pwpolicy,localpwp,replication,repl,repl-
agmt,repl-winsync-agmt,repl-tasks,repl-conflict,sasl,security,schema} ...
POSITIONAL ARGUMENTS
dsconf backend
Manage database suffixes and backends
dsconf backup
Manage online backups
dsconf chaining
Manage database chaining and database links
dsconf config
Manage the server configuration
dsconf directory_manager
Manage the Directory Manager account
dsconf logging
Manage the server logs
dsconf monitor
Monitor the state of the instance
dsconf plugin
Manage plug-ins available on the server
dsconf pwpolicy
Manage the global password policy settings
dsconf localpwp
Manage the local user and subtree password policies
dsconf replication
Manage replication for a suffix
dsconf repl-agmt
Manage replication agreements
dsconf repl-winsync-agmt
Manage Winsync agreements
dsconf repl-tasks
Manage replication tasks
dsconf repl-conflict
Manage replication conflicts
dsconf sasl
Manage SASL mappings
dsconf security
Manage security settings
dsconf schema
Manage the directory schema
COMMAND 'dsconf backend'
usage: dsconf [-v] [-j] instance backend [-h]
{suffix,index,vlv-index,attr-encrypt,config,monitor,import,export,create,delete,get-tree,compact-db}
...
POSITIONAL ARGUMENTS 'dsconf backend'
dsconf backend suffix
Manage backend suffixes
dsconf backend index
Manage backend indexes
dsconf backend vlv-index
Manage VLV searches and indexes
dsconf backend attr-encrypt
Manage encrypted attribute settings
dsconf backend config
Manage the global database configuration settings
dsconf backend monitor
Displays global database or suffix monitoring information
dsconf backend import
Online import of a suffix
dsconf backend export
Online export of a suffix
dsconf backend create
Create a backend database
dsconf backend delete
Delete a backend database
dsconf backend get-tree
Display the suffix tree
dsconf backend compact-db
Compact the database and the replication changelog
COMMAND 'dsconf backend suffix'
usage: dsconf [-v] [-j] instance backend suffix [-h]
{list,get,get-dn,get-sub-suffixes,set} ...
POSITIONAL ARGUMENTS 'dsconf backend suffix'
dsconf backend suffix list
List active backends and suffixes
dsconf backend suffix get
Display the suffix entry
dsconf backend suffix get-dn
Display the DN of a backend
dsconf backend suffix get-sub-suffixes
Display sub-suffixes
dsconf backend suffix set
Set configuration settings for a specific backend
COMMAND 'dsconf backend suffix list'
usage: dsconf [-v] [-j] instance backend suffix list [-h] [--suffix]
[--skip-subsuffixes]
OPTIONS 'dsconf backend suffix list'
--suffix
Displays the suffixes without backend name
--skip-subsuffixes
Displays the list of suffixes without sub-suffixes
COMMAND 'dsconf backend suffix get'
usage: dsconf [-v] [-j] instance backend suffix get [-h] [selector]
selector
The backend database name to search for
COMMAND 'dsconf backend suffix get-dn'
usage: dsconf [-v] [-j] instance backend suffix get-dn [-h] [dn]
dn The DN to the database entry in cn=ldbm database,cn=plugins,cn=config
COMMAND 'dsconf backend suffix get-sub-suffixes'
usage: dsconf [-v] [-j] instance backend suffix get-sub-suffixes
[-h] [--suffix] be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend suffix get-sub-suffixes'
--suffix
Displays the list of suffixes without backend name
COMMAND 'dsconf backend suffix set'
usage: dsconf [-v] [-j] instance backend suffix set [-h] [--enable-readonly]
[--disable-readonly]
[--enable-orphan]
[--disable-orphan]
[--require-index]
[--ignore-index]
[--add-referral ADD_REFERRAL]
[--del-referral DEL_REFERRAL]
[--enable] [--disable]
[--cache-size CACHE_SIZE]
[--cache-memsize CACHE_MEMSIZE]
[--dncache-memsize DNCACHE_MEMSIZE]
[--state STATE]
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend suffix set'
--enable-readonly
Enables read-only mode for the backend database
--disable-readonly
Disables read-only mode for the backend database
--enable-orphan
Disconnect a subsuffix from its parent suffix.
--disable-orphan
Let the subsuffix be connected to its parent suffix.
--require-index
Allows only indexed searches
--ignore-index
Allows all searches even if they are unindexed
--add-referral ADD_REFERRAL
Adds an LDAP referral to the backend
--del-referral DEL_REFERRAL
Removes an LDAP referral from the backend
--enable
Enables the backend database
--disable
Disables the backend database
--cache-size CACHE_SIZE
Sets the maximum number of entries to keep in the entry cache
--cache-memsize CACHE_MEMSIZE
Sets the maximum size in bytes that the entry cache can grow to
--dncache-memsize DNCACHE_MEMSIZE
Sets the maximum size in bytes that the DN cache can grow to
--state STATE
Changes the backend state to: "backend", "disabled", "referral", or "referral on update"
COMMAND 'dsconf backend index'
usage: dsconf [-v] [-j] instance backend index [-h]
{add,set,get,list,delete,reindex} ...
POSITIONAL ARGUMENTS 'dsconf backend index'
dsconf backend index add
Add an index
dsconf backend index set
Update an index
dsconf backend index get
Display an index entry
dsconf backend index list
Display the index
dsconf backend index delete
Delete an index
dsconf backend index reindex
Re-index the database for a single index or all indexes
COMMAND 'dsconf backend index add'
usage: dsconf [-v] [-j] instance backend index add [-h]
--index-type INDEX_TYPE
[--matching-rule MATCHING_RULE]
[--reindex] --attr ATTR
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend index add'
--index-type INDEX_TYPE
Sets the indexing type (eq, sub, pres, or approx)
--matching-rule MATCHING_RULE
Sets the matching rule for the index
--reindex
Re-indexes the database after adding a new index
--attr ATTR
Sets the attribute name to index
COMMAND 'dsconf backend index set'
usage: dsconf [-v] [-j] instance backend index set [-h] --attr ATTR
[--add-type ADD_TYPE]
[--del-type DEL_TYPE]
[--add-mr ADD_MR]
[--del-mr DEL_MR]
[--reindex]
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend index set'
--attr ATTR
Sets the indexed attribute to update
--add-type ADD_TYPE
Adds an index type to the index (eq, sub, pres, or approx)
--del-type DEL_TYPE
Removes an index type from the index: (eq, sub, pres, or approx)
--add-mr ADD_MR
Adds a matching-rule to the index
--del-mr DEL_MR
Removes a matching-rule from the index
--reindex
Re-indexes the database after editing the index
COMMAND 'dsconf backend index get'
usage: dsconf [-v] [-j] instance backend index get [-h] --attr ATTR be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend index get'
--attr ATTR
Sets the index name to display
COMMAND 'dsconf backend index list'
usage: dsconf [-v] [-j] instance backend index list [-h] [--just-names]
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend index list'
--just-names
Displays only the names of indexed attributes
COMMAND 'dsconf backend index delete'
usage: dsconf [-v] [-j] instance backend index delete [-h] [--attr ATTR]
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend index delete'
--attr ATTR
Sets the name of the attribute to delete from the index
COMMAND 'dsconf backend index reindex'
usage: dsconf [-v] [-j] instance backend index reindex [-h] [--attr ATTR]
[--wait]
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend index reindex'
--attr ATTR
Sets the name of the attribute to re-index. Omit this argument to re-index all attributes
--wait Waits for the index task to complete and reports the status
COMMAND 'dsconf backend vlv-index'
usage: dsconf [-v] [-j] instance backend vlv-index [-h]
{list,get,add-search,edit-search,del-search,add-index,del-index,reindex}
...
POSITIONAL ARGUMENTS 'dsconf backend vlv-index'
dsconf backend vlv-index list
List VLV search and index entries
dsconf backend vlv-index get
Display a VLV search and indexes
dsconf backend vlv-index add-search
Add a VLV search entry. The search entry is the parent entry of the VLV index entries, and it
specifies the search parameters that are used to match entries for those indexes.
dsconf backend vlv-index edit-search
Update a VLV search and index
dsconf backend vlv-index del-search
Delete VLV search & index
dsconf backend vlv-index add-index
Create a VLV index under a VLV search entry (parent entry, formatter_class=CustomHelpFormatter).
The VLV index specifies the attributes to sort
dsconf backend vlv-index del-index
Delete a VLV index under a VLV search entry (parent entry)
dsconf backend vlv-index reindex
Index/re-index the VLV database index
COMMAND 'dsconf backend vlv-index list'
usage: dsconf [-v] [-j] instance backend vlv-index list [-h] [--just-names]
be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index list'
--just-names
Displays only the names of VLV search entries
COMMAND 'dsconf backend vlv-index get'
usage: dsconf [-v] [-j] instance backend vlv-index get [-h] [--name NAME]
be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index get'
--name NAME
Displays the VLV search entry and its index entries
COMMAND 'dsconf backend vlv-index add-search'
usage: dsconf instance [-v] [-j] backend vlv-index add-search
[-h] --name NAME --search-base SEARCH_BASE --search-scope SEARCH_SCOPE
--search-filter SEARCH_FILTER
be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index add-search'
--name NAME
Sets the name of the VLV search entry
--search-base SEARCH_BASE
Sets the VLV search base
--search-scope SEARCH_SCOPE
Sets the VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree search)
--search-filter SEARCH_FILTER
Sets the VLV search filter
COMMAND 'dsconf backend vlv-index edit-search'
usage: dsconf [-v] [-j] instance backend vlv-index edit-search
[-h] --name NAME [--search-base SEARCH_BASE]
[--search-scope SEARCH_SCOPE] [--search-filter SEARCH_FILTER]
[--reindex]
be_name
be_name
The backend name of the VLV index to update
OPTIONS 'dsconf backend vlv-index edit-search'
--name NAME
Sets the name of the VLV index
--search-base SEARCH_BASE
Sets the VLV search base
--search-scope SEARCH_SCOPE
Sets the VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree search)
--search-filter SEARCH_FILTER
Sets the VLV search filter
--reindex
Re-indexes all VLV database indexes
COMMAND 'dsconf backend vlv-index del-search'
usage: dsconf [-v] [-j] instance backend vlv-index del-search
[-h] --name NAME be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index del-search'
--name NAME
Sets the name of the VLV search index
COMMAND 'dsconf backend vlv-index add-index'
usage: dsconf instance [-v] [-j] backend vlv-index add-index
[-h] --parent-name PARENT_NAME --index-name INDEX_NAME --sort SORT
[--index-it]
be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index add-index'
--parent-name PARENT_NAME
Sets the name or "cn" attribute of the parent VLV search entry
--index-name INDEX_NAME
Sets the name of the new VLV index
--sort SORT
Sets a space-separated list of attributes to sort for this VLV index
--index-it
Creates the database index for this VLV index definition
COMMAND 'dsconf backend vlv-index del-index'
usage: dsconf [-v] [-j] instance backend vlv-index del-index
[-h] --parent-name PARENT_NAME [--index-name INDEX_NAME] [--sort SORT]
be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index del-index'
--parent-name PARENT_NAME
Sets the name or "cn" attribute value of the parent VLV search entry
--index-name INDEX_NAME
Sets the name of the VLV index to delete
--sort SORT
Delete a VLV index that has this vlvsort value
COMMAND 'dsconf backend vlv-index reindex'
usage: dsconf [-v] [-j] instance backend vlv-index reindex [-h]
[--index-name INDEX_NAME]
--parent-name PARENT_NAME
be_name
be_name
The backend name of the VLV index
OPTIONS 'dsconf backend vlv-index reindex'
--index-name INDEX_NAME
Sets the name of the VLV index entry to re-index. If not set, all indexes are re-indexed
--parent-name PARENT_NAME
Sets the name or "cn" attribute value of the parent VLV search entry
COMMAND 'dsconf backend attr-encrypt'
usage: dsconf [-v] [-j] instance backend attr-encrypt [-h] [--list]
[--just-names]
[--add-attr ADD_ATTR]
[--del-attr DEL_ATTR]
be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend attr-encrypt'
--list Lists all encrypted attributes in the backend
--just-names
List only the names of the encrypted attributes when used with --list
--add-attr ADD_ATTR
Enables encryption for the specified attribute
--del-attr DEL_ATTR
Disables encryption for the specified attribute
COMMAND 'dsconf backend config'
usage: dsconf [-v] [-j] instance backend config [-h] {get,set} ...
POSITIONAL ARGUMENTS 'dsconf backend config'
dsconf backend config get
Display the global database configuration
dsconf backend config set
Set the global database configuration
COMMAND 'dsconf backend config get'
usage: dsconf [-v] [-j] instance backend config get [-h]
COMMAND 'dsconf backend config set'
usage: dsconf [-v] [-j] instance backend config set [-h]
[--lookthroughlimit LOOKTHROUGHLIMIT]
[--mode MODE]
[--idlistscanlimit IDLISTSCANLIMIT]
[--directory DIRECTORY]
[--dbcachesize DBCACHESIZE]
[--logdirectory LOGDIRECTORY]
[--txn-wait TXN_WAIT]
[--checkpoint-interval CHECKPOINT_INTERVAL]
[--compactdb-interval COMPACTDB_INTERVAL]
[--compactdb-time COMPACTDB_TIME]
[--txn-batch-val TXN_BATCH_VAL]
[--txn-batch-min TXN_BATCH_MIN]
[--txn-batch-max TXN_BATCH_MAX]
[--logbufsize LOGBUFSIZE]
[--locks LOCKS]
[--locks-monitoring-enabled LOCKS_MONITORING_ENABLED]
[--locks-monitoring-threshold
LOCKS_MONITORING_THRESHOLD]
[--locks-monitoring-pause LOCKS_MONITORING_PAUSE]
[--import-cache-autosize IMPORT_CACHE_AUTOSIZE]
[--cache-autosize CACHE_AUTOSIZE]
[--cache-autosize-split CACHE_AUTOSIZE_SPLIT]
[--import-cachesize IMPORT_CACHESIZE]
[--exclude-from-export EXCLUDE_FROM_EXPORT]
[--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT]
[--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT]
[--rangelookthroughlimit RANGELOOKTHROUGHLIMIT]
[--backend-opt-level BACKEND_OPT_LEVEL]
[--deadlock-policy DEADLOCK_POLICY]
[--db-home-directory DB_HOME_DIRECTORY]
[--db-lib DB_LIB]
[--mdb-max-size MDB_MAX_SIZE]
[--mdb-max-readers MDB_MAX_READERS]
[--mdb-max-dbs MDB_MAX_DBS]
OPTIONS 'dsconf backend config set'
--lookthroughlimit LOOKTHROUGHLIMIT
Specifies the maximum number of entries that the server will check when examining candidate
entries in response to a search request
--mode MODE
Specifies the permissions used for newly created index files
--idlistscanlimit IDLISTSCANLIMIT
Specifies the number of entry IDs that are searched during a search operation
--directory DIRECTORY
Specifies absolute path to database instance
--dbcachesize DBCACHESIZE
Specifies the database index cache size in bytes
--logdirectory LOGDIRECTORY
Specifies the path to the directory that contains the database transaction logs
--txn-wait TXN_WAIT
Sets whether the server should should wait if there are no db locks available
--checkpoint-interval CHECKPOINT_INTERVAL
Sets the amount of time in seconds after which the server sends a checkpoint entry to the database
transaction log
--compactdb-interval COMPACTDB_INTERVAL
Sets the interval in seconds when the database is compacted
--compactdb-time COMPACTDB_TIME
Sets the time (HH:MM format) of day when to compact the database after the "compactdb interval"
has been reached
--txn-batch-val TXN_BATCH_VAL
Specifies how many transactions will be batched before being committed
--txn-batch-min TXN_BATCH_MIN
Controls when transactions should be flushed earliest, independently of the batch count. Requires
that txn-batch-val is set
--txn-batch-max TXN_BATCH_MAX
Controls when transactions should be flushed latest, independently of the batch count. Requires
that txn-batch-val is set)
--logbufsize LOGBUFSIZE
Specifies the transaction log information buffer size
--locks LOCKS
Sets the maximum number of database locks
--locks-monitoring-enabled LOCKS_MONITORING_ENABLED
Enables or disables monitoring of DB locks when the value crosses the percentage set with
"--locks-monitoring-threshold"
--locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD
Sets the DB lock exhaustion threshold in percentage (valid range is 70-90). When the threshold is
reached, all searches are aborted until the number of active locks decreases below the configured
threshold and/or the administrator increases the number of database locks (nsslapd-db-locks). This
threshold is a safeguard against DB corruption which might be caused by locks exhaustion.
--locks-monitoring-pause LOCKS_MONITORING_PAUSE
Sets the DB lock monitoring value in milliseconds for the amount of time that the monitoring
thread spends waiting between checks.
--import-cache-autosize IMPORT_CACHE_AUTOSIZE
Enables or disables to automatically set the size of the import cache to be used during the import
process of LDIF files
--cache-autosize CACHE_AUTOSIZE
Sets the percentage of free memory that is used in total for the database and entry cache. "0"
disables this feature.
--cache-autosize-split CACHE_AUTOSIZE_SPLIT
Sets the percentage of RAM that is used for the database cache. The remaining percentage is used
for the entry cache
--import-cachesize IMPORT_CACHESIZE
Sets the size in bytes of the database cache used in the import process.
--exclude-from-export EXCLUDE_FROM_EXPORT
List of attributes to not include during database export operations
--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
Specifies the maximum number of entries that the server will check when examining candidate
entries for a search which uses the simple paged results control
--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
Specifies the number of entry IDs that are searched, specifically, for a search operation using
the simple paged results control.
--rangelookthroughlimit RANGELOOKTHROUGHLIMIT
Specifies the maximum number of entries that the server will check when examining candidate
entries in response to a range search request.
--backend-opt-level BACKEND_OPT_LEVEL
Sets the backend optimization level for write performance (0, 1, 2, or 4). WARNING: This
parameter can trigger experimental code.
--deadlock-policy DEADLOCK_POLICY
Adjusts the backend database deadlock policy (Advanced setting)
--db-home-directory DB_HOME_DIRECTORY
Sets the directory for the database mmapped files (Advanced setting)
--db-lib DB_LIB
Sets which db lib is used. Valid values are: bdb or mdb
--mdb-max-size MDB_MAX_SIZE
Sets the lmdb database maximum size (in bytes).
--mdb-max-readers MDB_MAX_READERS
Sets the lmdb database maximum number of readers (Advanced setting)
--mdb-max-dbs MDB_MAX_DBS
Sets the lmdb database maximum number of sub databases (Advanced setting)
COMMAND 'dsconf backend monitor'
usage: dsconf [-v] [-j] instance backend monitor [-h] [--suffix SUFFIX]
OPTIONS 'dsconf backend monitor'
--suffix SUFFIX
Displays monitoring information only for the specified suffix
COMMAND 'dsconf backend import'
usage: dsconf [-v] [-j] instance backend import [-h] [-c CHUNKS_SIZE] [-E]
[-g GEN_UNIQ_ID] [-O]
[-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
[-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
[--timeout TIMEOUT]
[be_name] [ldifs ...]
be_name
The backend name or the root suffix
ldifs Specifies the filename of the input LDIF files. Multiple files are imported in the specified
order.
OPTIONS 'dsconf backend import'
-c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
The number of chunks to have during the import operation
-E, --encrypted
Encrypt attributes configured in the database for encryption
-g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
Generate a unique id. Set "none" for no unique ID to be generated and "deterministic" for the
generated unique ID to be name-based. By default, a time-based unique ID is generated. When using
the deterministic generation to have a name-based unique ID, it is also possible to specify the
namespace for the server to use. namespaceId is a string of characters in the format
00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx.
-O, --only-core
Creates only the core database attribute indexes
-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
Specifies the suffixes or the subtrees to be included
-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
Specifies the suffixes to be excluded
--timeout TIMEOUT
Set a timeout to wait for the export task. Default is 0 (no timeout)
COMMAND 'dsconf backend export'
usage: dsconf [-v] [-j] instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
[-N] [-r] [-u] [-U]
[-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
[-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
[--timeout TIMEOUT]
be_names [be_names ...]
be_names
The backend names or the root suffixes
OPTIONS 'dsconf backend export'
-l LDIF, --ldif LDIF
Sets the filename of the output LDIF file. Separate multiple file names with spaces.
-C, --use-id2entry
Uses only the main database file
-E, --encrypted
Decrypts encrypted data during export. This option is used only if database encryption is enabled.
-m, --min-base64
Sets minimal base-64 encoding
-N, --no-seq-num
Suppresses printing the sequence numbers
-r, --replication
Exports the data with information required to initialize a replica
-u, --no-dump-uniq-id
Omits exporting the unique ID
-U, --not-folded
Disables folding the output
-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
Specifies the suffixes or the subtrees to be included
-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
Specifies the suffixes to be excluded
--timeout TIMEOUT
Set a timeout to wait for the export task. Default is 0 (no timeout)
COMMAND 'dsconf backend create'
usage: dsconf [-v] [-j] instance backend create [-h]
[--parent-suffix PARENT_SUFFIX]
--suffix SUFFIX
--be-name BE_NAME
[--create-entries]
[--create-suffix]
OPTIONS 'dsconf backend create'
--parent-suffix PARENT_SUFFIX
Sets the parent suffix only if this backend is a sub-suffix
--suffix SUFFIX
Sets the database suffix DN
--be-name BE_NAME
Sets the database backend name"
--create-entries
Adds sample entries to the database
--create-suffix
Creates the suffix object entry in the database. Only suffixes using the 'dc',
COMMAND 'dsconf backend delete'
usage: dsconf [-v] [-j] instance backend delete [-h] [--do-it] be_name
be_name
The backend name or suffix
OPTIONS 'dsconf backend delete'
--do-it
Remove backend and its subsuffixes
COMMAND 'dsconf backend get-tree'
usage: dsconf [-v] [-j] instance backend get-tree [-h]
COMMAND 'dsconf backend compact-db'
usage: dsconf [-v] [-j] instance backend compact-db [-h] [--only-changelog]
[--timeout TIMEOUT]
OPTIONS 'dsconf backend compact-db'
--only-changelog
Compacts only the replication change log
--timeout TIMEOUT
Set a timeout to wait for the compaction task. Default is 0 (no timeout)
COMMAND 'dsconf backup'
usage: dsconf [-v] [-j] instance backup [-h] {create,restore} ...
POSITIONAL ARGUMENTS 'dsconf backup'
dsconf backup create
Creates a backup of the database
dsconf backup restore
Restores a database from a backup
COMMAND 'dsconf backup create'
usage: dsconf [-v] [-j] instance backup create [-h] [-t DB_TYPE]
[--timeout TIMEOUT]
[archive]
archive
Sets the directory where to store the backup files. Format: instance_name-
year_month_date_hour_minutes_seconds. Default: /var/lib/dirsrv/slapd- instance/bak/
OPTIONS 'dsconf backup create'
-t DB_TYPE, --db-type DB_TYPE
Sets the database type. Default: ldbm database
--timeout TIMEOUT
Sets the task timeout. Default is 120 seconds,
COMMAND 'dsconf backup restore'
usage: dsconf [-v] [-j] instance backup restore [-h] [-t DB_TYPE]
[--timeout TIMEOUT]
archive
archive
Set the directory that contains the backup files
OPTIONS 'dsconf backup restore'
-t DB_TYPE, --db-type DB_TYPE
Sets the database type. Default: ldbm database
--timeout TIMEOUT
Sets the task timeout. Default is 120 seconds.
COMMAND 'dsconf chaining'
usage: dsconf [-v] [-j] instance chaining [-h]
{config-get,config-set,config-get-def,config-set-def,link-create,link-get,link-set,link-delete,monitor,link-list}
...
POSITIONAL ARGUMENTS 'dsconf chaining'
dsconf chaining config-get
Display the chaining controls and server component lists
dsconf chaining config-set
Set the chaining controls and server component lists
dsconf chaining config-get-def
Display the default creation parameters for new database links
dsconf chaining config-set-def
Set the default creation parameters for new database links
dsconf chaining link-create
Create a database link to a remote server
dsconf chaining link-get
Displays chaining database links
dsconf chaining link-set
Edit a database link to a remote server
dsconf chaining link-delete
Delete a database link
dsconf chaining monitor
Display monitor information for a database chaining link
dsconf chaining link-list
List database links
COMMAND 'dsconf chaining config-get'
usage: dsconf [-v] [-j] instance chaining config-get [-h] [--avail-controls]
[--avail-comps]
OPTIONS 'dsconf chaining config-get'
--avail-controls
Lists available chaining controls
--avail-comps
Lists available chaining plugin components
COMMAND 'dsconf chaining config-set'
usage: dsconf [-v] [-j] instance chaining config-set [-h]
[--add-control ADD_CONTROL]
[--del-control DEL_CONTROL]
[--add-comp ADD_COMP]
[--del-comp DEL_COMP]
OPTIONS 'dsconf chaining config-set'
--add-control ADD_CONTROL
Adds a transmitted control OID
--del-control DEL_CONTROL
Deletes a transmitted control OID
--add-comp ADD_COMP
Adds a chaining component
--del-comp DEL_COMP
Deletes a chaining component
COMMAND 'dsconf chaining config-get-def'
usage: dsconf [-v] [-j] instance chaining config-get-def [-h]
COMMAND 'dsconf chaining config-set-def'
usage: dsconf [-v] [-j] instance chaining config-set-def [-h]
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval
ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
OPTIONS 'dsconf chaining config-set-def'
--conn-bind-limit CONN_BIND_LIMIT
Sets the maximum number of BIND connections the database link establishes with the remote server
--conn-op-limit CONN_OP_LIMIT
Sets the maximum number of LDAP connections the database link establishes with the remote server
--abandon-check-interval ABANDON_CHECK_INTERVAL
Sets the number of seconds that pass before the server checks for abandoned operations
--bind-limit BIND_LIMIT
Sets the maximum number of concurrent bind operations per TCP connection
--op-limit OP_LIMIT
Sets the maximum number of concurrent operations allowed
--proxied-auth PROXIED_AUTH
Enables or disables proxied authorization. If set to "off", the server executes bind for chained
operations as the user set in the nsMultiplexorBindDn attribute.
--conn-lifetime CONN_LIFETIME
Specifies connection lifetime in seconds. "0" keeps the connection open forever.
--bind-timeout BIND_TIMEOUT
Sets the amount of time in seconds before a bind attempt times out
--return-ref RETURN_REF
Enables or disables whether referrals are returned by scoped searches
--check-aci CHECK_ACI
Enables or disables whether the server evaluates ACIs on the database link as well as the remote
data server
--bind-attempts BIND_ATTEMPTS
Sets the number of times the server tries to bind to the remote server
--size-limit SIZE_LIMIT
Sets the maximum number of entries to return from a search operation
--time-limit TIME_LIMIT
Sets the maximum number of seconds allowed for an operation
--hop-limit HOP_LIMIT
Sets the maximum number of times a database is allowed to chain. That is the number of times a
request can be forwarded from one database link to another.
--response-delay RESPONSE_DELAY
Sets the maximum amount of time it can take a remote server to respond to an LDAP operation
request made by a database link before an error is suspected
--test-response-delay TEST_RESPONSE_DELAY
Sets the duration of the test issued by the database link to check whether the remote server is
responding
--use-starttls USE_STARTTLS
Configured that database links use StartTLS if set to "on"
COMMAND 'dsconf chaining link-create'
usage: dsconf instance [-v] [-j] chaining link-create [-h]
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
--suffix SUFFIX
--server-url SERVER_URL
--bind-mech BIND_MECH
--bind-dn BIND_DN
[--bind-pw BIND_PW]
[--bind-pw-file BIND_PW_FILE]
[--bind-pw-prompt]
CHAIN_NAME
CHAIN_NAME
The name of the database link
OPTIONS 'dsconf chaining link-create'
--conn-bind-limit CONN_BIND_LIMIT
Sets the maximum number of BIND connections the database link establishes with the remote server
--conn-op-limit CONN_OP_LIMIT
Sets the maximum number of LDAP connections the database link establishes with the remote server
--abandon-check-interval ABANDON_CHECK_INTERVAL
Sets the number of seconds that pass before the server checks for abandoned operations
--bind-limit BIND_LIMIT
Sets the maximum number of concurrent bind operations per TCP connection
--op-limit OP_LIMIT
Sets the maximum number of concurrent operations allowed
--proxied-auth PROXIED_AUTH
Enables or disables proxied authorization. If set to "off", the server executes bind for chained
operations as the user set in the nsMultiplexorBindDn attribute.
