1dsconf(8)                   System Manager's Manual                  dsconf(8)
2
3
4

NAME

6       dsconf
7

SYNOPSIS

9       dsconf  [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10       [-Z]   [-j]   instance   {backend,backup,chaining,config,directory_man‐
11       ager,monitor,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-win‐
12       sync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ...
13

OPTIONS

15       instance
16              The instance name OR the LDAP url to connect to, IE localhost,
17              ldap://mai.example.com:389
18
19
20   Sub-commands
21       dsconf backend
22              Manage database suffixes and backends
23
24       dsconf backup
25              Manage online backups
26
27       dsconf chaining
28              Manage database chaining/database links
29
30       dsconf config
31              Manage server configuration
32
33       dsconf directory_manager
34              Manage the directory manager account
35
36       dsconf monitor
37              Monitor the state of the instance
38
39       dsconf plugin
40              Manage plugins available on the server
41
42       dsconf pwpolicy
43              Get and set the global password policy settings
44
45       dsconf localpwp
46              Manage local (user/subtree) password policies
47
48       dsconf replication
49              Configure replication for a suffix
50
51       dsconf repl-agmt
52              Manage replication agreements
53
54       dsconf repl-winsync-agmt
55              Manage Winsync Agreements
56
57       dsconf repl-tasks
58              Manage replication tasks
59
60       dsconf sasl
61              Query and manipulate sasl mappings
62
63       dsconf security
64              Query and manipulate security options
65
66       dsconf schema
67              Query and manipulate schema
68
69       dsconf repl-conflict
70              Manage replication conflicts
71

OPTIONS 'dsconf backend'

73       usage: dsconf instance backend [-h]
74                                      {suffix,index,vlv-index,attr-
75       encrypt,config,monitor,import,export,create,delete,get-tree}
76                                      ...
77
78
79   Sub-commands
80       dsconf backend suffix
81              Manage a backend suffix
82
83       dsconf backend index
84              Manage backend indexes
85
86       dsconf backend vlv-index
87              Manage VLV searches and indexes
88
89       dsconf backend attr-encrypt
90              Encrypted attribute options
91
92       dsconf backend config
93              Manage the global database configuration settings
94
95       dsconf backend monitor
96              Get the global database monitor information
97
98       dsconf backend import
99              Do an online import of the suffix
100
101       dsconf backend export
102              Do an online export of the suffix
103
104       dsconf backend create
105              Create a backend database
106
107       dsconf backend delete
108              Delete a backend database
109
110       dsconf backend get-tree
111              Get a representation of the suffix tree
112

OPTIONS 'dsconf backend suffix'

114       usage: dsconf instance backend suffix [-h]
115                                             {list,get,get-dn,get-sub-suf‐
116       fixes,set}
117                                             ...
118
119
120   Sub-commands
121       dsconf backend suffix list
122              List current active backends and suffixes
123
124       dsconf backend suffix get
125              Get the suffix entry
126
127       dsconf backend suffix get-dn
128              get_dn
129
130       dsconf backend suffix get-sub-suffixes
131              Get the sub-suffixes of this backend
132
133       dsconf backend suffix set
134              Set configuration settings for a single backend
135

OPTIONS 'dsconf backend suffix list'

137       usage: dsconf instance backend suffix list [-h] [--suffix]
138                                                  [--skip-subsuffixes]
139
140
141
142       --suffix
143              Just display the suffix, and not the backend name
144
145
146       --skip-subsuffixes
147              Skip over sub-suffixes
148
149

OPTIONS 'dsconf backend suffix get'

151       usage: dsconf instance backend suffix get [-h] [selector]
152
153
154       selector
155              The backend to search for
156
157
158

OPTIONS 'dsconf backend suffix get-dn'

160       usage: dsconf instance backend suffix get-dn [-h] [dn]
161
162
163       dn     The backend dn to get
164
165
166

OPTIONS 'dsconf backend suffix get-sub-suffixes'

168       usage: dsconf instance backend suffix get-sub-suffixes [-h]  [--suffix]
169       be_name
170
171
172       be_name
173              The backend name or suffix to search for sub-suffixes
174
175
176       --suffix
177              Just display the suffix, and not the backend name
178
179

OPTIONS 'dsconf backend suffix set'

181       usage: dsconf instance backend suffix set [-h] [--enable-readonly]
182                                                 [--disable-readonly]
183                                                 [--require-index]  [--ignore-
184       index]
185                                                 [--add-referral ADD_REFERRAL]
186                                                 [--del-referral DEL_REFERRAL]
187                                                 [--enable] [--disable]
188                                                 [--cache-size CACHE_SIZE]
189                                                 [--cache-memsize   CACHE_MEM‐
190       SIZE]
191                                                 [--dncache-memsize
192       DNCACHE_MEMSIZE]
193                                                 be_name
194
195
196       be_name
197              The backend name or suffix to delete
198
199
200       --enable-readonly
201              Set backend database to be read-only
202
203
204       --disable-readonly
205              Disable read-only mode for backend database
206
207
208       --require-index
209              Only allow indexed searches
210
211
212       --ignore-index
213              Allow all searches even if they are unindexed
214
215
216       --add-referral ADD_REFERRAL
217              Add a LDAP referral to the backend
218
219
220       --del-referral DEL_REFERRAL
221              Remove a LDAP referral to the backend
222
223
224       --enable
225              Enable the backend database
226
227
228       --disable
229              Disable the backend database
230
231
232       --cache-size CACHE_SIZE
233              The maximum number of entries to keep in the entry cache
234
235
236       --cache-memsize CACHE_MEMSIZE
237              The maximum size in bytes that the entry cache can grow to
238
239
240       --dncache-memsize DNCACHE_MEMSIZE
241              The maximum size in bytes that the DN cache can grow to
242
243
244

OPTIONS 'dsconf backend index'

246       usage: dsconf instance backend index [-h]
247                                            {add,set,get,list,delete,reindex}
248       ...
249
250
251   Sub-commands
252       dsconf backend index add
253              Set configuration settings for a single backend
254
255       dsconf backend index set
256              Edit an index entry
257
258       dsconf backend index get
259              Get an index entry
260
261       dsconf backend index list
262              Set configuration settings for a single backend
263
264       dsconf backend index delete
265              Set configuration settings for a single backend
266
267       dsconf backend index reindex
268              Reindex the database (for a single index or all indexes
269

OPTIONS 'dsconf backend index add'

271       usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
272                                                [--matching-rule        MATCH‐
273       ING_RULE]
274                                                [--reindex] --attr ATTR
275                                                be_name
276
277
278       be_name
279              The backend name or suffix to delete
280
281
282       --index-type INDEX_TYPE
283              An indexing type: eq, sub, pres, or approximate
284
285
286       --matching-rule MATCHING_RULE
287              Matching rule for the index
288
289
290       --reindex
291              After adding new index, reindex the database
292
293
294       --attr ATTR
295              The index attribute's name
296
297

OPTIONS 'dsconf backend index set'

299       usage: dsconf instance backend index set [-h] --attr ATTR
300                                                [--add-type ADD_TYPE]
301                                                [--del-type DEL_TYPE]
302                                                [--add-mr  ADD_MR]   [--del-mr
303       DEL_MR]
304                                                [--reindex]
305                                                be_name
306
307
308       be_name
309              The backend name or suffix to edit an index from
310
311
312       --attr ATTR
313              The index name to edit
314
315
316       --add-type ADD_TYPE
317              An index type to add to the index: eq, sub, pres, or approx
318
319
320       --del-type DEL_TYPE
321              An index type to remove from the index: eq, sub, pres, or approx
322
323
324       --add-mr ADD_MR
325              A matching-rule to add to the index
326
327
328       --del-mr DEL_MR
329              A matching-rule to remove from the index
330
331
332       --reindex
333              After editing index, reindex the database
334
335

OPTIONS 'dsconf backend index get'

337       usage: dsconf instance backend index get [-h] --attr ATTR be_name
338
339
340       be_name
341              The backend name or suffix to get the index from
342
343
344       --attr ATTR
345              The index name to get
346
347

OPTIONS 'dsconf backend index list'

349       usage: dsconf instance backend index list [-h] [--just-names] be_name
350
351
352       be_name
353              The backend name or suffix to list indexes from
354
355
356       --just-names
357              Return a list of just the attribute names for a backend
358
359

OPTIONS 'dsconf backend index delete'

361       usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
362
363
364       be_name
365              The backend name or suffix to delete
366
367
368       --attr ATTR
369              The index attribute's name
370
371

OPTIONS 'dsconf backend index reindex'

373       usage:  dsconf  instance  backend  index  reindex  [-h]  [--attr  ATTR]
374       [--wait]
375                                                    be_name
376
377
378       be_name
379              The backend name or suffix to reindex
380
381
382       --attr ATTR
383              The index attribute's name to reindex.  Skip  this  argument  to
384              reindex all
385              attributes
386
387
388       --wait Wait for the index task to complete and report the status
389
390
391

OPTIONS 'dsconf backend vlv-index'

393       usage: dsconf instance backend vlv-index [-h]
394                                                {list,get,add-search,edit-
395       search,del-search,add-index,del-index,reindex}
396                                                ...
397
398
399   Sub-commands
400       dsconf backend vlv-index list
401              List VLV search and index entries
402
403       dsconf backend vlv-index get
404              Get a VLV search & index
405
406       dsconf backend vlv-index add-search
407              Add a VLV search entry.  The search entry is the parent entry of
408              the  VLV  index entries, and it specifies the search params that
409              are used to match entries for those indexes.
410
411       dsconf backend vlv-index edit-search
412              Edit a VLV search & index
413
414       dsconf backend vlv-index del-search
415              Delete VLV search & index
416
417       dsconf backend vlv-index add-index
418              Create a VLV index under a VLV search entry(parent entry).   The
419              VLV index just specifies the attributes to sort
420
421       dsconf backend vlv-index del-index
422              Delete a VLV index under a VLV search entry(parent entry).
423
424       dsconf backend vlv-index reindex
425              Index/reindex the VLV database index
426

OPTIONS 'dsconf backend vlv-index list'

428       usage:  dsconf  instance  backend  vlv-index  list  [-h] [--just-names]
429       be_name
430
431
432       be_name
433              The backend name of the VLV index
434
435
436       --just-names
437              List just the names of the VLV search entries
438
439

OPTIONS 'dsconf backend vlv-index get'

441       usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
442
443
444       be_name
445              The backend name of the VLV index
446
447
448       --name NAME
449              Get the VLV search entry and its index entries
450
451

OPTIONS 'dsconf backend vlv-index add-search'

453       usage: dsconf instance backend vlv-index add-search [-h] --name NAME
454                                                           --search-base
455       SEARCH_BASE
456                                                           --search-scope
457                                                           SEARCH_SCOPE
458                                                           --search-filter
459                                                           SEARCH_FILTER
460                                                           be_name
461
462
463       be_name
464              The backend name of the VLV index
465
466
467       --name NAME
468              Name of the VLV search entry
469
470
471       --search-base SEARCH_BASE
472              The VLV search base
473
474
475       --search-scope SEARCH_SCOPE
476              The  VLV search scope: 0 (base search), 1 (one-level search), or
477              2 (subtree
478              search)
479
480
481       --search-filter SEARCH_FILTER
482              The VLV search filter
483
484

OPTIONS 'dsconf backend vlv-index edit-search'

486       usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
487                                                            [--search-base
488       SEARCH_BASE]
489                                                            [--search-scope
490       SEARCH_SCOPE]
491                                                            [--search-filter
492       SEARCH_FILTER]
493                                                            [--reindex]
494                                                            be_name
495
496
497       be_name
498              The backend name of the VLV index
499
500
501       --name NAME
502              Name of the VLV index
503
504
505       --search-base SEARCH_BASE
506              The VLV search base
507
508
509       --search-scope SEARCH_SCOPE
510              The  VLV search scope: 0 (base search), 1 (one-level search), or
511              2 (subtree
512              search)
513
514
515       --search-filter SEARCH_FILTER
516              The VLV search filter
517
518
519       --reindex
520              Reindex all the VLV database indexes
521
522

OPTIONS 'dsconf backend vlv-index del-search'

524       usage: dsconf instance backend vlv-index del-search  [-h]  --name  NAME
525       be_name
526
527
528       be_name
529              The backend name of the VLV index
530
531
532       --name NAME
533              Name of the VLV search index
534
535

OPTIONS 'dsconf backend vlv-index add-index'

537       usage: dsconf instance backend vlv-index add-index [-h] --parent-name
538                                                          PARENT_NAME --index-
539       name
540                                                          INDEX_NAME    --sort
541       SORT
542                                                          [--index-it]
543                                                          be_name
544
545
546       be_name
547              The backend name of the VLV index
548
549
550       --parent-name PARENT_NAME
551              Name, or "cn" attribute value, of the parent VLV search entry
552
553
554       --index-name INDEX_NAME
555              Name of the new VLV index
556
557
558       --sort SORT
559              A space separated list of attributes to sort for this VLV index
560
561
562       --index-it
563              Create the database index for this VLV index definition
564
565

OPTIONS 'dsconf backend vlv-index del-index'

567       usage: dsconf instance backend vlv-index del-index [-h] --parent-name
568                                                          PARENT_NAME
569                                                          [--index-name
570       INDEX_NAME]
571                                                          [--sort SORT]
572                                                          be_name
573
574
575       be_name
576              The backend name of the VLV index
577
578
579       --parent-name PARENT_NAME
580              Name, or "cn" attribute value, of the parent VLV search entry
581
582
583       --index-name INDEX_NAME
584              Name of the VLV index to delete
585
586
587       --sort SORT
588              Delete a VLV index that has this vlvsort value
589
590

OPTIONS 'dsconf backend vlv-index reindex'

592       usage: dsconf instance backend vlv-index reindex [-h]
593                                                        [--index-name
594       INDEX_NAME]
595                                                        --parent-name     PAR‐
596       ENT_NAME
597                                                        be_name
598
599
600       be_name
601              The backend name of the VLV index
602
603
604       --index-name INDEX_NAME
605              Name of the VLV Index entry to reindex. If not set, all  indexes
606              are reindexed
607
608
609       --parent-name PARENT_NAME
610              Name, or "cn" attribute value, of the parent VLV search entry
611
612
613

OPTIONS 'dsconf backend attr-encrypt'

615       usage:  dsconf  instance  backend  attr-encrypt  [-h] [--list] [--just-
616       names]
617                                                   [--add-attr ADD_ATTR]
618                                                   [--del-attr DEL_ATTR]
619                                                   be_name
620
621
622       be_name
623              The backend name or suffix to to reindex
624
625
626       --list List all the encrypted attributes for this backend
627
628
629       --just-names
630              List just the names  of  the  encrypted  attributes  (used  with
631              --list)
632
633
634       --add-attr ADD_ATTR
635              Add an attribute to be encrypted
636
637
638       --del-attr DEL_ATTR
639              Remove an attribute from being encrypted
640
641

OPTIONS 'dsconf backend config'

643       usage: dsconf instance backend config [-h] {get,set} ...
644
645
646   Sub-commands
647       dsconf backend config get
648              Get the global database configuration
649
650       dsconf backend config set
651              Set the global database configuration
652

OPTIONS 'dsconf backend config get'

654       usage: dsconf instance backend config get [-h]
655
656
657
658

OPTIONS 'dsconf backend config set'

660       usage: dsconf instance backend config set [-h]
661                                                 [--lookthroughlimit     LOOK‐
662       THROUGHLIMIT]
663                                                 [--mode MODE]
664                                                 [--idlistscanlimit
665       IDLISTSCANLIMIT]
666                                                 [--directory DIRECTORY]
667                                                 [--dbcachesize DBCACHESIZE]
668                                                 [--logdirectory LOGDIRECTORY]
669                                                 [--durable-txn DURABLE_TXN]
670                                                 [--txn-wait TXN_WAIT]
671                                                 [--checkpoint-interval CHECK‐
672       POINT_INTERVAL]
673                                                 [--compactdb-interval    COM‐
674       PACTDB_INTERVAL]
675                                                 [--txn-batch-val
676       TXN_BATCH_VAL]
677                                                 [--txn-batch-min
678       TXN_BATCH_MIN]
679                                                 [--txn-batch-max
680       TXN_BATCH_MAX]
681                                                 [--logbufsize LOGBUFSIZE]
682                                                 [--locks LOCKS]
683                                                 [--import-cache-autosize
684       IMPORT_CACHE_AUTOSIZE]
685                                                 [--cache-autosize CACHE_AUTO‐
686       SIZE]
687                                                 [--cache-autosize-split
688       CACHE_AUTOSIZE_SPLIT]
689                                                 [--import-cachesize
690       IMPORT_CACHESIZE]
691                                                 [--exclude-from-export
692       EXCLUDE_FROM_EXPORT]
693                                                 [--pagedlookthroughlimit
694       PAGEDLOOKTHROUGHLIMIT]
695                                                 [--pagedidlistscanlimit PAGE‐
696       DIDLISTSCANLIMIT]
697                                                 [--rangelookthroughlimit
698       RANGELOOKTHROUGHLIMIT]
699                                                 [--backend-opt-level    BACK‐
700       END_OPT_LEVEL]
701                                                 [--deadlock-policy      DEAD‐
702       LOCK_POLICY]
703                                                 [--db-home-directory
704       DB_HOME_DIRECTORY]
705
706
707
708       --lookthroughlimit LOOKTHROUGHLIMIT
709              specifies  the  maximum  number  of  entries  that the Directory
710              Server will check
711              when examining candidate entries in response to a search request
712
713
714       --mode MODE
715              Specifies the permissions used for newly created index files
716
717
718       --idlistscanlimit IDLISTSCANLIMIT
719              Specifies the number of entry IDs that  are  searched  during  a
720              search operation
721
722
723       --directory DIRECTORY
724              Specifies absolute path to database instance
725
726
727       --dbcachesize DBCACHESIZE
728              Specifies the database index cache size, in bytes.
729
730
731       --logdirectory LOGDIRECTORY
732              Specifies  the  path to the directory that contains the database
733              transaction
734              logs
735
736
737       --durable-txn DURABLE_TXN
738              Sets whether database transaction log  entries  are  immediately
739              written to the
740              disk.
741
742
743       --txn-wait TXN_WAIT
744              Sets  whether  the  server should should wait if there are no db
745              locks available
746
747
748       --checkpoint-interval CHECKPOINT_INTERVAL
749              Sets the amount of time in seconds  after  which  the  Directory
750              Server sends a
751              checkpoint entry to the database transaction log
752
753
754       --compactdb-interval COMPACTDB_INTERVAL
755              Sets the interval in seconds when the database is compacted
756
757
758       --txn-batch-val TXN_BATCH_VAL
759              Specifies  how  many  transactions  will be batched before being
760              committed
761
762
763       --txn-batch-min TXN_BATCH_MIN
764              Controls when transactions should be flushed earliest,  indepen‐
765              dently of the
766              batch count (only works when txn-batch-val is set)
767
768
769       --txn-batch-max TXN_BATCH_MAX
770              Controls  when  transactions  should be flushed latest, indepen‐
771              dently of the
772              batch count (only works when txn-batch-val is set)
773
774
775       --logbufsize LOGBUFSIZE
776              Specifies the transaction log information buffer size
777
778
779       --locks LOCKS
780              Sets the maximum number of database locks
781
782
783       --import-cache-autosize IMPORT_CACHE_AUTOSIZE
784              Set to "on" or "off" to automatically set the size of the import
785              cache to be
786              used during the the import process of LDIF files
787
788
789       --cache-autosize CACHE_AUTOSIZE
790              Sets the percentage of free memory that is used in total for the
791              database and
792              entry cache. Set to "0" to disable this feature.
793
794
795       --cache-autosize-split CACHE_AUTOSIZE_SPLIT
796              Sets the percentage of RAM that is used for the database  cache.
797              The remaining
798              percentage is used for the entry cache
799
800
801       --import-cachesize IMPORT_CACHESIZE
802              Sets  the  size,  in  bytes,  of  the database cache used in the
803              import process.
804
805
806       --exclude-from-export EXCLUDE_FROM_EXPORT
807              List of attributes to not include during database export  opera‐
808              tions
809
810
811       --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
812              Specifies  the  maximum  number  of  entries  that the Directory
813              Server will check
814              when examining candidate entries for a  search  which  uses  the
815              simple paged
816              results control
817
818
819       --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
820              Specifies  the  number  of entry IDs that are searched, specifi‐
821              cally, for a
822              search operation using the simple paged results control.
823
824
825       --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
826              Specifies the maximum  number  of  entries  that  the  Directory
827              Server will check
828              when  examining  candidate entries in response to a range search
829              request.
830
831
832       --backend-opt-level BACKEND_OPT_LEVEL
833              WARNING this parameter can trigger experimental code to  improve
834              write
835              performance. Valid values are: 0, 1, 2, or 4
836
837
838       --deadlock-policy DEADLOCK_POLICY
839              Adjusts the backend database deadlock policy (Advanced setting)
840
841
842       --db-home-directory DB_HOME_DIRECTORY
843              Sets the directory for the database mmapped files (Advanced set‐
844              ting)
845
846
847

OPTIONS 'dsconf backend monitor'

849       usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
850
851
852
853       --suffix SUFFIX
854              Get just the suffix monitor entry
855
856

OPTIONS 'dsconf backend import'

858       usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
859                                             [-g GEN_UNIQ_ID] [-O]
860                                             [-s              INCLUDE_SUFFIXES
861       [INCLUDE_SUFFIXES ...]]
862                                             [-x              EXCLUDE_SUFFIXES
863       [EXCLUDE_SUFFIXES ...]]
864                                             [be_name] [ldifs [ldifs ...]]
865
866
867       be_name
868              The backend name or the root suffix where to import
869
870
871       ldifs  Specifies the filename of the  input  LDIF  files.When  multiple
872              files are
873              imported,  they  are  imported in the orderthey are specified on
874              the command
875              line.
876
877
878       -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
879              The number of chunks to have during the import operation.
880
881
882       -E, --encrypted
883              Decrypts encrypted data  during  export.  This  option  is  used
884              onlyif database
885              encryption is enabled.
886
887
888       -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
889              Generate  a  unique  id. Type none for no unique ID to be gener‐
890              atedand
891              deterministic for the generated unique ID  to  be  name-based.By
892              default, a time-
893              based unique ID is generated.When using the deterministic gener‐
894              ation to have a
895              name-based unique ID,it is also possible to specify  the  names‐
896              pace for the
897              server to use.namespaceId is a string of charactersin the format
898              00-xxxxxxxx-
899              xxxxxxxx-xxxxxxxx-xxxxxxxx.
900
901
902       -O, --only-core
903              Requests  that  only  the  core  database  is  created   without
904              attribute indexes.
905
906
907       -s    INCLUDE_SUFFIXES   [INCLUDE_SUFFIXES   ...],   --include-suffixes
908       INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
909              Specifies the suffixes or the subtrees to be included.
910
911
912       -x   EXCLUDE_SUFFIXES   [EXCLUDE_SUFFIXES   ...],    --exclude-suffixes
913       EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
914              Specifies the suffixes to be excluded.
915
916

OPTIONS 'dsconf backend export'

918       usage:  dsconf  instance  backend  export [-h] [-l LDIF] [-C] [-E] [-m]
919       [-N] [-r]
920                                             [-u] [-U]
921                                             [-s              INCLUDE_SUFFIXES
922       [INCLUDE_SUFFIXES ...]]
923                                             [-x              EXCLUDE_SUFFIXES
924       [EXCLUDE_SUFFIXES ...]]
925                                             be_names [be_names ...]
926
927
928       be_names
929              The backend names or the root suffixes from where to export.
930
931
932       -l LDIF, --ldif LDIF
933              Gives the filename of the output LDIF file.If more than one  are
934              specified, use
935              a space as a separator
936
937
938       -C, --use-id2entry
939              Uses only the main database file.
940
941
942       -E, --encrypted
943              Decrypts  encrypted data during export. This option is used only
944              if database
945              encryption is enabled.
946
947
948       -m, --min-base64
949              Sets minimal base-64 encoding.
950
951
952       -N, --no-seq-num
953              Enables you to suppress printing the sequence number.
954
955
956       -r, --replication
957              Exports the information required to initialize  a  replica  when
958              the LDIF is
959              imported
960
961
962       -u, --no-dump-uniq-id
963              Requests that the unique ID is not exported.
964
965
966       -U, --not-folded
967              Requests that the output LDIF is not folded.
968
969
970       -s    INCLUDE_SUFFIXES   [INCLUDE_SUFFIXES   ...],   --include-suffixes
971       INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
972              Specifies the suffixes or the subtrees to be included.
973
974
975       -x   EXCLUDE_SUFFIXES   [EXCLUDE_SUFFIXES   ...],    --exclude-suffixes
976       EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
977              Specifies the suffixes to be excluded.
978
979

OPTIONS 'dsconf backend create'

981       usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
982       FIX]
983                                             --suffix SUFFIX --be-name BE_NAME
984                                             [--create-entries] [--create-suf‐
985       fix]
986
987
988
989       --parent-suffix PARENT_SUFFIX
990              Sets the parent suffix only if this backend is a sub-suffix
991
992
993       --suffix SUFFIX
994              The database suffix DN, for example "dc=example,dc=com"
995
996
997       --be-name BE_NAME
998              The database backend name, for example "userroot"
999
1000
1001       --create-entries
1002              Create sample entries in the database
1003
1004
1005       --create-suffix
1006              Create  the  suffix  object entry in the database. Only suffixes
1007              using the
1008              attributes 'dc', 'o', 'ou', or 'cn' are supported in  this  fea‐
1009              ture
1010
1011