--conn-lifetime CONN_LIFETIME
Specifies connection lifetime in seconds. "0" keeps the connection open forever.
--bind-timeout BIND_TIMEOUT
Sets the amount of time in seconds before a bind attempt times out
--return-ref RETURN_REF
Enables or disables whether referrals are returned by scoped searches
--check-aci CHECK_ACI
Enables or disables whether the server evaluates ACIs on the database link as well as the remote
data server
--bind-attempts BIND_ATTEMPTS
Sets the number of times the server tries to bind to the remote server
--size-limit SIZE_LIMIT
Sets the maximum number of entries to return from a search operation
--time-limit TIME_LIMIT
Sets the maximum number of seconds allowed for an operation
--hop-limit HOP_LIMIT
Sets the maximum number of times a database is allowed to chain. That is the number of times a
request can be forwarded from one database link to another.
--response-delay RESPONSE_DELAY
Sets the maximum amount of time it can take a remote server to respond to an LDAP operation
request made by a database link before an error is suspected
--test-response-delay TEST_RESPONSE_DELAY
Sets the duration of the test issued by the database link to check whether the remote server is
responding
--use-starttls USE_STARTTLS
Configured that database links use StartTLS if set to "on"
--suffix SUFFIX
Sets the suffix managed by the database link
--server-url SERVER_URL
Sets the LDAP/LDAPS URL to the remote server
--bind-mech BIND_MECH
Sets the authentication method to use to authenticate to the remote server. Valid values:
"SIMPLE" (default), "EXTERNAL", "DIGEST-MD5", or "GSSAPI"
--bind-dn BIND_DN
Sets the DN of the administrative entry used to communicate with the remote server
--bind-pw BIND_PW
Sets the password of the administrative user
--bind-pw-file BIND_PW_FILE
File containing the password
--bind-pw-prompt
Prompt for password
COMMAND 'dsconf chaining link-get'
usage: dsconf [-v] [-j] instance chaining link-get [-h] CHAIN_NAME
CHAIN_NAME
The chaining link name or suffix to retrieve
COMMAND 'dsconf chaining link-set'
usage: dsconf instance [-v] [-j] chaining link-set [-h]
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
[--suffix SUFFIX]
[--server-url SERVER_URL]
[--bind-mech BIND_MECH]
[--bind-dn BIND_DN]
[--bind-pw BIND_PW]
[--bind-pw-file BIND_PW_FILE]
[--bind-pw-prompt]
CHAIN_NAME
CHAIN_NAME
The name of the database link
OPTIONS 'dsconf chaining link-set'
--conn-bind-limit CONN_BIND_LIMIT
Sets the maximum number of BIND connections the database link establishes with the remote server
--conn-op-limit CONN_OP_LIMIT
Sets the maximum number of LDAP connections the database link establishes with the remote server
--abandon-check-interval ABANDON_CHECK_INTERVAL
Sets the number of seconds that pass before the server checks for abandoned operations
--bind-limit BIND_LIMIT
Sets the maximum number of concurrent bind operations per TCP connection
--op-limit OP_LIMIT
Sets the maximum number of concurrent operations allowed
--proxied-auth PROXIED_AUTH
Enables or disables proxied authorization. If set to "off", the server executes bind for chained
operations as the user set in the nsMultiplexorBindDn attribute.
--conn-lifetime CONN_LIFETIME
Specifies connection lifetime in seconds. "0" keeps the connection open forever.
--bind-timeout BIND_TIMEOUT
Sets the amount of time in seconds before a bind attempt times out
--return-ref RETURN_REF
Enables or disables whether referrals are returned by scoped searches
--check-aci CHECK_ACI
Enables or disables whether the server evaluates ACIs on the database link as well as the remote
data server
--bind-attempts BIND_ATTEMPTS
Sets the number of times the server tries to bind to the remote server
--size-limit SIZE_LIMIT
Sets the maximum number of entries to return from a search operation
--time-limit TIME_LIMIT
Sets the maximum number of seconds allowed for an operation
--hop-limit HOP_LIMIT
Sets the maximum number of times a database is allowed to chain. That is the number of times a
request can be forwarded from one database link to another.
--response-delay RESPONSE_DELAY
Sets the maximum amount of time it can take a remote server to respond to an LDAP operation
request made by a database link before an error is suspected
--test-response-delay TEST_RESPONSE_DELAY
Sets the duration of the test issued by the database link to check whether the remote server is
responding
--use-starttls USE_STARTTLS
Configured that database links use StartTLS if set to "on"
--suffix SUFFIX
Sets the suffix managed by the database link
--server-url SERVER_URL
Sets the LDAP/LDAPS URL to the remote server
--bind-mech BIND_MECH
Sets the authentication method to use to authenticate to the remote server: Valid values: "SIMPLE"
(default), "EXTERNAL", "DIGEST-MD5", or "GSSAPI"
--bind-dn BIND_DN
Sets the DN of the administrative entry used to communicate with the remote server
--bind-pw BIND_PW
Sets the password of the administrative user
--bind-pw-file BIND_PW_FILE
File containing the password
--bind-pw-prompt
Prompt for password
COMMAND 'dsconf chaining link-delete'
usage: dsconf [-v] [-j] instance chaining link-delete [-h] CHAIN_NAME
CHAIN_NAME
The name of the database link
COMMAND 'dsconf chaining monitor'
usage: dsconf [-v] [-j] instance chaining monitor [-h] CHAIN_NAME
CHAIN_NAME
The name of the database link
COMMAND 'dsconf chaining link-list'
usage: dsconf [-v] [-j] instance chaining link-list [-h]
COMMAND 'dsconf config'
usage: dsconf [-v] [-j] instance config [-h] {get,add,replace,delete} ...
POSITIONAL ARGUMENTS 'dsconf config'
dsconf config get
get
dsconf config add
Add attribute value to configuration
dsconf config replace
Replace attribute value in configuration
dsconf config delete
Delete attribute value in configuration
COMMAND 'dsconf config get'
usage: dsconf [-v] [-j] instance config get [-h] [attrs ...]
attrs Configuration attribute(s) to get
COMMAND 'dsconf config add'
usage: dsconf [-v] [-j] instance config add [-h] [attr ...]
attr Configuration attribute to add
COMMAND 'dsconf config replace'
usage: dsconf [-v] [-j] instance config replace [-h] [attr ...]
attr Configuration attribute to replace
COMMAND 'dsconf config delete'
usage: dsconf [-v] [-j] instance config delete [-h] [attr ...]
attr Configuration attribute to delete
COMMAND 'dsconf directory_manager'
usage: dsconf [-v] [-j] instance directory_manager [-h] {password_change} ...
POSITIONAL ARGUMENTS 'dsconf directory_manager'
dsconf directory_manager password_change
Changes the password of the Directory Manager account
COMMAND 'dsconf directory_manager password_change'
usage: dsconf [-v] [-j] instance directory_manager password_change [-h]
COMMAND 'dsconf logging'
usage: dsconf [-v] [-j] instance logging [-h]
{access,audit,auditfail,error,security} ...
POSITIONAL ARGUMENTS 'dsconf logging'
dsconf logging access
Manage access log settings
dsconf logging audit
Manage audit log settings
dsconf logging auditfail
Manage auditfail log settings
dsconf logging error
Manage error log settings
dsconf logging security
Manage security log settings
COMMAND 'dsconf logging access'
usage: dsconf [-v] [-j] instance logging access [-h] {get,set,list-levels} ...
POSITIONAL ARGUMENTS 'dsconf logging access'
dsconf logging access get
Get access log configuration
dsconf logging access set
Set access log configuration
dsconf logging access list-levels
List all the log levels
COMMAND 'dsconf logging access get'
usage: dsconf [-v] [-j] instance logging access get [-h]
COMMAND 'dsconf logging access set'
usage: dsconf [-v] [-j] instance logging access set [-h]
{level,logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space,log-format,time-format}
...
POSITIONAL ARGUMENTS 'dsconf logging access set'
dsconf logging access set level
Set the log level
dsconf logging access set logging-enabled
Enable access logging
dsconf logging access set logging-disabled
Disable access logging
dsconf logging access set mode
Set the log file permissions. Default is 600
dsconf logging access set location
Set the log name and location
dsconf logging access set compress-enabled
Enable log compression for rotated logs
dsconf logging access set compress-disabled
Disable log compression for rotated logs
dsconf logging access set buffering-enabled
Enable log buffering
dsconf logging access set buffering-disabled
Disable log buffering
dsconf logging access set max-logs
Set the maximum number of rotated logs the server will maintain
dsconf logging access set max-logsize
Set the maximum size for a log in MB
dsconf logging access set rotation-interval
Set the interval for when a log is rotated.This works with the interval unit
dsconf logging access set rotation-interval-unit
Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
dsconf logging access set rotation-tod-enabled
Enable "time of day" rotation for expired logs
dsconf logging access set rotation-tod-disabled
Disable "time of day" rotation for expired logs
dsconf logging access set rotation-tod-hour
Set the hour when an expired log should be rotated
dsconf logging access set rotation-tod-minute
Set the minute when an expired log should be rotated
dsconf logging access set deletion-interval
Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
dsconf logging access set deletion-interval-unit
Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
dsconf logging access set max-disk-space
Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
dsconf logging access set free-disk-space
The server deletes the oldest rotated log file when the available disk space in MB is less than
this amount.
dsconf logging access set log-format
Choose between "default", "json", or "json-pretty"
dsconf logging access set time-format
Time format for JSON logging (strftime)
COMMAND 'dsconf logging access set level'
usage: dsconf [-v] [-j] instance logging access set level [-h]
levels [levels ...]
levels log level
COMMAND 'dsconf logging access set logging-enabled'
usage: dsconf [-v] [-j] instance logging access set logging-enabled [-h]
COMMAND 'dsconf logging access set logging-disabled'
usage: dsconf [-v] [-j] instance logging access set logging-disabled [-h]
COMMAND 'dsconf logging access set mode'
usage: dsconf [-v] [-j] instance logging access set mode [-h] values
values File permissions. Default is 600
COMMAND 'dsconf logging access set location'
usage: dsconf [-v] [-j] instance logging access set location [-h] values
values Log name and location
COMMAND 'dsconf logging access set compress-enabled'
usage: dsconf [-v] [-j] instance logging access set compress-enabled [-h]
COMMAND 'dsconf logging access set compress-disabled'
usage: dsconf [-v] [-j] instance logging access set compress-disabled [-h]
COMMAND 'dsconf logging access set buffering-enabled'
usage: dsconf [-v] [-j] instance logging access set buffering-enabled [-h]
COMMAND 'dsconf logging access set buffering-disabled'
usage: dsconf [-v] [-j] instance logging access set buffering-disabled [-h]
COMMAND 'dsconf logging access set max-logs'
usage: dsconf [-v] [-j] instance logging access set max-logs [-h] values
values Set the maximum number of rotated logs the server will maintain
COMMAND 'dsconf logging access set max-logsize'
usage: dsconf [-v] [-j] instance logging access set max-logsize [-h] values
values Set the maximum size for a log in MB
COMMAND 'dsconf logging access set rotation-interval'
usage: dsconf [-v] [-j] instance logging access set rotation-interval
[-h] values
values Set the interval for when a log is rotated.This works with the interval unit
COMMAND 'dsconf logging access set rotation-interval-unit'
usage: dsconf [-v] [-j] instance logging access set rotation-interval-unit
[-h] values
values Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
COMMAND 'dsconf logging access set rotation-tod-enabled'
usage: dsconf [-v] [-j] instance logging access set rotation-tod-enabled [-h]
COMMAND 'dsconf logging access set rotation-tod-disabled'
usage: dsconf [-v] [-j] instance logging access set rotation-tod-disabled [-h]
COMMAND 'dsconf logging access set rotation-tod-hour'
usage: dsconf [-v] [-j] instance logging access set rotation-tod-hour
[-h] values
values Set the hour when an expired log should be rotated
COMMAND 'dsconf logging access set rotation-tod-minute'
usage: dsconf [-v] [-j] instance logging access set rotation-tod-minute
[-h] values
values Set the minute when an expired log should be rotated
COMMAND 'dsconf logging access set deletion-interval'
usage: dsconf [-v] [-j] instance logging access set deletion-interval
[-h] values
values Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
COMMAND 'dsconf logging access set deletion-interval-unit'
usage: dsconf [-v] [-j] instance logging access set deletion-interval-unit
[-h] values
values Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
COMMAND 'dsconf logging access set max-disk-space'
usage: dsconf [-v] [-j] instance logging access set max-disk-space [-h] values
values Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
COMMAND 'dsconf logging access set free-disk-space'
usage: dsconf [-v] [-j] instance logging access set free-disk-space
[-h] values
values Set the minimum available disk space in MB that triggers the server to delete rotated log files.
COMMAND 'dsconf logging access set log-format'
usage: dsconf [-v] [-j] instance logging access set log-format [-h] values
values Choose between "default", "json", or "json-pretty"
COMMAND 'dsconf logging access set time-format'
usage: dsconf [-v] [-j] instance logging access set time-format [-h] values
values Time format for JSON logging (strftime)
COMMAND 'dsconf logging access list-levels'
usage: dsconf [-v] [-j] instance logging access list-levels [-h]
COMMAND 'dsconf logging audit'
usage: dsconf [-v] [-j] instance logging audit [-h] {get,set} ...
POSITIONAL ARGUMENTS 'dsconf logging audit'
dsconf logging audit get
Get audit log configuration
dsconf logging audit set
Set audit log configuration
COMMAND 'dsconf logging audit get'
usage: dsconf [-v] [-j] instance logging audit get [-h]
COMMAND 'dsconf logging audit set'
usage: dsconf [-v] [-j] instance logging audit set [-h]
{logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space,log-format,time-format,display-attrs}
...
POSITIONAL ARGUMENTS 'dsconf logging audit set'
dsconf logging audit set logging-enabled
Enable access logging
dsconf logging audit set logging-disabled
Disable audit logging
dsconf logging audit set mode
Set the log file permissions. Default is 600
dsconf logging audit set location
Set the log name and location
dsconf logging audit set compress-enabled
Enable log compression for rotated logs
dsconf logging audit set compress-disabled
Disable log compression for rotated logs
dsconf logging audit set buffering-enabled
Enable log buffering
dsconf logging audit set buffering-disabled
Disable log buffering
dsconf logging audit set max-logs
Set the maximum number of rotated logs the server will maintain
dsconf logging audit set max-logsize
Set the maximum size for a log in MB
dsconf logging audit set rotation-interval
Set the interval for when a log is rotated.This works with the interval unit
dsconf logging audit set rotation-interval-unit
Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
dsconf logging audit set rotation-tod-enabled
Enable "time of day" rotation for expired logs
dsconf logging audit set rotation-tod-disabled
Disable "time of day" rotation for expired logs
dsconf logging audit set rotation-tod-hour
Set the hour when an expired log should be rotated
dsconf logging audit set rotation-tod-minute
Set the minute when an expired log should be rotated
dsconf logging audit set deletion-interval
Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
dsconf logging audit set deletion-interval-unit
Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
dsconf logging audit set max-disk-space
Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
dsconf logging audit set free-disk-space
The server deletes the oldest rotated log file when the available disk space in MB is less than
this amount.
dsconf logging audit set log-format
Choose between "default", "json", or "json-pretty"
dsconf logging audit set time-format
Time format for JSON logging (strftime)
dsconf logging audit set display-attrs
Sets additional identifying attrs to display
COMMAND 'dsconf logging audit set logging-enabled'
usage: dsconf [-v] [-j] instance logging audit set logging-enabled [-h]
COMMAND 'dsconf logging audit set logging-disabled'
usage: dsconf [-v] [-j] instance logging audit set logging-disabled [-h]
COMMAND 'dsconf logging audit set mode'
usage: dsconf [-v] [-j] instance logging audit set mode [-h] values
values File permissions. Default is 600
COMMAND 'dsconf logging audit set location'
usage: dsconf [-v] [-j] instance logging audit set location [-h] values
values Log name and location
COMMAND 'dsconf logging audit set compress-enabled'
usage: dsconf [-v] [-j] instance logging audit set compress-enabled [-h]
COMMAND 'dsconf logging audit set compress-disabled'
usage: dsconf [-v] [-j] instance logging audit set compress-disabled [-h]
COMMAND 'dsconf logging audit set buffering-enabled'
usage: dsconf [-v] [-j] instance logging audit set buffering-enabled [-h]
COMMAND 'dsconf logging audit set buffering-disabled'
usage: dsconf [-v] [-j] instance logging audit set buffering-disabled [-h]
COMMAND 'dsconf logging audit set max-logs'
usage: dsconf [-v] [-j] instance logging audit set max-logs [-h] values
values Set the maximum number of rotated logs the server will maintain
COMMAND 'dsconf logging audit set max-logsize'
usage: dsconf [-v] [-j] instance logging audit set max-logsize [-h] values
values Set the maximum size for a log in MB
COMMAND 'dsconf logging audit set rotation-interval'
usage: dsconf [-v] [-j] instance logging audit set rotation-interval
[-h] values
values Set the interval for when a log is rotated.This works with the interval unit
COMMAND 'dsconf logging audit set rotation-interval-unit'
usage: dsconf [-v] [-j] instance logging audit set rotation-interval-unit
[-h] values
values Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
COMMAND 'dsconf logging audit set rotation-tod-enabled'
usage: dsconf [-v] [-j] instance logging audit set rotation-tod-enabled [-h]
COMMAND 'dsconf logging audit set rotation-tod-disabled'
usage: dsconf [-v] [-j] instance logging audit set rotation-tod-disabled [-h]
COMMAND 'dsconf logging audit set rotation-tod-hour'
usage: dsconf [-v] [-j] instance logging audit set rotation-tod-hour
[-h] values
values Set the hour when an expired log should be rotated
COMMAND 'dsconf logging audit set rotation-tod-minute'
usage: dsconf [-v] [-j] instance logging audit set rotation-tod-minute
[-h] values
values Set the minute when an expired log should be rotated
COMMAND 'dsconf logging audit set deletion-interval'
usage: dsconf [-v] [-j] instance logging audit set deletion-interval
[-h] values
values Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
COMMAND 'dsconf logging audit set deletion-interval-unit'
usage: dsconf [-v] [-j] instance logging audit set deletion-interval-unit
[-h] values
values Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
COMMAND 'dsconf logging audit set max-disk-space'
usage: dsconf [-v] [-j] instance logging audit set max-disk-space [-h] values
values Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
COMMAND 'dsconf logging audit set free-disk-space'
usage: dsconf [-v] [-j] instance logging audit set free-disk-space [-h] values
values Set the minimum available disk space in MB that triggers the server to delete rotated log files.
COMMAND 'dsconf logging audit set log-format'
usage: dsconf [-v] [-j] instance logging audit set log-format [-h] values
values Choose between "default", "json", or "json-pretty"
COMMAND 'dsconf logging audit set time-format'
usage: dsconf [-v] [-j] instance logging audit set time-format [-h] values
values Time format for JSON logging (strftime)
COMMAND 'dsconf logging audit set display-attrs'
usage: dsconf [-v] [-j] instance logging audit set display-attrs
[-h] values [values ...]
values Sets additional identifying attrs to display
COMMAND 'dsconf logging auditfail'
usage: dsconf [-v] [-j] instance logging auditfail [-h] {get,set} ...
POSITIONAL ARGUMENTS 'dsconf logging auditfail'
dsconf logging auditfail get
Get auditfail log configuration
dsconf logging auditfail set
Set auditfail log configuration
COMMAND 'dsconf logging auditfail get'
usage: dsconf [-v] [-j] instance logging auditfail get [-h]
COMMAND 'dsconf logging auditfail set'
usage: dsconf [-v] [-j] instance logging auditfail set [-h]
{logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space}
...
POSITIONAL ARGUMENTS 'dsconf logging auditfail set'
dsconf logging auditfail set logging-enabled
Enable access logging
dsconf logging auditfail set logging-disabled
Disable auditfail logging
dsconf logging auditfail set mode
Set the log file permissions. Default is 600
dsconf logging auditfail set location
Set the log name and location
dsconf logging auditfail set compress-enabled
Enable log compression for rotated logs
dsconf logging auditfail set compress-disabled
Disable log compression for rotated logs
dsconf logging auditfail set max-logs
Set the maximum number of rotated logs the server will maintain
dsconf logging auditfail set max-logsize
Set the maximum size for a log in MB
dsconf logging auditfail set rotation-interval
Set the interval for when a log is rotated.This works with the interval unit
dsconf logging auditfail set rotation-interval-unit
Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
dsconf logging auditfail set rotation-tod-enabled
Enable "time of day" rotation for expired logs
dsconf logging auditfail set rotation-tod-disabled
Disable "time of day" rotation for expired logs
dsconf logging auditfail set rotation-tod-hour
Set the hour when an expired log should be rotated
dsconf logging auditfail set rotation-tod-minute
Set the minute when an expired log should be rotated
dsconf logging auditfail set deletion-interval
Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
dsconf logging auditfail set deletion-interval-unit
Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
dsconf logging auditfail set max-disk-space
Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
dsconf logging auditfail set free-disk-space
The server deletes the oldest rotated log file when the available disk space in MB is less than
this amount.
COMMAND 'dsconf logging auditfail set logging-enabled'
usage: dsconf [-v] [-j] instance logging auditfail set logging-enabled [-h]
COMMAND 'dsconf logging auditfail set logging-disabled'
usage: dsconf [-v] [-j] instance logging auditfail set logging-disabled [-h]
COMMAND 'dsconf logging auditfail set mode'
usage: dsconf [-v] [-j] instance logging auditfail set mode [-h] values
values File permissions. Default is 600
COMMAND 'dsconf logging auditfail set location'
usage: dsconf [-v] [-j] instance logging auditfail set location [-h] values
values Log name and location
COMMAND 'dsconf logging auditfail set compress-enabled'
usage: dsconf [-v] [-j] instance logging auditfail set compress-enabled [-h]
COMMAND 'dsconf logging auditfail set compress-disabled'
usage: dsconf [-v] [-j] instance logging auditfail set compress-disabled [-h]
COMMAND 'dsconf logging auditfail set max-logs'
usage: dsconf [-v] [-j] instance logging auditfail set max-logs [-h] values
values Set the maximum number of rotated logs the server will maintain
COMMAND 'dsconf logging auditfail set max-logsize'
usage: dsconf [-v] [-j] instance logging auditfail set max-logsize [-h] values
values Set the maximum size for a log in MB
COMMAND 'dsconf logging auditfail set rotation-interval'
usage: dsconf [-v] [-j] instance logging auditfail set rotation-interval
[-h] values
values Set the interval for when a log is rotated.This works with the interval unit
COMMAND 'dsconf logging auditfail set rotation-interval-unit'
usage: dsconf [-v] [-j] instance logging auditfail set rotation-interval-unit
[-h] values
values Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
COMMAND 'dsconf logging auditfail set rotation-tod-enabled'
usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-enabled
[-h]
COMMAND 'dsconf logging auditfail set rotation-tod-disabled'
usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-disabled
[-h]
COMMAND 'dsconf logging auditfail set rotation-tod-hour'
usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-hour
[-h] values
values Set the hour when an expired log should be rotated
COMMAND 'dsconf logging auditfail set rotation-tod-minute'
usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-minute
[-h] values
values Set the minute when an expired log should be rotated
COMMAND 'dsconf logging auditfail set deletion-interval'
usage: dsconf [-v] [-j] instance logging auditfail set deletion-interval
[-h] values
values Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
COMMAND 'dsconf logging auditfail set deletion-interval-unit'
usage: dsconf [-v] [-j] instance logging auditfail set deletion-interval-unit
[-h] values
values Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
COMMAND 'dsconf logging auditfail set max-disk-space'
usage: dsconf [-v] [-j] instance logging auditfail set max-disk-space
[-h] values
values Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
COMMAND 'dsconf logging auditfail set free-disk-space'
usage: dsconf [-v] [-j] instance logging auditfail set free-disk-space
[-h] values
values Set the minimum available disk space in MB that triggers the server to delete rotated log files.
COMMAND 'dsconf logging error'
usage: dsconf [-v] [-j] instance logging error [-h] {get,set,list-levels} ...
POSITIONAL ARGUMENTS 'dsconf logging error'
dsconf logging error get
Get error log configuration
dsconf logging error set
Set error log configuration
dsconf logging error list-levels
List all the log levels
COMMAND 'dsconf logging error get'
usage: dsconf [-v] [-j] instance logging error get [-h]
COMMAND 'dsconf logging error set'
usage: dsconf [-v] [-j] instance logging error set [-h]
{level,logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space}
...
POSITIONAL ARGUMENTS 'dsconf logging error set'
dsconf logging error set level
Set the log level
dsconf logging error set logging-enabled
Enable access logging
dsconf logging error set logging-disabled
Disable error logging
dsconf logging error set mode
Set the log file permissions. Default is 600
dsconf logging error set location
Set the log name and location
dsconf logging error set compress-enabled
Enable log compression for rotated logs
dsconf logging error set compress-disabled
Disable log compression for rotated logs
dsconf logging error set buffering-enabled
Enable log buffering
dsconf logging error set buffering-disabled
Disable log buffering
dsconf logging error set max-logs
Set the maximum number of rotated logs the server will maintain
dsconf logging error set max-logsize
Set the maximum size for a log in MB
dsconf logging error set rotation-interval
Set the interval for when a log is rotated.This works with the interval unit
dsconf logging error set rotation-interval-unit
Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
dsconf logging error set rotation-tod-enabled
Enable "time of day" rotation for expired logs
dsconf logging error set rotation-tod-disabled
Disable "time of day" rotation for expired logs
dsconf logging error set rotation-tod-hour
Set the hour when an expired log should be rotated
dsconf logging error set rotation-tod-minute
Set the minute when an expired log should be rotated
dsconf logging error set deletion-interval
Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
dsconf logging error set deletion-interval-unit
Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
dsconf logging error set max-disk-space
Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
dsconf logging error set free-disk-space
The server deletes the oldest rotated log file when the available disk space in MB is less than
this amount.
COMMAND 'dsconf logging error set level'
usage: dsconf [-v] [-j] instance logging error set level [-h]
levels [levels ...]
levels log level
COMMAND 'dsconf logging error set logging-enabled'
usage: dsconf [-v] [-j] instance logging error set logging-enabled [-h]
COMMAND 'dsconf logging error set logging-disabled'
usage: dsconf [-v] [-j] instance logging error set logging-disabled [-h]
COMMAND 'dsconf logging error set mode'
usage: dsconf [-v] [-j] instance logging error set mode [-h] values
values File permissions. Default is 600
COMMAND 'dsconf logging error set location'
usage: dsconf [-v] [-j] instance logging error set location [-h] values
values Log name and location
COMMAND 'dsconf logging error set compress-enabled'
usage: dsconf [-v] [-j] instance logging error set compress-enabled [-h]
COMMAND 'dsconf logging error set compress-disabled'
usage: dsconf [-v] [-j] instance logging error set compress-disabled [-h]
COMMAND 'dsconf logging error set buffering-enabled'
usage: dsconf [-v] [-j] instance logging error set buffering-enabled [-h]
COMMAND 'dsconf logging error set buffering-disabled'
usage: dsconf [-v] [-j] instance logging error set buffering-disabled [-h]
COMMAND 'dsconf logging error set max-logs'
usage: dsconf [-v] [-j] instance logging error set max-logs [-h] values
values Set the maximum number of rotated logs the server will maintain
COMMAND 'dsconf logging error set max-logsize'
usage: dsconf [-v] [-j] instance logging error set max-logsize [-h] values
values Set the maximum size for a log in MB
COMMAND 'dsconf logging error set rotation-interval'
usage: dsconf [-v] [-j] instance logging error set rotation-interval
[-h] values
values Set the interval for when a log is rotated.This works with the interval unit
COMMAND 'dsconf logging error set rotation-interval-unit'
usage: dsconf [-v] [-j] instance logging error set rotation-interval-unit
[-h] values
values Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
COMMAND 'dsconf logging error set rotation-tod-enabled'
usage: dsconf [-v] [-j] instance logging error set rotation-tod-enabled [-h]
COMMAND 'dsconf logging error set rotation-tod-disabled'
usage: dsconf [-v] [-j] instance logging error set rotation-tod-disabled [-h]
COMMAND 'dsconf logging error set rotation-tod-hour'
usage: dsconf [-v] [-j] instance logging error set rotation-tod-hour
[-h] values
values Set the hour when an expired log should be rotated
COMMAND 'dsconf logging error set rotation-tod-minute'
usage: dsconf [-v] [-j] instance logging error set rotation-tod-minute
[-h] values
values Set the minute when an expired log should be rotated
COMMAND 'dsconf logging error set deletion-interval'
usage: dsconf [-v] [-j] instance logging error set deletion-interval
[-h] values
values Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
COMMAND 'dsconf logging error set deletion-interval-unit'
usage: dsconf [-v] [-j] instance logging error set deletion-interval-unit
[-h] values
values Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
COMMAND 'dsconf logging error set max-disk-space'
usage: dsconf [-v] [-j] instance logging error set max-disk-space [-h] values
values Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
COMMAND 'dsconf logging error set free-disk-space'
usage: dsconf [-v] [-j] instance logging error set free-disk-space [-h] values
values Set the minimum available disk space in MB that triggers the server to delete rotated log files.