OPTIONS 'dsconf backend delete'

1013       usage: dsconf instance backend delete [-h] be_name
1014
1015
1016       be_name
1017              The backend name or suffix to delete
1018
1019
1020

OPTIONS 'dsconf backend get-tree'

1022       usage: dsconf instance backend get-tree [-h]
1023
1024
1025
1026
1027

OPTIONS 'dsconf backup'

1029       usage: dsconf instance backup [-h] {create,restore} ...
1030
1031
1032   Sub-commands
1033       dsconf backup create
1034              Creates a backup of the database
1035
1036       dsconf backup restore
1037              Restores a database from a backup
1038

OPTIONS 'dsconf backup create'

1040       usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]
1041
1042
1043       archive
1044              The   directory  where  the  backup  files  will  be  stored.The
1045              /var/lib/dirsrv/slapd-
1046              instance/bak directory is used by  default.The  backup  file  is
1047              named according
1048              to the year-month-day-hour format.
1049
1050
1051       -t DB_TYPE, --db-type DB_TYPE
1052              Database type (default: ldbm database).
1053
1054

OPTIONS 'dsconf backup restore'

1056       usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive
1057
1058
1059       archive
1060              The directory of the backup files.
1061
1062
1063       -t DB_TYPE, --db-type DB_TYPE
1064              Database type (default: ldbm database).
1065
1066
1067

OPTIONS 'dsconf chaining'

1069       usage: dsconf instance chaining [-h]
1070                                       {config-get,config-set,config-get-
1071       def,config-set-def,link-create,link-get,link-set,link-delete,moni‐
1072       tor,link-list}
1073                                       ...
1074
1075
1076   Sub-commands
1077       dsconf chaining config-get
1078              Get the chaining controls and server component lists
1079
1080       dsconf chaining config-set
1081              Set the chaining controls and server component lists
1082
1083       dsconf chaining config-get-def
1084              Get the default creation parameters for new database links
1085
1086       dsconf chaining config-set-def
1087              Set the default creation parameters for new database links
1088
1089       dsconf chaining link-create
1090              Create a database link to a remote server
1091
1092       dsconf chaining link-get
1093              get chaining database link
1094
1095       dsconf chaining link-set
1096              Edit a database link to a remote server
1097
1098       dsconf chaining link-delete
1099              Delete a database link
1100
1101       dsconf chaining monitor
1102              Get the monitor information for a database chaining link
1103
1104       dsconf chaining link-list
1105              List database links
1106

OPTIONS 'dsconf chaining config-get'

1108       usage: dsconf instance chaining config-get [-h] [--avail-controls]
1109                                                  [--avail-comps]
1110
1111
1112
1113       --avail-controls
1114              List available controls for chaining
1115
1116
1117       --avail-comps
1118              List available plugin components for chaining
1119
1120

OPTIONS 'dsconf chaining config-set'

1122       usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1123       TROL]
1124                                                  [--del-control DEL_CONTROL]
1125                                                  [--add-comp ADD_COMP]
1126                                                  [--del-comp DEL_COMP]
1127
1128
1129
1130       --add-control ADD_CONTROL
1131              Add a transmitted control OID
1132
1133
1134       --del-control DEL_CONTROL
1135              Delete a transmitted control OID
1136
1137
1138       --add-comp ADD_COMP
1139              Add a chaining component
1140
1141
1142       --del-comp DEL_COMP
1143              Delete a chaining component
1144
1145

OPTIONS 'dsconf chaining config-get-def'

1147       usage: dsconf instance chaining config-get-def [-h]
1148
1149
1150
1151

OPTIONS 'dsconf chaining config-set-def'

1153       usage: dsconf instance chaining config-set-def [-h]
1154                                                      [--conn-bind-limit
1155       CONN_BIND_LIMIT]
1156                                                      [--conn-op-limit
1157       CONN_OP_LIMIT]
1158                                                      [--abandon-check-inter‐
1159       val ABANDON_CHECK_INTERVAL]
1160                                                      [--bind-limit
1161       BIND_LIMIT]
1162                                                      [--op-limit OP_LIMIT]
1163                                                      [--proxied-auth    PROX‐
1164       IED_AUTH]
1165                                                      [--conn-lifetime
1166       CONN_LIFETIME]
1167                                                      [--bind-timeout
1168       BIND_TIMEOUT]
1169                                                      [--return-ref
1170       RETURN_REF]
1171                                                      [--check-aci CHECK_ACI]
1172                                                      [--bind-attempts
1173       BIND_ATTEMPTS]
1174                                                      [--size-limit
1175       SIZE_LIMIT]
1176                                                      [--time-limit
1177       TIME_LIMIT]
1178                                                      [--hop-limit HOP_LIMIT]
1179                                                      [--response-delay
1180       RESPONSE_DELAY]
1181                                                      [--test-response-delay
1182       TEST_RESPONSE_DELAY]
1183                                                      [--use-starttls
1184       USE_STARTTLS]
1185
1186
1187
1188       --conn-bind-limit CONN_BIND_LIMIT
1189              The maximum number of BIND connections the database link  estab‐
1190              lishes with the
1191              remote server.
1192
1193
1194       --conn-op-limit CONN_OP_LIMIT
1195              The  maximum number of LDAP connections the database link estab‐
1196              lishes with the
1197              remote server.
1198
1199
1200       --abandon-check-interval ABANDON_CHECK_INTERVAL
1201              The number of seconds that pass before  the  server  checks  for
1202              abandoned
1203              operations.
1204
1205
1206       --bind-limit BIND_LIMIT
1207              The maximum number of concurrent bind operations per TCP connec‐
1208              tion.
1209
1210
1211       --op-limit OP_LIMIT
1212              The maximum number of concurrent operations allowed.
1213
1214
1215       --proxied-auth PROXIED_AUTH
1216              Set to "off" to disable proxied authorization,  then  binds  for
1217              chained
1218              operations  are  executed  as  the  user set in the nsMultiplex‐
1219              orBindDn attribute
1220              (on/off).
1221
1222
1223       --conn-lifetime CONN_LIFETIME
1224              Specifies connection lifetime in  seconds.  0  keeps  connection
1225              open forever.
1226
1227
1228       --bind-timeout BIND_TIMEOUT
1229              The amount of time in seconds before a bind attempt times out.
1230
1231
1232       --return-ref RETURN_REF
1233              Sets whether referrals are returned by scoped searches (on/off).
1234
1235
1236       --check-aci CHECK_ACI
1237              Set  whether  ACIs are evaluated on the database link as well as
1238              the remote data
1239              server (on/off).
1240
1241
1242       --bind-attempts BIND_ATTEMPTS
1243              Sets the number of times the  server  tries  to  bind  with  the
1244              remote server.
1245
1246
1247       --size-limit SIZE_LIMIT
1248              Sets the maximum number of entries to return from a search oper‐
1249              ation.
1250
1251
1252       --time-limit TIME_LIMIT
1253              Sets the maximum number of seconds allowed for an operation.
1254
1255
1256       --hop-limit HOP_LIMIT
1257              Sets the maximum number of times a database is allowed to chain;
1258              that is, the
1259              number  of  times  a  request can be forwarded from one database
1260              link to another.
1261
1262
1263       --response-delay RESPONSE_DELAY
1264              The maximum amount of time  it  can  take  a  remote  server  to
1265              respond to an LDAP
1266              operation  request  made  by  a database link before an error is
1267              suspected.
1268
1269
1270       --test-response-delay TEST_RESPONSE_DELAY
1271              Sets the duration of the test issued by  the  database  link  to
1272              check whether the
1273              remote server is responding.
1274
1275
1276       --use-starttls USE_STARTTLS
1277              Set  to "on" specifies that the database links should use Start‐
1278              TLS for its
1279              secure connections.
1280
1281
1283       usage: dsconf instance chaining link-create [-h]
1284                                                   [--conn-bind-limit
1285       CONN_BIND_LIMIT]
1286                                                   [--conn-op-limit
1287       CONN_OP_LIMIT]
1288                                                   [--abandon-check-interval
1289       ABANDON_CHECK_INTERVAL]
1290                                                   [--bind-limit BIND_LIMIT]
1291                                                   [--op-limit OP_LIMIT]
1292                                                   [--proxied-auth       PROX‐
1293       IED_AUTH]
1294                                                   [--conn-lifetime CONN_LIFE‐
1295       TIME]
1296                                                   [--bind-timeout  BIND_TIME‐
1297       OUT]
1298                                                   [--return-ref RETURN_REF]
1299                                                   [--check-aci CHECK_ACI]
1300                                                   [--bind-attempts
1301       BIND_ATTEMPTS]
1302                                                   [--size-limit SIZE_LIMIT]
1303                                                   [--time-limit TIME_LIMIT]
1304                                                   [--hop-limit HOP_LIMIT]
1305                                                   [--response-delay
1306       RESPONSE_DELAY]
1307                                                   [--test-response-delay
1308       TEST_RESPONSE_DELAY]
1309                                                   [--use-starttls  USE_START‐
1310       TLS]
1311                                                   --suffix  SUFFIX  --server-
1312       url
1313                                                   SERVER_URL      --bind-mech
1314       BIND_MECH
1315                                                   --bind-dn BIND_DN --bind-pw
1316                                                   BIND_PW
1317                                                   CHAIN_NAME
1318
1319
1320       CHAIN_NAME
1321              The name of the database link
1322
1323
1324       --conn-bind-limit CONN_BIND_LIMIT
1325              The maximum number of BIND connections the database link  estab‐
1326              lishes with the
1327              remote server.
1328
1329
1330       --conn-op-limit CONN_OP_LIMIT
1331              The  maximum number of LDAP connections the database link estab‐
1332              lishes with the
1333              remote server.
1334
1335
1336       --abandon-check-interval ABANDON_CHECK_INTERVAL
1337              The number of seconds that pass before  the  server  checks  for
1338              abandoned
1339              operations.
1340
1341
1342       --bind-limit BIND_LIMIT
1343              The maximum number of concurrent bind operations per TCP connec‐
1344              tion.
1345
1346
1347       --op-limit OP_LIMIT
1348              The maximum number of concurrent operations allowed.
1349
1350
1351       --proxied-auth PROXIED_AUTH
1352              Set to "off" to disable proxied authorization,  then  binds  for
1353              chained
1354              operations  are  executed  as  the  user set in the nsMultiplex‐
1355              orBindDn attribute
1356              (on/off).
1357
1358
1359       --conn-lifetime CONN_LIFETIME
1360              Specifies connection lifetime in  seconds.  0  keeps  connection
1361              open forever.
1362
1363
1364       --bind-timeout BIND_TIMEOUT
1365              The amount of time in seconds before a bind attempt times out.
1366
1367
1368       --return-ref RETURN_REF
1369              Sets whether referrals are returned by scoped searches (on/off).
1370
1371
1372       --check-aci CHECK_ACI
1373              Set  whether  ACIs are evaluated on the database link as well as
1374              the remote data
1375              server (on/off).
1376
1377
1378       --bind-attempts BIND_ATTEMPTS
1379              Sets the number of times the  server  tries  to  bind  with  the
1380              remote server.
1381
1382
1383       --size-limit SIZE_LIMIT
1384              Sets the maximum number of entries to return from a search oper‐
1385              ation.
1386
1387
1388       --time-limit TIME_LIMIT
1389              Sets the maximum number of seconds allowed for an operation.
1390
1391
1392       --hop-limit HOP_LIMIT
1393              Sets the maximum number of times a database is allowed to chain;
1394              that is, the
1395              number  of  times  a  request can be forwarded from one database
1396              link to another.
1397
1398
1399       --response-delay RESPONSE_DELAY
1400              The maximum amount of time  it  can  take  a  remote  server  to
1401              respond to an LDAP
1402              operation  request  made  by  a database link before an error is
1403              suspected.
1404
1405
1406       --test-response-delay TEST_RESPONSE_DELAY
1407              Sets the duration of the test issued by  the  database  link  to
1408              check whether the
1409              remote server is responding.
1410
1411
1412       --use-starttls USE_STARTTLS
1413              Set  to "on" specifies that the database links should use Start‐
1414              TLS for its
1415              secure connections.
1416
1417
1418       --suffix SUFFIX
1419              The suffix managed by the database link.
1420
1421
1422       --server-url SERVER_URL
1423              Gives the LDAP/LDAPS URL of the remote server.
1424
1425
1426       --bind-mech BIND_MECH
1427              Sets the authentication method to use  to  authenticate  to  the
1428              remote server:
1429              <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1430
1431
1432       --bind-dn BIND_DN
1433              DN  of  the  administrative  entry  used to communicate with the
1434              remote server
1435
1436
1437       --bind-pw BIND_PW
1438              Password for the administrative user.
1439
1440
1442       usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1443
1444
1445       CHAIN_NAME
1446              The chaining link name, or suffix, to retrieve
1447
1448
1449
1451       usage: dsconf instance chaining link-set [-h]
1452                                                [--conn-bind-limit
1453       CONN_BIND_LIMIT]
1454                                                [--conn-op-limit
1455       CONN_OP_LIMIT]
1456                                                [--abandon-check-interval
1457       ABANDON_CHECK_INTERVAL]
1458                                                [--bind-limit BIND_LIMIT]
1459                                                [--op-limit OP_LIMIT]
1460                                                [--proxied-auth PROXIED_AUTH]
1461                                                [--conn-lifetime    CONN_LIFE‐
1462       TIME]
1463                                                [--bind-timeout BIND_TIMEOUT]
1464                                                [--return-ref RETURN_REF]
1465                                                [--check-aci CHECK_ACI]
1466                                                [--bind-attempts
1467       BIND_ATTEMPTS]
1468                                                [--size-limit SIZE_LIMIT]
1469                                                [--time-limit TIME_LIMIT]
1470                                                [--hop-limit HOP_LIMIT]
1471                                                [--response-delay
1472       RESPONSE_DELAY]
1473                                                [--test-response-delay
1474       TEST_RESPONSE_DELAY]
1475                                                [--use-starttls USE_STARTTLS]
1476                                                [--suffix SUFFIX]
1477                                                [--server-url SERVER_URL]
1478                                                [--bind-mech BIND_MECH]
1479                                                [--bind-dn BIND_DN]
1480                                                [--bind-pw BIND_PW]
1481                                                CHAIN_NAME
1482
1483
1484       CHAIN_NAME
1485              The name of the database link
1486
1487
1488       --conn-bind-limit CONN_BIND_LIMIT
1489              The  maximum number of BIND connections the database link estab‐
1490              lishes with the
1491              remote server.
1492
1493
1494       --conn-op-limit CONN_OP_LIMIT
1495              The maximum number of LDAP connections the database link  estab‐
1496              lishes with the
1497              remote server.
1498
1499
1500       --abandon-check-interval ABANDON_CHECK_INTERVAL
1501              The  number  of  seconds  that pass before the server checks for
1502              abandoned
1503              operations.
1504
1505
1506       --bind-limit BIND_LIMIT
1507              The maximum number of concurrent bind operations per TCP connec‐
1508              tion.
1509
1510
1511       --op-limit OP_LIMIT
1512              The maximum number of concurrent operations allowed.
1513
1514
1515       --proxied-auth PROXIED_AUTH
1516              Set  to  "off"  to disable proxied authorization, then binds for
1517              chained
1518              operations are executed as the  user  set  in  the  nsMultiplex‐
1519              orBindDn attribute
1520              (on/off).
1521
1522
1523       --conn-lifetime CONN_LIFETIME
1524              Specifies  connection  lifetime  in  seconds. 0 keeps connection
1525              open forever.
1526
1527
1528       --bind-timeout BIND_TIMEOUT
1529              The amount of time in seconds before a bind attempt times out.
1530
1531
1532       --return-ref RETURN_REF
1533              Sets whether referrals are returned by scoped searches (on/off).
1534
1535
1536       --check-aci CHECK_ACI
1537              Set whether ACIs are evaluated on the database link as  well  as
1538              the remote data
1539              server (on/off).
1540
1541
1542       --bind-attempts BIND_ATTEMPTS
1543              Sets  the  number  of  times  the  server tries to bind with the
1544              remote server.
1545
1546
1547       --size-limit SIZE_LIMIT
1548              Sets the maximum number of entries to return from a search oper‐
1549              ation.
1550
1551
1552       --time-limit TIME_LIMIT
1553              Sets the maximum number of seconds allowed for an operation.
1554
1555
1556       --hop-limit HOP_LIMIT
1557              Sets the maximum number of times a database is allowed to chain;
1558              that is, the
1559              number of times a request can be  forwarded  from  one  database
1560              link to another.
1561
1562
1563       --response-delay RESPONSE_DELAY
1564              The  maximum  amount  of  time  it  can  take a remote server to
1565              respond to an LDAP
1566              operation request made by a database link  before  an  error  is
1567              suspected.
1568
1569
1570       --test-response-delay TEST_RESPONSE_DELAY
1571              Sets  the  duration  of  the test issued by the database link to
1572              check whether the
1573              remote server is responding.
1574
1575
1576       --use-starttls USE_STARTTLS
1577              Set to "on" specifies that the database links should use  Start‐
1578              TLS for its
1579              secure connections.
1580
1581
1582       --suffix SUFFIX
1583              The suffix managed by the database link.
1584
1585
1586       --server-url SERVER_URL
1587              Gives the LDAP/LDAPS URL of the remote server.
1588
1589
1590       --bind-mech BIND_MECH
1591              Sets  the  authentication  method  to use to authenticate to the
1592              remote server:
1593              <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1594
1595
1596       --bind-dn BIND_DN
1597              DN of the administrative entry  used  to  communicate  with  the
1598              remote server
1599
1600
1601       --bind-pw BIND_PW
1602              Password for the administrative user.
1603
1604
1606       usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1607
1608
1609       CHAIN_NAME
1610              The name of the database link
1611
1612
1613

OPTIONS 'dsconf chaining monitor'

1615       usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1616
1617
1618       CHAIN_NAME
1619              The name of the database link
1620
1621
1622
1624       usage: dsconf instance chaining link-list [-h]
1625
1626
1627
1628
1629

OPTIONS 'dsconf config'

1631       usage: dsconf instance config [-h] {get,add,replace,delete} ...
1632
1633
1634   Sub-commands
1635       dsconf config get
1636              get
1637
1638       dsconf config add
1639              Add attribute value to configuration
1640
1641       dsconf config replace
1642              Replace attribute value in configuration
1643
1644       dsconf config delete
1645              Delete attribute value in configuration
1646

OPTIONS 'dsconf config get'

1648       usage: dsconf instance config get [-h] [attrs [attrs ...]]
1649
1650
1651       attrs  Configuration attribute(s) to get
1652
1653
1654

OPTIONS 'dsconf config add'

1656       usage: dsconf instance config add [-h] [attr [attr ...]]
1657
1658
1659       attr   Configuration attribute to add
1660
1661
1662

OPTIONS 'dsconf config replace'

1664       usage: dsconf instance config replace [-h] [attr [attr ...]]
1665
1666
1667       attr   Configuration attribute to replace
1668
1669
1670

OPTIONS 'dsconf config delete'

1672       usage: dsconf instance config delete [-h] [attr [attr ...]]
1673
1674
1675       attr   Configuration attribute to delete
1676
1677
1678
1679

OPTIONS 'dsconf directory_manager'

1681       usage: dsconf instance directory_manager [-h] {password_change} ...
1682
1683
1684   Sub-commands
1685       dsconf directory_manager password_change
1686              Change the directory manager password
1687

OPTIONS 'dsconf directory_manager password_change'

1689       usage: dsconf instance directory_manager password_change [-h]
1690
1691
1692
1693
1694

OPTIONS 'dsconf monitor'

1696       usage: dsconf instance monitor [-h]
1697                                      {server,ldbm,backend,snmp,chaining,disk}
1698       ...
1699
1700
1701   Sub-commands
1702       dsconf monitor server
1703              Monitor the server statistics, connections and operations
1704
1705       dsconf monitor ldbm
1706              Monitor the ldbm statistics, such as dbcache
1707
1708       dsconf monitor backend
1709              Monitor the behaviour of a backend database
1710
1711       dsconf monitor snmp
1712              Monitor the SNMP statistics
1713
1714       dsconf monitor chaining
1715              Monitor database chaining statistics
1716
1717       dsconf monitor disk
1718              Disk space statistics.  All values are in bytes
1719

OPTIONS 'dsconf monitor server'

1721       usage: dsconf instance monitor server [-h]
1722
1723
1724
1725

OPTIONS 'dsconf monitor ldbm'

1727       usage: dsconf instance monitor ldbm [-h]
1728
1729
1730
1731

OPTIONS 'dsconf monitor backend'

1733       usage: dsconf instance monitor backend [-h] [backend]
1734
1735
1736       backend
1737              Optional name of the backend to monitor
1738
1739
1740

OPTIONS 'dsconf monitor snmp'

1742       usage: dsconf instance monitor snmp [-h]
1743
1744
1745
1746

OPTIONS 'dsconf monitor chaining'

1748       usage: dsconf instance monitor chaining [-h] [backend]
1749
1750
1751       backend
1752              Optional name of the chaining backend to monitor
1753
1754
1755

OPTIONS 'dsconf monitor disk'

1757       usage: dsconf instance monitor disk [-h]
1758
1759
1760
1761
1762

OPTIONS 'dsconf plugin'

1764       usage: dsconf instance plugin [-h]
1765                                     {memberof,automember,referential-
1766       integrity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-
1767       entries,pass-through-auth,retro-changelog,posix-winsync,list,show,set}
1768                                     ...
1769
1770
1771   Sub-commands
1772       dsconf plugin memberof
1773              Manage and configure MemberOf plugin
1774
1775       dsconf plugin automember
1776              Manage and configure Automembership plugin
1777
1778       dsconf plugin referential-integrity
1779              Manage and configure Referential Integrity Postoperation plugin
1780
1781       dsconf plugin root-dn
1782              Manage and configure RootDN Access Control plugin
1783
1784       dsconf plugin usn
1785              Manage and configure USN plugin
1786
1787       dsconf plugin account-policy
1788              Manage and configure Account Policy plugin
1789
1790       dsconf plugin attr-uniq
1791              Manage and configure Attribute Uniqueness plugin
1792
1793       dsconf plugin dna
1794              Manage and configure DNA plugin
1795
1796       dsconf plugin linked-attr
1797              Manage and configure Linked Attributes plugin
1798
1799       dsconf plugin managed-entries
1800              Manage and configure Managed Entries Plugin
1801
1802       dsconf plugin pass-through-auth
1803              Manage and configure Pass-Through Authentication  plugins  (URLs
1804              and PAM)
1805
1806       dsconf plugin retro-changelog
1807              Manage and configure Retro Changelog plugin
1808
1809       dsconf plugin posix-winsync
1810              Manage and configure The Posix Winsync API plugin
1811
1812       dsconf plugin list
1813              List current configured (enabled and disabled) plugins
1814
1815       dsconf plugin show
1816              Show the plugin data
1817
1818       dsconf plugin set
1819              Edit the plugin
1820

OPTIONS 'dsconf plugin memberof'

1822       usage: dsconf instance plugin memberof [-h]
1823                                              {show,enable,disable,sta‐
1824       tus,set,config-entry,fixup}
1825                                              ...
1826
1827
1828   Sub-commands
1829       dsconf plugin memberof show
1830              display plugin configuration
1831
1832       dsconf plugin memberof enable
1833              enable plugin
1834
1835       dsconf plugin memberof disable
1836              disable plugin
1837
1838       dsconf plugin memberof status
1839              display plugin status
1840
1841       dsconf plugin memberof set
1842              Edit the plugin
1843
1844       dsconf plugin memberof config-entry
1845              Manage the config entry
1846
1847       dsconf plugin memberof fixup
1848              Run the fix-up task for memberOf plugin
1849

OPTIONS 'dsconf plugin memberof show'

1851       usage: dsconf instance plugin memberof show [-h]
1852
1853
1854
1855

OPTIONS 'dsconf plugin memberof enable'

1857       usage: dsconf instance plugin memberof enable [-h]
1858
1859
1860
1861

OPTIONS 'dsconf plugin memberof disable'

1863       usage: dsconf instance plugin memberof disable [-h]
1864
1865
1866
1867

OPTIONS 'dsconf plugin memberof status'

1869       usage: dsconf instance plugin memberof status [-h]
1870
1871
1872
1873

OPTIONS 'dsconf plugin memberof set'

1875       usage: dsconf instance plugin memberof  set  [-h]  [--attr  ATTR  [ATTR
1876       ...]]
1877                                                  [--groupattr       GROUPATTR
1878       [GROUPATTR ...]]
1879                                                  [--allbackends {on,off}]
1880                                                  [--skipnested {on,off}]
1881                                                  [--scope  SCOPE]  [--exclude
1882       EXCLUDE]
1883                                                  [--autoaddoc AUTOADDOC]
1884                                                  [--config-entry         CON‐
1885       FIG_ENTRY]
1886
1887
1888
1889       --attr ATTR [ATTR ...]
1890              Specifies the attribute in the  user  entry  for  the  Directory
1891              Server to manage
1892              to reflect group membership (memberOfAttr)
1893
1894
1895       --groupattr GROUPATTR [GROUPATTR ...]
1896              Specifies  the  attribute  in the group entry to use to identify
1897              the DNs of group
1898              members (memberOfGroupAttr)
1899
1900
1901       --allbackends {on,off}
1902              Specifies whether to search the local suffix for user entries on
1903              all available
1904              suffixes (memberOfAllBackends)
1905
1906
1907       --skipnested {on,off}
1908              Specifies  wherher  to  skip nested groups or not (memberOfSkip‐
1909              Nested)
1910
1911
1912       --scope SCOPE
1913              Specifies backends or multiple-nested suffixes for the  MemberOf
1914              plug-in to
1915              work on (memberOfEntryScope)
1916
1917
1918       --exclude EXCLUDE
1919              Specifies  backends or multiple-nested suffixes for the MemberOf
1920              plug-in to
1921              exclude (memberOfEntryScopeExcludeSubtree)
1922
1923
1924       --autoaddoc AUTOADDOC
1925              If an entry does not have an object class that allows  the  mem‐
1926              berOf attribute
1927              then the memberOf plugin will automatically add the object class
1928              listed in the
1929              memberOfAutoAddOC parameter
1930
1931
1932       --config-entry CONFIG_ENTRY
1933              The value to set as nsslapd-pluginConfigArea
1934
1935

OPTIONS 'dsconf plugin memberof config-entry'

1937       usage: dsconf instance plugin memberof config-entry [-h]
1938                                                           {add,set,show,delete}
1939       ...
1940
1941
1942   Sub-commands
1943       dsconf plugin memberof config-entry add
1944              Add the config entry
1945
1946       dsconf plugin memberof config-entry set
1947              Edit the config entry
1948
1949       dsconf plugin memberof config-entry show
1950              Display the config entry
1951
1952       dsconf plugin memberof config-entry delete
1953              Delete the config entry
1954

OPTIONS 'dsconf plugin memberof config-entry add'

1956       usage: dsconf instance plugin memberof config-entry add [-h]
1957                                                               [--attr    ATTR
1958       [ATTR ...]]
1959                                                               [--groupattr
1960       GROUPATTR [GROUPATTR ...]]
1961                                                               [--allbackends
1962       {on,off}]
1963                                                               [--skipnested
1964       {on,off}]
1965                                                               [--scope SCOPE]
1966                                                               [--exclude
1967       EXCLUDE]
1968                                                               [--autoaddoc
1969       AUTOADDOC]
1970                                                               DN
1971
1972
1973       DN     The config entry full DN
1974
1975
1976       --attr ATTR [ATTR ...]
1977              Specifies  the  attribute  in  the  user entry for the Directory
1978              Server to manage
1979              to reflect group membership (memberOfAttr)
1980
1981
1982       --groupattr GROUPATTR [GROUPATTR ...]
1983              Specifies the attribute in the group entry to  use  to  identify
1984              the DNs of group
1985              members (memberOfGroupAttr)
1986
1987
1988       --allbackends {on,off}
1989              Specifies whether to search the local suffix for user entries on
1990              all available
1991              suffixes (memberOfAllBackends)
1992
1993
1994       --skipnested {on,off}
1995              Specifies wherher to skip nested groups  or  not  (memberOfSkip‐
1996              Nested)
1997
1998
1999       --scope SCOPE
2000              Specifies  backends or multiple-nested suffixes for the MemberOf
2001              plug-in to
2002              work on (memberOfEntryScope)
2003
2004
2005       --exclude EXCLUDE
2006              Specifies backends or multiple-nested suffixes for the  MemberOf
2007              plug-in to
2008              exclude (memberOfEntryScopeExcludeSubtree)
2009
2010
2011       --autoaddoc AUTOADDOC
2012              If  an  entry does not have an object class that allows the mem‐
2013              berOf attribute
2014              then the memberOf plugin will automatically add the object class
2015              listed in the
2016              memberOfAutoAddOC parameter
2017
2018

OPTIONS 'dsconf plugin memberof config-entry set'

2020       usage: dsconf instance plugin memberof config-entry set [-h]
2021                                                               [--attr    ATTR
2022       [ATTR ...]]
2023                                                               [--groupattr
2024       GROUPATTR [GROUPATTR ...]]
2025                                                               [--allbackends
2026       {on,off}]
2027                                                               [--skipnested
2028       {on,off}]
2029                                                               [--scope SCOPE]
2030                                                               [--exclude
2031       EXCLUDE]
2032                                                               [--autoaddoc
2033       AUTOADDOC]
2034                                                               DN
2035
2036
2037       DN     The config entry full DN
2038
2039
2040       --attr ATTR [ATTR ...]
2041              Specifies  the  attribute  in  the  user entry for the Directory
2042              Server to manage
2043              to reflect group membership (memberOfAttr)
2044
2045
2046       --groupattr GROUPATTR [GROUPATTR ...]
2047              Specifies the attribute in the group entry to  use  to  identify
2048              the DNs of group
2049              members (memberOfGroupAttr)
2050
2051
2052       --allbackends {on,off}
2053              Specifies whether to search the local suffix for user entries on
2054              all available
2055              suffixes (memberOfAllBackends)
2056
2057
2058       --skipnested {on,off}
2059              Specifies wherher to skip nested groups  or  not  (memberOfSkip‐
2060              Nested)
2061
2062
2063       --scope SCOPE
2064              Specifies  backends or multiple-nested suffixes for the MemberOf
2065              plug-in to
2066              work on (memberOfEntryScope)
2067
2068
2069       --exclude EXCLUDE
2070              Specifies backends or multiple-nested suffixes for the  MemberOf
2071              plug-in to
2072              exclude (memberOfEntryScopeExcludeSubtree)
2073
2074
2075       --autoaddoc AUTOADDOC
2076              If  an  entry does not have an object class that allows the mem‐
2077              berOf attribute
2078              then the memberOf plugin will automatically add the object class
2079              listed in the
2080              memberOfAutoAddOC parameter
2081
2082

OPTIONS 'dsconf plugin memberof config-entry show'

2084       usage: dsconf instance plugin memberof config-entry show [-h] DN
2085
2086
2087       DN     The config entry full DN
2088
2089
2090

OPTIONS 'dsconf plugin memberof config-entry delete'

2092       usage: dsconf instance plugin memberof config-entry delete [-h] DN
2093
2094
2095       DN     The config entry full DN
2096
2097
2098
2099

OPTIONS 'dsconf plugin memberof fixup'

2101       usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN
2102
2103
2104       DN     Base DN that contains entries to fix up
2105
2106
2107       -f FILTER, --filter FILTER
2108              Filter  for  entries  to  fix  up.  If omitted, all entries with
2109              objectclass
2110              inetuser/inetadmin/nsmemberof under the specified base will have
2111              their
2112              memberOf attribute regenerated.
2113
2114
2115

OPTIONS 'dsconf plugin automember'

2117       usage: dsconf instance plugin automember [-h]
2118                                                {show,enable,disable,sta‐
2119       tus,list,definition,fixup}
2120                                                ...
2121
2122
2123   Sub-commands
2124       dsconf plugin automember show
2125              display plugin configuration
2126
2127       dsconf plugin automember enable
2128              enable plugin
2129
2130       dsconf plugin automember disable
2131              disable plugin
2132
2133       dsconf plugin automember status
2134              display plugin status
2135
2136       dsconf plugin automember list
2137              List Automembership definitions or regex rules.
2138
2139       dsconf plugin automember definition
2140              Manage Automembership definition.
2141
2142       dsconf plugin automember fixup
2143              Run a rebuild membership task.
2144

OPTIONS 'dsconf plugin automember show'

2146       usage: dsconf instance plugin automember show [-h]
2147
2148
2149
2150

OPTIONS 'dsconf plugin automember enable'

2152       usage: dsconf instance plugin automember enable [-h]
2153
2154
2155
2156

OPTIONS 'dsconf plugin automember disable'

2158       usage: dsconf instance plugin automember disable [-h]
2159
2160
2161
2162

OPTIONS 'dsconf plugin automember status'

2164       usage: dsconf instance plugin automember status [-h]
2165
2166
2167
2168

OPTIONS 'dsconf plugin automember list'

2170       usage:  dsconf  instance   plugin   automember   list   [-h]   {defini‐
2171       tions,regexes} ...
2172
2173
2174   Sub-commands
2175       dsconf plugin automember list definitions
2176              List Automembership definitions.
2177
2178       dsconf plugin automember list regexes
2179              List Automembership regex rules.
2180

OPTIONS 'dsconf plugin automember list definitions'

2182       usage: dsconf instance plugin automember list definitions [-h]
2183
2184
2185
2186

OPTIONS 'dsconf plugin automember list regexes'

2188       usage: dsconf instance plugin automember list regexes [-h] DEFNAME
2189
2190
2191       DEFNAME
2192              The definition entry CN.
2193
2194
2195
2196

OPTIONS 'dsconf plugin automember definition'

2198       usage: dsconf instance plugin automember definition [-h]
2199                                                           DEFNAME
2200                                                           {add,set,delete,show,regex}
2201                                                           ...
2202
2203
2204       DEFNAME
2205              The definition entry CN.
2206
2207
2208   Sub-commands
2209       dsconf plugin automember definition add
2210              Create Automembership definition.
2211
2212       dsconf plugin automember definition set
2213              Edit Automembership definition.
2214
2215       dsconf plugin automember definition delete
2216              Remove Automembership definition.
2217
2218       dsconf plugin automember definition show
2219              Display Automembership definition.
2220
2221       dsconf plugin automember definition regex
2222              Manage Automembership regex rules.
2223

OPTIONS 'dsconf plugin automember definition add'

2225       usage: dsconf instance plugin automember definition DEFNAME add
2226              [-h]     --grouping-attr     GROUPING_ATTR      [--default-group
2227       DEFAULT_GROUP]
2228              --scope SCOPE --filter FILTER
2229
2230
2231
2232       --grouping-attr GROUPING_ATTR
2233              Specifies  the  name  of the member attribute in the group entry
2234              and the
2235              attribute in the object entry that supplies the member attribute
2236              value, in the
2237              format group_member_attr:entry_attr (autoMemberGroupingAttr)
2238
2239
2240       --default-group DEFAULT_GROUP
2241              Sets  default  or fallback group to add the entry to as a member
2242              attribute in
2243              group entry (autoMemberDefaultGroup)
2244
2245
2246       --scope SCOPE
2247              Sets the subtree DN to search for entries (autoMemberScope)
2248
2249
2250       --filter FILTER
2251              Sets a standard LDAP search filter to use to search for matching
2252              entries
2253              (autoMemberFilter)
2254
2255

OPTIONS 'dsconf plugin automember definition set'

2257       usage: dsconf instance plugin automember definition DEFNAME set
2258              [-h]      --grouping-attr     GROUPING_ATTR     [--default-group
2259       DEFAULT_GROUP]
2260              --scope SCOPE --filter FILTER
2261
2262
2263
2264       --grouping-attr GROUPING_ATTR
2265              Specifies the name of the member attribute in  the  group  entry
2266              and the
2267              attribute in the object entry that supplies the member attribute
2268              value, in the
2269              format group_member_attr:entry_attr (autoMemberGroupingAttr)
2270
2271
2272       --default-group DEFAULT_GROUP
2273              Sets default or fallback group to add the entry to as  a  member
2274              attribute in
2275              group entry (autoMemberDefaultGroup)
2276
2277
2278       --scope SCOPE
2279              Sets the subtree DN to search for entries (autoMemberScope)
2280
2281
2282       --filter FILTER
2283              Sets a standard LDAP search filter to use to search for matching
2284              entries
2285              (autoMemberFilter)
2286
2287

OPTIONS 'dsconf plugin automember definition delete'

2289       usage: dsconf instance plugin automember definition DEFNAME delete [-h]
2290
2291
2292
2293

OPTIONS 'dsconf plugin automember definition show'

2295       usage: dsconf instance plugin automember definition DEFNAME show [-h]
2296
2297
2298
2299

OPTIONS 'dsconf plugin automember definition regex'

2301       usage: dsconf instance plugin automember definition DEFNAME regex
2302              [-h] REGEXNAME {add,set,delete,show} ...
2303
2304
2305       REGEXNAME
2306              The regex entry CN.
2307
2308
2309   Sub-commands
2310       dsconf plugin automember definition regex add
2311              Create Automembership regex.
2312
2313       dsconf plugin automember definition regex set
2314              Edit Automembership regex.
2315
2316       dsconf plugin automember definition regex delete
2317              Remove Automembership regex.
2318
2319       dsconf plugin automember definition regex show
2320              Display Automembership regex.
2321

OPTIONS 'dsconf plugin automember definition regex add'

2323       usage: dsconf  instance  plugin  automember  definition  DEFNAME  regex
2324       REGEXNAME add
2325              [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2326              [--inclusive  INCLUSIVE  [INCLUSIVE  ...]]  --target-group  TAR‐
2327       GET_GROUP
2328
2329
2330
2331       --exclusive EXCLUSIVE [EXCLUSIVE ...]
2332              Sets a single regular expression to use to identify  entries  to
2333              exclude
2334              (autoMemberExclusiveRegex)
2335
2336
2337       --inclusive INCLUSIVE [INCLUSIVE ...]
2338              Sets  a  single regular expression to use to identify entries to
2339              include
2340              (autoMemberInclusiveRegex)
2341
2342
2343       --target-group TARGET_GROUP
2344              Sets which group to add the entry to as a member,  if  it  meets
2345              the regular
2346              expression conditions (autoMemberTargetGroup)
2347
2348

OPTIONS 'dsconf plugin automember definition regex set'

2350       usage:  dsconf  instance  plugin  automember  definition  DEFNAME regex
2351       REGEXNAME set
2352              [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2353              [--inclusive  INCLUSIVE  [INCLUSIVE  ...]]  --target-group  TAR‐
2354       GET_GROUP
2355
2356
2357
2358       --exclusive EXCLUSIVE [EXCLUSIVE ...]
2359              Sets  a  single regular expression to use to identify entries to
2360              exclude
2361              (autoMemberExclusiveRegex)
2362
2363
2364       --inclusive INCLUSIVE [INCLUSIVE ...]
2365              Sets a single regular expression to use to identify  entries  to
2366              include
2367              (autoMemberInclusiveRegex)
2368
2369
2370       --target-group TARGET_GROUP
2371              Sets  which  group  to add the entry to as a member, if it meets
2372              the regular
2373              expression conditions (autoMemberTargetGroup)
2374
2375

OPTIONS 'dsconf plugin automember definition regex delete'

2377       usage: dsconf  instance  plugin  automember  definition  DEFNAME  regex
2378       REGEXNAME delete
2379              [-h]
2380
2381
2382
2383

OPTIONS 'dsconf plugin automember definition regex show'

2385       usage:  dsconf  instance  plugin  automember  definition  DEFNAME regex
2386       REGEXNAME show
2387              [-h]
2388
2389
2390
2391
2392
2393

OPTIONS 'dsconf plugin automember fixup'

2395       usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2396                                                      {sub,base,one}
2397                                                      DN
2398
2399
2400       DN     Base DN that contains entries to fix up
2401
2402
2403       -f FILTER, --filter FILTER
2404              LDAP filter for entries to fix up.
2405
2406
2407       -s {sub,base,one}, --scope {sub,base,one}
2408              LDAP search scope for entries to fix up
2409
2410
2411

OPTIONS 'dsconf plugin referential-integrity'

2413       usage: dsconf instance plugin referential-integrity [-h]
2414                                                           {show,enable,dis‐
2415       able,status,set,config-entry}
2416                                                           ...
2417
2418
2419   Sub-commands
2420       dsconf plugin referential-integrity show
2421              display plugin configuration
2422
2423       dsconf plugin referential-integrity enable
2424              enable plugin
2425
2426       dsconf plugin referential-integrity disable
2427              disable plugin
2428
2429       dsconf plugin referential-integrity status
2430              display plugin status
2431
2432       dsconf plugin referential-integrity set
2433              Edit the plugin
2434
2435       dsconf plugin referential-integrity config-entry
2436              Manage the config entry
2437

OPTIONS 'dsconf plugin referential-integrity show'

2439       usage: dsconf instance plugin referential-integrity show [-h]
2440
2441
2442
2443

OPTIONS 'dsconf plugin referential-integrity enable'

2445       usage: dsconf instance plugin referential-integrity enable [-h]
2446
2447
2448
2449

OPTIONS 'dsconf plugin referential-integrity disable'

2451       usage: dsconf instance plugin referential-integrity disable [-h]
2452
2453
2454
2455

OPTIONS 'dsconf plugin referential-integrity status'

2457       usage: dsconf instance plugin referential-integrity status [-h]
2458
2459
2460
2461

OPTIONS 'dsconf plugin referential-integrity set'

2463       usage: dsconf instance plugin referential-integrity set [-h]
2464                                                               [--update-delay
2465       UPDATE_DELAY]
2466                                                               [--membership-
2467       attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2468                                                               [--entry-scope
2469       ENTRY_SCOPE]
2470                                                               [--exclude-
2471       entry-scope EXCLUDE_ENTRY_SCOPE]
2472                                                               [--container-
2473       scope CONTAINER_SCOPE]
2474                                                               [--log-file
2475       LOG_FILE]
2476                                                               [--config-entry
2477       CONFIG_ENTRY]
2478
2479
2480
2481       --update-delay UPDATE_DELAY
2482              Sets the update interval. Special values: 0 - The check is  per‐
2483              formed
2484              immediately, -1 - No check is performed (referint-update-delay)
2485
2486
2487       --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2488              Specifies  attributes  to check for and update (referint-member‐
2489              ship-attr)
2490
2491
2492       --entry-scope ENTRY_SCOPE
2493              Defines the subtree in which the plug-in looks for the delete or
2494              rename
2495              operations of a user entry (nsslapd-pluginEntryScope)
2496
2497
2498       --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2499              Defines  the subtree in which the plug-in ignores any operations
2500              for deleting
2501              or renaming a user (nsslapd-pluginExcludeEntryScope)
2502
2503
2504       --container-scope CONTAINER_SCOPE
2505              Specifies which branch the plug-in searches for  the  groups  to
2506              which the user
2507              belongs.  It  only  updates  groups that are under the specified
2508              container branch,
2509              and leaves all other groups not updated  (nsslapd-pluginContain‐
2510              erScope)
2511
2512
2513       --log-file LOG_FILE
2514              Specifies  a path to the Referential integrity logfile.For exam‐
2515              ple:
2516              /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2517
2518
2519       --config-entry CONFIG_ENTRY
2520              The value to set as nsslapd-pluginConfigArea
2521
2522

OPTIONS 'dsconf plugin referential-integrity config-entry'

2524       usage: dsconf instance plugin referential-integrity config-entry
2525              [-h] {add,set,show,delete} ...
2526
2527
2528   Sub-commands
2529       dsconf plugin referential-integrity config-entry add
2530              Add the config entry
2531
2532       dsconf plugin referential-integrity config-entry set
2533              Edit the config entry
2534
2535       dsconf plugin referential-integrity config-entry show
2536              Display the config entry
2537
2538       dsconf plugin referential-integrity config-entry delete
2539              Delete the config entry
2540

OPTIONS 'dsconf plugin referential-integrity config-entry add'

2542       usage: dsconf instance plugin referential-integrity config-entry add
2543              [-h] [--update-delay UPDATE_DELAY]
2544              [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2545              [--entry-scope        ENTRY_SCOPE]        [--exclude-entry-scope
2546       EXCLUDE_ENTRY_SCOPE]
2547              [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2548              DN
2549
2550
2551       DN     The config entry full DN
2552
2553
2554       --update-delay UPDATE_DELAY
2555              Sets  the update interval. Special values: 0 - The check is per‐
2556              formed
2557              immediately, -1 - No check is performed (referint-update-delay)
2558
2559
2560       --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2561              Specifies attributes to check for and  update  (referint-member‐
2562              ship-attr)
2563
2564
2565       --entry-scope ENTRY_SCOPE
2566              Defines the subtree in which the plug-in looks for the delete or
2567              rename
2568              operations of a user entry (nsslapd-pluginEntryScope)
2569
2570
2571       --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2572              Defines the subtree in which the plug-in ignores any  operations
2573              for deleting
2574              or renaming a user (nsslapd-pluginExcludeEntryScope)
2575
2576
2577       --container-scope CONTAINER_SCOPE
2578              Specifies  which  branch  the plug-in searches for the groups to
2579              which the user
2580              belongs. It only updates groups that  are  under  the  specified
2581              container branch,
2582              and  leaves all other groups not updated (nsslapd-pluginContain‐
2583              erScope)
2584
2585
2586       --log-file LOG_FILE
2587              Specifies a path to the Referential integrity logfile.For  exam‐
2588              ple:
2589              /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2590
2591

OPTIONS 'dsconf plugin referential-integrity config-entry set'

2593       usage: dsconf instance plugin referential-integrity config-entry set
2594              [-h] [--update-delay UPDATE_DELAY]
2595              [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2596              [--entry-scope        ENTRY_SCOPE]        [--exclude-entry-scope
2597       EXCLUDE_ENTRY_SCOPE]
2598              [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2599              DN
2600
2601
2602       DN     The config entry full DN
2603
2604
2605       --update-delay UPDATE_DELAY
2606              Sets the update interval. Special values: 0 - The check is  per‐
2607              formed
2608              immediately, -1 - No check is performed (referint-update-delay)
2609
2610
2611       --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2612              Specifies  attributes  to check for and update (referint-member‐
2613              ship-attr)
2614
2615
2616       --entry-scope ENTRY_SCOPE
2617              Defines the subtree in which the plug-in looks for the delete or
2618              rename
2619              operations of a user entry (nsslapd-pluginEntryScope)
2620
2621
2622       --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2623              Defines  the subtree in which the plug-in ignores any operations
2624              for deleting
2625              or renaming a user (nsslapd-pluginExcludeEntryScope)
2626
2627
2628       --container-scope CONTAINER_SCOPE
2629              Specifies which branch the plug-in searches for  the  groups  to
2630              which the user
2631              belongs.  It  only  updates  groups that are under the specified
2632              container branch,
2633              and leaves all other groups not updated  (nsslapd-pluginContain‐
2634              erScope)
2635
2636
2637       --log-file LOG_FILE
2638              Specifies  a path to the Referential integrity logfile.For exam‐
2639              ple:
2640              /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2641
2642

OPTIONS 'dsconf plugin referential-integrity config-entry show'

2644       usage: dsconf instance plugin referential-integrity  config-entry  show
2645       [-h] DN
2646
2647
2648       DN     The config entry full DN
2649
2650
2651

OPTIONS 'dsconf plugin referential-integrity config-entry delete'

2653       usage: dsconf instance plugin referential-integrity config-entry delete
2654              [-h] DN
2655
2656
2657       DN     The config entry full DN
2658
2659
2660
2661
2662

OPTIONS 'dsconf plugin root-dn'

2664       usage: dsconf instance plugin root-dn [-h]
2665                                             {show,enable,disable,status,set}
2666       ...
2667
2668
2669   Sub-commands
2670       dsconf plugin root-dn show
2671              display plugin configuration
2672
2673       dsconf plugin root-dn enable
2674              enable plugin
2675
2676       dsconf plugin root-dn disable
2677              disable plugin
2678
2679       dsconf plugin root-dn status
2680              display plugin status
2681
2682       dsconf plugin root-dn set
2683              Edit the plugin
2684

OPTIONS 'dsconf plugin root-dn show'

2686       usage: dsconf instance plugin root-dn show [-h]
2687
2688
2689
2690

OPTIONS 'dsconf plugin root-dn enable'

2692       usage: dsconf instance plugin root-dn enable [-h]
2693
2694
2695
2696

OPTIONS 'dsconf plugin root-dn disable'

2698       usage: dsconf instance plugin root-dn disable [-h]
2699
2700
2701
2702

OPTIONS 'dsconf plugin root-dn status'

2704       usage: dsconf instance plugin root-dn status [-h]
2705
2706
2707
2708

OPTIONS 'dsconf plugin root-dn set'

2710       usage: dsconf instance plugin root-dn set [-h]
2711                                                 [--allow-host      ALLOW_HOST
2712       [ALLOW_HOST ...]]
2713                                                 [--deny-host        DENY_HOST
2714       [DENY_HOST ...]]
2715                                                 [--allow-ip          ALLOW_IP
2716       [ALLOW_IP ...]]
2717                                                 [--deny-ip  DENY_IP  [DENY_IP
2718       ...]]
2719                                                 [--open-time OPEN_TIME]
2720                                                 [--close-time CLOSE_TIME]
2721                                                 [--days-allowed DAYS_ALLOWED]
2722
2723
2724
2725       --allow-host ALLOW_HOST [ALLOW_HOST ...]
2726              Sets what hosts, by fully-qualified domain name, the  root  user
2727              is allowed to
2728              use  to  access  the  Directory Server. Any hosts not listed are
2729              implicitly denied
2730              (rootdn-allow-host)
2731
2732
2733       --deny-host DENY_HOST [DENY_HOST ...]
2734              Sets what hosts, by fully-qualified domain name, the  root  user
2735              is not allowed
2736              to  use  to access the Directory Server Any hosts not listed are
2737              implicitly
2738              allowed (rootdn-deny-host). If an host address is listed in both
2739              the rootdn-
2740              allow-host and rootdn-deny-host attributes, it is denied access.
2741
2742
2743       --allow-ip ALLOW_IP [ALLOW_IP ...]
2744              Sets  what  IP  addresses, either IPv4 or IPv6, for machines the
2745              root user is
2746              allowed to use to access the Directory Server Any  IP  addresses
2747              not listed are
2748              implicitly denied (rootdn-allow-ip)
2749
2750
2751       --deny-ip DENY_IP [DENY_IP ...]
2752              Sets  what  IP  addresses, either IPv4 or IPv6, for machines the
2753              root user is not
2754              allowed to use to access the Directory Server. Any IP  addresses
2755              not listed are
2756              implicitly  allowed  (rootdn-deny-ip) If an IP address is listed
2757              in both the
2758              rootdn-allow-ip and  rootdn-deny-ip  attributes,  it  is  denied
2759              access.
2760
2761
2762       --open-time OPEN_TIME
2763              Sets  part  of  a  time  period  or  range when the root user is
2764              allowed to access
2765              the Directory Server.  This  sets  when  the  time-based  access
2766              begins (rootdn-
2767              open-time)
2768
2769
2770       --close-time CLOSE_TIME
2771              Sets  part  of  a  time  period  or  range when the root user is
2772              allowed to access
2773              the Directory Server. This sets when the time-based access  ends
2774              (rootdn-close-
2775              time)
2776
2777
2778       --days-allowed DAYS_ALLOWED
2779              Gives  a  comma-separated  list  of  what  days the root user is
2780              allowed to use to
2781              access the Directory Server.  Any  days  listed  are  implicitly
2782              denied (rootdn-
2783              days-allowed)
2784
2785
2786