COMMAND 'dsconf logging error list-levels'
usage: dsconf [-v] [-j] instance logging error list-levels [-h]
COMMAND 'dsconf logging security'
usage: dsconf [-v] [-j] instance logging security [-h] {get,set} ...
POSITIONAL ARGUMENTS 'dsconf logging security'
dsconf logging security get
Get security log configuration
dsconf logging security set
Set security log configuration
COMMAND 'dsconf logging security get'
usage: dsconf [-v] [-j] instance logging security get [-h]
COMMAND 'dsconf logging security set'
usage: dsconf [-v] [-j] instance logging security set [-h]
{logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space}
...
POSITIONAL ARGUMENTS 'dsconf logging security set'
dsconf logging security set logging-enabled
Enable access logging
dsconf logging security set logging-disabled
Disable security logging
dsconf logging security set mode
Set the log file permissions. Default is 600
dsconf logging security set location
Set the log name and location
dsconf logging security set compress-enabled
Enable log compression for rotated logs
dsconf logging security set compress-disabled
Disable log compression for rotated logs
dsconf logging security set buffering-enabled
Enable log buffering
dsconf logging security set buffering-disabled
Disable log buffering
dsconf logging security set max-logs
Set the maximum number of rotated logs the server will maintain
dsconf logging security set max-logsize
Set the maximum size for a log in MB
dsconf logging security set rotation-interval
Set the interval for when a log is rotated.This works with the interval unit
dsconf logging security set rotation-interval-unit
Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
dsconf logging security set rotation-tod-enabled
Enable "time of day" rotation for expired logs
dsconf logging security set rotation-tod-disabled
Disable "time of day" rotation for expired logs
dsconf logging security set rotation-tod-hour
Set the hour when an expired log should be rotated
dsconf logging security set rotation-tod-minute
Set the minute when an expired log should be rotated
dsconf logging security set deletion-interval
Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
dsconf logging security set deletion-interval-unit
Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
dsconf logging security set max-disk-space
Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
dsconf logging security set free-disk-space
The server deletes the oldest rotated log file when the available disk space in MB is less than
this amount.
COMMAND 'dsconf logging security set logging-enabled'
usage: dsconf [-v] [-j] instance logging security set logging-enabled [-h]
COMMAND 'dsconf logging security set logging-disabled'
usage: dsconf [-v] [-j] instance logging security set logging-disabled [-h]
COMMAND 'dsconf logging security set mode'
usage: dsconf [-v] [-j] instance logging security set mode [-h] values
values File permissions. Default is 600
COMMAND 'dsconf logging security set location'
usage: dsconf [-v] [-j] instance logging security set location [-h] values
values Log name and location
COMMAND 'dsconf logging security set compress-enabled'
usage: dsconf [-v] [-j] instance logging security set compress-enabled [-h]
COMMAND 'dsconf logging security set compress-disabled'
usage: dsconf [-v] [-j] instance logging security set compress-disabled [-h]
COMMAND 'dsconf logging security set buffering-enabled'
usage: dsconf [-v] [-j] instance logging security set buffering-enabled [-h]
COMMAND 'dsconf logging security set buffering-disabled'
usage: dsconf [-v] [-j] instance logging security set buffering-disabled [-h]
COMMAND 'dsconf logging security set max-logs'
usage: dsconf [-v] [-j] instance logging security set max-logs [-h] values
values Set the maximum number of rotated logs the server will maintain
COMMAND 'dsconf logging security set max-logsize'
usage: dsconf [-v] [-j] instance logging security set max-logsize [-h] values
values Set the maximum size for a log in MB
COMMAND 'dsconf logging security set rotation-interval'
usage: dsconf [-v] [-j] instance logging security set rotation-interval
[-h] values
values Set the interval for when a log is rotated.This works with the interval unit
COMMAND 'dsconf logging security set rotation-interval-unit'
usage: dsconf [-v] [-j] instance logging security set rotation-interval-unit
[-h] values
values Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute",
"hour", "day", "week", and "month"
COMMAND 'dsconf logging security set rotation-tod-enabled'
usage: dsconf [-v] [-j] instance logging security set rotation-tod-enabled
[-h]
COMMAND 'dsconf logging security set rotation-tod-disabled'
usage: dsconf [-v] [-j] instance logging security set rotation-tod-disabled
[-h]
COMMAND 'dsconf logging security set rotation-tod-hour'
usage: dsconf [-v] [-j] instance logging security set rotation-tod-hour
[-h] values
values Set the hour when an expired log should be rotated
COMMAND 'dsconf logging security set rotation-tod-minute'
usage: dsconf [-v] [-j] instance logging security set rotation-tod-minute
[-h] values
values Set the minute when an expired log should be rotated
COMMAND 'dsconf logging security set deletion-interval'
usage: dsconf [-v] [-j] instance logging security set deletion-interval
[-h] values
values Set the interval a rotated log should be deleted. This works with the deletion internal unit
setting
COMMAND 'dsconf logging security set deletion-interval-unit'
usage: dsconf [-v] [-j] instance logging security set deletion-interval-unit
[-h] values
values Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"
COMMAND 'dsconf logging security set max-disk-space'
usage: dsconf [-v] [-j] instance logging security set max-disk-space
[-h] values
values Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are
deleted.
COMMAND 'dsconf logging security set free-disk-space'
usage: dsconf [-v] [-j] instance logging security set free-disk-space
[-h] values
values Set the minimum available disk space in MB that triggers the server to delete rotated log files.
COMMAND 'dsconf monitor'
usage: dsconf [-v] [-j] instance monitor [-h]
{server,dbmon,ldbm,backend,snmp,chaining,disk} ...
POSITIONAL ARGUMENTS 'dsconf monitor'
dsconf monitor server
Displays the server statistics, connections, and operations
dsconf monitor dbmon
Monitor all database statistics in a single report
dsconf monitor ldbm
Monitor the LDBM statistics, such as dbcache
dsconf monitor backend
Monitor the behavior of a backend database
dsconf monitor snmp
Displays the SNMP statistics
dsconf monitor chaining
Monitor database chaining statistics
dsconf monitor disk
Displays the disk space statistics. All values are in bytes.
COMMAND 'dsconf monitor server'
usage: dsconf [-v] [-j] instance monitor server [-h]
COMMAND 'dsconf monitor dbmon'
usage: dsconf [-v] [-j] instance monitor dbmon [-h] [-b BACKENDS] [-x]
OPTIONS 'dsconf monitor dbmon'
-b BACKENDS, --backends BACKENDS
Specifies a list of space-separated backends to monitor. Default is all backends.
-x, --indexes
Shows index stats for each backend
COMMAND 'dsconf monitor ldbm'
usage: dsconf [-v] [-j] instance monitor ldbm [-h]
COMMAND 'dsconf monitor backend'
usage: dsconf [-v] [-j] instance monitor backend [-h] [backend]
backend
The optional name of the backend to monitor
COMMAND 'dsconf monitor snmp'
usage: dsconf [-v] [-j] instance monitor snmp [-h]
COMMAND 'dsconf monitor chaining'
usage: dsconf [-v] [-j] instance monitor chaining [-h] [backend]
backend
The optional name of the chaining backend to monitor
COMMAND 'dsconf monitor disk'
usage: dsconf [-v] [-j] instance monitor disk [-h]
COMMAND 'dsconf plugin'
usage: dsconf [-v] [-j] instance plugin [-h]
{memberof,automember,referential-integrity,root-dn,usn,account-policy,attr-uniq,dna,ldap-pass-through-auth,linked-attr,managed-entries,pam-pass-through-auth,retro-changelog,posix-winsync,contentsync,entryuuid,pwstorage-scheme,list,show,set}
...
POSITIONAL ARGUMENTS 'dsconf plugin'
dsconf plugin memberof
Manage and configure MemberOf plugin
dsconf plugin automember
Manage and configure Automembership plugin
dsconf plugin referential-integrity
Manage and configure Referential Integrity Postoperation plugin
dsconf plugin root-dn
Manage and configure RootDN Access Control plugin
dsconf plugin usn
Manage and configure USN plugin
dsconf plugin account-policy
Manage and configure Account Policy plugin
dsconf plugin attr-uniq
Manage and configure Attribute Uniqueness plugin
dsconf plugin dna
Manage and configure DNA plugin
dsconf plugin ldap-pass-through-auth
Manage and configure LDAP Pass-Through Authentication Plugin
dsconf plugin linked-attr
Manage and configure Linked Attributes plugin
dsconf plugin managed-entries
Manage and configure Managed Entries Plugin
dsconf plugin pam-pass-through-auth
Manage and configure Pass-Through Authentication plugins (LDAP URLs and PAM)
dsconf plugin retro-changelog
Manage and configure Retro Changelog plugin
dsconf plugin posix-winsync
Manage and configure the Posix Winsync API plugin
dsconf plugin contentsync
Manage and configure Content Sync Plugin (aka syncrepl)
dsconf plugin entryuuid
Manage and configure EntryUUID plugin
dsconf plugin pwstorage-scheme
Manage password storage scheme plugins
dsconf plugin list
List current configured (enabled and disabled) plugins
dsconf plugin show
Show the plugin data
dsconf plugin set
Edit the plugin settings
COMMAND 'dsconf plugin memberof'
usage: dsconf [-v] [-j] instance plugin memberof [-h]
{show,enable,disable,status,set,config-entry,fixup,fixup-status}
...
POSITIONAL ARGUMENTS 'dsconf plugin memberof'
dsconf plugin memberof show
Displays the plugin configuration
dsconf plugin memberof enable
Enables the plugin
dsconf plugin memberof disable
Disables the plugin
dsconf plugin memberof status
Displays the plugin status
dsconf plugin memberof set
Edit the plugin settings
dsconf plugin memberof config-entry
Manage the config entry
dsconf plugin memberof fixup
Run the fix-up task for memberOf plugin
dsconf plugin memberof fixup-status
Check the status of a fix-up task
COMMAND 'dsconf plugin memberof show'
usage: dsconf [-v] [-j] instance plugin memberof show [-h]
COMMAND 'dsconf plugin memberof enable'
usage: dsconf [-v] [-j] instance plugin memberof enable [-h]
COMMAND 'dsconf plugin memberof disable'
usage: dsconf [-v] [-j] instance plugin memberof disable [-h]
COMMAND 'dsconf plugin memberof status'
usage: dsconf [-v] [-j] instance plugin memberof status [-h]
COMMAND 'dsconf plugin memberof set'
usage: dsconf [-v] [-j] instance plugin memberof set [-h] [--attr ATTR]
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE [SCOPE ...]]
[--exclude EXCLUDE [EXCLUDE ...]]
[--autoaddoc AUTOADDOC]
[--config-entry CONFIG_ENTRY]
OPTIONS 'dsconf plugin memberof set'
--attr ATTR
Specifies the attribute in the user entry for the Directory Server to manage to reflect group
membership (memberOfAttr)
--groupattr GROUPATTR [GROUPATTR ...]
Specifies the attribute in the group entry to use to identify the DNs of group members
(memberOfGroupAttr)
--allbackends {on,off}
Specifies whether to search the local suffix for user entries on all available suffixes
(memberOfAllBackends)
--skipnested {on,off}
Specifies whether to skip nested groups or not (memberOfSkipNested)
--scope SCOPE [SCOPE ...]
Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on
(memberOfEntryScope)
--exclude EXCLUDE [EXCLUDE ...]
Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude
(memberOfEntryScopeExcludeSubtree)
--autoaddoc AUTOADDOC
If an entry does not have an object class that allows the memberOf attribute then the memberOf
plugin will automatically add the object class listed in the memberOfAutoAddOC parameter
--config-entry CONFIG_ENTRY
The value to set as nsslapd-pluginConfigArea
COMMAND 'dsconf plugin memberof config-entry'
usage: dsconf [-v] [-j] instance plugin memberof config-entry
[-h] {add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin memberof config-entry'
dsconf plugin memberof config-entry add
Add the config entry
dsconf plugin memberof config-entry set
Edit the config entry
dsconf plugin memberof config-entry show
Display the config entry
dsconf plugin memberof config-entry delete
Delete the config entry
COMMAND 'dsconf plugin memberof config-entry add'
usage: dsconf [-v] [-j] instance plugin memberof config-entry add
[-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}] [--skipnested {on,off}]
[--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]]
[--autoaddoc AUTOADDOC]
DN
DN The config entry full DN
OPTIONS 'dsconf plugin memberof config-entry add'
--attr ATTR
Specifies the attribute in the user entry for the Directory Server to manage to reflect group
membership (memberOfAttr)
--groupattr GROUPATTR [GROUPATTR ...]
Specifies the attribute in the group entry to use to identify the DNs of group members
(memberOfGroupAttr)
--allbackends {on,off}
Specifies whether to search the local suffix for user entries on all available suffixes
(memberOfAllBackends)
--skipnested {on,off}
Specifies whether to skip nested groups or not (memberOfSkipNested)
--scope SCOPE [SCOPE ...]
Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on
(memberOfEntryScope)
--exclude EXCLUDE [EXCLUDE ...]
Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude
(memberOfEntryScopeExcludeSubtree)
--autoaddoc AUTOADDOC
If an entry does not have an object class that allows the memberOf attribute then the memberOf
plugin will automatically add the object class listed in the memberOfAutoAddOC parameter
COMMAND 'dsconf plugin memberof config-entry set'
usage: dsconf [-v] [-j] instance plugin memberof config-entry set
[-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}] [--skipnested {on,off}]
[--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]]
[--autoaddoc AUTOADDOC]
DN
DN The config entry full DN
OPTIONS 'dsconf plugin memberof config-entry set'
--attr ATTR
Specifies the attribute in the user entry for the Directory Server to manage to reflect group
membership (memberOfAttr)
--groupattr GROUPATTR [GROUPATTR ...]
Specifies the attribute in the group entry to use to identify the DNs of group members
(memberOfGroupAttr)
--allbackends {on,off}
Specifies whether to search the local suffix for user entries on all available suffixes
(memberOfAllBackends)
--skipnested {on,off}
Specifies whether to skip nested groups or not (memberOfSkipNested)
--scope SCOPE [SCOPE ...]
Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on
(memberOfEntryScope)
--exclude EXCLUDE [EXCLUDE ...]
Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude
(memberOfEntryScopeExcludeSubtree)
--autoaddoc AUTOADDOC
If an entry does not have an object class that allows the memberOf attribute then the memberOf
plugin will automatically add the object class listed in the memberOfAutoAddOC parameter
COMMAND 'dsconf plugin memberof config-entry show'
usage: dsconf [-v] [-j] instance plugin memberof config-entry show [-h] DN
DN The config entry full DN
COMMAND 'dsconf plugin memberof config-entry delete'
usage: dsconf [-v] [-j] instance plugin memberof config-entry delete [-h] DN
DN The config entry full DN
COMMAND 'dsconf plugin memberof fixup'
usage: dsconf [-v] [-j] instance plugin memberof fixup [-h] [-f FILTER]
[--wait]
[--timeout TIMEOUT]
DN
DN Base DN that contains entries to fix up
OPTIONS 'dsconf plugin memberof fixup'
-f FILTER, --filter FILTER
Filter for entries to fix up. If omitted, all entries with objectclass
inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute
regenerated.
--wait Wait for the task to finish, this could take a long time
--timeout TIMEOUT
Sets the task timeout. ,Default is 0 (no timeout)
COMMAND 'dsconf plugin memberof fixup-status'
usage: dsconf [-v] [-j] instance plugin memberof fixup-status
[-h] [--dn DN] [--show-log] [--watch]
OPTIONS 'dsconf plugin memberof fixup-status'
--dn DN
The task entry's DN
--show-log
Display the task log
--watch
Watch the task's status and wait for it to finish
COMMAND 'dsconf plugin automember'
usage: dsconf [-v] [-j] instance plugin automember [-h]
{show,enable,disable,status,list,definition,fixup,fixup-status,abort-fixup}
...
POSITIONAL ARGUMENTS 'dsconf plugin automember'
dsconf plugin automember show
Displays the plugin configuration
dsconf plugin automember enable
Enables the plugin
dsconf plugin automember disable
Disables the plugin
dsconf plugin automember status
Displays the plugin status
dsconf plugin automember list
List Automembership definitions or regex rules.
dsconf plugin automember definition
Manage Automembership definition.
dsconf plugin automember fixup
Run a rebuild membership task.
dsconf plugin automember fixup-status
Check the status of a fix-up task
dsconf plugin automember abort-fixup
Abort the rebuild membership task.
COMMAND 'dsconf plugin automember show'
usage: dsconf [-v] [-j] instance plugin automember show [-h]
COMMAND 'dsconf plugin automember enable'
usage: dsconf [-v] [-j] instance plugin automember enable [-h]
COMMAND 'dsconf plugin automember disable'
usage: dsconf [-v] [-j] instance plugin automember disable [-h]
COMMAND 'dsconf plugin automember status'
usage: dsconf [-v] [-j] instance plugin automember status [-h]
COMMAND 'dsconf plugin automember list'
usage: dsconf [-v] [-j] instance plugin automember list [-h]
{definitions,regexes} ...
POSITIONAL ARGUMENTS 'dsconf plugin automember list'
dsconf plugin automember list definitions
Lists Automembership definitions.
dsconf plugin automember list regexes
List Automembership regex rules.
COMMAND 'dsconf plugin automember list definitions'
usage: dsconf [-v] [-j] instance plugin automember list definitions [-h]
COMMAND 'dsconf plugin automember list regexes'
usage: dsconf [-v] [-j] instance plugin automember list regexes [-h] DEFNAME
DEFNAME
The definition entry CN
COMMAND 'dsconf plugin automember definition'
usage: dsconf [-v] [-j] instance plugin automember definition
[-h] DEFNAME {add,set,delete,show,regex} ...
POSITIONAL ARGUMENTS 'dsconf plugin automember definition'
dsconf plugin automember definition add
Creates Automembership definition.
dsconf plugin automember definition set
Edits Automembership definition.
dsconf plugin automember definition delete
Removes Automembership definition.
dsconf plugin automember definition show
Displays Automembership definition.
dsconf plugin automember definition regex
Manage Automembership regex rules.
COMMAND 'dsconf plugin automember definition add'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME add
[-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP]
--scope SCOPE --filter FILTER
OPTIONS 'dsconf plugin automember definition add'
--grouping-attr GROUPING_ATTR
Specifies the name of the member attribute in the group entry and the attribute in the object
entry that supplies the member attribute value, in the format group_member_attr:entry_attr
(autoMemberGroupingAttr)
--default-group DEFAULT_GROUP
Sets default or fallback group to add the entry to as a member attribute in group entry
(autoMemberDefaultGroup)
--scope SCOPE
Sets the subtree DN to search for entries (autoMemberScope)
--filter FILTER
Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter)
COMMAND 'dsconf plugin automember definition set'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME set
[-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP]
--scope SCOPE --filter FILTER
OPTIONS 'dsconf plugin automember definition set'
--grouping-attr GROUPING_ATTR
Specifies the name of the member attribute in the group entry and the attribute in the object
entry that supplies the member attribute value, in the format group_member_attr:entry_attr
(autoMemberGroupingAttr)
--default-group DEFAULT_GROUP
Sets default or fallback group to add the entry to as a member attribute in group entry
(autoMemberDefaultGroup)
--scope SCOPE
Sets the subtree DN to search for entries (autoMemberScope)
--filter FILTER
Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter)
COMMAND 'dsconf plugin automember definition delete'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME delete
[-h]
COMMAND 'dsconf plugin automember definition show'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME show
[-h]
COMMAND 'dsconf plugin automember definition regex'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex
[-h] REGEXNAME {add,set,delete,show} ...
POSITIONAL ARGUMENTS 'dsconf plugin automember definition regex'
dsconf plugin automember definition regex add
Creates Automembership regex.
dsconf plugin automember definition regex set
Edits Automembership regex.
dsconf plugin automember definition regex delete
Removes Automembership regex.
dsconf plugin automember definition regex show
Displays Automembership regex.
COMMAND 'dsconf plugin automember definition regex add'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME add
[-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
[--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP
OPTIONS 'dsconf plugin automember definition regex add'
--exclusive EXCLUSIVE [EXCLUSIVE ...]
Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex)
--inclusive INCLUSIVE [INCLUSIVE ...]
Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex)
--target-group TARGET_GROUP
Sets which group to add the entry to as a member, if it meets the regular expression conditions
(autoMemberTargetGroup)
COMMAND 'dsconf plugin automember definition regex set'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME set
[-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
[--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP
OPTIONS 'dsconf plugin automember definition regex set'
--exclusive EXCLUSIVE [EXCLUSIVE ...]
Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex)
--inclusive INCLUSIVE [INCLUSIVE ...]
Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex)
--target-group TARGET_GROUP
Sets which group to add the entry to as a member, if it meets the regular expression conditions
(autoMemberTargetGroup)
COMMAND 'dsconf plugin automember definition regex delete'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME delete
[-h]
COMMAND 'dsconf plugin automember definition regex show'
usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME show
[-h]
COMMAND 'dsconf plugin automember fixup'
usage: dsconf [-v] [-j] instance plugin automember fixup [-h] -f FILTER
-s {sub,base,one}
[--cleanup] [--wait]
[--timeout TIMEOUT]
DN
DN Base DN that contains entries to fix up
OPTIONS 'dsconf plugin automember fixup'
-f FILTER, --filter FILTER
Sets the LDAP filter for entries to fix up
-s {sub,base,one}, --scope {sub,base,one}
Sets the LDAP search scope for entries to fix up
--cleanup
Clean up previous group memberships before rebuilding
--wait Wait for the task to finish, this could take a long time
--timeout TIMEOUT
Set a timeout to wait for the fixup task. Default is 0 (no timeout)
COMMAND 'dsconf plugin automember fixup-status'
usage: dsconf [-v] [-j] instance plugin automember fixup-status
[-h] [--dn DN] [--show-log] [--watch]
OPTIONS 'dsconf plugin automember fixup-status'
--dn DN
The task entry's DN
--show-log
Display the task log
--watch
Watch the task's status and wait for it to finish
COMMAND 'dsconf plugin automember abort-fixup'
usage: dsconf [-v] [-j] instance plugin automember abort-fixup
[-h] [--timeout TIMEOUT]
OPTIONS 'dsconf plugin automember abort-fixup'
--timeout TIMEOUT
Set a timeout to wait for the abort task. Default is 0 (no timeout)
COMMAND 'dsconf plugin referential-integrity'
usage: dsconf instance [-v] [-j] plugin referential-integrity
[-h] {show,enable,disable,status,set,config-entry} ...
POSITIONAL ARGUMENTS 'dsconf plugin referential-integrity'
dsconf plugin referential-integrity show
Displays the plugin configuration
dsconf plugin referential-integrity enable
Enables the plugin
dsconf plugin referential-integrity disable
Disables the plugin
dsconf plugin referential-integrity status
Displays the plugin status
dsconf plugin referential-integrity set
Edit the plugin settings
dsconf plugin referential-integrity config-entry
Manage the config entry
COMMAND 'dsconf plugin referential-integrity show'
usage: dsconf [-v] [-j] instance plugin referential-integrity show [-h]
COMMAND 'dsconf plugin referential-integrity enable'
usage: dsconf [-v] [-j] instance plugin referential-integrity enable [-h]
COMMAND 'dsconf plugin referential-integrity disable'
usage: dsconf [-v] [-j] instance plugin referential-integrity disable [-h]
COMMAND 'dsconf plugin referential-integrity status'
usage: dsconf [-v] [-j] instance plugin referential-integrity status [-h]
COMMAND 'dsconf plugin referential-integrity set'
usage: dsconf [-v] [-j] instance plugin referential-integrity set
[-h] [--update-delay UPDATE_DELAY]
[--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
[--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
[--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
[--config-entry CONFIG_ENTRY]
OPTIONS 'dsconf plugin referential-integrity set'
--update-delay UPDATE_DELAY
Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is
performed (referint-update-delay)
--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
Specifies attributes to check for and update (referint-membership-attr)
--entry-scope ENTRY_SCOPE
Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry
(nsslapd-pluginEntryScope)
--exclude-entry-scope EXCLUDE_ENTRY_SCOPE
Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user
(nsslapd-pluginExcludeEntryScope)
--container-scope CONTAINER_SCOPE
Specifies which branch the plug-in searches for the groups to which the user belongs. It only
updates groups that are under the specified container branch, and leaves all other groups not
updated (nsslapd-pluginContainerScope)
--log-file LOG_FILE
Specifies a path to the Referential integrity logfile.For example:
/var/log/dirsrv/slapd-YOUR_INSTANCE/referint
--config-entry CONFIG_ENTRY
The value to set as nsslapd-pluginConfigArea
COMMAND 'dsconf plugin referential-integrity config-entry'
usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry
[-h] {add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin referential-integrity config-entry'
dsconf plugin referential-integrity config-entry add
Add the config entry
dsconf plugin referential-integrity config-entry set
Edit the config entry
dsconf plugin referential-integrity config-entry show
Display the config entry
dsconf plugin referential-integrity config-entry delete
Delete the config entry
COMMAND 'dsconf plugin referential-integrity config-entry add'
usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry add
[-h] [--update-delay UPDATE_DELAY]
[--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
[--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
[--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
DN
DN The config entry full DN
OPTIONS 'dsconf plugin referential-integrity config-entry add'
--update-delay UPDATE_DELAY
Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is
performed (referint-update-delay)
--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
Specifies attributes to check for and update (referint-membership-attr)
--entry-scope ENTRY_SCOPE
Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry
(nsslapd-pluginEntryScope)
--exclude-entry-scope EXCLUDE_ENTRY_SCOPE
Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user
(nsslapd-pluginExcludeEntryScope)
--container-scope CONTAINER_SCOPE
Specifies which branch the plug-in searches for the groups to which the user belongs. It only
updates groups that are under the specified container branch, and leaves all other groups not
updated (nsslapd-pluginContainerScope)
--log-file LOG_FILE
Specifies a path to the Referential integrity logfile.For example:
/var/log/dirsrv/slapd-YOUR_INSTANCE/referint
COMMAND 'dsconf plugin referential-integrity config-entry set'
usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry set
[-h] [--update-delay UPDATE_DELAY]
[--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
[--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
[--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
DN
DN The config entry full DN
OPTIONS 'dsconf plugin referential-integrity config-entry set'
--update-delay UPDATE_DELAY
Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is
performed (referint-update-delay)
--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
Specifies attributes to check for and update (referint-membership-attr)
--entry-scope ENTRY_SCOPE
Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry
(nsslapd-pluginEntryScope)
--exclude-entry-scope EXCLUDE_ENTRY_SCOPE
Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user
(nsslapd-pluginExcludeEntryScope)
--container-scope CONTAINER_SCOPE
Specifies which branch the plug-in searches for the groups to which the user belongs. It only
updates groups that are under the specified container branch, and leaves all other groups not
updated (nsslapd-pluginContainerScope)
--log-file LOG_FILE
Specifies a path to the Referential integrity logfile.For example:
/var/log/dirsrv/slapd-YOUR_INSTANCE/referint
COMMAND 'dsconf plugin referential-integrity config-entry show'
usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry show
[-h] DN
DN The config entry full DN
COMMAND 'dsconf plugin referential-integrity config-entry delete'
usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry delete
[-h] DN
DN The config entry full DN
COMMAND 'dsconf plugin root-dn'
usage: dsconf [-v] [-j] instance plugin root-dn [-h]
{show,enable,disable,status,set} ...