OPTIONS 'dsconf plugin usn'

2788       usage: dsconf instance plugin usn [-h]
2789                                         {show,enable,disable,sta‐
2790       tus,global,cleanup}
2791                                         ...
2792
2793
2794   Sub-commands
2795       dsconf plugin usn show
2796              display plugin configuration
2797
2798       dsconf plugin usn enable
2799              enable plugin
2800
2801       dsconf plugin usn disable
2802              disable plugin
2803
2804       dsconf plugin usn status
2805              display plugin status
2806
2807       dsconf plugin usn global
2808              Get or manage global usn mode (nsslapd-entryusn-global)
2809
2810       dsconf plugin usn cleanup
2811              Run the USN tombstone cleanup task
2812

OPTIONS 'dsconf plugin usn show'

2814       usage: dsconf instance plugin usn show [-h]
2815
2816
2817
2818

OPTIONS 'dsconf plugin usn enable'

2820       usage: dsconf instance plugin usn enable [-h]
2821
2822
2823
2824

OPTIONS 'dsconf plugin usn disable'

2826       usage: dsconf instance plugin usn disable [-h]
2827
2828
2829
2830

OPTIONS 'dsconf plugin usn status'

2832       usage: dsconf instance plugin usn status [-h]
2833
2834
2835
2836

OPTIONS 'dsconf plugin usn global'

2838       usage: dsconf instance plugin usn global [-h] {on,off} ...
2839
2840
2841   Sub-commands
2842       dsconf plugin usn global on
2843              Enable usn global mode
2844
2845       dsconf plugin usn global off
2846              Disable usn global mode
2847

OPTIONS 'dsconf plugin usn global on'

2849       usage: dsconf instance plugin usn global on [-h]
2850
2851
2852
2853

OPTIONS 'dsconf plugin usn global off'

2855       usage: dsconf instance plugin usn global off [-h]
2856
2857
2858
2859
2860

OPTIONS 'dsconf plugin usn cleanup'

2862       usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2863                                                 [-m MAXUSN]
2864
2865
2866
2867       -s SUFFIX, --suffix SUFFIX
2868              Gives the suffix or subtree in the Directory Server to  run  the
2869              cleanup
2870              operation against. If the suffix is not specified, then the back
2871              end must be
2872              given (suffix)
2873
2874
2875       -n BACKEND, --backend BACKEND
2876              Gives the Directory Server instance back end,  or  database,  to
2877              run the cleanup
2878              operation  against.  If  the back end is not specified, then the
2879              suffix must be
2880              specified.Backend instance in which USN tombstone entries (back‐
2881              end)
2882
2883
2884       -m MAXUSN, --maxusn MAXUSN
2885              Gives  the  highest  USN value to delete when removing tombstone
2886              entries
2887              (max_usn_to_delete)
2888
2889
2890

OPTIONS 'dsconf plugin account-policy'

2892       usage: dsconf instance plugin account-policy [-h]
2893                                                    {show,enable,disable,sta‐
2894       tus,set,config-entry}
2895                                                    ...
2896
2897
2898   Sub-commands
2899       dsconf plugin account-policy show
2900              display plugin configuration
2901
2902       dsconf plugin account-policy enable
2903              enable plugin
2904
2905       dsconf plugin account-policy disable
2906              disable plugin
2907
2908       dsconf plugin account-policy status
2909              display plugin status
2910
2911       dsconf plugin account-policy set
2912              Edit the plugin
2913
2914       dsconf plugin account-policy config-entry
2915              Manage the config entry
2916

OPTIONS 'dsconf plugin account-policy show'

2918       usage: dsconf instance plugin account-policy show [-h]
2919
2920
2921
2922

OPTIONS 'dsconf plugin account-policy enable'

2924       usage: dsconf instance plugin account-policy enable [-h]
2925
2926
2927
2928

OPTIONS 'dsconf plugin account-policy disable'

2930       usage: dsconf instance plugin account-policy disable [-h]
2931
2932
2933
2934

OPTIONS 'dsconf plugin account-policy status'

2936       usage: dsconf instance plugin account-policy status [-h]
2937
2938
2939
2940

OPTIONS 'dsconf plugin account-policy set'

2942       usage: dsconf instance plugin account-policy set [-h]
2943                                                        [--config-entry   CON‐
2944       FIG_ENTRY]
2945
2946
2947
2948       --config-entry CONFIG_ENTRY
2949              The value to set as nsslapd-pluginConfigArea
2950
2951

OPTIONS 'dsconf plugin account-policy config-entry'

2953       usage: dsconf instance plugin account-policy config-entry [-h]
2954                                                                 {add,set,show,delete}
2955                                                                 ...
2956
2957
2958   Sub-commands
2959       dsconf plugin account-policy config-entry add
2960              Add the config entry
2961
2962       dsconf plugin account-policy config-entry set
2963              Edit the config entry
2964
2965       dsconf plugin account-policy config-entry show
2966              Display the config entry
2967
2968       dsconf plugin account-policy config-entry delete
2969              Delete the config entry
2970

OPTIONS 'dsconf plugin account-policy config-entry add'

2972       usage: dsconf instance plugin account-policy config-entry add
2973              [-h]    [--always-record-login    {yes,no}]    [--alt-state-attr
2974       ALT_STATE_ATTR]
2975              [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2976              [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2977              [--state-attr STATE_ATTR]
2978              DN
2979
2980
2981       DN     The config entry full DN
2982
2983
2984       --always-record-login {yes,no}
2985              Sets that every entry records its last login time (alwaysRecord‐
2986              Login)
2987
2988
2989       --alt-state-attr ALT_STATE_ATTR
2990              Provides a backup attribute for the server to reference to eval‐
2991              uate the
2992              expiration time (altStateAttrName)
2993
2994
2995       --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2996              Specifies the attribute to store the time of the last successful
2997              login in this
2998              attribute in the users directory entry (alwaysRecordLoginAttr)
2999
3000
3001       --limit-attr LIMIT_ATTR
3002              Specifies the attribute within the policy to use for the account
3003              inactivation
3004              limit (limitAttrName)
3005
3006
3007       --spec-attr SPEC_ATTR
3008              Specifies the attribute to identify which  entries  are  account
3009              policy
3010              configuration entries (specAttrName)
3011
3012
3013       --state-attr STATE_ATTR
3014              Specifies the primary time attribute used to evaluate an account
3015              policy
3016              (stateAttrName)
3017
3018

OPTIONS 'dsconf plugin account-policy config-entry set'

3020       usage: dsconf instance plugin account-policy config-entry set
3021              [-h]    [--always-record-login    {yes,no}]    [--alt-state-attr
3022       ALT_STATE_ATTR]
3023              [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
3024              [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
3025              [--state-attr STATE_ATTR]
3026              DN
3027
3028
3029       DN     The config entry full DN
3030
3031
3032       --always-record-login {yes,no}
3033              Sets that every entry records its last login time (alwaysRecord‐
3034              Login)
3035
3036
3037       --alt-state-attr ALT_STATE_ATTR
3038              Provides a backup attribute for the server to reference to eval‐
3039              uate the
3040              expiration time (altStateAttrName)
3041
3042
3043       --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
3044              Specifies the attribute to store the time of the last successful
3045              login in this
3046              attribute in the users directory entry (alwaysRecordLoginAttr)
3047
3048
3049       --limit-attr LIMIT_ATTR
3050              Specifies the attribute within the policy to use for the account
3051              inactivation
3052              limit (limitAttrName)
3053
3054
3055       --spec-attr SPEC_ATTR
3056              Specifies  the  attribute  to identify which entries are account
3057              policy
3058              configuration entries (specAttrName)
3059
3060
3061       --state-attr STATE_ATTR
3062              Specifies the primary time attribute used to evaluate an account
3063              policy
3064              (stateAttrName)
3065
3066

OPTIONS 'dsconf plugin account-policy config-entry show'

3068       usage: dsconf instance plugin account-policy config-entry show [-h] DN
3069
3070
3071       DN     The config entry full DN
3072
3073
3074

OPTIONS 'dsconf plugin account-policy config-entry delete'

3076       usage:  dsconf  instance plugin account-policy config-entry delete [-h]
3077       DN
3078
3079
3080       DN     The config entry full DN
3081
3082
3083
3084
3085

OPTIONS 'dsconf plugin attr-uniq'

3087       usage: dsconf instance plugin attr-uniq [-h]
3088                                               {show,enable,disable,sta‐
3089       tus,list,add,set,delete}
3090                                               ...
3091
3092
3093   Sub-commands
3094       dsconf plugin attr-uniq show
3095              display plugin configuration
3096
3097       dsconf plugin attr-uniq enable
3098              enable plugin
3099
3100       dsconf plugin attr-uniq disable
3101              disable plugin
3102
3103       dsconf plugin attr-uniq status
3104              display plugin status
3105
3106       dsconf plugin attr-uniq list
3107              List available plugin configs
3108
3109       dsconf plugin attr-uniq add
3110              Add the config entry
3111
3112       dsconf plugin attr-uniq set
3113              Edit the config entry
3114
3115       dsconf plugin attr-uniq show
3116              Display the config entry
3117
3118       dsconf plugin attr-uniq delete
3119              Delete the config entry
3120
3121       dsconf plugin attr-uniq enable
3122              enable plugin
3123
3124       dsconf plugin attr-uniq disable
3125              disable plugin
3126
3127       dsconf plugin attr-uniq status
3128              display plugin status
3129

OPTIONS 'dsconf plugin attr-uniq show'

3131       usage: dsconf instance plugin attr-uniq show [-h] NAME
3132
3133
3134       NAME   The name of the plug-in configuration record
3135
3136
3137

OPTIONS 'dsconf plugin attr-uniq enable'

3139       usage: dsconf instance plugin attr-uniq enable [-h] NAME
3140
3141
3142       NAME   Sets the name of the plug-in configuration record
3143
3144
3145

OPTIONS 'dsconf plugin attr-uniq disable'

3147       usage: dsconf instance plugin attr-uniq disable [-h] NAME
3148
3149
3150       NAME   Sets the name of the plug-in configuration record
3151
3152
3153

OPTIONS 'dsconf plugin attr-uniq status'

3155       usage: dsconf instance plugin attr-uniq status [-h] NAME
3156
3157
3158       NAME   Sets the name of the plug-in configuration record
3159
3160
3161

OPTIONS 'dsconf plugin attr-uniq list'

3163       usage: dsconf instance plugin attr-uniq list [-h]
3164
3165
3166
3167

OPTIONS 'dsconf plugin attr-uniq add'

3169       usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}]
3170                                                   [--attr-name      ATTR_NAME
3171       [ATTR_NAME ...]]
3172                                                   [--subtree SUBTREE [SUBTREE
3173       ...]]
3174                                                   [--across-all-subtrees
3175       {on,off}]
3176                                                   [--top-entry-oc
3177       TOP_ENTRY_OC]
3178                                                   [--subtree-entries-oc  SUB‐
3179       TREE_ENTRIES_OC]
3180                                                   NAME
3181
3182
3183       NAME   Sets the name of the plug-in configuration record. (cn) You  can
3184              use any
3185              string,  but  "attribute_name  Attribute  Uniqueness"  is recom‐
3186              mended.
3187
3188
3189       --enabled {on,off}
3190              Identifies whether or not the config is enabled.
3191
3192
3193       --attr-name ATTR_NAME [ATTR_NAME ...]
3194              Sets the name of the attribute whose values must be unique. This
3195              attribute is
3196              multi-valued. (uniqueness-attribute-name)
3197
3198
3199       --subtree SUBTREE [SUBTREE ...]
3200              Sets the DN under which the plug-in checks for uniqueness of the
3201              attributes
3202              value. This attribute is multi-valued (uniqueness-subtrees)
3203
3204
3205       --across-all-subtrees {on,off}
3206              If enabled (on), the plug-in checks that the attribute is unique
3207              across all
3208              subtrees  set.  If  you  set the attribute to off, uniqueness is
3209              only enforced
3210              within   the   subtree   of   the   updated    entry    (unique‐
3211              ness-across-all-subtrees)
3212
3213
3214       --top-entry-oc TOP_ENTRY_OC
3215              Verifies  that  the  value  of  the  attribute  set  in  unique‐
3216              ness-attribute-name is
3217              unique in this subtree (uniqueness-top-entry-oc)
3218
3219
3220       --subtree-entries-oc SUBTREE_ENTRIES_OC
3221              Verifies if an attribute is unique, if the  entry  contains  the
3222              object class set
3223              in this parameter (uniqueness-subtree-entries-oc)
3224
3225

OPTIONS 'dsconf plugin attr-uniq set'

3227       usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}]
3228                                                   [--attr-name      ATTR_NAME
3229       [ATTR_NAME ...]]
3230                                                   [--subtree SUBTREE [SUBTREE
3231       ...]]
3232                                                   [--across-all-subtrees
3233       {on,off}]
3234                                                   [--top-entry-oc
3235       TOP_ENTRY_OC]
3236                                                   [--subtree-entries-oc  SUB‐
3237       TREE_ENTRIES_OC]
3238                                                   NAME
3239
3240
3241       NAME   Sets the name of the plug-in configuration record. (cn) You  can
3242              use any
3243              string,  but  "attribute_name  Attribute  Uniqueness"  is recom‐
3244              mended.
3245
3246
3247       --enabled {on,off}
3248              Identifies whether or not the config is enabled.
3249
3250
3251       --attr-name ATTR_NAME [ATTR_NAME ...]
3252              Sets the name of the attribute whose values must be unique. This
3253              attribute is
3254              multi-valued. (uniqueness-attribute-name)
3255
3256
3257       --subtree SUBTREE [SUBTREE ...]
3258              Sets the DN under which the plug-in checks for uniqueness of the
3259              attributes
3260              value. This attribute is multi-valued (uniqueness-subtrees)
3261
3262
3263       --across-all-subtrees {on,off}
3264              If enabled (on), the plug-in checks that the attribute is unique
3265              across all
3266              subtrees  set.  If  you  set the attribute to off, uniqueness is
3267              only enforced
3268              within   the   subtree   of   the   updated    entry    (unique‐
3269              ness-across-all-subtrees)
3270
3271
3272       --top-entry-oc TOP_ENTRY_OC
3273              Verifies  that  the  value  of  the  attribute  set  in  unique‐
3274              ness-attribute-name is
3275              unique in this subtree (uniqueness-top-entry-oc)
3276
3277
3278       --subtree-entries-oc SUBTREE_ENTRIES_OC
3279              Verifies if an attribute is unique, if the  entry  contains  the
3280              object class set
3281              in this parameter (uniqueness-subtree-entries-oc)
3282
3283

OPTIONS 'dsconf plugin attr-uniq delete'

3285       usage: dsconf instance plugin attr-uniq delete [-h] NAME
3286
3287
3288       NAME   Sets the name of the plug-in configuration record
3289
3290
3291
3292

OPTIONS 'dsconf plugin dna'

3294       usage: dsconf instance plugin dna [-h]
3295                                         {show,enable,disable,status,list,con‐
3296       fig} ...
3297
3298
3299   Sub-commands
3300       dsconf plugin dna show
3301              display plugin configuration
3302
3303       dsconf plugin dna enable
3304              enable plugin
3305
3306       dsconf plugin dna disable
3307              disable plugin
3308
3309       dsconf plugin dna status
3310              display plugin status
3311
3312       dsconf plugin dna list
3313              List available plugin configs
3314
3315       dsconf plugin dna config
3316              Manage plugin configs
3317

OPTIONS 'dsconf plugin dna show'

3319       usage: dsconf instance plugin dna show [-h]
3320
3321
3322
3323

OPTIONS 'dsconf plugin dna enable'

3325       usage: dsconf instance plugin dna enable [-h]
3326
3327
3328
3329

OPTIONS 'dsconf plugin dna disable'

3331       usage: dsconf instance plugin dna disable [-h]
3332
3333
3334
3335

OPTIONS 'dsconf plugin dna status'

3337       usage: dsconf instance plugin dna status [-h]
3338
3339
3340
3341

OPTIONS 'dsconf plugin dna list'

3343       usage: dsconf instance plugin dna  list  [-h]  {configs,shared-configs}
3344       ...
3345
3346
3347   Sub-commands
3348       dsconf plugin dna list configs
3349              List main DNA plugin config entries
3350
3351       dsconf plugin dna list shared-configs
3352              List DNA plugin shared config entries
3353

OPTIONS 'dsconf plugin dna list configs'

3355       usage: dsconf instance plugin dna list configs [-h]
3356
3357
3358
3359

OPTIONS 'dsconf plugin dna list shared-configs'

3361       usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3362
3363
3364       BASEDN The search DN
3365
3366
3367
3368

OPTIONS 'dsconf plugin dna config'

3370       usage: dsconf instance plugin dna config [-h]
3371                                                NAME
3372                                                {add,set,show,delete,shared-
3373       config-entry}
3374                                                ...
3375
3376
3377       NAME   The DNA configuration name
3378
3379
3380   Sub-commands
3381       dsconf plugin dna config add
3382              Add the config entry
3383
3384       dsconf plugin dna config set
3385              Edit the config entry
3386
3387       dsconf plugin dna config show
3388              Display the config entry
3389
3390       dsconf plugin dna config delete
3391              Delete the config entry
3392
3393       dsconf plugin dna config shared-config-entry
3394              Manage the shared config entry
3395

OPTIONS 'dsconf plugin dna config add'

3397       usage: dsconf instance plugin dna config NAME add [-h]
3398                                                         [--type  TYPE   [TYPE
3399       ...]]
3400                                                         [--prefix PREFIX]
3401                                                         [--next-value
3402       NEXT_VALUE]
3403                                                         [--max-value
3404       MAX_VALUE]
3405                                                         [--interval INTERVAL]
3406                                                         [--magic-regen
3407       MAGIC_REGEN]
3408                                                         [--filter FILTER]
3409                                                         [--scope SCOPE]
3410                                                         [--remote-bind-dn
3411       REMOTE_BIND_DN]
3412                                                         [--remote-bind-cred
3413       REMOTE_BIND_CRED]
3414                                                         [--shared-config-
3415       entry SHARED_CONFIG_ENTRY]
3416                                                         [--threshold  THRESH‐
3417       OLD]
3418                                                         [--next-range
3419       NEXT_RANGE]
3420                                                         [--range-request-
3421       timeout RANGE_REQUEST_TIMEOUT]
3422
3423
3424
3425       --type TYPE [TYPE ...]
3426              Sets which attributes have unique numbers  being  generated  for
3427              them (dnaType)
3428
3429
3430       --prefix PREFIX
3431              Defines  a  prefix that can be prepended to the generated number
3432              values for the
3433              attribute (dnaPrefix)
3434
3435
3436       --next-value NEXT_VALUE
3437              Gives  the  next  available  number  which   can   be   assigned
3438              (dnaNextValue)
3439
3440
3441       --max-value MAX_VALUE
3442              Sets  the maximum value that can be assigned for the range (dna‐
3443              MaxValue)
3444
3445
3446       --interval INTERVAL
3447              Sets an interval to use to increment through numbers in a  range
3448              (dnaInterval)
3449
3450
3451       --magic-regen MAGIC_REGEN
3452              Sets a user-defined value that instructs the plug-in to assign a
3453              new value for
3454              the entry (dnaMagicRegen)
3455
3456
3457       --filter FILTER
3458              Sets an LDAP filter to  use  to  search  for  and  identify  the
3459              entries to which to
3460              apply the distributed numeric assignment range (dnaFilter)
3461
3462
3463       --scope SCOPE
3464              Sets  the  base  DN  to search for entries to which to apply the
3465              distributed
3466              numeric assignment (dnaScope)
3467
3468
3469       --remote-bind-dn REMOTE_BIND_DN
3470              Specifies the Replication Manager DN (dnaRemoteBindDN)
3471
3472
3473       --remote-bind-cred REMOTE_BIND_CRED
3474              Specifies the Replication Manager's password (dnaRemoteBindCred)
3475
3476
3477       --shared-config-entry SHARED_CONFIG_ENTRY
3478              Defines a shared identity that the servers can use  to  transfer
3479              ranges to one
3480              another (dnaSharedCfgDN)
3481
3482
3483       --threshold THRESHOLD
3484              Sets  a  threshold  of remaining available numbers in the range.
3485              When the server
3486              hits  the  threshold,  it  sends  a  request  for  a  new  range
3487              (dnaThreshold)
3488
3489
3490       --next-range NEXT_RANGE
3491              Defines  the  next  range  to  use  when  the  current  range is
3492              exhausted
3493              (dnaNextRange)
3494
3495
3496       --range-request-timeout RANGE_REQUEST_TIMEOUT
3497              sets a timeout period, in seconds, for range  requests  so  that
3498              the server does
3499              not stall waiting on a new range from one server and can request
3500              a range from
3501              a new server (dnaRangeRequestTimeout)
3502
3503

OPTIONS 'dsconf plugin dna config set'

3505       usage: dsconf instance plugin dna config NAME set [-h]
3506                                                         [--type  TYPE   [TYPE
3507       ...]]
3508                                                         [--prefix PREFIX]
3509                                                         [--next-value
3510       NEXT_VALUE]
3511                                                         [--max-value
3512       MAX_VALUE]
3513                                                         [--interval INTERVAL]
3514                                                         [--magic-regen
3515       MAGIC_REGEN]
3516                                                         [--filter FILTER]
3517                                                         [--scope SCOPE]
3518                                                         [--remote-bind-dn
3519       REMOTE_BIND_DN]
3520                                                         [--remote-bind-cred
3521       REMOTE_BIND_CRED]
3522                                                         [--shared-config-
3523       entry SHARED_CONFIG_ENTRY]
3524                                                         [--threshold  THRESH‐
3525       OLD]
3526                                                         [--next-range
3527       NEXT_RANGE]
3528                                                         [--range-request-
3529       timeout RANGE_REQUEST_TIMEOUT]
3530
3531
3532
3533       --type TYPE [TYPE ...]
3534              Sets which attributes have unique numbers  being  generated  for
3535              them (dnaType)
3536
3537
3538       --prefix PREFIX
3539              Defines  a  prefix that can be prepended to the generated number
3540              values for the
3541              attribute (dnaPrefix)
3542
3543
3544       --next-value NEXT_VALUE
3545              Gives  the  next  available  number  which   can   be   assigned
3546              (dnaNextValue)
3547
3548
3549       --max-value MAX_VALUE
3550              Sets  the maximum value that can be assigned for the range (dna‐
3551              MaxValue)
3552
3553
3554       --interval INTERVAL
3555              Sets an interval to use to increment through numbers in a  range
3556              (dnaInterval)
3557
3558
3559       --magic-regen MAGIC_REGEN
3560              Sets a user-defined value that instructs the plug-in to assign a
3561              new value for
3562              the entry (dnaMagicRegen)
3563
3564
3565       --filter FILTER
3566              Sets an LDAP filter to  use  to  search  for  and  identify  the
3567              entries to which to
3568              apply the distributed numeric assignment range (dnaFilter)
3569
3570
3571       --scope SCOPE
3572              Sets  the  base  DN  to search for entries to which to apply the
3573              distributed
3574              numeric assignment (dnaScope)
3575
3576
3577       --remote-bind-dn REMOTE_BIND_DN
3578              Specifies the Replication Manager DN (dnaRemoteBindDN)
3579
3580
3581       --remote-bind-cred REMOTE_BIND_CRED
3582              Specifies the Replication Manager's password (dnaRemoteBindCred)
3583
3584
3585       --shared-config-entry SHARED_CONFIG_ENTRY
3586              Defines a shared identity that the servers can use  to  transfer
3587              ranges to one
3588              another (dnaSharedCfgDN)
3589
3590
3591       --threshold THRESHOLD
3592              Sets  a  threshold  of remaining available numbers in the range.
3593              When the server
3594              hits  the  threshold,  it  sends  a  request  for  a  new  range
3595              (dnaThreshold)
3596
3597
3598       --next-range NEXT_RANGE
3599              Defines  the  next  range  to  use  when  the  current  range is
3600              exhausted
3601              (dnaNextRange)
3602
3603
3604       --range-request-timeout RANGE_REQUEST_TIMEOUT
3605              sets a timeout period, in seconds, for range  requests  so  that
3606              the server does
3607              not stall waiting on a new range from one server and can request
3608              a range from
3609              a new server (dnaRangeRequestTimeout)
3610
3611

OPTIONS 'dsconf plugin dna config show'

3613       usage: dsconf instance plugin dna config NAME show [-h]
3614
3615
3616
3617

OPTIONS 'dsconf plugin dna config delete'

3619       usage: dsconf instance plugin dna config NAME delete [-h]
3620
3621
3622
3623

OPTIONS 'dsconf plugin dna config shared-config-entry'

3625       usage: dsconf instance plugin dna config NAME shared-config-entry
3626              [-h] HOSTNAME PORT {add,set,show,delete} ...
3627
3628
3629       HOSTNAME
3630              Identifies the host name of a server in a shared range, as  part
3631              of the DNA
3632              range  configuration  for  that  specific  host  in multi-master
3633              replication
3634              (dnaHostname)
3635
3636
3637       PORT   Gives the standard port number to use to  connect  to  the  host
3638              identified in
3639              dnaHostname (dnaPortNum)
3640
3641
3642   Sub-commands
3643       dsconf plugin dna config shared-config-entry add
3644              Add the shared config entry
3645
3646       dsconf plugin dna config shared-config-entry set
3647              Edit the shared config entry
3648
3649       dsconf plugin dna config shared-config-entry show
3650              Display the shared config entry
3651
3652       dsconf plugin dna config shared-config-entry delete
3653              Delete the shared config entry
3654

OPTIONS 'dsconf plugin dna config shared-config-entry add'

3656       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3657       NAME PORT add
3658              [-h] [--secure-port SECURE_PORT]
3659              [--remote-bind-method REMOTE_BIND_METHOD]
3660              [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3661              [--remaining-values REMAINING_VALUES]
3662
3663
3664
3665       --secure-port SECURE_PORT
3666              Gives the secure (TLS) port number to use to connect to the host
3667              identified in
3668              dnaHostname (dnaSecurePortNum)
3669
3670
3671       --remote-bind-method REMOTE_BIND_METHOD
3672              Specifies the remote bind method (dnaRemoteBindMethod)
3673
3674
3675       --remote-conn-protocol REMOTE_CONN_PROTOCOL
3676              Specifies the remote connection protocol (dnaRemoteConnProtocol)
3677
3678
3679       --remaining-values REMAINING_VALUES
3680              Contains  the  number of values that are remaining and available
3681              to a server to
3682              assign to entries (dnaRemainingValues)
3683
3684

OPTIONS 'dsconf plugin dna config shared-config-entry set'

3686       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3687       NAME PORT set
3688              [-h] [--secure-port SECURE_PORT]
3689              [--remote-bind-method REMOTE_BIND_METHOD]
3690              [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3691              [--remaining-values REMAINING_VALUES]
3692
3693
3694
3695       --secure-port SECURE_PORT
3696              Gives the secure (TLS) port number to use to connect to the host
3697              identified in
3698              dnaHostname (dnaSecurePortNum)
3699
3700
3701       --remote-bind-method REMOTE_BIND_METHOD
3702              Specifies the remote bind method (dnaRemoteBindMethod)
3703
3704
3705       --remote-conn-protocol REMOTE_CONN_PROTOCOL
3706              Specifies the remote connection protocol (dnaRemoteConnProtocol)
3707
3708
3709       --remaining-values REMAINING_VALUES
3710              Contains the number of values that are remaining  and  available
3711              to a server to
3712              assign to entries (dnaRemainingValues)
3713
3714

OPTIONS 'dsconf plugin dna config shared-config-entry show'

3716       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3717       NAME PORT show
3718              [-h]
3719
3720
3721
3722

OPTIONS 'dsconf plugin dna config shared-config-entry delete'

3724       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3725       NAME PORT delete
3726              [-h]
3727
3728
3729
3730
3731
3732
3733

OPTIONS 'dsconf plugin linked-attr'

3735       usage: dsconf instance plugin linked-attr [-h]
3736                                                 {show,enable,disable,sta‐
3737       tus,fixup,list,config}
3738                                                 ...
3739
3740
3741   Sub-commands
3742       dsconf plugin linked-attr show
3743              display plugin configuration
3744
3745       dsconf plugin linked-attr enable
3746              enable plugin
3747
3748       dsconf plugin linked-attr disable
3749              disable plugin
3750
3751       dsconf plugin linked-attr status
3752              display plugin status
3753
3754       dsconf plugin linked-attr fixup
3755              Run the fix-up task for linked attributes plugin
3756
3757       dsconf plugin linked-attr list
3758              List available plugin configs
3759
3760       dsconf plugin linked-attr config
3761              Manage plugin configs
3762

OPTIONS 'dsconf plugin linked-attr show'

3764       usage: dsconf instance plugin linked-attr show [-h]
3765
3766
3767
3768

OPTIONS 'dsconf plugin linked-attr enable'

3770       usage: dsconf instance plugin linked-attr enable [-h]
3771
3772
3773
3774

OPTIONS 'dsconf plugin linked-attr disable'

3776       usage: dsconf instance plugin linked-attr disable [-h]
3777
3778
3779
3780

OPTIONS 'dsconf plugin linked-attr status'

3782       usage: dsconf instance plugin linked-attr status [-h]
3783
3784
3785
3786

OPTIONS 'dsconf plugin linked-attr fixup'

3788       usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3789
3790
3791
3792       -l LINKDN, --linkdn LINKDN
3793              Base DN that contains entries to fix up
3794
3795

OPTIONS 'dsconf plugin linked-attr list'

3797       usage: dsconf instance plugin linked-attr list [-h]
3798
3799
3800
3801

OPTIONS 'dsconf plugin linked-attr config'

3803       usage: dsconf instance plugin linked-attr config [-h]
3804                                                        NAME
3805       {add,set,show,delete}
3806                                                        ...
3807
3808
3809       NAME   The Linked Attributes configuration name
3810
3811
3812   Sub-commands
3813       dsconf plugin linked-attr config add
3814              Add the config entry
3815
3816       dsconf plugin linked-attr config set
3817              Edit the config entry
3818
3819       dsconf plugin linked-attr config show
3820              Display the config entry
3821
3822       dsconf plugin linked-attr config delete
3823              Delete the config entry
3824

OPTIONS 'dsconf plugin linked-attr config add'

3826       usage: dsconf instance plugin linked-attr config NAME add [-h]
3827                                                                 [--link-type
3828       LINK_TYPE]
3829                                                                 [--managed-
3830       type MANAGED_TYPE]
3831                                                                 [--link-scope
3832       LINK_SCOPE]
3833
3834
3835
3836       --link-type LINK_TYPE
3837              Sets the attribute that is managed  manually  by  administrators
3838              (linkType)
3839
3840
3841       --managed-type MANAGED_TYPE
3842              Sets  the  attribute  that  is created dynamically by the plugin
3843              (managedType)
3844
3845
3846       --link-scope LINK_SCOPE
3847              Sets the scope that restricts the plugin to a specific  part  of
3848              the directory
3849              tree (linkScope)
3850
3851

OPTIONS 'dsconf plugin linked-attr config set'

3853       usage: dsconf instance plugin linked-attr config NAME set [-h]
3854                                                                 [--link-type
3855       LINK_TYPE]
3856                                                                 [--managed-
3857       type MANAGED_TYPE]
3858                                                                 [--link-scope
3859       LINK_SCOPE]
3860
3861
3862
3863       --link-type LINK_TYPE
3864              Sets the attribute that is managed  manually  by  administrators
3865              (linkType)
3866
3867
3868       --managed-type MANAGED_TYPE
3869              Sets  the  attribute  that  is created dynamically by the plugin
3870              (managedType)
3871
3872
3873       --link-scope LINK_SCOPE
3874              Sets the scope that restricts the plugin to a specific  part  of
3875              the directory
3876              tree (linkScope)
3877
3878

OPTIONS 'dsconf plugin linked-attr config show'

3880       usage: dsconf instance plugin linked-attr config NAME show [-h]
3881
3882
3883
3884

OPTIONS 'dsconf plugin linked-attr config delete'

3886       usage: dsconf instance plugin linked-attr config NAME delete [-h]
3887
3888
3889
3890
3891
3892

OPTIONS 'dsconf plugin managed-entries'

3894       usage: dsconf instance plugin managed-entries [-h]
3895                                                     {show,enable,disable,sta‐
3896       tus,set,list,config,template}
3897                                                     ...
3898
3899
3900   Sub-commands
3901       dsconf plugin managed-entries show
3902              display plugin configuration
3903
3904       dsconf plugin managed-entries enable
3905              enable plugin
3906
3907       dsconf plugin managed-entries disable
3908              disable plugin
3909
3910       dsconf plugin managed-entries status
3911              display plugin status
3912
3913       dsconf plugin managed-entries set
3914              Edit the plugin
3915
3916       dsconf plugin managed-entries list
3917              List Managed Entries Plugin configs and templates
3918
3919       dsconf plugin managed-entries config
3920              Handle Managed Entries Plugin configs
3921
3922       dsconf plugin managed-entries template
3923              Handle Managed Entries Plugin templates
3924

OPTIONS 'dsconf plugin managed-entries show'

3926       usage: dsconf instance plugin managed-entries show [-h]
3927
3928
3929
3930

OPTIONS 'dsconf plugin managed-entries enable'

3932       usage: dsconf instance plugin managed-entries enable [-h]
3933
3934
3935
3936

OPTIONS 'dsconf plugin managed-entries disable'

3938       usage: dsconf instance plugin managed-entries disable [-h]
3939
3940
3941
3942

OPTIONS 'dsconf plugin managed-entries status'

3944       usage: dsconf instance plugin managed-entries status [-h]
3945
3946
3947
3948

OPTIONS 'dsconf plugin managed-entries set'

3950       usage: dsconf instance plugin managed-entries set [-h]
3951                                                         [--config-area   CON‐
3952       FIG_AREA]
3953
3954
3955
3956       --config-area CONFIG_AREA
3957              The value to set as nsslapd-pluginConfigArea
3958
3959

OPTIONS 'dsconf plugin managed-entries list'

3961       usage: dsconf instance plugin managed-entries list [-h]
3962                                                          {configs,templates}
3963       ...
3964
3965
3966   Sub-commands
3967       dsconf plugin managed-entries list configs
3968              List Managed Entries Plugin configs (list config-area if  speci‐
3969              fied in the main plugin entry)
3970
3971       dsconf plugin managed-entries list templates
3972              List Managed Entries Plugin templates in the directory
3973

OPTIONS 'dsconf plugin managed-entries list configs'

3975       usage: dsconf instance plugin managed-entries list configs [-h]
3976
3977
3978
3979

OPTIONS 'dsconf plugin managed-entries list templates'

3981       usage:  dsconf  instance  plugin  managed-entries  list  templates [-h]
3982       BASEDN
3983
3984
3985       BASEDN The base DN where to search the templates.
3986
3987
3988
3989

OPTIONS 'dsconf plugin managed-entries config'

3991       usage: dsconf instance plugin managed-entries config [-h]
3992                                                            NAME
3993                                                            {add,set,show,delete}
3994       ...
3995
3996
3997       NAME   The config entry CN.
3998
3999
4000   Sub-commands
4001       dsconf plugin managed-entries config add
4002              Add the config entry
4003
4004       dsconf plugin managed-entries config set
4005              Edit the config entry
4006
4007       dsconf plugin managed-entries config show
4008              Display the config entry
4009
4010       dsconf plugin managed-entries config delete
4011              Delete the config entry
4012

OPTIONS 'dsconf plugin managed-entries config add'

4014       usage: dsconf instance plugin managed-entries config NAME add
4015              [-h]  [--scope  SCOPE]  [--filter  FILTER]  [--managed-base MAN‐
4016       AGED_BASE]
4017              [--managed-template MANAGED_TEMPLATE]
4018
4019
4020
4021       --scope SCOPE
4022              Sets the scope of the search to use to  see  which  entries  the
4023              plug-in monitors
4024              (originScope)
4025
4026
4027       --filter FILTER
4028              Sets  the  search  filter  to use to search for and identify the
4029              entries within
4030              the subtree which require a managed entry (originFilter)
4031
4032
4033       --managed-base MANAGED_BASE
4034              Sets the subtree under which to create the managed entries (man‐
4035              agedBase)
4036
4037
4038       --managed-template MANAGED_TEMPLATE
4039              Identifies the template entry to use to create the managed entry
4040              (managedTemplate)
4041
4042

OPTIONS 'dsconf plugin managed-entries config set'

4044       usage: dsconf instance plugin managed-entries config NAME set
4045              [-h]  [--scope  SCOPE]  [--filter  FILTER]  [--managed-base MAN‐
4046       AGED_BASE]
4047              [--managed-template MANAGED_TEMPLATE]
4048
4049
4050
4051       --scope SCOPE
4052              Sets the scope of the search to use to  see  which  entries  the
4053              plug-in monitors
4054              (originScope)
4055
4056
4057       --filter FILTER
4058              Sets  the  search  filter  to use to search for and identify the
4059              entries within
4060              the subtree which require a managed entry (originFilter)
4061
4062
4063       --managed-base MANAGED_BASE
4064              Sets the subtree under which to create the managed entries (man‐
4065              agedBase)
4066
4067
4068       --managed-template MANAGED_TEMPLATE
4069              Identifies the template entry to use to create the managed entry
4070              (managedTemplate)
4071
4072

OPTIONS 'dsconf plugin managed-entries config show'

4074       usage: dsconf instance plugin managed-entries config NAME show [-h]
4075
4076
4077
4078

OPTIONS 'dsconf plugin managed-entries config delete'

4080       usage: dsconf instance plugin managed-entries config NAME delete [-h]
4081
4082
4083
4084
4085

OPTIONS 'dsconf plugin managed-entries template'

4087       usage: dsconf instance plugin managed-entries template [-h]
4088                                                              DN
4089                                                              {add,set,show,delete}
4090                                                              ...
4091
4092
4093       DN     The template entry DN.
4094
4095
4096   Sub-commands
4097       dsconf plugin managed-entries template add
4098              Add the template entry
4099
4100       dsconf plugin managed-entries template set
4101              Edit the template entry
4102
4103       dsconf plugin managed-entries template show
4104              Display the template entry
4105
4106       dsconf plugin managed-entries template delete
4107              Delete the template entry
4108

OPTIONS 'dsconf plugin managed-entries template add'

4110       usage: dsconf instance plugin managed-entries template DN add
4111              [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
4112              [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
4113
4114
4115
4116       --rdn-attr RDN_ATTR
4117              Sets which attribute to use as the naming attribute in the auto‐
4118              matically-
4119              generated entry (mepRDNAttr)
4120
4121
4122       --static-attr STATIC_ATTR
4123              Sets an attribute with a defined value that must be added to the
4124              automatically-generated entry (mepStaticAttr)
4125
4126
4127       --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
4128              Sets attributes in the Managed Entries template entry which must
4129              exist in the
4130              generated entry (mepMappedAttr)
4131
4132

OPTIONS 'dsconf plugin managed-entries template set'

4134       usage: dsconf instance plugin managed-entries template DN set
4135              [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
4136              [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
4137
4138
4139
4140       --rdn-attr RDN_ATTR
4141              Sets which attribute to use as the naming attribute in the auto‐
4142              matically-
4143              generated entry (mepRDNAttr)
4144
4145
4146       --static-attr STATIC_ATTR
4147              Sets an attribute with a defined value that must be added to the
4148              automatically-generated entry (mepStaticAttr)
4149
4150
4151       --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
4152              Sets attributes in the Managed Entries template entry which must
4153              exist in the
4154              generated entry (mepMappedAttr)
4155
4156

OPTIONS 'dsconf plugin managed-entries template show'

4158       usage: dsconf instance plugin managed-entries template DN show [-h]
4159
4160
4161
4162

OPTIONS 'dsconf plugin managed-entries template delete'

4164       usage: dsconf instance plugin managed-entries template DN delete [-h]
4165
4166
4167
4168
4169
4170

OPTIONS 'dsconf plugin pass-through-auth'

4172       usage: dsconf instance plugin pass-through-auth [-h]
4173                                                       {show,enable,dis‐
4174       able,status,list,url,pam-config}
4175                                                       ...
4176
4177
4178   Sub-commands
4179       dsconf plugin pass-through-auth show
4180              display plugin configuration
4181
4182       dsconf plugin pass-through-auth enable
4183              enable plugin
4184
4185       dsconf plugin pass-through-auth disable
4186              disable plugin
4187
4188       dsconf plugin pass-through-auth status
4189              display plugin status
4190
4191       dsconf plugin pass-through-auth list
4192              List pass-though plugin URLs or PAM configurations.
4193
4194       dsconf plugin pass-through-auth url
4195              Manage PTA URL configurations.
4196
4197       dsconf plugin pass-through-auth pam-config
4198              Manage PAM PTA configurations.
4199

OPTIONS 'dsconf plugin pass-through-auth show'

4201       usage: dsconf instance plugin pass-through-auth show [-h]
4202
4203
4204
4205

OPTIONS 'dsconf plugin pass-through-auth enable'

4207       usage: dsconf instance plugin pass-through-auth enable [-h]
4208
4209
4210
4211

OPTIONS 'dsconf plugin pass-through-auth disable'

4213       usage: dsconf instance plugin pass-through-auth disable [-h]
4214
4215
4216
4217

OPTIONS 'dsconf plugin pass-through-auth status'

4219       usage: dsconf instance plugin pass-through-auth status [-h]
4220
4221
4222
4223

OPTIONS 'dsconf plugin pass-through-auth list'

4225       usage: dsconf instance plugin pass-through-auth list [-h]
4226                                                            {urls,pam-configs}
4227       ...
4228
4229
4230   Sub-commands
4231       dsconf plugin pass-through-auth list urls
4232              List URLs.
4233
4234       dsconf plugin pass-through-auth list pam-configs
4235              List PAM configurations.
4236

OPTIONS 'dsconf plugin pass-through-auth list urls'

4238       usage: dsconf instance plugin pass-through-auth list urls [-h]
4239
4240
4241
4242

OPTIONS 'dsconf plugin pass-through-auth list pam-configs'

4244       usage: dsconf instance plugin pass-through-auth list pam-configs [-h]
4245
4246
4247
4248
4249

OPTIONS 'dsconf plugin pass-through-auth url'

4251       usage: dsconf instance plugin pass-through-auth url [-h]
4252                                                           {add,modify,delete}
4253       ...
4254
4255
4256   Sub-commands
4257       dsconf plugin pass-through-auth url add
4258              Add the config entry
4259
4260       dsconf plugin pass-through-auth url modify
4261              Edit the config entry
4262
4263       dsconf plugin pass-through-auth url delete
4264              Delete the config entry
4265

OPTIONS 'dsconf plugin pass-through-auth url add'

4267       usage: dsconf instance plugin pass-through-auth url add [-h] URL
4268
4269
4270       URL    The full LDAP URL in format "ldap|ldaps://authDS/subtree
4271              maxconns,maxops,timeout,ldver,connlifetime,startTLS".   If   one
4272              optional
4273              parameter is specified the rest should be specified too
4274
4275
4276

OPTIONS 'dsconf plugin pass-through-auth url modify'

4278       usage: dsconf instance plugin pass-through-auth url modify [-h]
4279                                                                  OLD_URL
4280       NEW_URL
4281
4282
4283       OLD_URL
4284              The full LDAP URL you get from the "list" command
4285
4286
4287       NEW_URL
4288              The full LDAP URL in format "ldap|ldaps://authDS/subtree
4289              maxconns,maxops,timeout,ldver,connlifetime,startTLS".   If   one
4290              optional
4291              parameter is specified the rest should be specified too
4292
4293
4294

OPTIONS 'dsconf plugin pass-through-auth url delete'

4296       usage: dsconf instance plugin pass-through-auth url delete [-h] URL
4297
4298
4299       URL    The full LDAP URL you get from the "list" command
4300
4301
4302
4303

OPTIONS 'dsconf plugin pass-through-auth pam-config'

4305       usage: dsconf instance plugin pass-through-auth pam-config [-h]
4306                                                                  NAME
4307                                                                  {add,set,show,delete}
4308                                                                  ...
4309
4310
4311       NAME   The PAM PTA configuration name
4312
4313
4314   Sub-commands
4315       dsconf plugin pass-through-auth pam-config add
4316              Add the config entry
4317
4318       dsconf plugin pass-through-auth pam-config set
4319              Edit the config entry
4320
4321       dsconf plugin pass-through-auth pam-config show
4322              Display the config entry
4323
4324       dsconf plugin pass-through-auth pam-config delete
4325              Delete the config entry
4326

OPTIONS 'dsconf plugin pass-through-auth pam-config add'

4328       usage: dsconf instance plugin pass-through-auth pam-config NAME add
4329              [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4330              [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4331              [--missing-suffix  {ERROR,ALLOW,IGNORE,delete,}]  [--filter FIL‐
4332       TER]
4333              [--id-attr    ID_ATTR    [ID_ATTR     ...]]     [--id_map_method
4334       ID_MAP_METHOD]
4335              [--fallback  {TRUE,FALSE}]  [--secure  {TRUE,FALSE}]  [--service
4336       SERVICE]
4337
4338
4339
4340       --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4341              Specifies a suffix to exclude from  PAM  authentication  (pamEx‐
4342              cludeSuffix)
4343
4344
4345       --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4346              Sets  a suffix to include for PAM authentication (pamIncludeSuf‐
4347              fix)
4348
4349
4350       --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4351              Identifies how to handle missing include or exclude suffixes
4352              (pamMissingSuffix)
4353
4354
4355       --filter FILTER
4356              Sets an LDAP filter to use to identify specific  entries  within
4357              the included
4358              suffixes  for which to use PAM pass-through authentication (pam‐
4359              Filter)
4360
4361
4362       --id-attr ID_ATTR [ID_ATTR ...]
4363              Contains the attribute name which is used to hold the  PAM  user
4364              ID (pamIDAttr)
4365
4366
4367       --id_map_method ID_MAP_METHOD
4368              Gives  the  method to use to map the LDAP bind DN to a PAM iden‐
4369              tity
4370              (pamIDMapMethod)
4371
4372
4373       --fallback {TRUE,FALSE}
4374              Sets whether to fallback to regular LDAP authentication  if  PAM
4375              authentication
4376              fails (pamFallback)
4377
4378
4379       --secure {TRUE,FALSE}
4380              Requires  secure  TLS  connection for PAM authentication (pamSe‐
4381              cure)
4382
4383
4384       --service SERVICE
4385              Contains the service name to pass to PAM (pamService)
4386
4387

OPTIONS 'dsconf plugin pass-through-auth pam-config set'

4389       usage: dsconf instance plugin pass-through-auth pam-config NAME set
4390              [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4391              [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4392              [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}]  [--filter  FIL‐
4393       TER]
4394              [--id-attr     ID_ATTR     [ID_ATTR    ...]]    [--id_map_method
4395       ID_MAP_METHOD]
4396              [--fallback  {TRUE,FALSE}]  [--secure  {TRUE,FALSE}]  [--service
4397       SERVICE]
4398
4399
4400
4401       --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4402              Specifies  a  suffix  to exclude from PAM authentication (pamEx‐
4403              cludeSuffix)
4404
4405
4406       --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4407              Sets a suffix to include for PAM authentication  (pamIncludeSuf‐
4408              fix)
4409
4410
4411       --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4412              Identifies how to handle missing include or exclude suffixes
4413              (pamMissingSuffix)
4414
4415
4416       --filter FILTER
4417              Sets  an  LDAP filter to use to identify specific entries within
4418              the included
4419              suffixes for which to use PAM pass-through authentication  (pam‐
4420              Filter)
4421
4422
4423       --id-attr ID_ATTR [ID_ATTR ...]
4424              Contains  the  attribute name which is used to hold the PAM user
4425              ID (pamIDAttr)
4426
4427
4428       --id_map_method ID_MAP_METHOD
4429              Gives the method to use to map the LDAP bind DN to a  PAM  iden‐
4430              tity
4431              (pamIDMapMethod)
4432
4433
4434       --fallback {TRUE,FALSE}
4435              Sets  whether  to fallback to regular LDAP authentication if PAM
4436              authentication
4437              fails (pamFallback)
4438
4439
4440       --secure {TRUE,FALSE}
4441              Requires secure TLS connection for  PAM  authentication  (pamSe‐
4442              cure)
4443
4444
4445       --service SERVICE
4446              Contains the service name to pass to PAM (pamService)
4447
4448

OPTIONS 'dsconf plugin pass-through-auth pam-config show'

4450       usage:  dsconf  instance  plugin pass-through-auth pam-config NAME show
4451       [-h]
4452
4453
4454
4455

OPTIONS 'dsconf plugin pass-through-auth pam-config delete'

4457       usage: dsconf instance plugin pass-through-auth pam-config NAME  delete
4458       [-h]
4459
4460
4461
4462
4463
4464

OPTIONS 'dsconf plugin retro-changelog'

4466       usage: dsconf instance plugin retro-changelog [-h]
4467                                                     {show,enable,disable,sta‐
4468       tus,set}
4469                                                     ...
4470
4471
4472   Sub-commands
4473       dsconf plugin retro-changelog show
4474              display plugin configuration
4475
4476       dsconf plugin retro-changelog enable
4477              enable plugin
4478
4479       dsconf plugin retro-changelog disable
4480              disable plugin
4481
4482       dsconf plugin retro-changelog status
4483              display plugin status
4484
4485       dsconf plugin retro-changelog set
4486              Edit the plugin
4487

OPTIONS 'dsconf plugin retro-changelog show'

4489       usage: dsconf instance plugin retro-changelog show [-h]
4490
4491
4492
4493

OPTIONS 'dsconf plugin retro-changelog enable'

4495       usage: dsconf instance plugin retro-changelog enable [-h]
4496
4497
4498
4499

OPTIONS 'dsconf plugin retro-changelog disable'

4501       usage: dsconf instance plugin retro-changelog disable [-h]
4502
4503
4504
4505

OPTIONS 'dsconf plugin retro-changelog status'