POSITIONAL ARGUMENTS 'dsconf plugin root-dn'
dsconf plugin root-dn show
Displays the plugin configuration
dsconf plugin root-dn enable
Enables the plugin
dsconf plugin root-dn disable
Disables the plugin
dsconf plugin root-dn status
Displays the plugin status
dsconf plugin root-dn set
Edit the plugin settings
COMMAND 'dsconf plugin root-dn show'
usage: dsconf [-v] [-j] instance plugin root-dn show [-h]
COMMAND 'dsconf plugin root-dn enable'
usage: dsconf [-v] [-j] instance plugin root-dn enable [-h]
COMMAND 'dsconf plugin root-dn disable'
usage: dsconf [-v] [-j] instance plugin root-dn disable [-h]
COMMAND 'dsconf plugin root-dn status'
usage: dsconf [-v] [-j] instance plugin root-dn status [-h]
COMMAND 'dsconf plugin root-dn set'
usage: dsconf [-v] [-j] instance plugin root-dn set [-h]
[--allow-host ALLOW_HOST [ALLOW_HOST ...]]
[--deny-host DENY_HOST [DENY_HOST ...]]
[--allow-ip ALLOW_IP [ALLOW_IP ...]]
[--deny-ip DENY_IP [DENY_IP ...]]
[--open-time OPEN_TIME]
[--close-time CLOSE_TIME]
[--days-allowed DAYS_ALLOWED]
OPTIONS 'dsconf plugin root-dn set'
--allow-host ALLOW_HOST [ALLOW_HOST ...]
Sets what hosts, by fully-qualified domain name, the root user is allowed to use to access
Directory Server. Any hosts not listed are implicitly denied (rootdn-allow-host)
--deny-host DENY_HOST [DENY_HOST ...]
Sets what hosts, by fully-qualified domain name, the root user is not allowed to use to access
Directory Server. Any hosts not listed are implicitly allowed (rootdn-deny-host). If a host
address is listed in both the rootdn-allow-host and rootdn-deny-host attributes, it is denied
access.
--allow-ip ALLOW_IP [ALLOW_IP ...]
Sets what IP addresses, either IPv4 or IPv6, for machines the root user is allowed to use to
access Directory Server. Any IP addresses not listed are implicitly denied (rootdn-allow-ip)
--deny-ip DENY_IP [DENY_IP ...]
Sets what IP addresses, either IPv4 or IPv6, for machines the root user is not allowed to use to
access Directory Server. Any IP addresses not listed are implicitly allowed (rootdn-deny-ip). If
an IP address is listed in both the rootdn-allow-ip and rootdn-deny-ip attributes, it is denied
access.
--open-time OPEN_TIME
Sets part of a time period or range when the root user is allowed to access Directory Server. This
sets when the time-based access begins (rootdn-open- time)
--close-time CLOSE_TIME
Sets part of a time period or range when the root user is allowed to access Directory Server. This
sets when the time-based access ends (rootdn-close- time)
--days-allowed DAYS_ALLOWED
Sets a comma-separated list of what days the root user is allowed to use to access Directory
Server. Any days listed are implicitly denied (rootdn-days- allowed)
COMMAND 'dsconf plugin usn'
usage: dsconf [-v] [-j] instance plugin usn [-h]
{show,enable,disable,status,global,cleanup} ...
POSITIONAL ARGUMENTS 'dsconf plugin usn'
dsconf plugin usn show
Displays the plugin configuration
dsconf plugin usn enable
Enables the plugin
dsconf plugin usn disable
Disables the plugin
dsconf plugin usn status
Displays the plugin status
dsconf plugin usn global
Get or manage global USN mode (nsslapd-entryusn-global)
dsconf plugin usn cleanup
Runs the USN tombstone cleanup task
COMMAND 'dsconf plugin usn show'
usage: dsconf [-v] [-j] instance plugin usn show [-h]
COMMAND 'dsconf plugin usn enable'
usage: dsconf [-v] [-j] instance plugin usn enable [-h]
COMMAND 'dsconf plugin usn disable'
usage: dsconf [-v] [-j] instance plugin usn disable [-h]
COMMAND 'dsconf plugin usn status'
usage: dsconf [-v] [-j] instance plugin usn status [-h]
COMMAND 'dsconf plugin usn global'
usage: dsconf [-v] [-j] instance plugin usn global [-h] {on,off} ...
POSITIONAL ARGUMENTS 'dsconf plugin usn global'
dsconf plugin usn global on
Enables USN global mode
dsconf plugin usn global off
Disables USN global mode
COMMAND 'dsconf plugin usn global on'
usage: dsconf [-v] [-j] instance plugin usn global on [-h]
COMMAND 'dsconf plugin usn global off'
usage: dsconf [-v] [-j] instance plugin usn global off [-h]
COMMAND 'dsconf plugin usn cleanup'
usage: dsconf [-v] [-j] instance plugin usn cleanup [-h] (-s SUFFIX |
-n BACKEND) [-m MAX_USN]
[--timeout TIMEOUT]
OPTIONS 'dsconf plugin usn cleanup'
-s SUFFIX, --suffix SUFFIX
Sets the suffix or subtree in Directory Server to run the cleanup operation against. If the suffix
is not specified, then the back end must be specified (suffix).
-n BACKEND, --backend BACKEND
Sets the Directory Server instance back end, or database, to run the cleanup operation against. If
the back end is not specified, then the suffix must be specified. Backend instance in which USN
tombstone entries (backend)
-m MAX_USN, --max-usn MAX_USN
Sets the highest USN value to delete when removing tombstone entries (max_usn_to_delete)
--timeout TIMEOUT
Sets the cleanup task timeout. Default is 120 seconds,
COMMAND 'dsconf plugin account-policy'
usage: dsconf [-v] [-j] instance plugin account-policy [-h]
{show,enable,disable,status,set,config-entry} ...
POSITIONAL ARGUMENTS 'dsconf plugin account-policy'
dsconf plugin account-policy show
Displays the plugin configuration
dsconf plugin account-policy enable
Enables the plugin
dsconf plugin account-policy disable
Disables the plugin
dsconf plugin account-policy status
Displays the plugin status
dsconf plugin account-policy set
Edit the plugin settings
dsconf plugin account-policy config-entry
Manage the config entry
COMMAND 'dsconf plugin account-policy show'
usage: dsconf [-v] [-j] instance plugin account-policy show [-h]
COMMAND 'dsconf plugin account-policy enable'
usage: dsconf [-v] [-j] instance plugin account-policy enable [-h]
COMMAND 'dsconf plugin account-policy disable'
usage: dsconf [-v] [-j] instance plugin account-policy disable [-h]
COMMAND 'dsconf plugin account-policy status'
usage: dsconf [-v] [-j] instance plugin account-policy status [-h]
COMMAND 'dsconf plugin account-policy set'
usage: dsconf [-v] [-j] instance plugin account-policy set [-h]
[--config-entry CONFIG_ENTRY]
OPTIONS 'dsconf plugin account-policy set'
--config-entry CONFIG_ENTRY
Sets the nsslapd-pluginarg0 attribute
COMMAND 'dsconf plugin account-policy config-entry'
usage: dsconf [-v] [-j] instance plugin account-policy config-entry
[-h] {add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin account-policy config-entry'
dsconf plugin account-policy config-entry add
Add the config entry
dsconf plugin account-policy config-entry set
Edit the config entry
dsconf plugin account-policy config-entry show
Display the config entry
dsconf plugin account-policy config-entry delete
Delete the config entry
COMMAND 'dsconf plugin account-policy config-entry add'
usage: dsconf [-v] [-j] instance plugin account-policy config-entry add
[-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR]
[--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
[--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
[--state-attr STATE_ATTR] [--login-history-size LOGIN_HISTORY_SIZE]
[--check-all-state-attrs {yes,no}]
DN
DN The full DN of the config entry
OPTIONS 'dsconf plugin account-policy config-entry add'
--always-record-login {yes,no}
Sets that every entry records its last login time (alwaysRecordLogin)
--alt-state-attr ALT_STATE_ATTR
Provides a backup attribute for the server to reference to evaluate the expiration time
(altStateAttrName)
--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
Specifies the attribute to store the time of the last successful login in this attribute in the
users directory entry (alwaysRecordLoginAttr)
--limit-attr LIMIT_ATTR
Specifies the attribute within the policy to use for the account inactivation limit
(limitAttrName)
--spec-attr SPEC_ATTR
Specifies the attribute to identify which entries are account policy configuration entries
(specAttrName)
--state-attr STATE_ATTR
Specifies the primary time attribute used to evaluate an account policy (stateAttrName)
--login-history-size LOGIN_HISTORY_SIZE
Specifies the number of login timestamps to store (lastLoginHistSize) )
--check-all-state-attrs {yes,no}
Check both state and alternate state attributes for account state
COMMAND 'dsconf plugin account-policy config-entry set'
usage: dsconf [-v] [-j] instance plugin account-policy config-entry set
[-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR]
[--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
[--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
[--state-attr STATE_ATTR] [--login-history-size LOGIN_HISTORY_SIZE]
[--check-all-state-attrs {yes,no}]
DN
DN The full DN of the config entry
OPTIONS 'dsconf plugin account-policy config-entry set'
--always-record-login {yes,no}
Sets that every entry records its last login time (alwaysRecordLogin)
--alt-state-attr ALT_STATE_ATTR
Provides a backup attribute for the server to reference to evaluate the expiration time
(altStateAttrName)
--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
Specifies the attribute to store the time of the last successful login in this attribute in the
users directory entry (alwaysRecordLoginAttr)
--limit-attr LIMIT_ATTR
Specifies the attribute within the policy to use for the account inactivation limit
(limitAttrName)
--spec-attr SPEC_ATTR
Specifies the attribute to identify which entries are account policy configuration entries
(specAttrName)
--state-attr STATE_ATTR
Specifies the primary time attribute used to evaluate an account policy (stateAttrName)
--login-history-size LOGIN_HISTORY_SIZE
Specifies the number of login timestamps to store (lastLoginHistSize) )
--check-all-state-attrs {yes,no}
Check both state and alternate state attributes for account state
COMMAND 'dsconf plugin account-policy config-entry show'
usage: dsconf [-v] [-j] instance plugin account-policy config-entry show
[-h] DN
DN The full DN of the config entry
COMMAND 'dsconf plugin account-policy config-entry delete'
usage: dsconf [-v] [-j] instance plugin account-policy config-entry delete
[-h] DN
DN The full DN of the config entry
COMMAND 'dsconf plugin attr-uniq'
usage: dsconf [-v] [-j] instance plugin attr-uniq [-h]
{list,add,set,show,delete,enable,disable,status} ...
POSITIONAL ARGUMENTS 'dsconf plugin attr-uniq'
dsconf plugin attr-uniq list
Lists available plugin configs
dsconf plugin attr-uniq add
Add the config entry
dsconf plugin attr-uniq set
Edit the config entry
dsconf plugin attr-uniq show
Display the config entry
dsconf plugin attr-uniq delete
Delete the config entry
dsconf plugin attr-uniq enable
enable plugin
dsconf plugin attr-uniq disable
disable plugin
dsconf plugin attr-uniq status
display plugin status
COMMAND 'dsconf plugin attr-uniq list'
usage: dsconf [-v] [-j] instance plugin attr-uniq list [-h]
COMMAND 'dsconf plugin attr-uniq add'
usage: dsconf [-v] [-j] instance plugin attr-uniq add [-h]
[--enabled {on,off}]
[--attr-name ATTR_NAME [ATTR_NAME ...]]
[--subtree SUBTREE [SUBTREE ...]]
[--across-all-subtrees {on,off}]
[--top-entry-oc TOP_ENTRY_OC]
[--subtree-entries-oc SUBTREE_ENTRIES_OC]
NAME
NAME The name of the plug-in configuration record. (cn) You can use any string, but "attribute_name
Attribute Uniqueness" is recommended.
OPTIONS 'dsconf plugin attr-uniq add'
--enabled {on,off}
Identifies whether or not the config is enabled.
--attr-name ATTR_NAME [ATTR_NAME ...]
Sets the name of the attribute whose values must be unique. This attribute is multi-valued.
(uniqueness-attribute-name)
--subtree SUBTREE [SUBTREE ...]
Sets the DN under which the plug-in checks for uniqueness of the attributes value. This attribute
is multi-valued (uniqueness-subtrees)
--across-all-subtrees {on,off}
If enabled (on), the plug-in checks that the attribute is unique across all subtrees set. If you
set the attribute to off, uniqueness is only enforced within the subtree of the updated entry
(uniqueness-across-all-subtrees)
--top-entry-oc TOP_ENTRY_OC
Verifies that the value of the attribute set in uniqueness-attribute-name is unique in this
subtree (uniqueness-top-entry-oc)
--subtree-entries-oc SUBTREE_ENTRIES_OC
Verifies if an attribute is unique, if the entry contains the object class set in this parameter
(uniqueness-subtree-entries-oc)
COMMAND 'dsconf plugin attr-uniq set'
usage: dsconf [-v] [-j] instance plugin attr-uniq set [-h]
[--enabled {on,off}]
[--attr-name ATTR_NAME [ATTR_NAME ...]]
[--subtree SUBTREE [SUBTREE ...]]
[--across-all-subtrees {on,off}]
[--top-entry-oc TOP_ENTRY_OC]
[--subtree-entries-oc SUBTREE_ENTRIES_OC]
NAME
NAME The name of the plug-in configuration record. (cn) You can use any string, but "attribute_name
Attribute Uniqueness" is recommended.
OPTIONS 'dsconf plugin attr-uniq set'
--enabled {on,off}
Identifies whether or not the config is enabled.
--attr-name ATTR_NAME [ATTR_NAME ...]
Sets the name of the attribute whose values must be unique. This attribute is multi-valued.
(uniqueness-attribute-name)
--subtree SUBTREE [SUBTREE ...]
Sets the DN under which the plug-in checks for uniqueness of the attributes value. This attribute
is multi-valued (uniqueness-subtrees)
--across-all-subtrees {on,off}
If enabled (on), the plug-in checks that the attribute is unique across all subtrees set. If you
set the attribute to off, uniqueness is only enforced within the subtree of the updated entry
(uniqueness-across-all-subtrees)
--top-entry-oc TOP_ENTRY_OC
Verifies that the value of the attribute set in uniqueness-attribute-name is unique in this
subtree (uniqueness-top-entry-oc)
--subtree-entries-oc SUBTREE_ENTRIES_OC
Verifies if an attribute is unique, if the entry contains the object class set in this parameter
(uniqueness-subtree-entries-oc)
COMMAND 'dsconf plugin attr-uniq show'
usage: dsconf [-v] [-j] instance plugin attr-uniq show [-h] NAME
NAME The name of the plug-in configuration record
COMMAND 'dsconf plugin attr-uniq delete'
usage: dsconf [-v] [-j] instance plugin attr-uniq delete [-h] NAME
NAME The name of the plug-in configuration record
COMMAND 'dsconf plugin attr-uniq enable'
usage: dsconf [-v] [-j] instance plugin attr-uniq enable [-h] NAME
NAME The name of the plug-in configuration record
COMMAND 'dsconf plugin attr-uniq disable'
usage: dsconf [-v] [-j] instance plugin attr-uniq disable [-h] NAME
NAME The name of the plug-in configuration record
COMMAND 'dsconf plugin attr-uniq status'
usage: dsconf [-v] [-j] instance plugin attr-uniq status [-h] NAME
NAME The name of the plug-in configuration record
COMMAND 'dsconf plugin dna'
usage: dsconf [-v] [-j] instance plugin dna [-h]
{show,enable,disable,status,list,config} ...
POSITIONAL ARGUMENTS 'dsconf plugin dna'
dsconf plugin dna show
Displays the plugin configuration
dsconf plugin dna enable
Enables the plugin
dsconf plugin dna disable
Disables the plugin
dsconf plugin dna status
Displays the plugin status
dsconf plugin dna list
List available plugin configs
dsconf plugin dna config
Manage plugin configs
COMMAND 'dsconf plugin dna show'
usage: dsconf [-v] [-j] instance plugin dna show [-h]
COMMAND 'dsconf plugin dna enable'
usage: dsconf [-v] [-j] instance plugin dna enable [-h]
COMMAND 'dsconf plugin dna disable'
usage: dsconf [-v] [-j] instance plugin dna disable [-h]
COMMAND 'dsconf plugin dna status'
usage: dsconf [-v] [-j] instance plugin dna status [-h]
COMMAND 'dsconf plugin dna list'
usage: dsconf [-v] [-j] instance plugin dna list [-h]
{configs,shared-configs} ...
POSITIONAL ARGUMENTS 'dsconf plugin dna list'
dsconf plugin dna list configs
List main DNA plugin config entries
dsconf plugin dna list shared-configs
List DNA plugin shared config entries
COMMAND 'dsconf plugin dna list configs'
usage: dsconf [-v] [-j] instance plugin dna list configs [-h]
COMMAND 'dsconf plugin dna list shared-configs'
usage: dsconf [-v] [-j] instance plugin dna list shared-configs [-h] BASEDN
BASEDN The search DN
COMMAND 'dsconf plugin dna config'
usage: dsconf [-v] [-j] instance plugin dna config [-h]
NAME
{add,set,show,delete,shared-config-entry} ...
POSITIONAL ARGUMENTS 'dsconf plugin dna config'
dsconf plugin dna config add
Add the config entry
dsconf plugin dna config set
Edit the config entry
dsconf plugin dna config show
Display the config entry
dsconf plugin dna config delete
Delete the config entry
dsconf plugin dna config shared-config-entry
Manage the shared config entry
COMMAND 'dsconf plugin dna config add'
usage: dsconf [-v] [-j] instance plugin dna config NAME add
[-h] [--type TYPE [TYPE ...]] [--prefix PREFIX]
[--next-value NEXT_VALUE] [--max-value MAX_VALUE] [--interval INTERVAL]
[--magic-regen MAGIC_REGEN] [--filter FILTER] [--scope SCOPE]
[--remote-bind-dn REMOTE_BIND_DN] [--remote-bind-cred REMOTE_BIND_CRED]
[--shared-config-entry SHARED_CONFIG_ENTRY] [--threshold THRESHOLD]
[--next-range NEXT_RANGE]
[--range-request-timeout RANGE_REQUEST_TIMEOUT]
OPTIONS 'dsconf plugin dna config add'
--type TYPE [TYPE ...]
Sets which attributes have unique numbers being generated for them (dnaType)
--prefix PREFIX
Defines a prefix that can be prepended to the generated number values for the attribute
(dnaPrefix)
--next-value NEXT_VALUE
Sets the next available number which can be assigned (dnaNextValue)
--max-value MAX_VALUE
Sets the maximum value that can be assigned for the range (dnaMaxValue)
--interval INTERVAL
Sets an interval to use to increment through numbers in a range (dnaInterval)
--magic-regen MAGIC_REGEN
Sets a user-defined value that instructs the plug-in to assign a new value for the entry
(dnaMagicRegen)
--filter FILTER
Sets an LDAP filter to use to search for and identify the entries to which to apply the
distributed numeric assignment range (dnaFilter)
--scope SCOPE
Sets the base DN to search for entries to which to apply the distributed numeric assignment
(dnaScope)
--remote-bind-dn REMOTE_BIND_DN
Specifies the Replication Manager DN (dnaRemoteBindDN)
--remote-bind-cred REMOTE_BIND_CRED
Specifies the Replication Manager's password (dnaRemoteBindCred)
--shared-config-entry SHARED_CONFIG_ENTRY
Defines a shared identity that the servers can use to transfer ranges to one another
(dnaSharedCfgDN)
--threshold THRESHOLD
Sets a threshold of remaining available numbers in the range. When the server hits the threshold,
it sends a request for a new range (dnaThreshold)
--next-range NEXT_RANGE
Defines the next range to use when the current range is exhausted (dnaNextRange)
--range-request-timeout RANGE_REQUEST_TIMEOUT
Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on
a new range from one server and can request a range from a new server (dnaRangeRequestTimeout)
COMMAND 'dsconf plugin dna config set'
usage: dsconf [-v] [-j] instance plugin dna config NAME set
[-h] [--type TYPE [TYPE ...]] [--prefix PREFIX]
[--next-value NEXT_VALUE] [--max-value MAX_VALUE] [--interval INTERVAL]
[--magic-regen MAGIC_REGEN] [--filter FILTER] [--scope SCOPE]
[--remote-bind-dn REMOTE_BIND_DN] [--remote-bind-cred REMOTE_BIND_CRED]
[--shared-config-entry SHARED_CONFIG_ENTRY] [--threshold THRESHOLD]
[--next-range NEXT_RANGE]
[--range-request-timeout RANGE_REQUEST_TIMEOUT]
OPTIONS 'dsconf plugin dna config set'
--type TYPE [TYPE ...]
Sets which attributes have unique numbers being generated for them (dnaType)
--prefix PREFIX
Defines a prefix that can be prepended to the generated number values for the attribute
(dnaPrefix)
--next-value NEXT_VALUE
Sets the next available number which can be assigned (dnaNextValue)
--max-value MAX_VALUE
Sets the maximum value that can be assigned for the range (dnaMaxValue)
--interval INTERVAL
Sets an interval to use to increment through numbers in a range (dnaInterval)
--magic-regen MAGIC_REGEN
Sets a user-defined value that instructs the plug-in to assign a new value for the entry
(dnaMagicRegen)
--filter FILTER
Sets an LDAP filter to use to search for and identify the entries to which to apply the
distributed numeric assignment range (dnaFilter)
--scope SCOPE
Sets the base DN to search for entries to which to apply the distributed numeric assignment
(dnaScope)
--remote-bind-dn REMOTE_BIND_DN
Specifies the Replication Manager DN (dnaRemoteBindDN)
--remote-bind-cred REMOTE_BIND_CRED
Specifies the Replication Manager's password (dnaRemoteBindCred)
--shared-config-entry SHARED_CONFIG_ENTRY
Defines a shared identity that the servers can use to transfer ranges to one another
(dnaSharedCfgDN)
--threshold THRESHOLD
Sets a threshold of remaining available numbers in the range. When the server hits the threshold,
it sends a request for a new range (dnaThreshold)
--next-range NEXT_RANGE
Defines the next range to use when the current range is exhausted (dnaNextRange)
--range-request-timeout RANGE_REQUEST_TIMEOUT
Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on
a new range from one server and can request a range from a new server (dnaRangeRequestTimeout)
COMMAND 'dsconf plugin dna config show'
usage: dsconf [-v] [-j] instance plugin dna config NAME show [-h]
COMMAND 'dsconf plugin dna config delete'
usage: dsconf [-v] [-j] instance plugin dna config NAME delete [-h]
COMMAND 'dsconf plugin dna config shared-config-entry'
usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry
[-h] SHARED_CFG {set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin dna config shared-config-entry'
dsconf plugin dna config shared-config-entry set
Edit the shared config entry
dsconf plugin dna config shared-config-entry show
Display the shared config entry
dsconf plugin dna config shared-config-entry delete
Delete the shared config entry
COMMAND 'dsconf plugin dna config shared-config-entry set'
usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry SHARED_CFG set
[-h] [--remote-bind-method REMOTE_BIND_METHOD]
[--remote-conn-protocol REMOTE_CONN_PROTOCOL]
OPTIONS 'dsconf plugin dna config shared-config-entry set'
--remote-bind-method REMOTE_BIND_METHOD
Specifies the remote bind method "SIMPLE", "SSL" (for SSL client auth), "SASL/GSSAPI", or
"SASL/DIGEST-MD5" (dnaRemoteBindMethod)
--remote-conn-protocol REMOTE_CONN_PROTOCOL
Specifies the remote connection protocol "LDAP", or "TLS" (dnaRemoteConnProtocol)
COMMAND 'dsconf plugin dna config shared-config-entry show'
usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry SHARED_CFG show
[-h]
COMMAND 'dsconf plugin dna config shared-config-entry delete'
usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry SHARED_CFG delete
[-h]
COMMAND 'dsconf plugin ldap-pass-through-auth'
usage: dsconf instance [-v] [-j] plugin ldap-pass-through-auth
[-h] {show,enable,disable,status,list,add,modify,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin ldap-pass-through-auth'
dsconf plugin ldap-pass-through-auth show
Displays the plugin configuration
dsconf plugin ldap-pass-through-auth enable
Enables the plugin
dsconf plugin ldap-pass-through-auth disable
Disables the plugin
dsconf plugin ldap-pass-through-auth status
Displays the plugin status
dsconf plugin ldap-pass-through-auth list
Lists LDAP URLs
dsconf plugin ldap-pass-through-auth add
Add an LDAP url to the config entry
dsconf plugin ldap-pass-through-auth modify
Edit the LDAP pass through config entry
dsconf plugin ldap-pass-through-auth delete
Delete a URL from the config entry
COMMAND 'dsconf plugin ldap-pass-through-auth show'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth show [-h]
COMMAND 'dsconf plugin ldap-pass-through-auth enable'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth enable [-h]
COMMAND 'dsconf plugin ldap-pass-through-auth disable'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth disable [-h]
COMMAND 'dsconf plugin ldap-pass-through-auth status'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth status [-h]
COMMAND 'dsconf plugin ldap-pass-through-auth list'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth list [-h]
COMMAND 'dsconf plugin ldap-pass-through-auth add'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth add [-h] URL
URL The full LDAP URL in format "ldap|ldaps://authDS/subtree
maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the
rest should be specified too
COMMAND 'dsconf plugin ldap-pass-through-auth modify'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth modify
[-h] OLD_URL NEW_URL
OLD_URL
The full LDAP URL you get from the "list" command
NEW_URL
Sets the full LDAP URL in format "ldap|ldaps://authDS/subtree
maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the
rest should be specified too.
COMMAND 'dsconf plugin ldap-pass-through-auth delete'
usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth delete [-h] URL
URL The full LDAP URL you get from the "list" command
COMMAND 'dsconf plugin linked-attr'
usage: dsconf [-v] [-j] instance plugin linked-attr [-h]
{show,enable,disable,status,fixup,fixup-status,list,config}
...
POSITIONAL ARGUMENTS 'dsconf plugin linked-attr'
dsconf plugin linked-attr show
Displays the plugin configuration
dsconf plugin linked-attr enable
Enables the plugin
dsconf plugin linked-attr disable
Disables the plugin
dsconf plugin linked-attr status
Displays the plugin status
dsconf plugin linked-attr fixup
Run the fix-up task for linked attributes plugin
dsconf plugin linked-attr fixup-status
Check the status of a fix-up task
dsconf plugin linked-attr list
List available plugin configs
dsconf plugin linked-attr config
Manage plugin configs
COMMAND 'dsconf plugin linked-attr show'
usage: dsconf [-v] [-j] instance plugin linked-attr show [-h]
COMMAND 'dsconf plugin linked-attr enable'
usage: dsconf [-v] [-j] instance plugin linked-attr enable [-h]
COMMAND 'dsconf plugin linked-attr disable'
usage: dsconf [-v] [-j] instance plugin linked-attr disable [-h]
COMMAND 'dsconf plugin linked-attr status'
usage: dsconf [-v] [-j] instance plugin linked-attr status [-h]
COMMAND 'dsconf plugin linked-attr fixup'
usage: dsconf [-v] [-j] instance plugin linked-attr fixup [-h] [-l LINKDN]
[--wait]
OPTIONS 'dsconf plugin linked-attr fixup'
-l LINKDN, --linkdn LINKDN
Sets the base DN that contains entries to fix up
--wait Wait for the task to finish, this could take a long time
COMMAND 'dsconf plugin linked-attr fixup-status'
usage: dsconf [-v] [-j] instance plugin linked-attr fixup-status
[-h] [--dn DN] [--show-log] [--watch]
OPTIONS 'dsconf plugin linked-attr fixup-status'
--dn DN
The task entry's DN
--show-log
Display the task log
--watch
Watch the task's status and wait for it to finish
COMMAND 'dsconf plugin linked-attr list'
usage: dsconf [-v] [-j] instance plugin linked-attr list [-h]
COMMAND 'dsconf plugin linked-attr config'
usage: dsconf [-v] [-j] instance plugin linked-attr config [-h]
NAME
{add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin linked-attr config'
dsconf plugin linked-attr config add
Add the config entry
dsconf plugin linked-attr config set
Edit the config entry
dsconf plugin linked-attr config show
Display the config entry
dsconf plugin linked-attr config delete
Delete the config entry
COMMAND 'dsconf plugin linked-attr config add'
usage: dsconf [-v] [-j] instance plugin linked-attr config NAME add
[-h] [--link-type LINK_TYPE] [--managed-type MANAGED_TYPE]
[--link-scope LINK_SCOPE]
OPTIONS 'dsconf plugin linked-attr config add'
--link-type LINK_TYPE
Sets the attribute that is managed manually by administrators (linkType)
--managed-type MANAGED_TYPE
Sets the attribute that is created dynamically by the plugin (managedType)
--link-scope LINK_SCOPE
Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope)
COMMAND 'dsconf plugin linked-attr config set'
usage: dsconf [-v] [-j] instance plugin linked-attr config NAME set
[-h] [--link-type LINK_TYPE] [--managed-type MANAGED_TYPE]
[--link-scope LINK_SCOPE]
OPTIONS 'dsconf plugin linked-attr config set'
--link-type LINK_TYPE
Sets the attribute that is managed manually by administrators (linkType)
--managed-type MANAGED_TYPE
Sets the attribute that is created dynamically by the plugin (managedType)
--link-scope LINK_SCOPE
Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope)
COMMAND 'dsconf plugin linked-attr config show'
usage: dsconf [-v] [-j] instance plugin linked-attr config NAME show [-h]
COMMAND 'dsconf plugin linked-attr config delete'
usage: dsconf [-v] [-j] instance plugin linked-attr config NAME delete [-h]
COMMAND 'dsconf plugin managed-entries'
usage: dsconf [-v] [-j] instance plugin managed-entries [-h]
{show,enable,disable,status,set,list,config,template}
...
POSITIONAL ARGUMENTS 'dsconf plugin managed-entries'
dsconf plugin managed-entries show
Displays the plugin configuration
dsconf plugin managed-entries enable
Enables the plugin
dsconf plugin managed-entries disable
Disables the plugin
dsconf plugin managed-entries status
Displays the plugin status
dsconf plugin managed-entries set
Edit the plugin settings
dsconf plugin managed-entries list
List Managed Entries Plugin configs and templates
dsconf plugin managed-entries config
Handle Managed Entries Plugin configs
dsconf plugin managed-entries template
Handle Managed Entries Plugin templates
COMMAND 'dsconf plugin managed-entries show'
usage: dsconf [-v] [-j] instance plugin managed-entries show [-h]
COMMAND 'dsconf plugin managed-entries enable'
usage: dsconf [-v] [-j] instance plugin managed-entries enable [-h]
COMMAND 'dsconf plugin managed-entries disable'
usage: dsconf [-v] [-j] instance plugin managed-entries disable [-h]
COMMAND 'dsconf plugin managed-entries status'
usage: dsconf [-v] [-j] instance plugin managed-entries status [-h]
COMMAND 'dsconf plugin managed-entries set'
usage: dsconf [-v] [-j] instance plugin managed-entries set
[-h] [--config-area CONFIG_AREA]
OPTIONS 'dsconf plugin managed-entries set'
--config-area CONFIG_AREA
Sets the value of the nsslapd-pluginConfigArea attribute
COMMAND 'dsconf plugin managed-entries list'
usage: dsconf [-v] [-j] instance plugin managed-entries list
[-h] {configs,templates} ...
POSITIONAL ARGUMENTS 'dsconf plugin managed-entries list'
dsconf plugin managed-entries list configs
List Managed Entries Plugin configs (list config-area if specified in the main plugin entry)
dsconf plugin managed-entries list templates
List Managed Entries Plugin templates in the directory
COMMAND 'dsconf plugin managed-entries list configs'
usage: dsconf instance [-v] [-j] plugin managed-entries list configs [-h]
COMMAND 'dsconf plugin managed-entries list templates'
usage: dsconf instance [-v] [-j] plugin managed-entries list templates
[-h] [BASEDN]
BASEDN The base DN where to search the templates
COMMAND 'dsconf plugin managed-entries config'
usage: dsconf [-v] [-j] instance plugin managed-entries config
[-h] NAME {add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin managed-entries config'
dsconf plugin managed-entries config add
Add the config entry
dsconf plugin managed-entries config set
Edit the config entry
dsconf plugin managed-entries config show
Display the config entry
dsconf plugin managed-entries config delete
Delete the config entry
COMMAND 'dsconf plugin managed-entries config add'
usage: dsconf [-v] [-j] instance plugin managed-entries config NAME add
[-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE]
[--managed-template MANAGED_TEMPLATE]
OPTIONS 'dsconf plugin managed-entries config add'
--scope SCOPE
Sets the scope of the search to use to see which entries the plug-in monitors (originScope)
--filter FILTER
Sets the search filter to use to search for and identify the entries within the subtree which
require a managed entry (originFilter)
--managed-base MANAGED_BASE
Sets the subtree under which to create the managed entries (managedBase)
--managed-template MANAGED_TEMPLATE
Identifies the template entry to use to create the managed entry (managedTemplate)
COMMAND 'dsconf plugin managed-entries config set'
usage: dsconf [-v] [-j] instance plugin managed-entries config NAME set
[-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE]
[--managed-template MANAGED_TEMPLATE]
OPTIONS 'dsconf plugin managed-entries config set'
--scope SCOPE
Sets the scope of the search to use to see which entries the plug-in monitors (originScope)
--filter FILTER
Sets the search filter to use to search for and identify the entries within the subtree which
require a managed entry (originFilter)
--managed-base MANAGED_BASE
Sets the subtree under which to create the managed entries (managedBase)
--managed-template MANAGED_TEMPLATE
Identifies the template entry to use to create the managed entry (managedTemplate)
COMMAND 'dsconf plugin managed-entries config show'
usage: dsconf [-v] [-j] instance plugin managed-entries config NAME show [-h]
COMMAND 'dsconf plugin managed-entries config delete'
usage: dsconf [-v] [-j] instance plugin managed-entries config NAME delete
[-h]
COMMAND 'dsconf plugin managed-entries template'
usage: dsconf [-v] [-j] instance plugin managed-entries template
[-h] DN {add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin managed-entries template'
dsconf plugin managed-entries template add
Add the template entry
dsconf plugin managed-entries template set
Edit the template entry
dsconf plugin managed-entries template show
Display the template entry
dsconf plugin managed-entries template delete
Delete the template entry
COMMAND 'dsconf plugin managed-entries template add'
usage: dsconf [-v] [-j] instance plugin managed-entries template DN add
[-h] [--rdn-attr RDN_ATTR]
[--static-attr STATIC_ATTR [STATIC_ATTR ...]]
[--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
OPTIONS 'dsconf plugin managed-entries template add'
--rdn-attr RDN_ATTR
Sets which attribute to use as the naming attribute in the automatically- generated entry
(mepRDNAttr)
--static-attr STATIC_ATTR [STATIC_ATTR ...]
Sets an attribute with a defined value that must be added to the automatically-generated entry
(mepStaticAttr)
--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
Sets attributes in the Managed Entries template entry which must exist in the generated entry
(mepMappedAttr)
COMMAND 'dsconf plugin managed-entries template set'
usage: dsconf [-v] [-j] instance plugin managed-entries template DN set
[-h] [--rdn-attr RDN_ATTR]
[--static-attr STATIC_ATTR [STATIC_ATTR ...]]
[--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
OPTIONS 'dsconf plugin managed-entries template set'
--rdn-attr RDN_ATTR
Sets which attribute to use as the naming attribute in the automatically- generated entry
(mepRDNAttr)
--static-attr STATIC_ATTR [STATIC_ATTR ...]
Sets an attribute with a defined value that must be added to the automatically-generated entry
(mepStaticAttr)
--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
Sets attributes in the Managed Entries template entry which must exist in the generated entry
(mepMappedAttr)
COMMAND 'dsconf plugin managed-entries template show'
usage: dsconf [-v] [-j] instance plugin managed-entries template DN show [-h]
COMMAND 'dsconf plugin managed-entries template delete'
usage: dsconf [-v] [-j] instance plugin managed-entries template DN delete
[-h]
COMMAND 'dsconf plugin pam-pass-through-auth'
usage: dsconf instance [-v] [-j] plugin pam-pass-through-auth
[-h] {show,enable,disable,status,list,config} ...
POSITIONAL ARGUMENTS 'dsconf plugin pam-pass-through-auth'
dsconf plugin pam-pass-through-auth show
Displays the plugin configuration
dsconf plugin pam-pass-through-auth enable
Enables the plugin
dsconf plugin pam-pass-through-auth disable
Disables the plugin
dsconf plugin pam-pass-through-auth status
Displays the plugin status
dsconf plugin pam-pass-through-auth list
Lists PAM configurations
dsconf plugin pam-pass-through-auth config
Manage PAM PTA configurations.
COMMAND 'dsconf plugin pam-pass-through-auth show'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth show [-h]
COMMAND 'dsconf plugin pam-pass-through-auth enable'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth enable [-h]
COMMAND 'dsconf plugin pam-pass-through-auth disable'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth disable [-h]
COMMAND 'dsconf plugin pam-pass-through-auth status'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth status [-h]
COMMAND 'dsconf plugin pam-pass-through-auth list'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth list [-h]
COMMAND 'dsconf plugin pam-pass-through-auth config'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config
[-h] NAME {add,set,show,delete} ...
POSITIONAL ARGUMENTS 'dsconf plugin pam-pass-through-auth config'
dsconf plugin pam-pass-through-auth config add
Add the config entry
dsconf plugin pam-pass-through-auth config set
Edit the config entry
dsconf plugin pam-pass-through-auth config show
Display the config entry
dsconf plugin pam-pass-through-auth config delete
Delete the config entry
COMMAND 'dsconf plugin pam-pass-through-auth config add'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME add
[-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
[--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
[--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER]
[--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD]
[--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE]
OPTIONS 'dsconf plugin pam-pass-through-auth config add'
--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix)
--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
Sets a suffix to include for PAM authentication (pamIncludeSuffix)
--missing-suffix {ERROR,ALLOW,IGNORE,delete,}
Identifies how to handle missing include or exclude suffixes (pamMissingSuffix)
--filter FILTER
Sets an LDAP filter to use to identify specific entries within the included suffixes for which to
use PAM pass-through authentication (pamFilter)
--id-attr ID_ATTR
Contains the attribute name which is used to hold the PAM user ID (pamIDAttr)
--id_map_method ID_MAP_METHOD
Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod)
--fallback {TRUE,FALSE}
Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback)
--secure {TRUE,FALSE}
Requires secure TLS connection for PAM authentication (pamSecure)
--service SERVICE
Contains the service name to pass to PAM (pamService)
COMMAND 'dsconf plugin pam-pass-through-auth config set'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME set
[-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
[--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
[--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER]
[--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD]
[--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE]
OPTIONS 'dsconf plugin pam-pass-through-auth config set'
--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix)
--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
Sets a suffix to include for PAM authentication (pamIncludeSuffix)
--missing-suffix {ERROR,ALLOW,IGNORE,delete,}
Identifies how to handle missing include or exclude suffixes (pamMissingSuffix)
--filter FILTER
Sets an LDAP filter to use to identify specific entries within the included suffixes for which to
use PAM pass-through authentication (pamFilter)
--id-attr ID_ATTR
Contains the attribute name which is used to hold the PAM user ID (pamIDAttr)
--id_map_method ID_MAP_METHOD
Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod)
--fallback {TRUE,FALSE}
Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback)
--secure {TRUE,FALSE}
Requires secure TLS connection for PAM authentication (pamSecure)
--service SERVICE
Contains the service name to pass to PAM (pamService)
COMMAND 'dsconf plugin pam-pass-through-auth config show'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME show
[-h]
COMMAND 'dsconf plugin pam-pass-through-auth config delete'
usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME delete
[-h]
COMMAND 'dsconf plugin retro-changelog'
usage: dsconf [-v] [-j] instance plugin retro-changelog [-h]
{show,enable,disable,status,set,add,del} ...
POSITIONAL ARGUMENTS 'dsconf plugin retro-changelog'
dsconf plugin retro-changelog show
Displays the plugin configuration
dsconf plugin retro-changelog enable
Enables the plugin
dsconf plugin retro-changelog disable
Disables the plugin
dsconf plugin retro-changelog status
Displays the plugin status
dsconf plugin retro-changelog set
Edit the plugin
dsconf plugin retro-changelog add
Add attributes to the plugin
dsconf plugin retro-changelog del
Delete an attribute from plugin scope
COMMAND 'dsconf plugin retro-changelog show'
usage: dsconf [-v] [-j] instance plugin retro-changelog show [-h]
COMMAND 'dsconf plugin retro-changelog enable'
usage: dsconf [-v] [-j] instance plugin retro-changelog enable [-h]
COMMAND 'dsconf plugin retro-changelog disable'
usage: dsconf [-v] [-j] instance plugin retro-changelog disable [-h]
COMMAND 'dsconf plugin retro-changelog status'
usage: dsconf [-v] [-j] instance plugin retro-changelog status [-h]
COMMAND 'dsconf plugin retro-changelog set'
usage: dsconf [-v] [-j] instance plugin retro-changelog set
[-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE]
[--directory DIRECTORY] [--max-age MAX_AGE]
[--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]]
[--exclude-attrs [EXCLUDE_ATTRS ...]]
OPTIONS 'dsconf plugin retro-changelog set'
--is-replicated {TRUE,FALSE}
Sets a flag to indicate on a change in the changelog whether the change is newly made on that
server or whether it was replicated over from another server (isReplicated)
--attribute ATTRIBUTE
Specifies another Directory Server attribute which must be included in the retro changelog entries
(nsslapd-attribute)
--directory DIRECTORY
Specifies the name of the directory in which the changelog database is created the first time the
plug-in is run
--max-age MAX_AGE
Specifies the maximum age of any entry in the changelog. Used to trim the changelog
(nsslapd-changelogmaxage)
--trim-interval TRIM_INTERVAL
--exclude-suffix [EXCLUDE_SUFFIX ...]
Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix)
--exclude-attrs [EXCLUDE_ATTRS ...]
Specifies the attributes which will be excluded from the scope of the plugin
(nsslapd-exclude-attrs)
COMMAND 'dsconf plugin retro-changelog add'
usage: dsconf [-v] [-j] instance plugin retro-changelog add
[-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE]
[--directory DIRECTORY] [--max-age MAX_AGE]
[--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]]
[--exclude-attrs [EXCLUDE_ATTRS ...]]
OPTIONS 'dsconf plugin retro-changelog add'
--is-replicated {TRUE,FALSE}
Sets a flag to indicate on a change in the changelog whether the change is newly made on that
server or whether it was replicated over from another server (isReplicated)
--attribute ATTRIBUTE
Specifies another Directory Server attribute which must be included in the retro changelog entries
(nsslapd-attribute)
--directory DIRECTORY
Specifies the name of the directory in which the changelog database is created the first time the
plug-in is run
--max-age MAX_AGE
Specifies the maximum age of any entry in the changelog. Used to trim the changelog
(nsslapd-changelogmaxage)
--trim-interval TRIM_INTERVAL
--exclude-suffix [EXCLUDE_SUFFIX ...]
Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix)
--exclude-attrs [EXCLUDE_ATTRS ...]
Specifies the attributes which will be excluded from the scope of the plugin
(nsslapd-exclude-attrs)
COMMAND 'dsconf plugin retro-changelog del'
usage: dsconf [-v] [-j] instance plugin retro-changelog del
[-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE]
[--directory DIRECTORY] [--max-age MAX_AGE]
[--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]]
[--exclude-attrs [EXCLUDE_ATTRS ...]]
OPTIONS 'dsconf plugin retro-changelog del'
--is-replicated {TRUE,FALSE}
Sets a flag to indicate on a change in the changelog whether the change is newly made on that
server or whether it was replicated over from another server (isReplicated)
--attribute ATTRIBUTE
Specifies another Directory Server attribute which must be included in the retro changelog entries
(nsslapd-attribute)
--directory DIRECTORY
Specifies the name of the directory in which the changelog database is created the first time the
plug-in is run
--max-age MAX_AGE
Specifies the maximum age of any entry in the changelog. Used to trim the changelog
(nsslapd-changelogmaxage)
--trim-interval TRIM_INTERVAL
--exclude-suffix [EXCLUDE_SUFFIX ...]
Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix)
--exclude-attrs [EXCLUDE_ATTRS ...]
Specifies the attributes which will be excluded from the scope of the plugin
(nsslapd-exclude-attrs)
COMMAND 'dsconf plugin posix-winsync'
usage: dsconf [-v] [-j] instance plugin posix-winsync [-h]
{show,enable,disable,status,set,fixup} ...
POSITIONAL ARGUMENTS 'dsconf plugin posix-winsync'
dsconf plugin posix-winsync show
Displays the plugin configuration
dsconf plugin posix-winsync enable
Enables the plugin
dsconf plugin posix-winsync disable
Disables the plugin
dsconf plugin posix-winsync status
Displays the plugin status
dsconf plugin posix-winsync set
Edit the plugin settings
dsconf plugin posix-winsync fixup
Run the memberOf fix-up task to correct mismatched member and uniquemember values for synced users
COMMAND 'dsconf plugin posix-winsync show'
usage: dsconf [-v] [-j] instance plugin posix-winsync show [-h]
COMMAND 'dsconf plugin posix-winsync enable'
usage: dsconf [-v] [-j] instance plugin posix-winsync enable [-h]
COMMAND 'dsconf plugin posix-winsync disable'
usage: dsconf [-v] [-j] instance plugin posix-winsync disable [-h]
COMMAND 'dsconf plugin posix-winsync status'
usage: dsconf [-v] [-j] instance plugin posix-winsync status [-h]
COMMAND 'dsconf plugin posix-winsync set'
usage: dsconf [-v] [-j] instance plugin posix-winsync set [-h]
[--create-memberof-task {true,false}]
[--lower-case-uid {true,false}]
[--map-member-uid {true,false}]
[--map-nested-grouping {true,false}]
[--ms-sfu-schema {true,false}]
OPTIONS 'dsconf plugin posix-winsync set'
--create-memberof-task {true,false}
Sets whether to run the memberUID fix-up task immediately after a sync run in order to update
group memberships for synced users (posixWinsyncCreateMemberOfTask)
--lower-case-uid {true,false}
Sets whether to store (and, if necessary, convert) the UID value in the memberUID attribute in
lower case.(posixWinsyncLowerCaseUID)
--map-member-uid {true,false}
Sets whether to map the memberUID attribute in an Active Directory group to the uniqueMember
attribute in a Directory Server group (posixWinsyncMapMemberUID)
--map-nested-grouping {true,false}
Manages if nested groups are updated when memberUID attributes in an Active Directory POSIX group
change (posixWinsyncMapNestedGrouping)
--ms-sfu-schema {true,false}
Sets whether to the older Microsoft System Services for Unix 3.0 (msSFU30) schema when syncing
Posix attributes from Active Directory (posixWinsyncMsSFUSchema)
COMMAND 'dsconf plugin posix-winsync fixup'
usage: dsconf [-v] [-j] instance plugin posix-winsync fixup
[-h] [-f FILTER] [--timeout TIMEOUT] DN
DN Set the base DN that contains entries to fix up
OPTIONS 'dsconf plugin posix-winsync fixup'
-f FILTER, --filter FILTER
Filter for entries to fix up. If omitted, all entries with objectclass
inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute
regenerated.
--timeout TIMEOUT
Set a timeout to wait for the fixup task. Default is 120 seconds
COMMAND 'dsconf plugin contentsync'
usage: dsconf [-v] [-j] instance plugin contentsync [-h]
{show,enable,disable,status,set,add} ...
POSITIONAL ARGUMENTS 'dsconf plugin contentsync'
dsconf plugin contentsync show
Displays the plugin configuration
dsconf plugin contentsync enable
Enables the plugin
dsconf plugin contentsync disable
Disables the plugin
dsconf plugin contentsync status
Displays the plugin status
dsconf plugin contentsync set
Edit the plugin settings
dsconf plugin contentsync add
Add attributes to the plugin
COMMAND 'dsconf plugin contentsync show'
usage: dsconf [-v] [-j] instance plugin contentsync show [-h]
COMMAND 'dsconf plugin contentsync enable'
usage: dsconf [-v] [-j] instance plugin contentsync enable [-h]
COMMAND 'dsconf plugin contentsync disable'
usage: dsconf [-v] [-j] instance plugin contentsync disable [-h]
COMMAND 'dsconf plugin contentsync status'
usage: dsconf [-v] [-j] instance plugin contentsync status [-h]
COMMAND 'dsconf plugin contentsync set'
usage: dsconf [-v] [-j] instance plugin contentsync set [-h]
[--allow-openldap {on,off}]
OPTIONS 'dsconf plugin contentsync set'
--allow-openldap {on,off}
Allows openldap servers to act as read only consumers of this server via syncrepl
COMMAND 'dsconf plugin contentsync add'
usage: dsconf [-v] [-j] instance plugin contentsync add [-h]
[--allow-openldap {on,off}]
OPTIONS 'dsconf plugin contentsync add'
--allow-openldap {on,off}
Allows openldap servers to act as read only consumers of this server via syncrepl
COMMAND 'dsconf plugin entryuuid'
usage: dsconf [-v] [-j] instance plugin entryuuid [-h]
{show,enable,disable,status,fixup,fixup-status} ...
POSITIONAL ARGUMENTS 'dsconf plugin entryuuid'
dsconf plugin entryuuid show
Displays the plugin configuration
dsconf plugin entryuuid enable
Enables the plugin
dsconf plugin entryuuid disable
Disables the plugin
dsconf plugin entryuuid status
Displays the plugin status
dsconf plugin entryuuid fixup
Run the fix-up task for EntryUUID plugin
dsconf plugin entryuuid fixup-status
Check the status of a fix-up task
COMMAND 'dsconf plugin entryuuid show'
usage: dsconf [-v] [-j] instance plugin entryuuid show [-h]
COMMAND 'dsconf plugin entryuuid enable'
usage: dsconf [-v] [-j] instance plugin entryuuid enable [-h]
COMMAND 'dsconf plugin entryuuid disable'
usage: dsconf [-v] [-j] instance plugin entryuuid disable [-h]
COMMAND 'dsconf plugin entryuuid status'
usage: dsconf [-v] [-j] instance plugin entryuuid status [-h]
COMMAND 'dsconf plugin entryuuid fixup'
usage: dsconf [-v] [-j] instance plugin entryuuid fixup [-h] [-f FILTER]
[--wait]
[--timeout TIMEOUT]
DN
DN Base DN that contains entries to fix up
OPTIONS 'dsconf plugin entryuuid fixup'
-f FILTER, --filter FILTER
Filter for entries to fix up. If omitted, all entries under base DNwill have their EntryUUID
attribute regenerated if not present.
--wait Wait for the task to finish, this could take a long time
--timeout TIMEOUT
Sets the task timeout. Default is 0 (no timeout)
COMMAND 'dsconf plugin entryuuid fixup-status'
usage: dsconf [-v] [-j] instance plugin entryuuid fixup-status
[-h] [--dn DN] [--show-log] [--watch]
OPTIONS 'dsconf plugin entryuuid fixup-status'
--dn DN
The task entry's DN
--show-log
Display the task log
--watch
Watch the task's status and wait for it to finish
COMMAND 'dsconf plugin pwstorage-scheme'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme [-h]
{pbkdf2,pbkdf2-sha1,pbkdf2-sha256,pbkdf2-sha512}
...
POSITIONAL ARGUMENTS 'dsconf plugin pwstorage-scheme'
dsconf plugin pwstorage-scheme pbkdf2
Manage PBKDF2 scheme
dsconf plugin pwstorage-scheme pbkdf2-sha1
Manage PBKDF2-SHA1 scheme
dsconf plugin pwstorage-scheme pbkdf2-sha256
Manage PBKDF2-SHA256 scheme
dsconf plugin pwstorage-scheme pbkdf2-sha512
Manage PBKDF2-SHA512 scheme
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2
[-h] {get-num-iterations,set-num-iterations} ...
POSITIONAL ARGUMENTS 'dsconf plugin pwstorage-scheme pbkdf2'
dsconf plugin pwstorage-scheme pbkdf2 get-num-iterations
Get number of iterations
dsconf plugin pwstorage-scheme pbkdf2 set-num-iterations
Set number of iterations
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2 get-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2 get-num-iterations
[-h]
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2 set-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2 set-num-iterations
[-h] iterations
iterations
Number of iterations (10,000-10,000,000)
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha1'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha1
[-h] {get-num-iterations,set-num-iterations} ...
POSITIONAL ARGUMENTS 'dsconf plugin pwstorage-scheme pbkdf2-sha1'
dsconf plugin pwstorage-scheme pbkdf2-sha1 get-num-iterations
Get number of iterations
dsconf plugin pwstorage-scheme pbkdf2-sha1 set-num-iterations
Set number of iterations
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha1 get-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha1 get-num-iterations
[-h]
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha1 set-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha1 set-num-iterations
[-h] iterations
iterations
Number of iterations (10,000-10,000,000)
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha256'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha256
[-h] {get-num-iterations,set-num-iterations} ...
POSITIONAL ARGUMENTS 'dsconf plugin pwstorage-scheme pbkdf2-sha256'
dsconf plugin pwstorage-scheme pbkdf2-sha256 get-num-iterations
Get number of iterations
dsconf plugin pwstorage-scheme pbkdf2-sha256 set-num-iterations
Set number of iterations
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha256 get-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha256 get-num-iterations
[-h]
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha256 set-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha256 set-num-iterations
[-h] iterations
iterations
Number of iterations (10,000-10,000,000)
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha512'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha512
[-h] {get-num-iterations,set-num-iterations} ...
POSITIONAL ARGUMENTS 'dsconf plugin pwstorage-scheme pbkdf2-sha512'
dsconf plugin pwstorage-scheme pbkdf2-sha512 get-num-iterations
Get number of iterations
dsconf plugin pwstorage-scheme pbkdf2-sha512 set-num-iterations
Set number of iterations
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha512 get-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha512 get-num-iterations
[-h]
COMMAND 'dsconf plugin pwstorage-scheme pbkdf2-sha512 set-num-iterations'
usage: dsconf [-v] [-j] instance plugin pwstorage-scheme pbkdf2-sha512 set-num-iterations
[-h] iterations
iterations
Number of iterations (10,000-10,000,000)
COMMAND 'dsconf plugin list'
usage: dsconf [-v] [-j] instance plugin list [-h]
COMMAND 'dsconf plugin show'
usage: dsconf [-v] [-j] instance plugin show [-h] [selector]
selector
The plugin to search for
COMMAND 'dsconf plugin set'
usage: dsconf [-v] [-j] instance plugin set [-h] [--type TYPE]
[--enabled {on,off}] [--path PATH]
[--initfunc INITFUNC] [--id ID]
[--vendor VENDOR]
[--version VERSION]
[--description DESCRIPTION]
[--depends-on-type DEPENDS_ON_TYPE]
[--depends-on-named DEPENDS_ON_NAMED]
[--precedence PRECEDENCE]
[selector]
selector
The plugin to edit
OPTIONS 'dsconf plugin set'
--type TYPE
The type of plugin.
--enabled {on,off}
Identifies whether or not the plugin is enabled.
--path PATH
The plugin library name (without the library suffix).
--initfunc INITFUNC
An initialization function of the plugin.
--id ID
The plugin ID.
--vendor VENDOR
The vendor of plugin.
--version VERSION
The version of plugin.
--description DESCRIPTION
The description of the plugin.