4507       usage: dsconf instance plugin retro-changelog status [-h]
4508
4509
4510
4511

OPTIONS 'dsconf plugin retro-changelog set'

4513       usage: dsconf instance plugin retro-changelog set [-h]
4514                                                         [--is-replicated
4515       {TRUE,FALSE}]
4516                                                         [--attribute
4517       ATTRIBUTE]
4518                                                         [--directory   DIREC‐
4519       TORY]
4520                                                         [--max-age MAX_AGE]
4521                                                         [--exclude-suffix
4522       EXCLUDE_SUFFIX]
4523
4524
4525
4526       --is-replicated {TRUE,FALSE}
4527              Sets a flag to indicate on a change in the changelog whether the
4528              change is
4529              newly made on that server or whether it was replicated over from
4530              another
4531              server (isReplicated)
4532
4533
4534       --attribute ATTRIBUTE
4535              Specifies another  Directory  Server  attribute  which  must  be
4536              included in the
4537              retro changelog entries (nsslapd-attribute)
4538
4539
4540       --directory DIRECTORY
4541              Specifies the name of the directory in which the changelog data‐
4542              base is created
4543              the first time the plug-in is run
4544
4545
4546       --max-age MAX_AGE
4547              This attribute specifies the maximum age of  any  entry  in  the
4548              changelog
4549              (nsslapd-changelogmaxage)
4550
4551
4552       --exclude-suffix EXCLUDE_SUFFIX
4553              This  attribute specifies the suffix which will be excluded from
4554              the scope of
4555              the plugin (nsslapd-exclude-suffix)
4556
4557
4558

OPTIONS 'dsconf plugin posix-winsync'

4560       usage: dsconf instance plugin posix-winsync [-h]
4561                                                   {show,enable,disable,sta‐
4562       tus,set,fixup}
4563                                                   ...
4564
4565
4566   Sub-commands
4567       dsconf plugin posix-winsync show
4568              display plugin configuration
4569
4570       dsconf plugin posix-winsync enable
4571              enable plugin
4572
4573       dsconf plugin posix-winsync disable
4574              disable plugin
4575
4576       dsconf plugin posix-winsync status
4577              display plugin status
4578
4579       dsconf plugin posix-winsync set
4580              Edit the plugin
4581
4582       dsconf plugin posix-winsync fixup
4583              Run  the  memberOf  fix-up task to correct mismatched member and
4584              uniquemember values for synced users
4585

OPTIONS 'dsconf plugin posix-winsync show'

4587       usage: dsconf instance plugin posix-winsync show [-h]
4588
4589
4590
4591

OPTIONS 'dsconf plugin posix-winsync enable'

4593       usage: dsconf instance plugin posix-winsync enable [-h]
4594
4595
4596
4597

OPTIONS 'dsconf plugin posix-winsync disable'

4599       usage: dsconf instance plugin posix-winsync disable [-h]
4600
4601
4602
4603

OPTIONS 'dsconf plugin posix-winsync status'

4605       usage: dsconf instance plugin posix-winsync status [-h]
4606
4607
4608
4609

OPTIONS 'dsconf plugin posix-winsync set'

4611       usage: dsconf instance plugin posix-winsync set [-h]
4612                                                       [--create-memberof-task
4613       {true,false}]
4614                                                       [--lower-case-uid
4615       {true,false}]
4616                                                       [--map-member-uid
4617       {true,false}]
4618                                                       [--map-nested-grouping
4619       {true,false}]
4620                                                       [--ms-sfu-schema
4621       {true,false}]
4622
4623
4624
4625       --create-memberof-task {true,false}
4626              Sets whether to run the memberOf fix-up task immediately after a
4627              sync run in
4628              order to update group memberships for synced users
4629              (posixWinsyncCreateMemberOfTask)
4630
4631
4632       --lower-case-uid {true,false}
4633              Sets whether to store (and, if necessary, convert) the UID value
4634              in the
4635              memberUID attribute in lower case.(posixWinsyncLowerCaseUID)
4636
4637
4638       --map-member-uid {true,false}
4639              Sets  whether to map the memberUID attribute in an Active Direc‐
4640              tory group to
4641              the uniqueMember attribute in a Directory Server group
4642              (posixWinsyncMapMemberUID)
4643
4644
4645       --map-nested-grouping {true,false}
4646              Manages if nested groups are updated when  memberUID  attributes
4647              in an Active
4648              Directory POSIX group change (posixWinsyncMapNestedGrouping)
4649
4650
4651       --ms-sfu-schema {true,false}
4652              Sets whether to the older Microsoft System Services for Unix 3.0
4653              (msSFU30)
4654              schema when syncing Posix attributes from Active Directory
4655              (posixWinsyncMsSFUSchema)
4656
4657

OPTIONS 'dsconf plugin posix-winsync fixup'

4659       usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER] DN
4660
4661
4662       DN     Base DN that contains entries to fix up
4663
4664
4665       -f FILTER, --filter FILTER
4666              Filter for entries to fix  up.  If  omitted,  all  entries  with
4667              objectclass
4668              inetuser/inetadmin/nsmemberof under the specified base will have
4669              their
4670              memberOf attribute regenerated.
4671
4672
4673

OPTIONS 'dsconf plugin list'

4675       usage: dsconf instance plugin list [-h]
4676
4677
4678
4679

OPTIONS 'dsconf plugin show'

4681       usage: dsconf instance plugin show [-h] [selector]
4682
4683
4684       selector
4685              The plugin to search for
4686
4687
4688

OPTIONS 'dsconf plugin set'

4690       usage:  dsconf  instance  plugin  set  [-h]  [--type  TYPE]  [--enabled
4691       {on,off}]
4692                                         [--path PATH] [--initfunc INITFUNC]
4693                                         [--id ID] [--vendor VENDOR]
4694                                         [--version VERSION]
4695                                         [--description DESCRIPTION]
4696                                         [--depends-on-type DEPENDS_ON_TYPE]
4697                                         [--depends-on-named DEPENDS_ON_NAMED]
4698                                         [--precedence PRECEDENCE]
4699                                         [selector]
4700
4701
4702       selector
4703              The plugin to edit
4704
4705
4706       --type TYPE
4707              The type of plugin.
4708
4709
4710       --enabled {on,off}
4711              Identifies whether or not the plugin is enabled.
4712
4713
4714       --path PATH
4715              The plugin library name (without the library suffix).
4716
4717
4718       --initfunc INITFUNC
4719              An initialization function of the plugin.
4720
4721
4722       --id ID
4723              The plugin ID.
4724
4725
4726       --vendor VENDOR
4727              The vendor of plugin.
4728
4729
4730       --version VERSION
4731              The version of plugin.
4732
4733
4734       --description DESCRIPTION
4735              The description of the plugin.
4736
4737
4738       --depends-on-type DEPENDS_ON_TYPE
4739              All  plug-ins  with a type value which matches one of the values
4740              in the
4741              following valid range will be started by  the  server  prior  to
4742              this plug-in.
4743
4744
4745       --depends-on-named DEPENDS_ON_NAMED
4746              The  plug-in  name  matching one of the following values will be
4747              started by the
4748              server prior to this plug-in
4749
4750
4751       --precedence PRECEDENCE
4752              The priority it has in the execution order of plug-ins
4753
4754
4755

OPTIONS 'dsconf pwpolicy'

4757       usage: dsconf instance pwpolicy [-h] {get,set} ...
4758
4759
4760   Sub-commands
4761       dsconf pwpolicy get
4762              Get the global password policy entry
4763
4764       dsconf pwpolicy set
4765              Set an attribute in a global password policy
4766

OPTIONS 'dsconf pwpolicy get'

4768       usage: dsconf instance pwpolicy get [-h]
4769
4770
4771
4772

OPTIONS 'dsconf pwpolicy set'

4774       usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4775                                           [--pwdchange PWDCHANGE]
4776                                           [--pwdmustchange PWDMUSTCHANGE]
4777                                           [--pwdhistory PWDHISTORY]
4778                                           [--pwdhistorycount PWDHISTORYCOUNT]
4779                                           [--pwdadmin PWDADMIN]
4780                                           [--pwdtrack PWDTRACK]
4781                                           [--pwdwarning PWDWARNING]
4782                                           [--pwdexpire PWDEXPIRE]
4783                                           [--pwdmaxage PWDMAXAGE]
4784                                           [--pwdminage PWDMINAGE]
4785                                           [--pwdgracelimit PWDGRACELIMIT]
4786                                           [--pwdsendexpiring PWDSENDEXPIRING]
4787                                           [--pwdlockout PWDLOCKOUT]
4788                                           [--pwdunlock PWDUNLOCK]
4789                                           [--pwdlockoutduration PWDLOCKOUTDU‐
4790       RATION]
4791                                           [--pwdmaxfailures PWDMAXFAILURES]
4792                                           [--pwdresetfailcount  PWDRESETFAIL‐
4793       COUNT]
4794                                           [--pwdchecksyntax PWDCHECKSYNTAX]
4795                                           [--pwdminlen PWDMINLEN]
4796                                           [--pwdmindigits PWDMINDIGITS]
4797                                           [--pwdminalphas PWDMINALPHAS]
4798                                           [--pwdminuppers PWDMINUPPERS]
4799                                           [--pwdminlowers PWDMINLOWERS]
4800                                           [--pwdminspecials PWDMINSPECIALS]
4801                                           [--pwdmin8bits PWDMIN8BITS]
4802                                           [--pwdmaxrepeats PWDMAXREPEATS]
4803                                           [--pwdpalindrome PWDPALINDROME]
4804                                           [--pwdmaxseq PWDMAXSEQ]
4805                                           [--pwdmaxseqsets PWDMAXSEQSETS]
4806                                           [--pwdmaxclasschars    PWDMAXCLASS‐
4807       CHARS]
4808                                           [--pwdmincatagories         PWDMIN‐
4809       CATAGORIES]
4810                                           [--pwdmintokenlen PWDMINTOKENLEN]
4811                                           [--pwdbadwords PWDBADWORDS]
4812                                           [--pwduserattrs PWDUSERATTRS]
4813                                           [--pwddictcheck PWDDICTCHECK]
4814                                           [--pwddictpath PWDDICTPATH]
4815                                           [--pwdlocal PWDLOCAL]
4816                                           [--pwdisglobal PWDISGLOBAL]
4817                                           [--pwdallowhash PWDALLOWHASH]
4818
4819
4820
4821       --pwdscheme PWDSCHEME
4822              The password storage scheme
4823
4824
4825       --pwdchange PWDCHANGE
4826              Allow users to change their passwords
4827
4828
4829       --pwdmustchange PWDMUSTCHANGE
4830              User must change their passwrod after it is reset by an Adminis‐
4831              trator
4832
4833
4834       --pwdhistory PWDHISTORY
4835              To enable password history set this to "on", otherwise "off"
4836
4837
4838       --pwdhistorycount PWDHISTORYCOUNT
4839              The number of password to keep in history
4840
4841
4842       --pwdadmin PWDADMIN
4843              The  DN  of an entry or a group of account that can bypass pass‐
4844              word policy
4845              constraints
4846
4847
4848       --pwdtrack PWDTRACK
4849              Set to "on" to track the time the password was last changed
4850
4851
4852       --pwdwarning PWDWARNING
4853              Send an expiring warning if password expires  within  this  time
4854              (in seconds)
4855
4856
4857       --pwdexpire PWDEXPIRE
4858              Set to "on" to enable password expiration
4859
4860
4861       --pwdmaxage PWDMAXAGE
4862              The password expiration time in seconds
4863
4864
4865       --pwdminage PWDMINAGE
4866              The  number  of  seconds that must pass before a user can change
4867              their password
4868
4869
4870       --pwdgracelimit PWDGRACELIMIT
4871              The number of allowed logins after the password has expired
4872
4873
4874       --pwdsendexpiring PWDSENDEXPIRING
4875              Set to "on" to always send the expiring  control  regardless  of
4876              the warning
4877              period
4878
4879
4880       --pwdlockout PWDLOCKOUT
4881              Set to "on" to enable account lockout
4882
4883
4884       --pwdunlock PWDUNLOCK
4885              Set  to  "on"  to  allow an account to become unlocked after the
4886              lockout duration
4887
4888
4889       --pwdlockoutduration PWDLOCKOUTDURATION
4890              The number of seconds an account stays locked out
4891
4892
4893       --pwdmaxfailures PWDMAXFAILURES
4894              The maximum number of allowed failed  password  attempts  before
4895              the account gets
4896              locked
4897
4898
4899       --pwdresetfailcount PWDRESETFAILCOUNT
4900              The  number  of seconds to wait before reducing the failed login
4901              count on an
4902              account
4903
4904
4905       --pwdchecksyntax PWDCHECKSYNTAX
4906              Set to "on" to Enable password syntax checking
4907
4908
4909       --pwdminlen PWDMINLEN
4910              The minimum number of characters required in a password
4911
4912
4913       --pwdmindigits PWDMINDIGITS
4914              The minimum number of digit/number characters in a password
4915
4916
4917       --pwdminalphas PWDMINALPHAS
4918              The minimum number of alpha characters required in a password
4919
4920
4921       --pwdminuppers PWDMINUPPERS
4922              The minimum number of uppercase characters required in  a  pass‐
4923              word
4924
4925
4926       --pwdminlowers PWDMINLOWERS
4927              The  minimum  number of lowercase characters required in a pass‐
4928              word
4929
4930
4931       --pwdminspecials PWDMINSPECIALS
4932              The minimum number of special characters required in a password
4933
4934
4935       --pwdmin8bits PWDMIN8BITS
4936              The minimum number of 8-bit characters required in a password
4937
4938
4939       --pwdmaxrepeats PWDMAXREPEATS
4940              The maximum number  of  times  the  same  character  can  appear
4941              sequentially in the
4942              password
4943
4944
4945       --pwdpalindrome PWDPALINDROME
4946              Set to "on" to reject passwords that are palindromes
4947
4948
4949       --pwdmaxseq PWDMAXSEQ
4950              The maximum number of allowed monotonic character sequences in a
4951              password
4952
4953
4954       --pwdmaxseqsets PWDMAXSEQSETS
4955              The maximum number of allowed monotonic character sequences that
4956              can be
4957              duplicated in a password
4958
4959
4960       --pwdmaxclasschars PWDMAXCLASSCHARS
4961              The  maximum number of sequential characters from the same char‐
4962              acter class that
4963              is allowed in a password
4964
4965
4966       --pwdmincatagories PWDMINCATAGORIES
4967              The minimum number of syntax catagory checks
4968
4969
4970       --pwdmintokenlen PWDMINTOKENLEN
4971              Sets the smallest attribute value length that is used for  triv‐
4972              ial/user words
4973              checking. This also impacts "--pwduserattrs"
4974
4975
4976       --pwdbadwords PWDBADWORDS
4977              A space-separated list of words that can not be in a password
4978
4979
4980       --pwduserattrs PWDUSERATTRS
4981              A space-separated list of attributes whose values can not appear
4982              in the
4983              password (See "--pwdmintokenlen")
4984
4985
4986       --pwddictcheck PWDDICTCHECK
4987              Set to "on" to enfore CrackLib dictionary checking
4988
4989
4990       --pwddictpath PWDDICTPATH
4991              Filesystem path to specific/custom CrackLib dictionary files
4992
4993
4994       --pwdlocal PWDLOCAL
4995              Set to "on" to enable fine-grained (subtree/user-level) password
4996              policies
4997
4998
4999       --pwdisglobal PWDISGLOBAL
5000              Set  to  "on"  to  enable  password policy state attributesto be
5001              replicated
5002
5003
5004       --pwdallowhash PWDALLOWHASH
5005              Set to "on" to allow adding prehashed passwords
5006
5007
5008

OPTIONS 'dsconf localpwp'

5010       usage: dsconf instance localpwp [-h]
5011                                       {list,get,set,remove,adduser,addsub‐
5012       tree} ...
5013
5014
5015   Sub-commands
5016       dsconf localpwp list
5017              List all the local password policies
5018
5019       dsconf localpwp get
5020              Get local password policy entry
5021
5022       dsconf localpwp set
5023              Set an attribute in a local password policy
5024
5025       dsconf localpwp remove
5026              Remove a local password policy
5027
5028       dsconf localpwp adduser
5029              Add new user password policy
5030
5031       dsconf localpwp addsubtree
5032              Add new subtree password policy
5033

OPTIONS 'dsconf localpwp list'

5035       usage: dsconf instance localpwp list [-h] DN
5036
5037
5038       DN     Suffix to search for local password policies
5039
5040
5041

OPTIONS 'dsconf localpwp get'

5043       usage: dsconf instance localpwp get [-h] DN
5044
5045
5046       DN     Get the local policy for this entry DN
5047
5048
5049

OPTIONS 'dsconf localpwp set'

5051       usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
5052                                           [--pwdchange PWDCHANGE]
5053                                           [--pwdmustchange PWDMUSTCHANGE]
5054                                           [--pwdhistory PWDHISTORY]
5055                                           [--pwdhistorycount PWDHISTORYCOUNT]
5056                                           [--pwdadmin PWDADMIN]
5057                                           [--pwdtrack PWDTRACK]
5058                                           [--pwdwarning PWDWARNING]
5059                                           [--pwdexpire PWDEXPIRE]
5060                                           [--pwdmaxage PWDMAXAGE]
5061                                           [--pwdminage PWDMINAGE]
5062                                           [--pwdgracelimit PWDGRACELIMIT]
5063                                           [--pwdsendexpiring PWDSENDEXPIRING]
5064                                           [--pwdlockout PWDLOCKOUT]
5065                                           [--pwdunlock PWDUNLOCK]
5066                                           [--pwdlockoutduration PWDLOCKOUTDU‐
5067       RATION]
5068                                           [--pwdmaxfailures PWDMAXFAILURES]
5069                                           [--pwdresetfailcount  PWDRESETFAIL‐
5070       COUNT]
5071                                           [--pwdchecksyntax PWDCHECKSYNTAX]
5072                                           [--pwdminlen PWDMINLEN]
5073                                           [--pwdmindigits PWDMINDIGITS]
5074                                           [--pwdminalphas PWDMINALPHAS]
5075                                           [--pwdminuppers PWDMINUPPERS]
5076                                           [--pwdminlowers PWDMINLOWERS]
5077                                           [--pwdminspecials PWDMINSPECIALS]
5078                                           [--pwdmin8bits PWDMIN8BITS]
5079                                           [--pwdmaxrepeats PWDMAXREPEATS]
5080                                           [--pwdpalindrome PWDPALINDROME]
5081                                           [--pwdmaxseq PWDMAXSEQ]
5082                                           [--pwdmaxseqsets PWDMAXSEQSETS]
5083                                           [--pwdmaxclasschars    PWDMAXCLASS‐
5084       CHARS]
5085                                           [--pwdmincatagories         PWDMIN‐
5086       CATAGORIES]
5087                                           [--pwdmintokenlen PWDMINTOKENLEN]
5088                                           [--pwdbadwords PWDBADWORDS]
5089                                           [--pwduserattrs PWDUSERATTRS]
5090                                           [--pwddictcheck PWDDICTCHECK]
5091                                           [--pwddictpath PWDDICTPATH]
5092                                           DN
5093
5094
5095       DN     Set the local policy for this entry DN
5096
5097
5098       --pwdscheme PWDSCHEME
5099              The password storage scheme
5100
5101
5102       --pwdchange PWDCHANGE
5103              Allow users to change their passwords
5104
5105
5106       --pwdmustchange PWDMUSTCHANGE
5107              User must change their passwrod after it is reset by an Adminis‐
5108              trator
5109
5110
5111       --pwdhistory PWDHISTORY
5112              To enable password history set this to "on", otherwise "off"
5113
5114
5115       --pwdhistorycount PWDHISTORYCOUNT
5116              The number of password to keep in history
5117
5118
5119       --pwdadmin PWDADMIN
5120              The DN of an entry or a group of account that can  bypass  pass‐
5121              word policy
5122              constraints
5123
5124
5125       --pwdtrack PWDTRACK
5126              Set to "on" to track the time the password was last changed
5127
5128
5129       --pwdwarning PWDWARNING
5130              Send  an  expiring  warning if password expires within this time
5131              (in seconds)
5132
5133
5134       --pwdexpire PWDEXPIRE
5135              Set to "on" to enable password expiration
5136
5137
5138       --pwdmaxage PWDMAXAGE
5139              The password expiration time in seconds
5140
5141
5142       --pwdminage PWDMINAGE
5143              The number of seconds that must pass before a  user  can  change
5144              their password
5145
5146
5147       --pwdgracelimit PWDGRACELIMIT
5148              The number of allowed logins after the password has expired
5149
5150
5151       --pwdsendexpiring PWDSENDEXPIRING
5152              Set  to  "on"  to always send the expiring control regardless of
5153              the warning
5154              period
5155
5156
5157       --pwdlockout PWDLOCKOUT
5158              Set to "on" to enable account lockout
5159
5160
5161       --pwdunlock PWDUNLOCK
5162              Set to "on" to allow an account to  become  unlocked  after  the
5163              lockout duration
5164
5165
5166       --pwdlockoutduration PWDLOCKOUTDURATION
5167              The number of seconds an account stays locked out
5168
5169
5170       --pwdmaxfailures PWDMAXFAILURES
5171              The  maximum  number  of allowed failed password attempts before
5172              the account gets
5173              locked
5174
5175
5176       --pwdresetfailcount PWDRESETFAILCOUNT
5177              The number of seconds to wait before reducing the  failed  login
5178              count on an
5179              account
5180
5181
5182       --pwdchecksyntax PWDCHECKSYNTAX
5183              Set to "on" to Enable password syntax checking
5184
5185
5186       --pwdminlen PWDMINLEN
5187              The minimum number of characters required in a password
5188
5189
5190       --pwdmindigits PWDMINDIGITS
5191              The minimum number of digit/number characters in a password
5192
5193
5194       --pwdminalphas PWDMINALPHAS
5195              The minimum number of alpha characters required in a password
5196
5197
5198       --pwdminuppers PWDMINUPPERS
5199              The  minimum  number of uppercase characters required in a pass‐
5200              word
5201
5202
5203       --pwdminlowers PWDMINLOWERS
5204              The minimum number of lowercase characters required in  a  pass‐
5205              word
5206
5207
5208       --pwdminspecials PWDMINSPECIALS
5209              The minimum number of special characters required in a password
5210
5211
5212       --pwdmin8bits PWDMIN8BITS
5213              The minimum number of 8-bit characters required in a password
5214
5215
5216       --pwdmaxrepeats PWDMAXREPEATS
5217              The  maximum  number  of  times  the  same  character can appear
5218              sequentially in the
5219              password
5220
5221
5222       --pwdpalindrome PWDPALINDROME
5223              Set to "on" to reject passwords that are palindromes
5224
5225
5226       --pwdmaxseq PWDMAXSEQ
5227              The maximum number of allowed monotonic character sequences in a
5228              password
5229
5230
5231       --pwdmaxseqsets PWDMAXSEQSETS
5232              The maximum number of allowed monotonic character sequences that
5233              can be
5234              duplicated in a password
5235
5236
5237       --pwdmaxclasschars PWDMAXCLASSCHARS
5238              The maximum number of sequential characters from the same  char‐
5239              acter class that
5240              is allowed in a password
5241
5242
5243       --pwdmincatagories PWDMINCATAGORIES
5244              The minimum number of syntax catagory checks
5245
5246
5247       --pwdmintokenlen PWDMINTOKENLEN
5248              Sets  the smallest attribute value length that is used for triv‐
5249              ial/user words
5250              checking. This also impacts "--pwduserattrs"
5251
5252
5253       --pwdbadwords PWDBADWORDS
5254              A space-separated list of words that can not be in a password
5255
5256
5257       --pwduserattrs PWDUSERATTRS
5258              A space-separated list of attributes whose values can not appear
5259              in the
5260              password (See "--pwdmintokenlen")
5261
5262
5263       --pwddictcheck PWDDICTCHECK
5264              Set to "on" to enfore CrackLib dictionary checking
5265
5266
5267       --pwddictpath PWDDICTPATH
5268              Filesystem path to specific/custom CrackLib dictionary files
5269
5270

OPTIONS 'dsconf localpwp remove'

5272       usage: dsconf instance localpwp remove [-h] DN
5273
5274
5275       DN     Remove local policy for this entry DN
5276
5277
5278

OPTIONS 'dsconf localpwp adduser'

5280       usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5281                                               [--pwdchange PWDCHANGE]
5282                                               [--pwdmustchange PWDMUSTCHANGE]
5283                                               [--pwdhistory PWDHISTORY]
5284                                               [--pwdhistorycount    PWDHISTO‐
5285       RYCOUNT]
5286                                               [--pwdadmin PWDADMIN]
5287                                               [--pwdtrack PWDTRACK]
5288                                               [--pwdwarning PWDWARNING]
5289                                               [--pwdexpire PWDEXPIRE]
5290                                               [--pwdmaxage PWDMAXAGE]
5291                                               [--pwdminage PWDMINAGE]
5292                                               [--pwdgracelimit PWDGRACELIMIT]
5293                                               [--pwdsendexpiring   PWDSENDEX‐
5294       PIRING]
5295                                               [--pwdlockout PWDLOCKOUT]
5296                                               [--pwdunlock PWDUNLOCK]
5297                                               [--pwdlockoutduration  PWDLOCK‐
5298       OUTDURATION]
5299                                               [--pwdmaxfailures   PWDMAXFAIL‐
5300       URES]
5301                                               [--pwdresetfailcount  PWDRESET‐
5302       FAILCOUNT]
5303                                               [--pwdchecksyntax  PWDCHECKSYN‐
5304       TAX]
5305                                               [--pwdminlen PWDMINLEN]
5306                                               [--pwdmindigits PWDMINDIGITS]
5307                                               [--pwdminalphas PWDMINALPHAS]
5308                                               [--pwdminuppers PWDMINUPPERS]
5309                                               [--pwdminlowers PWDMINLOWERS]
5310                                               [--pwdminspecials    PWDMINSPE‐
5311       CIALS]
5312                                               [--pwdmin8bits PWDMIN8BITS]
5313                                               [--pwdmaxrepeats PWDMAXREPEATS]
5314                                               [--pwdpalindrome PWDPALINDROME]
5315                                               [--pwdmaxseq PWDMAXSEQ]
5316                                               [--pwdmaxseqsets PWDMAXSEQSETS]
5317                                               [--pwdmaxclasschars     PWDMAX‐
5318       CLASSCHARS]
5319                                               [--pwdmincatagories     PWDMIN‐
5320       CATAGORIES]
5321                                               [--pwdmintokenlen     PWDMINTO‐
5322       KENLEN]
5323                                               [--pwdbadwords PWDBADWORDS]
5324                                               [--pwduserattrs PWDUSERATTRS]
5325                                               [--pwddictcheck PWDDICTCHECK]
5326                                               [--pwddictpath PWDDICTPATH]
5327                                               DN
5328
5329
5330       DN     Add/replace the local password policy for this entry DN
5331
5332
5333       --pwdscheme PWDSCHEME
5334              The password storage scheme
5335
5336
5337       --pwdchange PWDCHANGE
5338              Allow users to change their passwords
5339
5340
5341       --pwdmustchange PWDMUSTCHANGE
5342              User must change their passwrod after it is reset by an Adminis‐
5343              trator
5344
5345
5346       --pwdhistory PWDHISTORY
5347              To enable password history set this to "on", otherwise "off"
5348
5349
5350       --pwdhistorycount PWDHISTORYCOUNT
5351              The number of password to keep in history
5352
5353
5354       --pwdadmin PWDADMIN
5355              The DN of an entry or a group of account that can  bypass  pass‐
5356              word policy
5357              constraints
5358
5359
5360       --pwdtrack PWDTRACK
5361              Set to "on" to track the time the password was last changed
5362
5363
5364       --pwdwarning PWDWARNING
5365              Send  an  expiring  warning if password expires within this time
5366              (in seconds)
5367
5368
5369       --pwdexpire PWDEXPIRE
5370              Set to "on" to enable password expiration
5371
5372
5373       --pwdmaxage PWDMAXAGE
5374              The password expiration time in seconds
5375
5376
5377       --pwdminage PWDMINAGE
5378              The number of seconds that must pass before a  user  can  change
5379              their password
5380
5381
5382       --pwdgracelimit PWDGRACELIMIT
5383              The number of allowed logins after the password has expired
5384
5385
5386       --pwdsendexpiring PWDSENDEXPIRING
5387              Set  to  "on"  to always send the expiring control regardless of
5388              the warning
5389              period
5390
5391
5392       --pwdlockout PWDLOCKOUT
5393              Set to "on" to enable account lockout
5394
5395
5396       --pwdunlock PWDUNLOCK
5397              Set to "on" to allow an account to  become  unlocked  after  the
5398              lockout duration
5399
5400
5401       --pwdlockoutduration PWDLOCKOUTDURATION
5402              The number of seconds an account stays locked out
5403
5404
5405       --pwdmaxfailures PWDMAXFAILURES
5406              The  maximum  number  of allowed failed password attempts before
5407              the account gets
5408              locked
5409
5410
5411       --pwdresetfailcount PWDRESETFAILCOUNT
5412              The number of seconds to wait before reducing the  failed  login
5413              count on an
5414              account
5415
5416
5417       --pwdchecksyntax PWDCHECKSYNTAX
5418              Set to "on" to Enable password syntax checking
5419
5420
5421       --pwdminlen PWDMINLEN
5422              The minimum number of characters required in a password
5423
5424
5425       --pwdmindigits PWDMINDIGITS
5426              The minimum number of digit/number characters in a password
5427
5428
5429       --pwdminalphas PWDMINALPHAS
5430              The minimum number of alpha characters required in a password
5431
5432
5433       --pwdminuppers PWDMINUPPERS
5434              The  minimum  number of uppercase characters required in a pass‐
5435              word
5436
5437
5438       --pwdminlowers PWDMINLOWERS
5439              The minimum number of lowercase characters required in  a  pass‐
5440              word
5441
5442
5443       --pwdminspecials PWDMINSPECIALS
5444              The minimum number of special characters required in a password
5445
5446
5447       --pwdmin8bits PWDMIN8BITS
5448              The minimum number of 8-bit characters required in a password
5449
5450
5451       --pwdmaxrepeats PWDMAXREPEATS
5452              The  maximum  number  of  times  the  same  character can appear
5453              sequentially in the
5454              password
5455
5456
5457       --pwdpalindrome PWDPALINDROME
5458              Set to "on" to reject passwords that are palindromes
5459
5460
5461       --pwdmaxseq PWDMAXSEQ
5462              The maximum number of allowed monotonic character sequences in a
5463              password
5464
5465
5466       --pwdmaxseqsets PWDMAXSEQSETS
5467              The maximum number of allowed monotonic character sequences that
5468              can be
5469              duplicated in a password
5470
5471
5472       --pwdmaxclasschars PWDMAXCLASSCHARS
5473              The maximum number of sequential characters from the same  char‐
5474              acter class that
5475              is allowed in a password
5476
5477
5478       --pwdmincatagories PWDMINCATAGORIES
5479              The minimum number of syntax catagory checks
5480
5481
5482       --pwdmintokenlen PWDMINTOKENLEN
5483              Sets  the smallest attribute value length that is used for triv‐
5484              ial/user words
5485              checking. This also impacts "--pwduserattrs"
5486
5487
5488       --pwdbadwords PWDBADWORDS
5489              A space-separated list of words that can not be in a password
5490
5491
5492       --pwduserattrs PWDUSERATTRS
5493              A space-separated list of attributes whose values can not appear
5494              in the
5495              password (See "--pwdmintokenlen")
5496
5497
5498       --pwddictcheck PWDDICTCHECK
5499              Set to "on" to enfore CrackLib dictionary checking
5500
5501
5502       --pwddictpath PWDDICTPATH
5503              Filesystem path to specific/custom CrackLib dictionary files
5504
5505

OPTIONS 'dsconf localpwp addsubtree'

5507       usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5508                                                  [--pwdchange PWDCHANGE]
5509                                                  [--pwdmustchange        PWD‐
5510       MUSTCHANGE]
5511                                                  [--pwdhistory PWDHISTORY]
5512                                                  [--pwdhistorycount PWDHISTO‐
5513       RYCOUNT]
5514                                                  [--pwdadmin PWDADMIN]
5515                                                  [--pwdtrack PWDTRACK]
5516                                                  [--pwdwarning PWDWARNING]
5517                                                  [--pwdexpire PWDEXPIRE]
5518                                                  [--pwdmaxage PWDMAXAGE]
5519                                                  [--pwdminage PWDMINAGE]
5520                                                  [--pwdgracelimit   PWDGRACE‐
5521       LIMIT]
5522                                                  [--pwdsendexpiring  PWDSEND‐
5523       EXPIRING]
5524                                                  [--pwdlockout PWDLOCKOUT]
5525                                                  [--pwdunlock PWDUNLOCK]
5526                                                  [--pwdlockoutduration   PWD‐
5527       LOCKOUTDURATION]
5528                                                  [--pwdmaxfailures    PWDMAX‐
5529       FAILURES]
5530                                                  [--pwdresetfailcount
5531       PWDRESETFAILCOUNT]
5532                                                  [--pwdchecksyntax       PWD‐
5533       CHECKSYNTAX]
5534                                                  [--pwdminlen PWDMINLEN]
5535                                                  [--pwdmindigits   PWDMINDIG‐
5536       ITS]
5537                                                  [--pwdminalphas    PWDMINAL‐
5538       PHAS]
5539                                                  [--pwdminuppers    PWDMINUP‐
5540       PERS]
5541                                                  [--pwdminlowers   PWDMINLOW‐
5542       ERS]
5543                                                  [--pwdminspecials PWDMINSPE‐
5544       CIALS]
5545                                                  [--pwdmin8bits PWDMIN8BITS]
5546                                                  [--pwdmaxrepeats   PWDMAXRE‐
5547       PEATS]
5548                                                  [--pwdpalindrome   PWDPALIN‐
5549       DROME]
5550                                                  [--pwdmaxseq PWDMAXSEQ]
5551                                                  [--pwdmaxseqsets   PWDMAXSE‐
5552       QSETS]
5553                                                  [--pwdmaxclasschars  PWDMAX‐
5554       CLASSCHARS]
5555                                                  [--pwdmincatagories  PWDMIN‐
5556       CATAGORIES]
5557                                                  [--pwdmintokenlen  PWDMINTO‐
5558       KENLEN]
5559                                                  [--pwdbadwords PWDBADWORDS]
5560                                                  [--pwduserattrs   PWDUSERAT‐
5561       TRS]
5562                                                  [--pwddictcheck         PWD‐
5563       DICTCHECK]
5564                                                  [--pwddictpath PWDDICTPATH]
5565                                                  DN
5566
5567
5568       DN     Add/replace the subtree policy for this entry DN
5569
5570
5571       --pwdscheme PWDSCHEME
5572              The password storage scheme
5573
5574
5575       --pwdchange PWDCHANGE
5576              Allow users to change their passwords
5577
5578
5579       --pwdmustchange PWDMUSTCHANGE
5580              User must change their passwrod after it is reset by an Adminis‐
5581              trator
5582
5583
5584       --pwdhistory PWDHISTORY
5585              To enable password history set this to "on", otherwise "off"
5586
5587
5588       --pwdhistorycount PWDHISTORYCOUNT
5589              The number of password to keep in history
5590
5591
5592       --pwdadmin PWDADMIN
5593              The  DN  of an entry or a group of account that can bypass pass‐
5594              word policy
5595              constraints
5596
5597
5598       --pwdtrack PWDTRACK
5599              Set to "on" to track the time the password was last changed
5600
5601
5602       --pwdwarning PWDWARNING
5603              Send an expiring warning if password expires  within  this  time
5604              (in seconds)
5605
5606
5607       --pwdexpire PWDEXPIRE
5608              Set to "on" to enable password expiration
5609
5610
5611       --pwdmaxage PWDMAXAGE
5612              The password expiration time in seconds
5613
5614
5615       --pwdminage PWDMINAGE
5616              The  number  of  seconds that must pass before a user can change
5617              their password
5618
5619
5620       --pwdgracelimit PWDGRACELIMIT
5621              The number of allowed logins after the password has expired
5622
5623
5624       --pwdsendexpiring PWDSENDEXPIRING
5625              Set to "on" to always send the expiring  control  regardless  of
5626              the warning
5627              period
5628
5629
5630       --pwdlockout PWDLOCKOUT
5631              Set to "on" to enable account lockout
5632
5633
5634       --pwdunlock PWDUNLOCK
5635              Set  to  "on"  to  allow an account to become unlocked after the
5636              lockout duration
5637
5638
5639       --pwdlockoutduration PWDLOCKOUTDURATION
5640              The number of seconds an account stays locked out
5641
5642
5643       --pwdmaxfailures PWDMAXFAILURES
5644              The maximum number of allowed failed  password  attempts  before
5645              the account gets
5646              locked
5647
5648
5649       --pwdresetfailcount PWDRESETFAILCOUNT
5650              The  number  of seconds to wait before reducing the failed login
5651              count on an
5652              account
5653
5654
5655       --pwdchecksyntax PWDCHECKSYNTAX
5656              Set to "on" to Enable password syntax checking
5657
5658
5659       --pwdminlen PWDMINLEN
5660              The minimum number of characters required in a password
5661
5662
5663       --pwdmindigits PWDMINDIGITS
5664              The minimum number of digit/number characters in a password
5665
5666
5667       --pwdminalphas PWDMINALPHAS
5668              The minimum number of alpha characters required in a password
5669
5670
5671       --pwdminuppers PWDMINUPPERS
5672              The minimum number of uppercase characters required in  a  pass‐
5673              word
5674
5675
5676       --pwdminlowers PWDMINLOWERS
5677              The  minimum  number of lowercase characters required in a pass‐
5678              word
5679
5680
5681       --pwdminspecials PWDMINSPECIALS
5682              The minimum number of special characters required in a password
5683
5684
5685       --pwdmin8bits PWDMIN8BITS
5686              The minimum number of 8-bit characters required in a password
5687
5688
5689       --pwdmaxrepeats PWDMAXREPEATS
5690              The maximum number  of  times  the  same  character  can  appear
5691              sequentially in the
5692              password
5693
5694
5695       --pwdpalindrome PWDPALINDROME
5696              Set to "on" to reject passwords that are palindromes
5697
5698
5699       --pwdmaxseq PWDMAXSEQ
5700              The maximum number of allowed monotonic character sequences in a
5701              password
5702
5703
5704       --pwdmaxseqsets PWDMAXSEQSETS
5705              The maximum number of allowed monotonic character sequences that
5706              can be
5707              duplicated in a password
5708
5709
5710       --pwdmaxclasschars PWDMAXCLASSCHARS
5711              The  maximum number of sequential characters from the same char‐
5712              acter class that
5713              is allowed in a password
5714
5715
5716       --pwdmincatagories PWDMINCATAGORIES
5717              The minimum number of syntax catagory checks
5718
5719
5720       --pwdmintokenlen PWDMINTOKENLEN
5721              Sets the smallest attribute value length that is used for  triv‐
5722              ial/user words
5723              checking. This also impacts "--pwduserattrs"
5724
5725
5726       --pwdbadwords PWDBADWORDS
5727              A space-separated list of words that can not be in a password
5728
5729
5730       --pwduserattrs PWDUSERATTRS
5731              A space-separated list of attributes whose values can not appear
5732              in the
5733              password (See "--pwdmintokenlen")
5734
5735
5736       --pwddictcheck PWDDICTCHECK
5737              Set to "on" to enfore CrackLib dictionary checking
5738
5739
5740       --pwddictpath PWDDICTPATH
5741              Filesystem path to specific/custom CrackLib dictionary files
5742
5743
5744

OPTIONS 'dsconf replication'

5746       usage: dsconf instance replication [-h]
5747                                          {enable,disable,get-ruv,list,sta‐
5748       tus,winsync-status,promote,create-manager,delete-man‐
5749       ager,demote,get,create-changelog,delete-changelog,set-changelog,get-
5750       changelog,dump-changelog,set,monitor}
5751                                          ...
5752
5753
5754   Sub-commands
5755       dsconf replication enable
5756              Enable replication for a suffix
5757
5758       dsconf replication disable
5759              Disable replication for a suffix
5760
5761       dsconf replication get-ruv
5762              Get the database RUV entry for his suffix
5763
5764       dsconf replication list
5765              List all the replicated suffixes
5766
5767       dsconf replication status
5768              Get the current status of all the replication agreements
5769
5770       dsconf replication winsync-status
5771              Get the current status of all the replication agreements
5772
5773       dsconf replication promote
5774              Promte replica to a Hub or Master
5775
5776       dsconf replication create-manager
5777              Create a replication manager entry
5778
5779       dsconf replication delete-manager
5780              Delete a replication manager entry
5781
5782       dsconf replication demote
5783              Demote replica to a Hub or Consumer
5784
5785       dsconf replication get
5786              Get replication configuration
5787
5788       dsconf replication create-changelog
5789              Create the replication changelog
5790
5791       dsconf replication delete-changelog
5792              Delete  the  replication  changelog.   This  will invalidate any
5793              existing replication agreements
5794
5795       dsconf replication set-changelog
5796              Set replication changelog attributes.
5797
5798       dsconf replication get-changelog
5799              Display replication changelog attributes.
5800
5801       dsconf replication dump-changelog
5802              Decode Directory Server replication change log and dump it to an
5803              LDIF
5804
5805       dsconf replication set
5806              Set an attribute in the replication configuration
5807
5808       dsconf replication monitor
5809              Get the full replication topology report
5810

OPTIONS 'dsconf replication enable'

5812       usage:  dsconf  instance replication enable [-h] --suffix SUFFIX --role
5813       ROLE
5814                                                 [--replica-id REPLICA_ID]
5815                                                 [--bind-group-dn
5816       BIND_GROUP_DN]
5817                                                 [--bind-dn BIND_DN]
5818                                                 [--bind-passwd BIND_PASSWD]
5819
5820
5821
5822       --suffix SUFFIX
5823              The DN of the suffix to be enabled for replication
5824
5825
5826       --role ROLE
5827              The Replication role: "master", "hub", or "consumer"
5828
5829
5830       --replica-id REPLICA_ID
5831              The replication identifier for a "master". Values range from 1 -
5832              65534
5833
5834
5835       --bind-group-dn BIND_GROUP_DN
5836              A group entry DN containing members that are "bind/supplier" DNs
5837
5838
5839       --bind-dn BIND_DN
5840              The Bind or Supplier DN that can make replication updates
5841
5842
5843       --bind-passwd BIND_PASSWD
5844              Password for replication manager(--bind-dn).  This  will  create
5845              the manager
5846              entry if a value is set
5847
5848

OPTIONS 'dsconf replication disable'

5850       usage: dsconf instance replication disable [-h] --suffix SUFFIX
5851
5852
5853
5854       --suffix SUFFIX
5855              The DN of the suffix to have replication disabled
5856
5857

OPTIONS 'dsconf replication get-ruv'

5859       usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX
5860
5861
5862
5863       --suffix SUFFIX
5864              The DN of the replicated suffix
5865
5866

OPTIONS 'dsconf replication list'

5868       usage: dsconf instance replication list [-h]
5869
5870
5871
5872

OPTIONS 'dsconf replication status'

5874       usage: dsconf instance replication status [-h] --suffix SUFFIX
5875                                                 [--bind-dn BIND_DN]
5876                                                 [--bind-passwd BIND_PASSWD]
5877
5878
5879
5880       --suffix SUFFIX
5881              The DN of the replication suffix
5882
5883
5884       --bind-dn BIND_DN
5885              The DN to use to authenticate to the consumer
5886
5887
5888       --bind-passwd BIND_PASSWD
5889              The password for the bind DN
5890
5891

OPTIONS 'dsconf replication winsync-status'

5893       usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX
5894                                                         [--bind-dn BIND_DN]
5895                                                         [--bind-passwd
5896       BIND_PASSWD]
5897
5898
5899
5900       --suffix SUFFIX
5901              The DN of the replication suffix
5902
5903
5904       --bind-dn BIND_DN
5905              The DN to use to authenticate to the consumer
5906
5907
5908       --bind-passwd BIND_PASSWD
5909              The password for the bind DN
5910
5911

OPTIONS 'dsconf replication promote'

5913       usage: dsconf instance replication promote [-h] --suffix SUFFIX  --new‐
5914       role
5915                                                  NEWROLE        [--replica-id
5916       REPLICA_ID]
5917                                                  [--bind-group-dn
5918       BIND_GROUP_DN]
5919                                                  [--bind-dn BIND_DN]
5920
5921
5922
5923       --suffix SUFFIX
5924              The DN of the replication suffix to promote
5925
5926
5927       --newrole NEWROLE
5928              Promote this replica to a "hub" or "master"
5929
5930
5931       --replica-id REPLICA_ID
5932              The replication identifier for a "master". Values range from 1 -
5933              65534
5934
5935
5936       --bind-group-dn BIND_GROUP_DN
5937              A group entry DN containing members that are "bind/supplier" DNs
5938
5939
5940       --bind-dn BIND_DN
5941              The Bind or Supplier DN that can make replication updates
5942
5943

OPTIONS 'dsconf replication create-manager'

5945       usage: dsconf instance replication create-manager [-h] [--name NAME]
5946                                                         [--passwd PASSWD]
5947                                                         [--suffix SUFFIX]
5948
5949
5950
5951       --name NAME
5952              The NAME of the new replication manager entry. For  example,  if
5953              the NAME is
5954              "replication  manager"  then the new manager entry's DN would be
5955              "cn=replication
5956              manager,cn=config".
5957
5958
5959       --passwd PASSWD
5960              Password for replication manager. If not provided, you  will  be
5961              prompted for
5962              the password
5963
5964
5965       --suffix SUFFIX
5966              The DN of the replication suffix whose replication configuration
5967              you want to
5968              add this new manager to (OPTIONAL)
5969
5970

OPTIONS 'dsconf replication delete-manager'

5972       usage: dsconf instance replication delete-manager [-h] [--name NAME]
5973                                                         [--suffix SUFFIX]
5974
5975
5976
5977       --name NAME
5978              The NAME of  the  replication  manager  entry  under  cn=config:
5979              "cn=NAME,cn=config"
5980
5981
5982       --suffix SUFFIX
5983              The DN of the replication suffix whose replication configuration
5984              you want to
5985              remove this manager from (OPTIONAL)
5986
5987

OPTIONS 'dsconf replication demote'

5989       usage: dsconf instance replication demote [-h] --suffix  SUFFIX  --new‐
5990       role
5991                                                 NEWROLE
5992
5993
5994
5995       --suffix SUFFIX
5996              Promte this replica to a "hub" or "consumer"
5997
5998
5999       --newrole NEWROLE
6000              The Replication role: "hub", or "consumer"
6001
6002

OPTIONS 'dsconf replication get'

6004       usage: dsconf instance replication get [-h] --suffix SUFFIX
6005
6006
6007
6008       --suffix SUFFIX
6009              Get the replication configuration for this suffix DN
6010
6011

OPTIONS 'dsconf replication create-changelog'

6013       usage: dsconf instance replication create-changelog [-h]
6014
6015
6016
6017

OPTIONS 'dsconf replication delete-changelog'

6019       usage: dsconf instance replication delete-changelog [-h]
6020
6021
6022
6023

OPTIONS 'dsconf replication set-changelog'

6025       usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR]
6026                                                        [--max-entries
6027       MAX_ENTRIES]
6028                                                        [--max-age MAX_AGE]
6029                                                        [--compact-interval
6030       COMPACT_INTERVAL]
6031                                                        [--trim-interval
6032       TRIM_INTERVAL]
6033
6034
6035
6036       --cl-dir CL_DIR
6037              The replication changelog location on the filesystem
6038
6039
6040       --max-entries MAX_ENTRIES
6041              The  maximum  number  of  entries  to  get  in  the  replication
6042              changelog
6043
6044
6045       --max-age MAX_AGE
6046              The maximum age of a replication changelog entry
6047
6048
6049       --compact-interval COMPACT_INTERVAL
6050              The replication changelog compaction interval
6051
6052
6053       --trim-interval TRIM_INTERVAL
6054              The  interval  to  check  if  the  replication  changelog can be
6055              trimmed
6056
6057

OPTIONS 'dsconf replication get-changelog'

6059       usage: dsconf instance replication get-changelog [-h]
6060
6061
6062
6063

OPTIONS 'dsconf replication dump-changelog'

6065       usage: dsconf instance replication dump-changelog [-h] [-c] [-l]
6066                                                         [-i CHANGELOG_LDIF]
6067                                                         [-o OUTPUT_FILE]
6068                                                         [-r     REPLICA_ROOTS
6069       [REPLICA_ROOTS ...]]
6070
6071
6072
6073       -c, --csn-only
6074              Dump  and  interpret  CSN  only. This option can be used with or
6075              without -i
6076              option.
6077
6078
6079       -l, --preserve-ldif-done
6080              Preserve generated ldif.done files from changelogdir.
6081
6082
6083       -i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF
6084              If you already have a ldif-like changelog, but  the  changes  in
6085              that file are
6086              encoded,  you  may  use  this  option  to  decode that ldif-like
6087              changelog. It should
6088              be base64 encoded.
6089
6090
6091       -o OUTPUT_FILE, --output-file OUTPUT_FILE
6092              Path name for the final result. Default to STDOUT if omitted.
6093
6094
6095       -r REPLICA_ROOTS  [REPLICA_ROOTS  ...],  --replica-roots  REPLICA_ROOTS
6096       [REPLICA_ROOTS ...]
6097              Specify  replica  roots  whose  changelog  you want to dump. The
6098              replica roots may
6099              be seperated by comma. All the replica roots would be dumped  if
6100              the option is
6101              omitted.
6102
6103

OPTIONS 'dsconf replication set'