--depends-on-type DEPENDS_ON_TYPE
All plug-ins with a type value which matches one of the values in the following valid range will
be started by the server prior to this plug-in.
--depends-on-named DEPENDS_ON_NAMED
The plug-in name matching one of the following values will be started by the server prior to this
plug-in
--precedence PRECEDENCE
The priority it has in the execution order of plug-ins
COMMAND 'dsconf pwpolicy'
usage: dsconf [-v] [-j] instance pwpolicy [-h] {get,set,list-schemes} ...
POSITIONAL ARGUMENTS 'dsconf pwpolicy'
dsconf pwpolicy get
Get the global password policy entry
dsconf pwpolicy set
Set an attribute in a global password policy
dsconf pwpolicy list-schemes
Get a list of the current password storage schemes
COMMAND 'dsconf pwpolicy get'
usage: dsconf [-v] [-j] instance pwpolicy get [-h]
COMMAND 'dsconf pwpolicy set'
usage: dsconf instance [-v] [-j] pwpolicy set [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdadminskipupdates PWDADMINSKIPUPDATES]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
[--pwptprmaxuse PWPTPRMAXUSE]
[--pwptprdelayexpireat PWPTPRDELAYEXPIREAT]
[--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM]
[--pwdlocal PWDLOCAL]
[--pwdisglobal PWDISGLOBAL]
[--pwdallowhash PWDALLOWHASH]
[--pwpinheritglobal PWPINHERITGLOBAL]
OPTIONS 'dsconf pwpolicy set'
--pwdscheme PWDSCHEME
The password storage scheme
--pwdchange PWDCHANGE
Allow users to change their passwords
--pwdmustchange PWDMUSTCHANGE
Users must change their password after it was reset by an administrator
--pwdhistory PWDHISTORY
To enable password history set this to "on", otherwise "off"
--pwdhistorycount PWDHISTORYCOUNT
The number of passwords to keep in history
--pwdadmin PWDADMIN
The DN of an entry or a group of account that can bypass password policy constraints
--pwdadminskipupdates PWDADMINSKIPUPDATES
Set to "on" if the Password Admin's password update should not trigger updates to the password
state attributes (passwordExpirationtime, passwordHistory, etc).
--pwdtrack PWDTRACK
Set to "on" to track the time the password was last changed
--pwdwarning PWDWARNING
Send an expiring warning if password expires within this time (in seconds)
--pwdexpire PWDEXPIRE
Set to "on" to enable password expiration
--pwdmaxage PWDMAXAGE
The password expiration time in seconds
--pwdminage PWDMINAGE
The number of seconds that must pass before a user can change their password
--pwdgracelimit PWDGRACELIMIT
The number of allowed logins after the password has expired
--pwdsendexpiring PWDSENDEXPIRING
Set to "on" to always send the expiring control regardless of the warning period
--pwdlockout PWDLOCKOUT
Set to "on" to enable account lockout
--pwdunlock PWDUNLOCK
Set to "on" to allow an account to become unlocked after the lockout duration
--pwdlockoutduration PWDLOCKOUTDURATION
The number of seconds an account stays locked out
--pwdmaxfailures PWDMAXFAILURES
The maximum number of allowed failed password attempts before the account gets locked
--pwdresetfailcount PWDRESETFAILCOUNT
The number of seconds to wait before reducing the failed login count on an account
--pwdchecksyntax PWDCHECKSYNTAX
Set to "on" to enable password syntax checking
--pwdminlen PWDMINLEN
The minimum number of characters required in a password
--pwdmindigits PWDMINDIGITS
The minimum number of digit/number characters in a password
--pwdminalphas PWDMINALPHAS
The minimum number of alpha characters required in a password
--pwdminuppers PWDMINUPPERS
The minimum number of uppercase characters required in a password
--pwdminlowers PWDMINLOWERS
The minimum number of lowercase characters required in a password
--pwdminspecials PWDMINSPECIALS
The minimum number of special characters required in a password
--pwdmin8bits PWDMIN8BITS
The minimum number of 8-bit characters required in a password
--pwdmaxrepeats PWDMAXREPEATS
The maximum number of times the same character can appear sequentially in the password
--pwdpalindrome PWDPALINDROME
Set to "on" to reject passwords that are palindromes
--pwdmaxseq PWDMAXSEQ
The maximum number of allowed monotonic character sequences in a password
--pwdmaxseqsets PWDMAXSEQSETS
The maximum number of allowed monotonic character sequences that can be duplicated in a password
--pwdmaxclasschars PWDMAXCLASSCHARS
The maximum number of sequential characters from the same character class that is allowed in a
password
--pwdmincatagories PWDMINCATAGORIES
The minimum number of syntax category checks
--pwdmintokenlen PWDMINTOKENLEN
Sets the smallest attribute value length that is used for trivial/user words checking. This also
impacts "--pwduserattrs"
--pwdbadwords PWDBADWORDS
A space-separated list of words that can not be in a password
--pwduserattrs PWDUSERATTRS
A space-separated list of attributes whose values can not appear in the password (See
"--pwdmintokenlen")
--pwddictcheck PWDDICTCHECK
Set to "on" to enforce CrackLib dictionary checking
--pwddictpath PWDDICTPATH
Filesystem path to specific/custom CrackLib dictionary files
--pwptprmaxuse PWPTPRMAXUSE
Number of times a reset password can be used for authentication
--pwptprdelayexpireat PWPTPRDELAYEXPIREAT
Number of seconds after which a reset password expires
--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
Number of seconds to wait before using a reset password to authenticated
--pwdlocal PWDLOCAL
Set to "on" to enable fine-grained (subtree/user-level) password policies
--pwdisglobal PWDISGLOBAL
Set to "on" to enable password policy state attributes to be replicated
--pwdallowhash PWDALLOWHASH
Set to "on" to allow adding prehashed passwords
--pwpinheritglobal PWPINHERITGLOBAL
Set to "on" to allow local policies to inherit the global policy
COMMAND 'dsconf pwpolicy list-schemes'
usage: dsconf [-v] [-j] instance pwpolicy list-schemes [-h]
COMMAND 'dsconf localpwp'
usage: dsconf [-v] [-j] instance localpwp [-h]
{list,get,set,remove,adduser,addsubtree} ...
POSITIONAL ARGUMENTS 'dsconf localpwp'
dsconf localpwp list
List all the local password policies
dsconf localpwp get
Get local password policy entry
dsconf localpwp set
Set an attribute in a local password policy
dsconf localpwp remove
Remove a local password policy
dsconf localpwp adduser
Add new user password policy
dsconf localpwp addsubtree
Add new subtree password policy
COMMAND 'dsconf localpwp list'
usage: dsconf [-v] [-j] instance localpwp list [-h] [DN]
DN Suffix to search for local password policies
COMMAND 'dsconf localpwp get'
usage: dsconf [-v] [-j] instance localpwp get [-h] DN
DN Get the local policy for this entry DN
COMMAND 'dsconf localpwp set'
usage: dsconf [-v] [-j] instance localpwp set [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdadminskipupdates PWDADMINSKIPUPDATES]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
[--pwptprmaxuse PWPTPRMAXUSE]
[--pwptprdelayexpireat PWPTPRDELAYEXPIREAT]
[--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM]
DN
DN Set the local policy for this entry DN
OPTIONS 'dsconf localpwp set'
--pwdscheme PWDSCHEME
The password storage scheme
--pwdchange PWDCHANGE
Allow users to change their passwords
--pwdmustchange PWDMUSTCHANGE
Users must change their password after it was reset by an administrator
--pwdhistory PWDHISTORY
To enable password history set this to "on", otherwise "off"
--pwdhistorycount PWDHISTORYCOUNT
The number of passwords to keep in history
--pwdadmin PWDADMIN
The DN of an entry or a group of account that can bypass password policy constraints
--pwdadminskipupdates PWDADMINSKIPUPDATES
Set to "on" if the Password Admin's password update should not trigger updates to the password
state attributes (passwordExpirationtime, passwordHistory, etc).
--pwdtrack PWDTRACK
Set to "on" to track the time the password was last changed
--pwdwarning PWDWARNING
Send an expiring warning if password expires within this time (in seconds)
--pwdexpire PWDEXPIRE
Set to "on" to enable password expiration
--pwdmaxage PWDMAXAGE
The password expiration time in seconds
--pwdminage PWDMINAGE
The number of seconds that must pass before a user can change their password
--pwdgracelimit PWDGRACELIMIT
The number of allowed logins after the password has expired
--pwdsendexpiring PWDSENDEXPIRING
Set to "on" to always send the expiring control regardless of the warning period
--pwdlockout PWDLOCKOUT
Set to "on" to enable account lockout
--pwdunlock PWDUNLOCK
Set to "on" to allow an account to become unlocked after the lockout duration
--pwdlockoutduration PWDLOCKOUTDURATION
The number of seconds an account stays locked out
--pwdmaxfailures PWDMAXFAILURES
The maximum number of allowed failed password attempts before the account gets locked
--pwdresetfailcount PWDRESETFAILCOUNT
The number of seconds to wait before reducing the failed login count on an account
--pwdchecksyntax PWDCHECKSYNTAX
Set to "on" to enable password syntax checking
--pwdminlen PWDMINLEN
The minimum number of characters required in a password
--pwdmindigits PWDMINDIGITS
The minimum number of digit/number characters in a password
--pwdminalphas PWDMINALPHAS
The minimum number of alpha characters required in a password
--pwdminuppers PWDMINUPPERS
The minimum number of uppercase characters required in a password
--pwdminlowers PWDMINLOWERS
The minimum number of lowercase characters required in a password
--pwdminspecials PWDMINSPECIALS
The minimum number of special characters required in a password
--pwdmin8bits PWDMIN8BITS
The minimum number of 8-bit characters required in a password
--pwdmaxrepeats PWDMAXREPEATS
The maximum number of times the same character can appear sequentially in the password
--pwdpalindrome PWDPALINDROME
Set to "on" to reject passwords that are palindromes
--pwdmaxseq PWDMAXSEQ
The maximum number of allowed monotonic character sequences in a password
--pwdmaxseqsets PWDMAXSEQSETS
The maximum number of allowed monotonic character sequences that can be duplicated in a password
--pwdmaxclasschars PWDMAXCLASSCHARS
The maximum number of sequential characters from the same character class that is allowed in a
password
--pwdmincatagories PWDMINCATAGORIES
The minimum number of syntax category checks
--pwdmintokenlen PWDMINTOKENLEN
Sets the smallest attribute value length that is used for trivial/user words checking. This also
impacts "--pwduserattrs"
--pwdbadwords PWDBADWORDS
A space-separated list of words that can not be in a password
--pwduserattrs PWDUSERATTRS
A space-separated list of attributes whose values can not appear in the password (See
"--pwdmintokenlen")
--pwddictcheck PWDDICTCHECK
Set to "on" to enforce CrackLib dictionary checking
--pwddictpath PWDDICTPATH
Filesystem path to specific/custom CrackLib dictionary files
--pwptprmaxuse PWPTPRMAXUSE
Number of times a reset password can be used for authentication
--pwptprdelayexpireat PWPTPRDELAYEXPIREAT
Number of seconds after which a reset password expires
--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
Number of seconds to wait before using a reset password to authenticated
COMMAND 'dsconf localpwp remove'
usage: dsconf [-v] [-j] instance localpwp remove [-h] DN
DN Remove local policy for this entry DN
COMMAND 'dsconf localpwp adduser'
usage: dsconf [-v] [-j] instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdadminskipupdates PWDADMINSKIPUPDATES]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
[--pwptprmaxuse PWPTPRMAXUSE]
[--pwptprdelayexpireat PWPTPRDELAYEXPIREAT]
[--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM]
DN
DN Add/replace the local password policy for this entry DN
OPTIONS 'dsconf localpwp adduser'
--pwdscheme PWDSCHEME
The password storage scheme
--pwdchange PWDCHANGE
Allow users to change their passwords
--pwdmustchange PWDMUSTCHANGE
Users must change their password after it was reset by an administrator
--pwdhistory PWDHISTORY
To enable password history set this to "on", otherwise "off"
--pwdhistorycount PWDHISTORYCOUNT
The number of passwords to keep in history
--pwdadmin PWDADMIN
The DN of an entry or a group of account that can bypass password policy constraints
--pwdadminskipupdates PWDADMINSKIPUPDATES
Set to "on" if the Password Admin's password update should not trigger updates to the password
state attributes (passwordExpirationtime, passwordHistory, etc).
--pwdtrack PWDTRACK
Set to "on" to track the time the password was last changed
--pwdwarning PWDWARNING
Send an expiring warning if password expires within this time (in seconds)
--pwdexpire PWDEXPIRE
Set to "on" to enable password expiration
--pwdmaxage PWDMAXAGE
The password expiration time in seconds
--pwdminage PWDMINAGE
The number of seconds that must pass before a user can change their password
--pwdgracelimit PWDGRACELIMIT
The number of allowed logins after the password has expired
--pwdsendexpiring PWDSENDEXPIRING
Set to "on" to always send the expiring control regardless of the warning period
--pwdlockout PWDLOCKOUT
Set to "on" to enable account lockout
--pwdunlock PWDUNLOCK
Set to "on" to allow an account to become unlocked after the lockout duration
--pwdlockoutduration PWDLOCKOUTDURATION
The number of seconds an account stays locked out
--pwdmaxfailures PWDMAXFAILURES
The maximum number of allowed failed password attempts before the account gets locked
--pwdresetfailcount PWDRESETFAILCOUNT
The number of seconds to wait before reducing the failed login count on an account
--pwdchecksyntax PWDCHECKSYNTAX
Set to "on" to enable password syntax checking
--pwdminlen PWDMINLEN
The minimum number of characters required in a password
--pwdmindigits PWDMINDIGITS
The minimum number of digit/number characters in a password
--pwdminalphas PWDMINALPHAS
The minimum number of alpha characters required in a password
--pwdminuppers PWDMINUPPERS
The minimum number of uppercase characters required in a password
--pwdminlowers PWDMINLOWERS
The minimum number of lowercase characters required in a password
--pwdminspecials PWDMINSPECIALS
The minimum number of special characters required in a password
--pwdmin8bits PWDMIN8BITS
The minimum number of 8-bit characters required in a password
--pwdmaxrepeats PWDMAXREPEATS
The maximum number of times the same character can appear sequentially in the password
--pwdpalindrome PWDPALINDROME
Set to "on" to reject passwords that are palindromes
--pwdmaxseq PWDMAXSEQ
The maximum number of allowed monotonic character sequences in a password
--pwdmaxseqsets PWDMAXSEQSETS
The maximum number of allowed monotonic character sequences that can be duplicated in a password
--pwdmaxclasschars PWDMAXCLASSCHARS
The maximum number of sequential characters from the same character class that is allowed in a
password
--pwdmincatagories PWDMINCATAGORIES
The minimum number of syntax category checks
--pwdmintokenlen PWDMINTOKENLEN
Sets the smallest attribute value length that is used for trivial/user words checking. This also
impacts "--pwduserattrs"
--pwdbadwords PWDBADWORDS
A space-separated list of words that can not be in a password
--pwduserattrs PWDUSERATTRS
A space-separated list of attributes whose values can not appear in the password (See
"--pwdmintokenlen")
--pwddictcheck PWDDICTCHECK
Set to "on" to enforce CrackLib dictionary checking
--pwddictpath PWDDICTPATH
Filesystem path to specific/custom CrackLib dictionary files
--pwptprmaxuse PWPTPRMAXUSE
Number of times a reset password can be used for authentication
--pwptprdelayexpireat PWPTPRDELAYEXPIREAT
Number of seconds after which a reset password expires
--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
Number of seconds to wait before using a reset password to authenticated
COMMAND 'dsconf localpwp addsubtree'
usage: dsconf [-v] [-j] instance localpwp addsubtree [-h]
[--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdadminskipupdates PWDADMINSKIPUPDATES]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
[--pwptprmaxuse PWPTPRMAXUSE]
[--pwptprdelayexpireat PWPTPRDELAYEXPIREAT]
[--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM]
DN
DN Add/replace the subtree policy for this entry DN
OPTIONS 'dsconf localpwp addsubtree'
--pwdscheme PWDSCHEME
The password storage scheme
--pwdchange PWDCHANGE
Allow users to change their passwords
--pwdmustchange PWDMUSTCHANGE
Users must change their password after it was reset by an administrator
--pwdhistory PWDHISTORY
To enable password history set this to "on", otherwise "off"
--pwdhistorycount PWDHISTORYCOUNT
The number of passwords to keep in history
--pwdadmin PWDADMIN
The DN of an entry or a group of account that can bypass password policy constraints
--pwdadminskipupdates PWDADMINSKIPUPDATES
Set to "on" if the Password Admin's password update should not trigger updates to the password
state attributes (passwordExpirationtime, passwordHistory, etc).
--pwdtrack PWDTRACK
Set to "on" to track the time the password was last changed
--pwdwarning PWDWARNING
Send an expiring warning if password expires within this time (in seconds)
--pwdexpire PWDEXPIRE
Set to "on" to enable password expiration
--pwdmaxage PWDMAXAGE
The password expiration time in seconds
--pwdminage PWDMINAGE
The number of seconds that must pass before a user can change their password
--pwdgracelimit PWDGRACELIMIT
The number of allowed logins after the password has expired
--pwdsendexpiring PWDSENDEXPIRING
Set to "on" to always send the expiring control regardless of the warning period
--pwdlockout PWDLOCKOUT
Set to "on" to enable account lockout
--pwdunlock PWDUNLOCK
Set to "on" to allow an account to become unlocked after the lockout duration
--pwdlockoutduration PWDLOCKOUTDURATION
The number of seconds an account stays locked out
--pwdmaxfailures PWDMAXFAILURES
The maximum number of allowed failed password attempts before the account gets locked
--pwdresetfailcount PWDRESETFAILCOUNT
The number of seconds to wait before reducing the failed login count on an account
--pwdchecksyntax PWDCHECKSYNTAX
Set to "on" to enable password syntax checking
--pwdminlen PWDMINLEN
The minimum number of characters required in a password
--pwdmindigits PWDMINDIGITS
The minimum number of digit/number characters in a password
--pwdminalphas PWDMINALPHAS
The minimum number of alpha characters required in a password
--pwdminuppers PWDMINUPPERS
The minimum number of uppercase characters required in a password
--pwdminlowers PWDMINLOWERS
The minimum number of lowercase characters required in a password
--pwdminspecials PWDMINSPECIALS
The minimum number of special characters required in a password
--pwdmin8bits PWDMIN8BITS
The minimum number of 8-bit characters required in a password
--pwdmaxrepeats PWDMAXREPEATS
The maximum number of times the same character can appear sequentially in the password
--pwdpalindrome PWDPALINDROME
Set to "on" to reject passwords that are palindromes
--pwdmaxseq PWDMAXSEQ
The maximum number of allowed monotonic character sequences in a password
--pwdmaxseqsets PWDMAXSEQSETS
The maximum number of allowed monotonic character sequences that can be duplicated in a password
--pwdmaxclasschars PWDMAXCLASSCHARS
The maximum number of sequential characters from the same character class that is allowed in a
password
--pwdmincatagories PWDMINCATAGORIES
The minimum number of syntax category checks
--pwdmintokenlen PWDMINTOKENLEN
Sets the smallest attribute value length that is used for trivial/user words checking. This also
impacts "--pwduserattrs"
--pwdbadwords PWDBADWORDS
A space-separated list of words that can not be in a password
--pwduserattrs PWDUSERATTRS
A space-separated list of attributes whose values can not appear in the password (See
"--pwdmintokenlen")
--pwddictcheck PWDDICTCHECK
Set to "on" to enforce CrackLib dictionary checking
--pwddictpath PWDDICTPATH
Filesystem path to specific/custom CrackLib dictionary files
--pwptprmaxuse PWPTPRMAXUSE
Number of times a reset password can be used for authentication
--pwptprdelayexpireat PWPTPRDELAYEXPIREAT
Number of seconds after which a reset password expires
--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
Number of seconds to wait before using a reset password to authenticated
COMMAND 'dsconf replication'
usage: dsconf [-v] [-j] instance replication [-h]
{enable,disable,get-ruv,list,status,winsync-status,promote,create-manager,delete-manager,demote,get,set-changelog,get-changelog,export-changelog,import-changelog,set,monitor}
...
POSITIONAL ARGUMENTS 'dsconf replication'
dsconf replication enable
Enable replication for a suffix
dsconf replication disable
Disable replication for a suffix
dsconf replication get-ruv
Display the database RUV entry for a suffix
dsconf replication list
Lists all the replicated suffixes
dsconf replication status
Display the current status of all the replication agreements
dsconf replication winsync-status
Display the current status of all the replication agreements
dsconf replication promote
Promote a replica to a hub or supplier
dsconf replication create-manager
Create a replication manager entry
dsconf replication delete-manager
Delete a replication manager entry
dsconf replication demote
Demote replica to a hub or consumer
dsconf replication get
Display the replication configuration
dsconf replication set-changelog
Set replication changelog attributes
dsconf replication get-changelog
Display replication changelog attributes
dsconf replication export-changelog
Export the Directory Server replication changelog to an LDIF file
dsconf replication import-changelog
Restore/import Directory Server replication change log from an LDIF file. This is typically used
when managing changelog encryption
dsconf replication set
Set an attribute in the replication configuration
dsconf replication monitor
Display the full replication topology report
COMMAND 'dsconf replication enable'
usage: dsconf [-v] [-j] instance replication enable [-h] --suffix SUFFIX
--role ROLE
[--replica-id REPLICA_ID]
[--bind-group-dn BIND_GROUP_DN]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
OPTIONS 'dsconf replication enable'
--suffix SUFFIX
Sets the DN of the suffix to be enabled for replication
--role ROLE
Sets the replication role: "supplier", "hub", or "consumer"
--replica-id REPLICA_ID
Sets the replication identifier for a "supplier". Values range from 1 - 65534
--bind-group-dn BIND_GROUP_DN
Sets a group entry DN containing members that are "bind/supplier" DNs
--bind-dn BIND_DN
Sets the bind or supplier DN that can make replication updates
--bind-passwd BIND_PASSWD
Sets the password for replication manager (--bind-dn). This will create the manager entry if a
value is set
--bind-passwd-file BIND_PASSWD_FILE
File containing the password
--bind-passwd-prompt
Prompt for password
COMMAND 'dsconf replication disable'
usage: dsconf [-v] [-j] instance replication disable [-h] --suffix SUFFIX
OPTIONS 'dsconf replication disable'
--suffix SUFFIX
Sets the DN of the suffix to have replication disabled
COMMAND 'dsconf replication get-ruv'
usage: dsconf [-v] [-j] instance replication get-ruv [-h] --suffix SUFFIX
OPTIONS 'dsconf replication get-ruv'
--suffix SUFFIX
Sets the DN of the replicated suffix
COMMAND 'dsconf replication list'
usage: dsconf [-v] [-j] instance replication list [-h]
COMMAND 'dsconf replication status'
usage: dsconf [-v] [-j] instance replication status [-h] --suffix SUFFIX
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
OPTIONS 'dsconf replication status'
--suffix SUFFIX
Sets the DN of the replication suffix
--bind-dn BIND_DN
Sets the DN to use to authenticate to the consumer. If not set, current instance's root DN will be
used. It will be used for all agreements
--bind-passwd BIND_PASSWD
Sets the password for the bind DN. It will be used for all agreements
--bind-passwd-file BIND_PASSWD_FILE
File containing the password. It will be used for all agreements
--bind-passwd-prompt
Prompt for passwords for each agreement's instance separately
COMMAND 'dsconf replication winsync-status'
usage: dsconf instance [-v] [-j] replication winsync-status
[-h] --suffix SUFFIX [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt]
OPTIONS 'dsconf replication winsync-status'
--suffix SUFFIX
Sets the DN of the replication suffix
--bind-dn BIND_DN
Sets the DN to use to authenticate to the consumer. Currectly not used
--bind-passwd BIND_PASSWD
Sets the password of the bind DN. Currectly not used
--bind-passwd-file BIND_PASSWD_FILE
File containing the password. Currectly not used
--bind-passwd-prompt
Prompt for password. Currectly not used
COMMAND 'dsconf replication promote'
usage: dsconf [-v] [-j] instance replication promote [-h] --suffix SUFFIX
--newrole NEWROLE
[--replica-id REPLICA_ID]
[--bind-group-dn BIND_GROUP_DN]
[--bind-dn BIND_DN]
OPTIONS 'dsconf replication promote'
--suffix SUFFIX
Sets the DN of the replication suffix to promote
--newrole NEWROLE
Sets the new replica role to "hub" or "supplier"
--replica-id REPLICA_ID
Sets the replication identifier for a "supplier". Values range from 1 - 65534
--bind-group-dn BIND_GROUP_DN
Sets a group entry DN containing members that are "bind/supplier" DNs
--bind-dn BIND_DN
Sets the bind or supplier DN that can make replication updates
COMMAND 'dsconf replication create-manager'
usage: dsconf [-v] [-j] instance replication create-manager
[-h] [--name NAME] [--passwd PASSWD] [--passwd-file PASSWD_FILE]
[--bind-passwd-file BIND_PASSWD_FILE] [--suffix SUFFIX]
OPTIONS 'dsconf replication create-manager'
--name NAME
Sets the name of the new replication manager entry.For example, if the name is "replication
manager" then the new manager entry's DN would be "cn=replication manager,cn=config".
--passwd PASSWD
Sets the password for replication manager. If not provided, you will be prompted for the password
--passwd-file PASSWD_FILE
File containing the password for back compatibility
--bind-passwd-file BIND_PASSWD_FILE
File containing the password
--suffix SUFFIX
The DN of the replication suffix whose replication configuration you want to add this new manager
to (OPTIONAL)
COMMAND 'dsconf replication delete-manager'
usage: dsconf [-v] [-j] instance replication delete-manager
[-h] [--name NAME] [--suffix SUFFIX]
OPTIONS 'dsconf replication delete-manager'
--name NAME
Sets the name of the replication manager entry under cn=config: "cn=NAME,cn=config"
--suffix SUFFIX
Sets the DN of the replication suffix whose replication configuration you want to remove this
manager from (OPTIONAL)
COMMAND 'dsconf replication demote'
usage: dsconf [-v] [-j] instance replication demote [-h] --suffix SUFFIX
--newrole NEWROLE
OPTIONS 'dsconf replication demote'
--suffix SUFFIX
Sets the DN of the replication suffix
--newrole NEWROLE
Sets the new replication role to "hub", or "consumer"
COMMAND 'dsconf replication get'
usage: dsconf [-v] [-j] instance replication get [-h] --suffix SUFFIX
OPTIONS 'dsconf replication get'
--suffix SUFFIX
Sets the suffix DN for the replication configuration to display
COMMAND 'dsconf replication set-changelog'
usage: dsconf [-v] [-j] instance replication set-changelog [-h]
--suffix SUFFIX
[--max-entries MAX_ENTRIES]
[--max-age MAX_AGE]
[--trim-interval TRIM_INTERVAL]
[--encrypt]
[--disable-encrypt]
OPTIONS 'dsconf replication set-changelog'
--suffix SUFFIX
Sets the suffix that uses the changelog
--max-entries MAX_ENTRIES
Sets the maximum number of entries to get in the replication changelog
--max-age MAX_AGE
Set the maximum age of a replication changelog entry
--trim-interval TRIM_INTERVAL
Sets the interval to check if the replication changelog can be trimmed
--encrypt
Sets the replication changelog to use encryption. You must export and import the changelog after
setting this.
--disable-encrypt
Sets the replication changelog to not use encryption. You must export and import the changelog
after setting this.
COMMAND 'dsconf replication get-changelog'
usage: dsconf [-v] [-j] instance replication get-changelog [-h]
--suffix SUFFIX
OPTIONS 'dsconf replication get-changelog'
--suffix SUFFIX
Sets the suffix that uses the changelog
COMMAND 'dsconf replication export-changelog'
usage: dsconf [-v] [-j] instance replication export-changelog
[-h] {to-ldif,default} ...
POSITIONAL ARGUMENTS 'dsconf replication export-changelog'
dsconf replication export-changelog to-ldif
Sets the LDIF file name. This is typically used for setting up changelog encryption
dsconf replication export-changelog default
Export the replication changelog to the server's default LDIF directory
COMMAND 'dsconf replication export-changelog to-ldif'
usage: dsconf instance [-v] [-j] replication export-changelog to-ldif
[-h] [-c] [-d] [-l] [-i CHANGELOG_LDIF] -o OUTPUT_FILE -r REPLICA_ROOT
OPTIONS 'dsconf replication export-changelog to-ldif'
-c, --csn-only
Enables to export and interpret CSN only. This option can be used with or without -i option. The
LDIF file that is generated can not be imported and is only used for debugging purposes.
-d, --decode
Decodes the base64 values in each changelog entry. The LDIF file that is generated can not be
imported and is only used for debugging purposes.
-l, --preserve-ldif-done
Preserves generated LDIF "files.done" files in changelog directory.
-i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF
Decodes changes in an LDIF file. Use this option if you already have a changelog LDIF file, but
the changes in that file are encoded.
-o OUTPUT_FILE, --output-file OUTPUT_FILE
Sets the path name for the final result
-r REPLICA_ROOT, --replica-root REPLICA_ROOT
Specifies the replica root whose changelog you want to export
COMMAND 'dsconf replication export-changelog default'
usage: dsconf [-v] [-j] instance replication export-changelog default
[-h] -r REPLICA_ROOT
OPTIONS 'dsconf replication export-changelog default'
-r REPLICA_ROOT, --replica-root REPLICA_ROOT
Specifies the replica root whose changelog you want to export
COMMAND 'dsconf replication import-changelog'
usage: dsconf instance [-v] [-j] replication import-changelog
[-h] {from-ldif,default} ...
POSITIONAL ARGUMENTS 'dsconf replication import-changelog'
dsconf replication import-changelog from-ldif
Restore/import a specific single LDIF file
dsconf replication import-changelog default
Import the default changelog LDIF file created by the server
COMMAND 'dsconf replication import-changelog from-ldif'
usage: dsconf [-v] [-j] instance replication import-changelog from-ldif
[-h] -r REPLICA_ROOT LDIF_PATH
LDIF_PATH
The path of the changelog LDIF file
OPTIONS 'dsconf replication import-changelog from-ldif'
-r REPLICA_ROOT, --replica-root REPLICA_ROOT
Specifies the replica root whose changelog you want to import
COMMAND 'dsconf replication import-changelog default'
usage: dsconf instance [-v] [-j] replication import-changelog default
[-h] -r REPLICA_ROOT
OPTIONS 'dsconf replication import-changelog default'
-r REPLICA_ROOT, --replica-root REPLICA_ROOT
Specifies the replica root whose changelog you want to import
COMMAND 'dsconf replication set'
usage: dsconf [-v] [-j] instance replication set [-h] --suffix SUFFIX
[--repl-add-bind-dn REPL_ADD_BIND_DN]
[--repl-del-bind-dn REPL_DEL_BIND_DN]
[--repl-add-ref REPL_ADD_REF]
[--repl-del-ref REPL_DEL_REF]
[--repl-purge-delay REPL_PURGE_DELAY]
[--repl-tombstone-purge-interval
REPL_TOMBSTONE_PURGE_INTERVAL]
[--repl-fast-tombstone-purging
REPL_FAST_TOMBSTONE_PURGING]
[--repl-bind-group REPL_BIND_GROUP]
[--repl-bind-group-interval REPL_BIND_GROUP_INTERVAL]
[--repl-protocol-timeout REPL_PROTOCOL_TIMEOUT]
[--repl-backoff-max REPL_BACKOFF_MAX]
[--repl-backoff-min REPL_BACKOFF_MIN]
[--repl-release-timeout REPL_RELEASE_TIMEOUT]
[--repl-keepalive-update-interval
REPL_KEEPALIVE_UPDATE_INTERVAL]
OPTIONS 'dsconf replication set'
--suffix SUFFIX
Sets the DN of the replication suffix
--repl-add-bind-dn REPL_ADD_BIND_DN
Adds a bind (supplier) DN
--repl-del-bind-dn REPL_DEL_BIND_DN
Removes a bind (supplier) DN
--repl-add-ref REPL_ADD_REF
Adds a replication referral (for consumers only)
--repl-del-ref REPL_DEL_REF
Removes a replication referral (for conusmers only)
--repl-purge-delay REPL_PURGE_DELAY
Sets the replication purge delay
--repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
Sets the interval in seconds to check for tombstones that can be purged
--repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
Enables or disables improving the tombstone purging performance
--repl-bind-group REPL_BIND_GROUP
Sets a group entry DN containing members that are "bind/supplier" DNs
--repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
Sets an interval in seconds to check if the bind group has been updated
--repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
Sets a timeout in seconds on how long to wait before stopping replication when the server is under
load
--repl-backoff-max REPL_BACKOFF_MAX
The maximum time in seconds a replication agreement should stay in a backoff state while waiting
to acquire the consumer. Default is 300 seconds
--repl-backoff-min REPL_BACKOFF_MIN
The starting time in seconds a replication agreement should stay in a backoff state while waiting
to acquire the consumer. Default is 3 seconds
--repl-release-timeout REPL_RELEASE_TIMEOUT
A timeout in seconds a replication supplier should send updates before it yields its replication
session
--repl-keepalive-update-interval REPL_KEEPALIVE_UPDATE_INTERVAL
Interval in seconds for how often the server will apply an internal update to keep the RUV from
getting stale. The default is 1 hour (3600 seconds)
COMMAND 'dsconf replication monitor'
usage: dsconf [-v] [-j] instance replication monitor [-h]
[-c [CONNECTIONS ...]]
[-a [ALIASES ...]]
OPTIONS 'dsconf replication monitor'
-c [CONNECTIONS ...], --connections [CONNECTIONS ...]
Sets the connection values for monitoring other not connected topologies. The format:
'host:port:binddn:bindpwd'. You can use regex for host and port. You can set bindpwd to * and it
will be requested at the runtime or you can include the path to the password file in square
brackets - [~/pwd.txt]
-a [ALIASES ...], --aliases [ALIASES ...]
Enables displaying an alias instead of host:port, if an alias is assigned to a host:port
combination. The format: alias=host:port
COMMAND 'dsconf repl-agmt'
usage: dsconf [-v] [-j] instance repl-agmt [-h]
{list,enable,disable,init,init-status,poke,status,delete,create,set,get}
...
POSITIONAL ARGUMENTS 'dsconf repl-agmt'
dsconf repl-agmt list
List all replication agreements
dsconf repl-agmt enable
Enable replication agreement
dsconf repl-agmt disable
Disable replication agreement
dsconf repl-agmt init
Initialize replication agreement
dsconf repl-agmt init-status
Check the agreement initialization status
dsconf repl-agmt poke
Trigger replication to send updates now
dsconf repl-agmt status
Displays the current status of the replication agreement
dsconf repl-agmt delete
Delete replication agreement
dsconf repl-agmt create
Initialize replication agreement
dsconf repl-agmt set
Set an attribute in the replication agreement
dsconf repl-agmt get
Get replication configuration
COMMAND 'dsconf repl-agmt list'
usage: dsconf [-v] [-j] instance repl-agmt list [-h] --suffix SUFFIX
[--entry ENTRY]
OPTIONS 'dsconf repl-agmt list'
--suffix SUFFIX
Sets the DN of the suffix to look up replication agreements for
--entry ENTRY
Returns the entire entry for each agreement
COMMAND 'dsconf repl-agmt enable'
usage: dsconf [-v] [-j] instance repl-agmt enable [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt enable'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-agmt disable'
usage: dsconf [-v] [-j] instance repl-agmt disable [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt disable'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-agmt init'
usage: dsconf [-v] [-j] instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt init'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-agmt init-status'
usage: dsconf [-v] [-j] instance repl-agmt init-status [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt init-status'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-agmt poke'
usage: dsconf [-v] [-j] instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt poke'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-agmt status'
usage: dsconf [-v] [-j] instance repl-agmt status [-h] --suffix SUFFIX
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt status'
--suffix SUFFIX
Sets the DN of the replication suffix
--bind-dn BIND_DN
Sets the DN to use to authenticate to the consumer. If not set, current instance's root DN will be
used. It will be used for all agreements
--bind-passwd BIND_PASSWD
Sets the password for the bind DN. It will be used for all agreements
--bind-passwd-file BIND_PASSWD_FILE
File containing the password. It will be used for all agreements
--bind-passwd-prompt
Prompt for passwords for each agreement's instance separately
COMMAND 'dsconf repl-agmt delete'
usage: dsconf [-v] [-j] instance repl-agmt delete [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt delete'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-agmt create'
usage: dsconf [-v] [-j] instance repl-agmt create [-h] --suffix SUFFIX
--host HOST --port PORT
--conn-protocol CONN_PROTOCOL
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
--bind-method BIND_METHOD
[--frac-list FRAC_LIST]
[--frac-list-total FRAC_LIST_TOTAL]
[--strip-list STRIP_LIST]
[--schedule SCHEDULE]
[--conn-timeout CONN_TIMEOUT]
[--protocol-timeout PROTOCOL_TIMEOUT]
[--wait-async-results WAIT_ASYNC_RESULTS]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flow-control-window FLOW_CONTROL_WINDOW]
[--flow-control-pause FLOW_CONTROL_PAUSE]
[--bootstrap-bind-dn BOOTSTRAP_BIND_DN]
[--bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD]
[--bootstrap-bind-passwd-file
BOOTSTRAP_BIND_PASSWD_FILE]
[--bootstrap-bind-passwd-prompt]
[--bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL]
[--bootstrap-bind-method BOOTSTRAP_BIND_METHOD]
[--init]
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt create'
--suffix SUFFIX
Sets the DN of the replication suffix
--host HOST
Sets the hostname of the remote replica
--port PORT
Sets the port number of the remote replica
--conn-protocol CONN_PROTOCOL
Sets the replication connection protocol: LDAP, LDAPS, or StartTLS
--bind-dn BIND_DN
Sets the bind DN the agreement uses to authenticate to the replica
--bind-passwd BIND_PASSWD
Sets the credentials for the bind DN
--bind-passwd-file BIND_PASSWD_FILE
File containing the password
--bind-passwd-prompt
Prompt for password
--bind-method BIND_METHOD
Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI"
--frac-list FRAC_LIST
Sets the list of attributes to NOT replicate to the consumer during incremental updates
--frac-list-total FRAC_LIST_TOTAL
Sets the list of attributes to NOT replicate during a total initialization
--strip-list STRIP_LIST
Sets a list of attributes that are removed from updates only if the event would otherwise be
empty. Typically this is set to "modifiersname" and "modifytimestmap"
--schedule SCHEDULE
Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday - Saturday).
--conn-timeout CONN_TIMEOUT
Sets the timeout used for replication connections
--protocol-timeout PROTOCOL_TIMEOUT
Sets a timeout in seconds on how long to wait before stopping replication when the server is under
load
--wait-async-results WAIT_ASYNC_RESULTS
Sets the amount of time in milliseconds the server waits if the consumer is not ready before
resending data
--busy-wait-time BUSY_WAIT_TIME
Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy
response before making another attempt to acquire access.
--session-pause-time SESSION_PAUSE_TIME
Sets the amount of time in seconds a supplier should wait between update sessions.
--flow-control-window FLOW_CONTROL_WINDOW
Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by
the consumer.
--flow-control-pause FLOW_CONTROL_PAUSE
Sets the time in milliseconds to pause after reaching the number of entries and updates set in
"--flow-control-window"
--bootstrap-bind-dn BOOTSTRAP_BIND_DN
Sets an optional bind DN the agreement can use to bootstrap initialization when bind groups are
being used
--bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD
Sets the bootstrap credentials for the bind DN
--bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE
File containing the password
--bootstrap-bind-passwd-prompt
File containing the password
--bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL
Sets the replication bootstrap connection protocol: LDAP, LDAPS, or StartTLS
--bootstrap-bind-method BOOTSTRAP_BIND_METHOD
Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH"
--init Initializes the agreement after creating it
COMMAND 'dsconf repl-agmt set'
usage: dsconf [-v] [-j] instance repl-agmt set [-h] --suffix SUFFIX
[--host HOST] [--port PORT]
[--conn-protocol CONN_PROTOCOL]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
[--bind-method BIND_METHOD]
[--frac-list FRAC_LIST]
[--frac-list-total FRAC_LIST_TOTAL]
[--strip-list STRIP_LIST]
[--schedule SCHEDULE]
[--conn-timeout CONN_TIMEOUT]
[--protocol-timeout PROTOCOL_TIMEOUT]
[--wait-async-results WAIT_ASYNC_RESULTS]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flow-control-window FLOW_CONTROL_WINDOW]
[--flow-control-pause FLOW_CONTROL_PAUSE]
[--bootstrap-bind-dn BOOTSTRAP_BIND_DN]
[--bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD]
[--bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE]
[--bootstrap-bind-passwd-prompt]
[--bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL]
[--bootstrap-bind-method BOOTSTRAP_BIND_METHOD]
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-agmt set'
--suffix SUFFIX
Sets the DN of the replication suffix
--host HOST
Sets the hostname of the remote replica
--port PORT
Sets the port number of the remote replica
--conn-protocol CONN_PROTOCOL
Sets the replication connection protocol: LDAP, LDAPS, or StartTLS
--bind-dn BIND_DN
Sets the Bind DN the agreement uses to authenticate to the replica
--bind-passwd BIND_PASSWD
Sets the credentials for the bind DN
--bind-passwd-file BIND_PASSWD_FILE
File containing the password
--bind-passwd-prompt
Prompt for password
--bind-method BIND_METHOD
Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI"
--frac-list FRAC_LIST
Sets a list of attributes to NOT replicate to the consumer during incremental updates
--frac-list-total FRAC_LIST_TOTAL
Sets a list of attributes to NOT replicate during a total initialization
--strip-list STRIP_LIST
Sets a list of attributes that are removed from updates only if the event would otherwise be
empty. Typically this is set to "modifiersname" and "modifytimestmap"
--schedule SCHEDULE
Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday - Saturday).
--conn-timeout CONN_TIMEOUT
Sets the timeout used for replication connections
--protocol-timeout PROTOCOL_TIMEOUT
Sets a timeout in seconds on how long to wait before stopping replication when the server is under
load
--wait-async-results WAIT_ASYNC_RESULTS
Sets the amount of time in milliseconds the server waits if the consumer is not ready before
resending data
--busy-wait-time BUSY_WAIT_TIME
Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy
response before making another attempt to acquire access.
--session-pause-time SESSION_PAUSE_TIME
Sets the amount of time in seconds a supplier should wait between update sessions.
--flow-control-window FLOW_CONTROL_WINDOW
Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by
the consumer.
--flow-control-pause FLOW_CONTROL_PAUSE
Sets the time in milliseconds to pause after reaching the number of entries and updates set in
"--flow-control-window"
--bootstrap-bind-dn BOOTSTRAP_BIND_DN
Sets an optional bind DN the agreement can use to bootstrap initialization when bind groups are
being used
--bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD
sets the bootstrap credentials for the bind DN
--bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE
File containing the password
--bootstrap-bind-passwd-prompt
Prompt for password
--bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL
Sets the replication bootstrap connection protocol: LDAP, LDAPS, or StartTLS
--bootstrap-bind-method BOOTSTRAP_BIND_METHOD
Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH"
COMMAND 'dsconf repl-agmt get'
usage: dsconf [-v] [-j] instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
AGMT_NAME
The suffix DN for which to display the replication configuration
OPTIONS 'dsconf repl-agmt get'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-winsync-agmt'
usage: dsconf [-v] [-j] instance repl-winsync-agmt [-h]
{list,enable,disable,init,init-status,poke,status,delete,create,set,get}
...
POSITIONAL ARGUMENTS 'dsconf repl-winsync-agmt'
dsconf repl-winsync-agmt list
List all the replication winsync agreements
dsconf repl-winsync-agmt enable
Enable replication winsync agreement
dsconf repl-winsync-agmt disable
Disable replication winsync agreement
dsconf repl-winsync-agmt init
Initialize replication winsync agreement
dsconf repl-winsync-agmt init-status
Check the agreement initialization status
dsconf repl-winsync-agmt poke
Trigger replication to send updates now
dsconf repl-winsync-agmt status
Display the current status of the replication agreement
dsconf repl-winsync-agmt delete
Delete replication winsync agreement
dsconf repl-winsync-agmt create
Initialize replication winsync agreement
dsconf repl-winsync-agmt set
Set an attribute in the replication winsync agreement
dsconf repl-winsync-agmt get
Display replication configuration
COMMAND 'dsconf repl-winsync-agmt list'
usage: dsconf [-v] [-j] instance repl-winsync-agmt list [-h] --suffix SUFFIX
OPTIONS 'dsconf repl-winsync-agmt list'
--suffix SUFFIX
Sets the DN of the suffix to look up replication winsync agreements
COMMAND 'dsconf repl-winsync-agmt enable'
usage: dsconf [-v] [-j] instance repl-winsync-agmt enable [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt enable'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
COMMAND 'dsconf repl-winsync-agmt disable'
usage: dsconf [-v] [-j] instance repl-winsync-agmt disable [-h]
--suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt disable'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
COMMAND 'dsconf repl-winsync-agmt init'
usage: dsconf [-v] [-j] instance repl-winsync-agmt init [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt init'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
COMMAND 'dsconf repl-winsync-agmt init-status'
usage: dsconf [-v] [-j] instance repl-winsync-agmt init-status
[-h] --suffix SUFFIX AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-winsync-agmt init-status'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-winsync-agmt poke'
usage: dsconf [-v] [-j] instance repl-winsync-agmt poke [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt poke'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
COMMAND 'dsconf repl-winsync-agmt status'
usage: dsconf [-v] [-j] instance repl-winsync-agmt status [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication agreement
OPTIONS 'dsconf repl-winsync-agmt status'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-winsync-agmt delete'
usage: dsconf [-v] [-j] instance repl-winsync-agmt delete [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt delete'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
COMMAND 'dsconf repl-winsync-agmt create'
usage: dsconf [-v] [-j] instance repl-winsync-agmt create [-h] --suffix SUFFIX
--host HOST
--port PORT
--conn-protocol CONN_PROTOCOL
--bind-dn BIND_DN
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
[--frac-list FRAC_LIST]
[--schedule SCHEDULE]
--win-subtree WIN_SUBTREE
--ds-subtree DS_SUBTREE
--win-domain WIN_DOMAIN
[--sync-users SYNC_USERS]
[--sync-groups SYNC_GROUPS]
[--sync-interval SYNC_INTERVAL]
[--one-way-sync ONE_WAY_SYNC]
[--move-action MOVE_ACTION]
[--win-filter WIN_FILTER]
[--ds-filter DS_FILTER]
[--subtree-pair SUBTREE_PAIR]
[--conn-timeout CONN_TIMEOUT]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flatten-tree]
[--init]
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt create'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
--host HOST
Sets the hostname of the AD server
--port PORT
Sets the port number of the AD server
--conn-protocol CONN_PROTOCOL
Sets the replication winsync connection protocol: LDAP, LDAPS, or StartTLS
--bind-dn BIND_DN
Sets the bind DN the agreement uses to authenticate to the AD Server
--bind-passwd BIND_PASSWD
Sets the credentials for the Bind DN
--bind-passwd-file BIND_PASSWD_FILE
File containing the password
--bind-passwd-prompt
Prompt for password
--frac-list FRAC_LIST
Sets a list of attributes to NOT replicate to the consumer during incremental updates
--schedule SCHEDULE
Sets the replication update schedule
--win-subtree WIN_SUBTREE
Sets the suffix of the AD Server
--ds-subtree DS_SUBTREE
Sets the Directory Server suffix
--win-domain WIN_DOMAIN
Sets the AD Domain
--sync-users SYNC_USERS
Synchronizes users between AD and DS
--sync-groups SYNC_GROUPS
Synchronizes groups between AD and DS
--sync-interval SYNC_INTERVAL
Sets the interval that DS checks AD for changes in entries
--one-way-sync ONE_WAY_SYNC
Sets which direction to perform synchronization: "toWindows", or "fromWindows". By default sync
occurs in both directions.
--move-action MOVE_ACTION
Sets instructions on how to handle moved or deleted entries: "none", "unsync", or "delete"
--win-filter WIN_FILTER
Sets a custom filter for finding users in AD Server
--ds-filter DS_FILTER
Sets a custom filter for finding AD users in DS
--subtree-pair SUBTREE_PAIR
Sets the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
--conn-timeout CONN_TIMEOUT
Sets the timeout used for replicaton connections
--busy-wait-time BUSY_WAIT_TIME
Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy
response before making another attempt to acquire access
--session-pause-time SESSION_PAUSE_TIME
Sets the amount of time in seconds a supplier should wait between update sessions
--flatten-tree
By default, the tree structure of AD is preserved into 389. This MAY cause replication to fail in
some cases, as you may need to create missing OU's to recreate the same treestructure. This
setting when enabled, removes the tree structure of AD and flattens all entries into the
ds-subtree. This does NOT affect or change the tree structure of the AD directory.
--init Initializes the agreement after creating it
COMMAND 'dsconf repl-winsync-agmt set'
usage: dsconf [-v] [-j] instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
[--host HOST]
[--port PORT]
[--conn-protocol CONN_PROTOCOL]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-passwd-file BIND_PASSWD_FILE]
[--bind-passwd-prompt]
[--frac-list FRAC_LIST]
[--schedule SCHEDULE]
[--win-subtree WIN_SUBTREE]
[--ds-subtree DS_SUBTREE]
[--win-domain WIN_DOMAIN]
[--sync-users SYNC_USERS]
[--sync-groups SYNC_GROUPS]
[--sync-interval SYNC_INTERVAL]
[--one-way-sync ONE_WAY_SYNC]
[--move-action MOVE_ACTION]
[--win-filter WIN_FILTER]
[--ds-filter DS_FILTER]
[--subtree-pair SUBTREE_PAIR]
[--conn-timeout CONN_TIMEOUT]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
AGMT_NAME
AGMT_NAME
The name of the replication winsync agreement
OPTIONS 'dsconf repl-winsync-agmt set'
--suffix SUFFIX
Sets the DN of the replication winsync suffix
--host HOST
Sets the hostname of the AD server
--port PORT
Sets the port number of the AD server
--conn-protocol CONN_PROTOCOL
Sets the replication winsync connection protocol: LDAP, LDAPS, or StartTLS
--bind-dn BIND_DN
Sets the bind DN the agreement uses to authenticate to the AD Server
--bind-passwd BIND_PASSWD
Sets the credentials for the Bind DN
--bind-passwd-file BIND_PASSWD_FILE
File containing the password
--bind-passwd-prompt
Prompt for password
--frac-list FRAC_LIST
Sets a list of attributes to NOT replicate to the consumer during incremental updates
--schedule SCHEDULE
Sets the replication update schedule
--win-subtree WIN_SUBTREE
Sets the suffix of the AD Server
--ds-subtree DS_SUBTREE
Sets the Directory Server suffix
--win-domain WIN_DOMAIN
Sets the AD Domain
--sync-users SYNC_USERS
Synchronizes users between AD and DS
--sync-groups SYNC_GROUPS
Synchronizes groups between AD and DS
--sync-interval SYNC_INTERVAL
Sets the interval that DS checks AD for changes in entries
--one-way-sync ONE_WAY_SYNC
Sets which direction to perform synchronization: "toWindows", or "fromWindows". By default sync
occurs in both directions.
--move-action MOVE_ACTION
Sets instructions on how to handle moved or deleted entries: "none", "unsync", or "delete"
--win-filter WIN_FILTER
Sets a custom filter for finding users in AD Server
--ds-filter DS_FILTER
Sets a custom filter for finding AD users in DS
--subtree-pair SUBTREE_PAIR
Sets the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
--conn-timeout CONN_TIMEOUT
Sets the timeout used for replicaton connections
--busy-wait-time BUSY_WAIT_TIME
Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy
response before making another attempt to acquire access
--session-pause-time SESSION_PAUSE_TIME
Sets the amount of time in seconds a supplier should wait between update sessions
COMMAND 'dsconf repl-winsync-agmt get'
usage: dsconf [-v] [-j] instance repl-winsync-agmt get [-h] --suffix SUFFIX
AGMT_NAME
AGMT_NAME
The suffix DN for the replication configuration to display
OPTIONS 'dsconf repl-winsync-agmt get'
--suffix SUFFIX
Sets the DN of the replication suffix
COMMAND 'dsconf repl-tasks'
usage: dsconf [-v] [-j] instance repl-tasks [-h]
{cleanallruv,list-cleanruv-tasks,abort-cleanallruv,list-abortruv-tasks}
...
POSITIONAL ARGUMENTS 'dsconf repl-tasks'
dsconf repl-tasks cleanallruv
Cleanup old/removed replica IDs
dsconf repl-tasks list-cleanruv-tasks
List all the running CleanAllRUV tasks
dsconf repl-tasks abort-cleanallruv
Abort cleanallruv tasks
dsconf repl-tasks list-abortruv-tasks
List all the running CleanAllRUV abort tasks
COMMAND 'dsconf repl-tasks cleanallruv'
usage: dsconf [-v] [-j] instance repl-tasks cleanallruv [-h] --suffix SUFFIX
--replica-id REPLICA_ID
[--force-cleaning]
OPTIONS 'dsconf repl-tasks cleanallruv'
--suffix SUFFIX
Sets the Directory Server suffix
--replica-id REPLICA_ID
Sets the replica ID to remove/clean
--force-cleaning
Ignores errors and make a best attempt to clean all replicas
COMMAND 'dsconf repl-tasks list-cleanruv-tasks'
usage: dsconf [-v] [-j] instance repl-tasks list-cleanruv-tasks
[-h] [--suffix SUFFIX]
OPTIONS 'dsconf repl-tasks list-cleanruv-tasks'
--suffix SUFFIX
Lists only tasks for the specified suffix
COMMAND 'dsconf repl-tasks abort-cleanallruv'
usage: dsconf [-v] [-j] instance repl-tasks abort-cleanallruv
[-h] --suffix SUFFIX --replica-id REPLICA_ID [--certify]
OPTIONS 'dsconf repl-tasks abort-cleanallruv'
--suffix SUFFIX
Sets the Directory Server suffix
--replica-id REPLICA_ID
Sets the replica ID of the cleaning task to abort
--certify
Enforces that the abort task completed on all replicas
COMMAND 'dsconf repl-tasks list-abortruv-tasks'
usage: dsconf [-v] [-j] instance repl-tasks list-abortruv-tasks
[-h] [--suffix SUFFIX]
OPTIONS 'dsconf repl-tasks list-abortruv-tasks'
--suffix SUFFIX
Lists only tasks for the specified suffix
COMMAND 'dsconf repl-conflict'
usage: dsconf [-v] [-j] instance repl-conflict [-h]
{list,compare,delete,swap,convert,list-glue,delete-glue,convert-glue}
...
POSITIONAL ARGUMENTS 'dsconf repl-conflict'
dsconf repl-conflict list
List conflict entries
dsconf repl-conflict compare
Compare the conflict entry with its valid counterpart
dsconf repl-conflict delete
Delete a conflict entry
dsconf repl-conflict swap
Replace the valid entry with the conflict entry
dsconf repl-conflict convert
Convert the conflict entry to a valid entry, while keeping the original valid entry counterpart.
This requires that the converted conflict entry have a new RDN value. For example:
"cn=my_new_rdn_value".
dsconf repl-conflict list-glue
List replication glue entries
dsconf repl-conflict delete-glue
Delete the glue entry and its child entries
dsconf repl-conflict convert-glue
Convert the glue entry into a regular entry
COMMAND 'dsconf repl-conflict list'
usage: dsconf [-v] [-j] instance repl-conflict list [-h] suffix
suffix Sets the backend name, or suffix, to look for conflict entries
COMMAND 'dsconf repl-conflict compare'
usage: dsconf [-v] [-j] instance repl-conflict compare [-h] DN
DN The DN of the conflict entry
COMMAND 'dsconf repl-conflict delete'
usage: dsconf [-v] [-j] instance repl-conflict delete [-h] DN
DN The DN of the conflict entry
COMMAND 'dsconf repl-conflict swap'
usage: dsconf [-v] [-j] instance repl-conflict swap [-h] DN
DN The DN of the conflict entry
COMMAND 'dsconf repl-conflict convert'
usage: dsconf instance [-v] [-j] repl-conflict convert [-h] --new-rdn NEW_RDN
DN
DN The DN of the conflict entry
OPTIONS 'dsconf repl-conflict convert'
--new-rdn NEW_RDN
Sets the new RDN for the converted conflict entry. For example: "cn=my_new_rdn_value"
COMMAND 'dsconf repl-conflict list-glue'
usage: dsconf [-v] [-j] instance repl-conflict list-glue [-h] suffix
suffix The backend name, or suffix, to look for glue entries
COMMAND 'dsconf repl-conflict delete-glue'
usage: dsconf [-v] [-j] instance repl-conflict delete-glue [-h] DN
DN The DN of the glue entry
COMMAND 'dsconf repl-conflict convert-glue'
usage: dsconf [-v] [-j] instance repl-conflict convert-glue [-h] DN
DN The DN of the glue entry
COMMAND 'dsconf sasl'
usage: dsconf [-v] [-j] instance sasl [-h]
{list,get-mechs,get-available-mechs,get,create,delete} ...
POSITIONAL ARGUMENTS 'dsconf sasl'
dsconf sasl list
Display available SASL mappings
dsconf sasl get-mechs
Display the SASL mechanisms that the server will accept
dsconf sasl get-available-mechs
Display the SASL mechanisms that are available to the server
dsconf sasl get
Displays SASL mappings
dsconf sasl create
Create a SASL mapping
dsconf sasl delete
Deletes the SASL object
COMMAND 'dsconf sasl list'
usage: dsconf [-v] [-j] instance sasl list [-h] [--details]
OPTIONS 'dsconf sasl list'
--details
Displays each SASL mapping in detail
COMMAND 'dsconf sasl get-mechs'
usage: dsconf [-v] [-j] instance sasl get-mechs [-h]
COMMAND 'dsconf sasl get-available-mechs'
usage: dsconf [-v] [-j] instance sasl get-available-mechs [-h]
COMMAND 'dsconf sasl get'
usage: dsconf [-v] [-j] instance sasl get [-h] [selector]
selector
The SASL mapping name to display
COMMAND 'dsconf sasl create'
usage: dsconf [-v] [-j] instance sasl create [-h] [--cn [CN]]
[--nsSaslMapRegexString [NSSASLMAPREGEXSTRING]]
[--nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]]
[--nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]]
[--nsSaslMapPriority [NSSASLMAPPRIORITY]]
OPTIONS 'dsconf sasl create'
--cn [CN]
Value of cn
--nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
Value of nsSaslMapRegexString
--nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
Value of nsSaslMapBaseDNTemplate
--nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
Value of nsSaslMapFilterTemplate
--nsSaslMapPriority [NSSASLMAPPRIORITY]
Value of nsSaslMapPriority
COMMAND 'dsconf sasl delete'
usage: dsconf [-v] [-j] instance sasl delete [-h] map_name
map_name
The SASL mapping name ("cn" value)
COMMAND 'dsconf security'
usage: dsconf [-v] [-j] instance security [-h]
{set,get,enable,disable,disable_plain_port,certificate,ca-certificate,rsa,ciphers,csr,key,export-cert}
...
POSITIONAL ARGUMENTS 'dsconf security'
dsconf security set
Set general security options
dsconf security get
Display general security options
dsconf security enable
Enable security
dsconf security disable
Disable security
dsconf security disable_plain_port
Disables the plain text LDAP port, allowing only LDAPS to function
dsconf security certificate
Manage TLS certificates
dsconf security ca-certificate
Manage TLS certificate authorities
dsconf security rsa
Query and update RSA security options
dsconf security ciphers
Manage secure ciphers
dsconf security csr
Manage certificate signing requests
dsconf security key
Manage keys in NSS DB
dsconf security export-cert
Export a certificate to PEM or DER/Binary format. PEM format is the default
COMMAND 'dsconf security set'
usage: dsconf [-v] [-j] instance security set [-h] [--security SECURITY]
[--listen-host LISTEN_HOST]
[--secure-port SECURE_PORT]
[--tls-client-auth TLS_CLIENT_AUTH]
[--tls-client-renegotiation TLS_CLIENT_RENEGOTIATION]
[--require-secure-authentication
REQUIRE_SECURE_AUTHENTICATION]
[--check-hostname CHECK_HOSTNAME]
[--verify-cert-chain-on-startup
VERIFY_CERT_CHAIN_ON_STARTUP]
[--session-timeout SESSION_TIMEOUT]
[--tls-protocol-min TLS_PROTOCOL_MIN]
[--tls-protocol-max TLS_PROTOCOL_MAX]
[--allow-insecure-ciphers ALLOW_INSECURE_CIPHERS]
[--allow-weak-dh-param ALLOW_WEAK_DH_PARAM]
[--cipher-pref CIPHER_PREF]
Use this command for setting security related options located in cn=config and cn=encryption,cn=config.
To enable/disable security you can use enable and disable commands instead.
OPTIONS 'dsconf security set'
--security SECURITY
Enables or disables security (nsslapd-security)
--listen-host LISTEN_HOST
Sets the host or IP address to listen on for LDAPS (nsslapd-securelistenhost)
--secure-port SECURE_PORT
Sets the port for LDAPS to listen on (nsslapd-securePort)
--tls-client-auth TLS_CLIENT_AUTH
Configures client authentication requirement (nsSSLClientAuth)
--tls-client-renegotiation TLS_CLIENT_RENEGOTIATION
Allows client TLS renegotiation (nsTLSAllowClientRenegotiation)
--require-secure-authentication REQUIRE_SECURE_AUTHENTICATION
Configures whether binds over LDAPS, StartTLS, or SASL are required (nsslapd-
require-secure-binds)
--check-hostname CHECK_HOSTNAME
Checks the subject of remote certificate against the hostname (nsslapd-ssl- check-hostname)
--verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP
Validates the server certificate during startup (nsslapd-validate-cert)
--session-timeout SESSION_TIMEOUT
Sets the secure session timeout (nsSSLSessionTimeout)
--tls-protocol-min TLS_PROTOCOL_MIN
Sets the minimal allowed secure protocol version (sslVersionMin)
--tls-protocol-max TLS_PROTOCOL_MAX
Sets the maximal allowed secure protocol version (sslVersionMax)
--allow-insecure-ciphers ALLOW_INSECURE_CIPHERS
Allows weak ciphers for legacy use (allowWeakCipher)
--allow-weak-dh-param ALLOW_WEAK_DH_PARAM
Allows short DH params for legacy use (allowWeakDHParam)
--cipher-pref CIPHER_PREF
Directly sets the nsSSL3Ciphers attribute. It is a comma-separated list of cipher names (prefixed
with + or -), optionally including +all or -all. The attribute may optionally be prefixed by
keyword "default". Please refer to documentation of the attribute for a more detailed description.
(nsSSL3Ciphers)
COMMAND 'dsconf security get'
usage: dsconf [-v] [-j] instance security get [-h]
COMMAND 'dsconf security enable'
usage: dsconf instance [-v] [-j] security enable [-h] [--cert-name CERT_NAME]
If missing, create security database, then turn on security functionality. Please note this is usually
not enough for TLS connections to work - proper setup of CA and server certificate is necessary.
OPTIONS 'dsconf security enable'
--cert-name CERT_NAME
Sets the name of the certificate the server should use
COMMAND 'dsconf security disable'
usage: dsconf instance [-v] [-j] security disable [-h]
Turn off security functionality. The rest of the configuration will be left untouched.
COMMAND 'dsconf security disable_plain_port'
usage: dsconf instance [-v] [-j] security disable_plain_port [-h]
COMMAND 'dsconf security certificate'
usage: dsconf [-v] [-j] instance security certificate [-h]
{add,set-trust-flags,del,get,list} ...
POSITIONAL ARGUMENTS 'dsconf security certificate'
dsconf security certificate add
Add a server certificate
dsconf security certificate set-trust-flags
Set the Trust flags
dsconf security certificate del
Delete a certificate
dsconf security certificate get
Display a server certificate's information
dsconf security certificate list
List the server certificates
COMMAND 'dsconf security certificate add'
usage: dsconf instance [-v] [-j] security certificate add [-h] --file FILE
--name NAME
[--primary-cert]
Add a server certificate to the NSS database
OPTIONS 'dsconf security certificate add'
--file FILE
Sets the file name of the certificate
--name NAME
Sets the name/nickname of the certificate
--primary-cert
Sets this certificate as the server's certificate
COMMAND 'dsconf security certificate set-trust-flags'
usage: dsconf instance [-v] [-j] security certificate set-trust-flags
[-h] --flags FLAGS name
Change the trust flags of a server certificate
name The name/nickname of the certificate
OPTIONS 'dsconf security certificate set-trust-flags'
--flags FLAGS
Sets the trust flags for the server certificate
COMMAND 'dsconf security certificate del'
usage: dsconf instance [-v] [-j] security certificate del [-h] name
Delete a certificate from the NSS database
name The name/nickname of the certificate
COMMAND 'dsconf security certificate get'
usage: dsconf instance [-v] [-j] security certificate get [-h] name
Displays detailed information about a certificate, such as trust attributes, expiration dates, Subject
and Issuer DNs
name Set the name/nickname of the certificate
COMMAND 'dsconf security certificate list'
usage: dsconf instance [-v] [-j] security certificate list [-h]
Lists the server certificates in the NSS database
COMMAND 'dsconf security ca-certificate'
usage: dsconf [-v] [-j] instance security ca-certificate [-h]
{add,set-trust-flags,del,get,list} ...
POSITIONAL ARGUMENTS 'dsconf security ca-certificate'
dsconf security ca-certificate add
Add a Certificate Authority
dsconf security ca-certificate set-trust-flags
Set the Trust flags
dsconf security ca-certificate del
Delete a certificate
dsconf security ca-certificate get
Displays a Certificate Authority's information
dsconf security ca-certificate list
List the Certificate Authorities
COMMAND 'dsconf security ca-certificate add'
usage: dsconf instance [-v] [-j] security ca-certificate add
[-h] --file FILE --name NAME [NAME ...]
Add a Certificate Authority to the NSS database
OPTIONS 'dsconf security ca-certificate add'
--file FILE
Sets the file name of the CA certificate
--name NAME [NAME ...]
Sets the name/nickname of the CA certificate, if adding a PEM bundle then specify multiple names
one for each certificate, otherwise a number increment will be added to the previous name.
COMMAND 'dsconf security ca-certificate set-trust-flags'
usage: dsconf instance [-v] [-j] security ca-certificate set-trust-flags
[-h] --flags FLAGS name
Change the trust attributes of a CA certificate. Certificate Authorities typically use "CT,,"
name The name/nickname of the CA certificate
OPTIONS 'dsconf security ca-certificate set-trust-flags'
--flags FLAGS
Sets the trust flags for the CA certificate
COMMAND 'dsconf security ca-certificate del'
usage: dsconf instance [-v] [-j] security ca-certificate del [-h] name
Delete a CA certificate from the NSS database
name The name/nickname of the CA certificate
COMMAND 'dsconf security ca-certificate get'
usage: dsconf instance [-v] [-j] security ca-certificate get [-h] name
Get detailed information about a CA certificate, like trust attributes, expiration dates, Subject and
Issuer DN
name The name/nickname of the CA certificate
COMMAND 'dsconf security ca-certificate list'
usage: dsconf instance [-v] [-j] security ca-certificate list [-h]
List the CA certificates in the NSS database
COMMAND 'dsconf security rsa'
usage: dsconf [-v] [-j] instance security rsa [-h]
{set,get,enable,disable} ...
POSITIONAL ARGUMENTS 'dsconf security rsa'
dsconf security rsa set
Set RSA security options
dsconf security rsa get
Get RSA security options
dsconf security rsa enable
Enable RSA
dsconf security rsa disable
Disable RSA
COMMAND 'dsconf security rsa set'
usage: dsconf [-v] [-j] instance security rsa set [-h]
[--tls-allow-rsa-certificates
TLS_ALLOW_RSA_CERTIFICATES]
[--nss-cert-name NSS_CERT_NAME]
[--nss-token NSS_TOKEN]
Use this command for setting RSA (private key) related options located in cn=RSA,cn=encryption,cn=config.
To enable/disable RSA you can use enable and disable commands instead.
OPTIONS 'dsconf security rsa set'
--tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES
Activates the use of RSA certificates (nsSSLActivation)
--nss-cert-name NSS_CERT_NAME
Sets the server certificate name in NSS DB (nsSSLPersonalitySSL)
--nss-token NSS_TOKEN
Sets the security token name (module of NSS DB) (nsSSLToken)
COMMAND 'dsconf security rsa get'
usage: dsconf [-v] [-j] instance security rsa get [-h]
COMMAND 'dsconf security rsa enable'
usage: dsconf [-v] [-j] instance security rsa enable [-h]
COMMAND 'dsconf security rsa disable'
usage: dsconf [-v] [-j] instance security rsa disable [-h]
COMMAND 'dsconf security ciphers'
usage: dsconf [-v] [-j] instance security ciphers [-h]
{enable,disable,get,set,list} ...
POSITIONAL ARGUMENTS 'dsconf security ciphers'
dsconf security ciphers enable
Enable ciphers
dsconf security ciphers disable
Disable ciphers
dsconf security ciphers get
Get ciphers attribute
dsconf security ciphers set
Set ciphers attribute
dsconf security ciphers list
List ciphers
COMMAND 'dsconf security ciphers enable'
usage: dsconf instance [-v] [-j] security ciphers enable [-h]
cipher [cipher ...]
Use this command to enable specific ciphers.
cipher
COMMAND 'dsconf security ciphers disable'
usage: dsconf instance [-v] [-j] security ciphers disable [-h]
cipher [cipher ...]
Use this command to disable specific ciphers.
cipher
COMMAND 'dsconf security ciphers get'
usage: dsconf instance [-v] [-j] security ciphers get [-h]
Use this command to get contents of nsSSL3Ciphers attribute.
COMMAND 'dsconf security ciphers set'
usage: dsconf instance [-v] [-j] security ciphers set [-h] cipher-string
Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names
(prefixed with + or -), optionally including +all or -all. The attribute may optionally be set to keyword
default. Please refer to documentation of the attribute for a more detailed description.
cipher-string
COMMAND 'dsconf security ciphers list'
usage: dsconf instance [-v] [-j] security ciphers list [-h] [--enabled |
--supported |
--disabled]
List secure ciphers. Without arguments, list ciphers as configured in nsSSL3Ciphers attribute.
OPTIONS 'dsconf security ciphers list'
--enabled
Lists only enabled ciphers
--supported
Lists only supported ciphers
--disabled
Lists only supported ciphers but without enabled ciphers
COMMAND 'dsconf security csr'
usage: dsconf [-v] [-j] instance security csr [-h] {list,get,req,del} ...
POSITIONAL ARGUMENTS 'dsconf security csr'
dsconf security csr list
List CSRs
dsconf security csr get
Display CSR content
dsconf security csr req
Generate a Certificate Signing Request
dsconf security csr del
Delete a CSR file
COMMAND 'dsconf security csr list'
usage: dsconf instance [-v] [-j] security csr list [-h] [--path PATH]
List all CSR files in instance configuration directiory
OPTIONS 'dsconf security csr list'
--path PATH, -p PATH
Directory contanining CSR file
COMMAND 'dsconf security csr get'
usage: dsconf instance [-v] [-j] security csr get [-h] name
Displays the contents of a CSR, which can be used for submittal to CA
name Name of the CSR file to display
COMMAND 'dsconf security csr req'
usage: dsconf instance [-v] [-j] security csr req [-h] --subject SUBJECT
--name NAME
[alt_names ...]
Generate a CSR that can be submitted to a CA for verification
alt_names
CSR alternative names. These are auto-detected if not provided
OPTIONS 'dsconf security csr req'
--subject SUBJECT, -s SUBJECT
Subject field
--name NAME, -n NAME
Name
COMMAND 'dsconf security csr del'
usage: dsconf [-v] [-j] instance security csr del [-h] name
Delete a CSR file
name Name of the CSR file to delete
COMMAND 'dsconf security key'
usage: dsconf [-v] [-j] instance security key [-h] {list,del} ...
POSITIONAL ARGUMENTS 'dsconf security key'
dsconf security key list
List all keys in NSS DB
dsconf security key del
Delete a key from NSS DB
COMMAND 'dsconf security key list'
usage: dsconf [-v] [-j] instance security key list [-h] [--orphan]
OPTIONS 'dsconf security key list'
--orphan
List orphan keys (An orphan key is a private key in the NSS DB for which there is NO cert with the
corresponding public key). An orphan key is created during CSR generation, when the associated
certificate is imported into the NSS DB, its orphan state will be removed.
COMMAND 'dsconf security key del'
usage: dsconf instance [-v] [-j] security key del [-h] key_id
Remove a key from the NSS DB. Make sure the key is not in use before you delete
key_id This is the key ID displayed when listing keys
COMMAND 'dsconf security export-cert'
usage: dsconf instance [-v] [-j] security export-cert [-h] [--binary-format]
[--output-file OUTPUT_FILE]
nickname
nickname
The name of the certificate to export
OPTIONS 'dsconf security export-cert'
--binary-format
Export certificate in DER/binary format
--output-file OUTPUT_FILE
The name for the exported certificate. Default name is the certificate nickname with an extension
of ".pem" or ".crt"
COMMAND 'dsconf schema'
usage: dsconf [-v] [-j] instance schema [-h]
{list,attributetypes,objectclasses,matchingrules,reload,validate-syntax,import-openldap-file}
...
POSITIONAL ARGUMENTS 'dsconf schema'
dsconf schema list
List all schema objects on this system
dsconf schema attributetypes
Work with attribute types on this system
dsconf schema objectclasses
Work with objectClasses on this system
dsconf schema matchingrules
Work with matching rules on this system
dsconf schema reload
Dynamically reload schema while server is running
dsconf schema validate-syntax
Run a task to check that all attributes in an entry have the correct syntax
dsconf schema import-openldap-file
Import an openldap formatted dynamic schema ldifs. These will contain values like
olcAttributeTypes and olcObjectClasses.
COMMAND 'dsconf schema list'
usage: dsconf [-v] [-j] instance schema list [-h]
COMMAND 'dsconf schema attributetypes'
usage: dsconf [-v] [-j] instance schema attributetypes [-h]
{get_syntaxes,list,query,add,replace,remove} ...
POSITIONAL ARGUMENTS 'dsconf schema attributetypes'
dsconf schema attributetypes get_syntaxes
List all available attribute type syntaxes
dsconf schema attributetypes list
List available attribute types on this system
dsconf schema attributetypes query
Query an attribute to determine object classes that may or must take it
dsconf schema attributetypes add
Add an attribute type to this system
dsconf schema attributetypes replace
Replace an attribute type on this system
dsconf schema attributetypes remove
Remove an attribute type on this system
COMMAND 'dsconf schema attributetypes get_syntaxes'
usage: dsconf [-v] [-j] instance schema attributetypes get_syntaxes [-h]
COMMAND 'dsconf schema attributetypes list'
usage: dsconf [-v] [-j] instance schema attributetypes list [-h]
COMMAND 'dsconf schema attributetypes query'
usage: dsconf [-v] [-j] instance schema attributetypes query [-h] [name]
name Attribute type to query
COMMAND 'dsconf schema attributetypes add'
usage: dsconf [-v] [-j] instance schema attributetypes add [-h] [--oid OID]
[--desc DESC]
[--x-origin X_ORIGIN]
[--aliases ALIASES [ALIASES ...]]
[--single-value]
[--multi-value]
[--no-user-mod]
[--user-mod]
[--equality EQUALITY]
[--substr SUBSTR]
[--ordering ORDERING]
[--usage USAGE]
[--sup SUP]
--syntax SYNTAX
name
name NAME of the object
OPTIONS 'dsconf schema attributetypes add'
--oid OID
OID assigned to the object
--desc DESC
Description text(DESC) of the object
--x-origin X_ORIGIN
Provides information about where the attribute type is defined
--aliases ALIASES [ALIASES ...]
Additional NAMEs of the object.
--single-value
True if the matching rule must have only one valueOnly one of the flags this or --multi-value
should be specified
--multi-value
True if the matching rule may have multiple values (default)Only one of the flags this or
--single-value should be specified
--no-user-mod
True if the attribute is not modifiable by a client applicationOnly one of the flags this or
--user-mod should be specified
--user-mod
True if the attribute is modifiable by a client application (default)Only one of the flags this or
--no-user-mode should be specified
--equality EQUALITY
NAME or OID of the matching rule used for checkingwhether attribute values are equal
--substr SUBSTR
NAME or OID of the matching rule used for checkingwhether an attribute value contains another
value
--ordering ORDERING
NAME or OID of the matching rule used for checkingwhether attribute values are lesser - equal than
--usage USAGE
The flag indicates how the attribute type is to be used. Choose from the list: userApplications
(default), directoryOperation, distributedOperation, dSAOperation
--sup SUP
The NAME or OID of attribute type this attribute type is derived from
--syntax SYNTAX
OID of the LDAP syntax assigned to the attribute
COMMAND 'dsconf schema attributetypes replace'
usage: dsconf [-v] [-j] instance schema attributetypes replace
[-h] [--oid OID] [--desc DESC] [--x-origin X_ORIGIN]
[--aliases ALIASES [ALIASES ...]] [--single-value] [--multi-value]
[--no-user-mod] [--user-mod] [--equality EQUALITY] [--substr SUBSTR]
[--ordering ORDERING] [--usage USAGE] [--sup SUP] [--syntax SYNTAX]
name
name NAME of the object
OPTIONS 'dsconf schema attributetypes replace'
--oid OID
OID assigned to the object
--desc DESC
Description text(DESC) of the object
--x-origin X_ORIGIN
Provides information about where the attribute type is defined
--aliases ALIASES [ALIASES ...]
Additional NAMEs of the object.
--single-value
True if the matching rule must have only one valueOnly one of the flags this or --multi-value
should be specified
--multi-value
True if the matching rule may have multiple values (default)Only one of the flags this or
--single-value should be specified
--no-user-mod
True if the attribute is not modifiable by a client applicationOnly one of the flags this or
--user-mod should be specified
--user-mod
True if the attribute is modifiable by a client application (default)Only one of the flags this or
--no-user-mode should be specified
--equality EQUALITY
NAME or OID of the matching rule used for checkingwhether attribute values are equal
--substr SUBSTR
NAME or OID of the matching rule used for checkingwhether an attribute value contains another
value
--ordering ORDERING
NAME or OID of the matching rule used for checkingwhether attribute values are lesser - equal than
--usage USAGE
The flag indicates how the attribute type is to be used. Choose from the list: userApplications
(default), directoryOperation, distributedOperation, dSAOperation
--sup SUP
The NAME or OID of attribute type this attribute type is derived from
--syntax SYNTAX
OID of the LDAP syntax assigned to the attribute
COMMAND 'dsconf schema attributetypes remove'
usage: dsconf [-v] [-j] instance schema attributetypes remove [-h] name
name NAME of the object
COMMAND 'dsconf schema objectclasses'
usage: dsconf [-v] [-j] instance schema objectclasses [-h]
{list,query,add,replace,remove} ...
POSITIONAL ARGUMENTS 'dsconf schema objectclasses'
dsconf schema objectclasses list
List available objectClasses on this system
dsconf schema objectclasses query
Query an objectClass
dsconf schema objectclasses add
Add an objectClass to this system
dsconf schema objectclasses replace
Replace an objectClass on this system
dsconf schema objectclasses remove
Remove an objectClass on this system
COMMAND 'dsconf schema objectclasses list'
usage: dsconf [-v] [-j] instance schema objectclasses list [-h]
COMMAND 'dsconf schema objectclasses query'
usage: dsconf [-v] [-j] instance schema objectclasses query [-h] [name]
name ObjectClass to query
COMMAND 'dsconf schema objectclasses add'
usage: dsconf [-v] [-j] instance schema objectclasses add [-h] [--oid OID]
[--desc DESC]
[--x-origin X_ORIGIN]
[--must MUST [MUST ...]]
[--may MAY [MAY ...]]
[--kind KIND]
[--sup SUP [SUP ...]]
name
name NAME of the object
OPTIONS 'dsconf schema objectclasses add'
--oid OID
OID assigned to the object
--desc DESC
Description text(DESC) of the object
--x-origin X_ORIGIN
Provides information about where the attribute type is defined
--must MUST [MUST ...]
NAMEs or OIDs of all attributes an entry of the object must have
--may MAY [MAY ...]
NAMEs or OIDs of additional attributes an entry of the object may have
--kind KIND
Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
--sup SUP [SUP ...]
NAME or OIDs of object classes this object is derived from
COMMAND 'dsconf schema objectclasses replace'
usage: dsconf [-v] [-j] instance schema objectclasses replace
[-h] [--oid OID] [--desc DESC] [--x-origin X_ORIGIN]
[--must MUST [MUST ...]] [--may MAY [MAY ...]] [--kind KIND]
[--sup SUP [SUP ...]]
name
name NAME of the object
OPTIONS 'dsconf schema objectclasses replace'
--oid OID
OID assigned to the object
--desc DESC
Description text(DESC) of the object
--x-origin X_ORIGIN
Provides information about where the attribute type is defined
--must MUST [MUST ...]
NAMEs or OIDs of all attributes an entry of the object must have
--may MAY [MAY ...]
NAMEs or OIDs of additional attributes an entry of the object may have
--kind KIND
Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
--sup SUP [SUP ...]
NAME or OIDs of object classes this object is derived from
COMMAND 'dsconf schema objectclasses remove'
usage: dsconf [-v] [-j] instance schema objectclasses remove [-h] name
name NAME of the object
COMMAND 'dsconf schema matchingrules'
usage: dsconf [-v] [-j] instance schema matchingrules [-h] {list,query} ...
POSITIONAL ARGUMENTS 'dsconf schema matchingrules'
dsconf schema matchingrules list
List available matching rules on this system
dsconf schema matchingrules query
Query a matching rule
COMMAND 'dsconf schema matchingrules list'
usage: dsconf [-v] [-j] instance schema matchingrules list [-h]
COMMAND 'dsconf schema matchingrules query'
usage: dsconf [-v] [-j] instance schema matchingrules query [-h] [name]
name Matching rule to query
COMMAND 'dsconf schema reload'
usage: dsconf [-v] [-j] instance schema reload [-h] [-d SCHEMADIR] [--wait]
[--timeout TIMEOUT]
OPTIONS 'dsconf schema reload'
-d SCHEMADIR, --schemadir SCHEMADIR
directory where schema files are located
--wait Wait for the reload task to complete
--timeout TIMEOUT
Set a timeout to wait for the reload task. Default is 120 seconds
COMMAND 'dsconf schema validate-syntax'
usage: dsconf instance [-v] [-j] schema validate-syntax [-h] [-f FILTER]
[--timeout TIMEOUT]
DN
DN Base DN that contains entries to validate
OPTIONS 'dsconf schema validate-syntax'
-f FILTER, --filter FILTER
Filter for entries to validate. If omitted, all entries with filter "(objectclass=*)" are
validated
--timeout TIMEOUT
Set a timeout to wait for the validation task. Default is 120 seconds
COMMAND 'dsconf schema import-openldap-file'
usage: dsconf instance [-v] [-j] schema import-openldap-file
[-h] [--confirm] schema_file
schema_file
Path to the openldap dynamic schema ldif to import
OPTIONS 'dsconf schema import-openldap-file'
--confirm
Confirm that you want to apply these schema migration actions to the 389-ds instance. By default
no actions are taken.
OPTIONS
-v, --verbose
Display verbose operation tracing during command execution
-j, --json
Return result in JSON object
-D BINDDN, --binddn BINDDN
The account to bind as for executing operations
-w BINDPW, --bindpw BINDPW
Password for the bind DN
-W, --prompt
Prompt for password of the bind DN
-y PWDFILE, --pwdfile PWDFILE
Specifies a file containing the password of the bind DN
-b BASEDN, --basedn BASEDN
Base DN (root naming context) of the instance to manage
-Z, --starttls
Connect with StartTLS
AUTHOR
Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
DISTRIBUTION
The latest version of lib389 may be downloaded from
http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
lib389 3.1.2 2025-04-10 DSCONF(8)