6105       usage: dsconf instance replication set [-h] --suffix SUFFIX
6106                                              [--replica-id REPLICA_ID]
6107                                              [--replica-role REPLICA_ROLE]
6108                                              [--repl-add-bind-dn
6109       REPL_ADD_BIND_DN]
6110                                              [--repl-del-bind-dn
6111       REPL_DEL_BIND_DN]
6112                                              [--repl-add-ref REPL_ADD_REF]
6113                                              [--repl-del-ref REPL_DEL_REF]
6114                                              [--repl-purge-delay
6115       REPL_PURGE_DELAY]
6116                                              [--repl-tombstone-purge-interval
6117       REPL_TOMBSTONE_PURGE_INTERVAL]
6118                                              [--repl-fast-tombstone-purging
6119       REPL_FAST_TOMBSTONE_PURGING]
6120                                              [--repl-bind-group
6121       REPL_BIND_GROUP]
6122                                              [--repl-bind-group-interval
6123       REPL_BIND_GROUP_INTERVAL]
6124                                              [--repl-protocol-timeout
6125       REPL_PROTOCOL_TIMEOUT]
6126                                              [--repl-backoff-max   REPL_BACK‐
6127       OFF_MAX]
6128                                              [--repl-backoff-min   REPL_BACK‐
6129       OFF_MIN]
6130                                              [--repl-release-timeout
6131       REPL_RELEASE_TIMEOUT]
6132
6133
6134
6135       --suffix SUFFIX
6136              The DN of the replication suffix
6137
6138
6139       --replica-id REPLICA_ID
6140              The Replication Identifier number
6141
6142
6143       --replica-role REPLICA_ROLE
6144              The Replication role: master, hub, or consumer
6145
6146
6147       --repl-add-bind-dn REPL_ADD_BIND_DN
6148              Add a bind (supplier) DN
6149
6150
6151       --repl-del-bind-dn REPL_DEL_BIND_DN
6152              Remove a bind (supplier) DN
6153
6154
6155       --repl-add-ref REPL_ADD_REF
6156              Add a replication referral (for consumers only)
6157
6158
6159       --repl-del-ref REPL_DEL_REF
6160              Remove a replication referral (for conusmers only)
6161
6162
6163       --repl-purge-delay REPL_PURGE_DELAY
6164              The replication purge delay
6165
6166
6167       --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
6168              The interval in seconds to check  for  tombstones  that  can  be
6169              purged
6170
6171
6172       --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
6173              Set to "on" to improve tombstone purging performance
6174
6175
6176       --repl-bind-group REPL_BIND_GROUP
6177              A group entry DN containing members that are "bind/supplier" DNs
6178
6179
6180       --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
6181              An  interval  in  seconds  to  check  if the bind group has been
6182              updated
6183
6184
6185       --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
6186              A timeout in seconds on how long to wait before stopping  repli‐
6187              cation when the
6188              server is under load
6189
6190
6191       --repl-backoff-max REPL_BACKOFF_MAX
6192              The  maximum time in seconds a replication agreement should stay
6193              in a backoff
6194              state while waiting to acquire the consumer. Default is 300 sec‐
6195              onds
6196
6197
6198       --repl-backoff-min REPL_BACKOFF_MIN
6199              The starting time in seconds a replication agreement should stay
6200              in a backoff
6201              state while waiting to acquire the consumer. Default is  3  sec‐
6202              onds
6203
6204
6205       --repl-release-timeout REPL_RELEASE_TIMEOUT
6206              A  timeout  in  seconds a replication master should send updates
6207              before it yields
6208              its replication session
6209
6210

OPTIONS 'dsconf replication monitor'

6212       usage: dsconf instance replication monitor [-h]
6213                                                  [-c  [CONNECTIONS   [CONNEC‐
6214       TIONS ...]]]
6215                                                  [-a [ALIASES [ALIASES ...]]]
6216
6217
6218
6219       -c [CONNECTIONS [CONNECTIONS ...]], --connections [CONNECTIONS [CONNEC‐
6220       TIONS ...]]
6221              The connection values for monitoring other not connected topolo‐
6222              gies. The
6223              format:  'host:port:binddn:bindpwd'.  You can use regex for host
6224              and port. You
6225              can set bindpwd to * and it will be requested at the runtime  or
6226              you can
6227              include  the  path  to  the  password  file in square brackets -
6228              [~/pwd.txt]
6229
6230
6231       -a [ALIASES [ALIASES ...]], --aliases [ALIASES [ALIASES ...]]
6232              If a host:port is assigned an alias, then the alias  instead  of
6233              host:port will
6234              be displayed in the output. The format: alias=host:port
6235
6236
6237

OPTIONS 'dsconf repl-agmt'

6239       usage: dsconf instance repl-agmt [-h]
6240                                        {list,enable,disable,init,init-sta‐
6241       tus,poke,status,delete,create,set,get}
6242                                        ...
6243
6244
6245   Sub-commands
6246       dsconf repl-agmt list
6247              List all the replication agreements
6248
6249       dsconf repl-agmt enable
6250              Enable replication agreement
6251
6252       dsconf repl-agmt disable
6253              Disable replication agreement
6254
6255       dsconf repl-agmt init
6256              Initialize replication agreement
6257
6258       dsconf repl-agmt init-status
6259              Check the agreement initialization status
6260
6261       dsconf repl-agmt poke
6262              Trigger replication to send updates now
6263
6264       dsconf repl-agmt status
6265              Get the current status of the replication agreement
6266
6267       dsconf repl-agmt delete
6268              Delete replication agreement
6269
6270       dsconf repl-agmt create
6271              Initialize replication agreement
6272
6273       dsconf repl-agmt set
6274              Set an attribute in the replication agreement
6275
6276       dsconf repl-agmt get
6277              Get replication configuration
6278

OPTIONS 'dsconf repl-agmt list'

6280       usage: dsconf instance repl-agmt list  [-h]  --suffix  SUFFIX  [--entry
6281       ENTRY]
6282
6283
6284
6285       --suffix SUFFIX
6286              The DN of the suffix to look up replication agreements
6287
6288
6289       --entry ENTRY
6290              Return the entire entry for each agreement
6291
6292

OPTIONS 'dsconf repl-agmt enable'

6294       usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
6295
6296
6297       AGMT_NAME
6298              The name of the replication agreement
6299
6300
6301       --suffix SUFFIX
6302              The DN of the replication suffix
6303
6304

OPTIONS 'dsconf repl-agmt disable'

6306       usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
6307
6308
6309       AGMT_NAME
6310              The name of the replication agreement
6311
6312
6313       --suffix SUFFIX
6314              The DN of the replication suffix
6315
6316

OPTIONS 'dsconf repl-agmt init'

6318       usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
6319
6320
6321       AGMT_NAME
6322              The name of the replication agreement
6323
6324
6325       --suffix SUFFIX
6326              The DN of the replication suffix
6327
6328

OPTIONS 'dsconf repl-agmt init-status'

6330       usage:  dsconf  instance  repl-agmt  init-status  [-h]  --suffix SUFFIX
6331       AGMT_NAME
6332
6333
6334       AGMT_NAME
6335              The name of the replication agreement
6336
6337
6338       --suffix SUFFIX
6339              The DN of the replication suffix
6340
6341

OPTIONS 'dsconf repl-agmt poke'

6343       usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
6344
6345
6346       AGMT_NAME
6347              The name of the replication agreement
6348
6349
6350       --suffix SUFFIX
6351              The DN of the replication suffix
6352
6353

OPTIONS 'dsconf repl-agmt status'

6355       usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
6356                                               [--bind-dn BIND_DN]
6357                                               [--bind-passwd BIND_PASSWD]
6358                                               AGMT_NAME
6359
6360
6361       AGMT_NAME
6362              The name of the replication agreement
6363
6364
6365       --suffix SUFFIX
6366              The DN of the replication suffix
6367
6368
6369       --bind-dn BIND_DN
6370              The DN to use to authenticate to the consumer
6371
6372
6373       --bind-passwd BIND_PASSWD
6374              The password for the bind DN
6375
6376

OPTIONS 'dsconf repl-agmt delete'

6378       usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6379
6380
6381       AGMT_NAME
6382              The name of the replication agreement
6383
6384
6385       --suffix SUFFIX
6386              The DN of the replication suffix
6387
6388

OPTIONS 'dsconf repl-agmt create'

6390       usage: dsconf instance repl-agmt create  [-h]  --suffix  SUFFIX  --host
6391       HOST
6392                                               --port PORT --conn-protocol
6393                                               CONN_PROTOCOL        [--bind-dn
6394       BIND_DN]
6395                                               [--bind-passwd BIND_PASSWD]
6396                                               --bind-method BIND_METHOD
6397                                               [--frac-list FRAC_LIST]
6398                                               [--frac-list-total
6399       FRAC_LIST_TOTAL]
6400                                               [--strip-list STRIP_LIST]
6401                                               [--schedule SCHEDULE]
6402                                               [--conn-timeout CONN_TIMEOUT]
6403                                               [--protocol-timeout      PROTO‐
6404       COL_TIMEOUT]
6405                                               [--wait-async-results
6406       WAIT_ASYNC_RESULTS]
6407                                               [--busy-wait-time
6408       BUSY_WAIT_TIME]
6409                                               [--session-pause-time      SES‐
6410       SION_PAUSE_TIME]
6411                                               [--flow-control-window
6412       FLOW_CONTROL_WINDOW]
6413                                               [--flow-control-pause FLOW_CON‐
6414       TROL_PAUSE]
6415                                               [--init]
6416                                               AGMT_NAME
6417
6418
6419       AGMT_NAME
6420              The name of the replication agreement
6421
6422
6423       --suffix SUFFIX
6424              The DN of the replication suffix
6425
6426
6427       --host HOST
6428              The hostname of the remote replica
6429
6430
6431       --port PORT
6432              The port number of the remote replica
6433
6434
6435       --conn-protocol CONN_PROTOCOL
6436              The replication connection protocol: LDAP, LDAPS, or StartTLS
6437
6438
6439       --bind-dn BIND_DN
6440              The Bind DN the agreement uses to authenticate to the replica
6441
6442
6443       --bind-passwd BIND_PASSWD
6444              The credentials for the Bind DN
6445
6446
6447       --bind-method BIND_METHOD
6448              The  bind  method:  "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6449              "SASL/GSSAPI"
6450
6451
6452       --frac-list FRAC_LIST
6453              List of attributes to  NOT  replicate  to  the  consumer  during
6454              incremental updates
6455
6456
6457       --frac-list-total FRAC_LIST_TOTAL
6458              List  of  attributes to NOT replicate during a total initializa‐
6459              tion
6460
6461
6462       --strip-list STRIP_LIST
6463              A list of attributes that are removed from updates only  if  the
6464              event would
6465              otherwise be empty. Typically this is set to "modifiersname" and
6466              "modifytimestmap"
6467
6468
6469       --schedule SCHEDULE
6470              Sets  the  replication  update schedule: 'HHMM-HHMM DDDDDDD' D =
6471              0-6 (Sunday -
6472              Saturday).
6473
6474
6475       --conn-timeout CONN_TIMEOUT
6476              The timeout used for replicaton connections
6477
6478
6479       --protocol-timeout PROTOCOL_TIMEOUT
6480              A timeout in seconds on how long to wait before stopping  repli‐
6481              cation when the
6482              server is under load
6483
6484
6485       --wait-async-results WAIT_ASYNC_RESULTS
6486              The  amount of time in milliseconds the server waits if the con‐
6487              sumer is not
6488              ready before resending data
6489
6490
6491       --busy-wait-time BUSY_WAIT_TIME
6492              The amount of time in seconds a supplier  should  wait  after  a
6493              consumer sends
6494              back  a  busy  response before making another attempt to acquire
6495              access.
6496
6497
6498       --session-pause-time SESSION_PAUSE_TIME
6499              The amount of time in seconds a  supplier  should  wait  between
6500              update sessions.
6501
6502
6503       --flow-control-window FLOW_CONTROL_WINDOW
6504              Sets  the  maximum  number of entries and updates sent by a sup‐
6505              plier, which are
6506              not acknowledged by the consumer.
6507
6508
6509       --flow-control-pause FLOW_CONTROL_PAUSE
6510              The time in milliseconds to pause after reaching the  number  of
6511              entries and
6512              updates set in "--flow-control-window"
6513
6514
6515       --init Initialize the agreement after creating it.
6516
6517

OPTIONS 'dsconf repl-agmt set'

6519       usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6520                                            [--port PORT]
6521                                            [--conn-protocol CONN_PROTOCOL]
6522                                            [--bind-dn BIND_DN]
6523                                            [--bind-passwd BIND_PASSWD]
6524                                            [--bind-method BIND_METHOD]
6525                                            [--frac-list FRAC_LIST]
6526                                            [--frac-list-total
6527       FRAC_LIST_TOTAL]
6528                                            [--strip-list STRIP_LIST]
6529                                            [--schedule SCHEDULE]
6530                                            [--conn-timeout CONN_TIMEOUT]
6531                                            [--protocol-timeout PROTOCOL_TIME‐
6532       OUT]
6533                                            [--wait-async-results
6534       WAIT_ASYNC_RESULTS]
6535                                            [--busy-wait-time BUSY_WAIT_TIME]
6536                                            [--session-pause-time         SES‐
6537       SION_PAUSE_TIME]
6538                                            [--flow-control-window   FLOW_CON‐
6539       TROL_WINDOW]
6540                                            [--flow-control-pause    FLOW_CON‐
6541       TROL_PAUSE]
6542                                            AGMT_NAME
6543
6544
6545       AGMT_NAME
6546              The name of the replication agreement
6547
6548
6549       --suffix SUFFIX
6550              The DN of the replication suffix
6551
6552
6553       --host HOST
6554              The hostname of the remote replica
6555
6556
6557       --port PORT
6558              The port number of the remote replica
6559
6560
6561       --conn-protocol CONN_PROTOCOL
6562              The replication connection protocol: LDAP, LDAPS, or StartTLS
6563
6564
6565       --bind-dn BIND_DN
6566              The Bind DN the agreement uses to authenticate to the replica
6567
6568
6569       --bind-passwd BIND_PASSWD
6570              The credentials for the Bind DN
6571
6572
6573       --bind-method BIND_METHOD
6574              The  bind  method:  "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6575              "SASL/GSSAPI"
6576
6577
6578       --frac-list FRAC_LIST
6579              List of attributes to  NOT  replicate  to  the  consumer  during
6580              incremental updates
6581
6582
6583       --frac-list-total FRAC_LIST_TOTAL
6584              List  of  attributes to NOT replicate during a total initializa‐
6585              tion
6586
6587
6588       --strip-list STRIP_LIST
6589              A list of attributes that are removed from updates only  if  the
6590              event would
6591              otherwise be empty. Typically this is set to "modifiersname" and
6592              "modifytimestmap"
6593
6594
6595       --schedule SCHEDULE
6596              Sets  the  replication  update schedule: 'HHMM-HHMM DDDDDDD' D =
6597              0-6 (Sunday -
6598              Saturday).
6599
6600
6601       --conn-timeout CONN_TIMEOUT
6602              The timeout used for replicaton connections
6603
6604
6605       --protocol-timeout PROTOCOL_TIMEOUT
6606              A timeout in seconds on how long to wait before stopping  repli‐
6607              cation when the
6608              server is under load
6609
6610
6611       --wait-async-results WAIT_ASYNC_RESULTS
6612              The  amount of time in milliseconds the server waits if the con‐
6613              sumer is not
6614              ready before resending data
6615
6616
6617       --busy-wait-time BUSY_WAIT_TIME
6618              The amount of time in seconds a supplier  should  wait  after  a
6619              consumer sends
6620              back  a  busy  response before making another attempt to acquire
6621              access.
6622
6623
6624       --session-pause-time SESSION_PAUSE_TIME
6625              The amount of time in seconds a  supplier  should  wait  between
6626              update sessions.
6627
6628
6629       --flow-control-window FLOW_CONTROL_WINDOW
6630              Sets  the  maximum  number of entries and updates sent by a sup‐
6631              plier, which are
6632              not acknowledged by the consumer.
6633
6634
6635       --flow-control-pause FLOW_CONTROL_PAUSE
6636              The time in milliseconds to pause after reaching the  number  of
6637              entries and
6638              updates set in "--flow-control-window"
6639
6640

OPTIONS 'dsconf repl-agmt get'

6642       usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
6643
6644
6645       AGMT_NAME
6646              Get the replication configuration for this suffix DN
6647
6648
6649       --suffix SUFFIX
6650              The DN of the replication suffix
6651
6652
6653

OPTIONS 'dsconf repl-winsync-agmt'

6655       usage: dsconf instance repl-winsync-agmt [-h]
6656                                                {list,enable,dis‐
6657       able,init,init-status,poke,status,delete,create,set,get}
6658                                                ...
6659
6660
6661   Sub-commands
6662       dsconf repl-winsync-agmt list
6663              List all the replication winsync agreements
6664
6665       dsconf repl-winsync-agmt enable
6666              Enable replication winsync agreement
6667
6668       dsconf repl-winsync-agmt disable
6669              Disable replication winsync agreement
6670
6671       dsconf repl-winsync-agmt init
6672              Initialize replication winsync agreement
6673
6674       dsconf repl-winsync-agmt init-status
6675              Check the agreement initialization status
6676
6677       dsconf repl-winsync-agmt poke
6678              Trigger replication to send updates now
6679
6680       dsconf repl-winsync-agmt status
6681              Get the current status of the replication agreement
6682
6683       dsconf repl-winsync-agmt delete
6684              Delete replication winsync agreement
6685
6686       dsconf repl-winsync-agmt create
6687              Initialize replication winsync agreement
6688
6689       dsconf repl-winsync-agmt set
6690              Set an attribute in the replication winsync agreement
6691
6692       dsconf repl-winsync-agmt get
6693              Get replication configuration
6694

OPTIONS 'dsconf repl-winsync-agmt list'

6696       usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
6697
6698
6699
6700       --suffix SUFFIX
6701              The DN of the suffix to look up replication winsync agreements
6702
6703

OPTIONS 'dsconf repl-winsync-agmt enable'

6705       usage: dsconf instance repl-winsync-agmt enable  [-h]  --suffix  SUFFIX
6706       AGMT_NAME
6707
6708
6709       AGMT_NAME
6710              The name of the replication winsync agreement
6711
6712
6713       --suffix SUFFIX
6714              The DN of the replication winsync suffix
6715
6716

OPTIONS 'dsconf repl-winsync-agmt disable'

6718       usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
6719                                                        AGMT_NAME
6720
6721
6722       AGMT_NAME
6723              The name of the replication winsync agreement
6724
6725
6726       --suffix SUFFIX
6727              The DN of the replication winsync suffix
6728
6729

OPTIONS 'dsconf repl-winsync-agmt init'

6731       usage:  dsconf  instance  repl-winsync-agmt  init  [-h] --suffix SUFFIX
6732       AGMT_NAME
6733
6734
6735       AGMT_NAME
6736              The name of the replication winsync agreement
6737
6738
6739       --suffix SUFFIX
6740              The DN of the replication winsync suffix
6741
6742

OPTIONS 'dsconf repl-winsync-agmt init-status'

6744       usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
6745       FIX
6746                                                            AGMT_NAME
6747
6748
6749       AGMT_NAME
6750              The name of the replication agreement
6751
6752
6753       --suffix SUFFIX
6754              The DN of the replication suffix
6755
6756

OPTIONS 'dsconf repl-winsync-agmt poke'

6758       usage:  dsconf  instance  repl-winsync-agmt  poke  [-h] --suffix SUFFIX
6759       AGMT_NAME
6760
6761
6762       AGMT_NAME
6763              The name of the replication winsync agreement
6764
6765
6766       --suffix SUFFIX
6767              The DN of the replication winsync suffix
6768
6769

OPTIONS 'dsconf repl-winsync-agmt status'

6771       usage: dsconf instance repl-winsync-agmt status  [-h]  --suffix  SUFFIX
6772       AGMT_NAME
6773
6774
6775       AGMT_NAME
6776              The name of the replication agreement
6777
6778
6779       --suffix SUFFIX
6780              The DN of the replication suffix
6781
6782

OPTIONS 'dsconf repl-winsync-agmt delete'

6784       usage:  dsconf  instance  repl-winsync-agmt delete [-h] --suffix SUFFIX
6785       AGMT_NAME
6786
6787
6788       AGMT_NAME
6789              The name of the replication winsync agreement
6790
6791
6792       --suffix SUFFIX
6793              The DN of the replication winsync suffix
6794
6795

OPTIONS 'dsconf repl-winsync-agmt create'

6797       usage: dsconf instance repl-winsync-agmt create  [-h]  --suffix  SUFFIX
6798       --host
6799                                                       HOST --port PORT
6800                                                       --conn-protocol
6801       CONN_PROTOCOL
6802                                                       --bind-dn BIND_DN
6803                                                       --bind-passwd
6804       BIND_PASSWD
6805                                                       [--frac-list FRAC_LIST]
6806                                                       [--schedule SCHEDULE]
6807                                                       --win-subtree  WIN_SUB‐
6808       TREE
6809                                                       --ds-subtree DS_SUBTREE
6810                                                       --win-domain WIN_DOMAIN
6811                                                       [--sync-users
6812       SYNC_USERS]
6813                                                       [--sync-groups
6814       SYNC_GROUPS]
6815                                                       [--sync-interval
6816       SYNC_INTERVAL]
6817                                                       [--one-way-sync
6818       ONE_WAY_SYNC]
6819                                                       [--move-action
6820       MOVE_ACTION]
6821                                                       [--win-filter  WIN_FIL‐
6822       TER]
6823                                                       [--ds-filter DS_FILTER]
6824                                                       [--subtree-pair    SUB‐
6825       TREE_PAIR]
6826                                                       [--conn-timeout
6827       CONN_TIMEOUT]
6828                                                       [--busy-wait-time
6829       BUSY_WAIT_TIME]
6830                                                       [--session-pause-time
6831       SESSION_PAUSE_TIME]
6832                                                       [--init]
6833                                                       AGMT_NAME
6834
6835
6836       AGMT_NAME
6837              The name of the replication winsync agreement
6838
6839
6840       --suffix SUFFIX
6841              The DN of the replication winsync suffix
6842
6843
6844       --host HOST
6845              The hostname of the AD server
6846
6847
6848       --port PORT
6849              The port number of the AD server
6850
6851
6852       --conn-protocol CONN_PROTOCOL
6853              The replication winsync connection  protocol:  LDAP,  LDAPS,  or
6854              StartTLS
6855
6856
6857       --bind-dn BIND_DN
6858              The Bind DN the agreement uses to authenticate to the AD Server
6859
6860
6861       --bind-passwd BIND_PASSWD
6862              The credentials for the Bind DN
6863
6864
6865       --frac-list FRAC_LIST
6866              List  of  attributes  to  NOT  replicate  to the consumer during
6867              incremental updates
6868
6869
6870       --schedule SCHEDULE
6871              Sets the replication update schedule
6872
6873
6874       --win-subtree WIN_SUBTREE
6875              The suffix of the AD Server
6876
6877
6878       --ds-subtree DS_SUBTREE
6879              The Directory Server suffix
6880
6881
6882       --win-domain WIN_DOMAIN
6883              The AD Domain
6884
6885
6886       --sync-users SYNC_USERS
6887              Synchronize Users between AD and DS
6888
6889
6890       --sync-groups SYNC_GROUPS
6891              Synchronize Groups between AD and DS
6892
6893
6894       --sync-interval SYNC_INTERVAL
6895              The interval that DS checks AD for changes in entries
6896
6897
6898       --one-way-sync ONE_WAY_SYNC
6899              Sets which direction to  perform  synchronization:  "toWindows",
6900              "fromWindows",
6901              "both"
6902
6903
6904       --move-action MOVE_ACTION
6905              Sets  instructions  on  how  to handle moved or deleted entries:
6906              "none", "unsync",
6907              or "delete"
6908
6909
6910       --win-filter WIN_FILTER
6911              Custom filter for finding users in AD Server
6912
6913
6914       --ds-filter DS_FILTER
6915              Custom filter for finding AD users in DS Server
6916
6917
6918       --subtree-pair SUBTREE_PAIR
6919              Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6920
6921
6922       --conn-timeout CONN_TIMEOUT
6923              The timeout used for replicaton connections
6924
6925
6926       --busy-wait-time BUSY_WAIT_TIME
6927              The amount of time in seconds a supplier  should  wait  after  a
6928              consumer sends
6929              back  a  busy  response before making another attempt to acquire
6930              access.
6931
6932
6933       --session-pause-time SESSION_PAUSE_TIME
6934              The amount of time in seconds a  supplier  should  wait  between
6935              update sessions.
6936
6937
6938       --init Initialize the agreement after creating it.
6939
6940

OPTIONS 'dsconf repl-winsync-agmt set'

6942       usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
6943                                                    [--host    HOST]   [--port
6944       PORT]
6945                                                    [--conn-protocol CONN_PRO‐
6946       TOCOL]
6947                                                    [--bind-dn BIND_DN]
6948                                                    [--bind-passwd
6949       BIND_PASSWD]
6950                                                    [--frac-list FRAC_LIST]
6951                                                    [--schedule SCHEDULE]
6952                                                    [--win-subtree    WIN_SUB‐
6953       TREE]
6954                                                    [--ds-subtree DS_SUBTREE]
6955                                                    [--win-domain WIN_DOMAIN]
6956                                                    [--sync-users SYNC_USERS]
6957                                                    [--sync-groups
6958       SYNC_GROUPS]
6959                                                    [--sync-interval
6960       SYNC_INTERVAL]
6961                                                    [--one-way-sync
6962       ONE_WAY_SYNC]
6963                                                    [--move-action
6964       MOVE_ACTION]
6965                                                    [--win-filter WIN_FILTER]
6966                                                    [--ds-filter DS_FILTER]
6967                                                    [--subtree-pair       SUB‐
6968       TREE_PAIR]
6969                                                    [--conn-timeout CONN_TIME‐
6970       OUT]
6971                                                    [--busy-wait-time
6972       BUSY_WAIT_TIME]
6973                                                    [--session-pause-time SES‐
6974       SION_PAUSE_TIME]
6975                                                    AGMT_NAME
6976
6977
6978       AGMT_NAME
6979              The name of the replication winsync agreement
6980
6981
6982       --suffix SUFFIX
6983              The DN of the replication winsync suffix
6984
6985
6986       --host HOST
6987              The hostname of the AD server
6988
6989
6990       --port PORT
6991              The port number of the AD server
6992
6993
6994       --conn-protocol CONN_PROTOCOL
6995              The  replication  winsync  connection  protocol: LDAP, LDAPS, or
6996              StartTLS
6997
6998
6999       --bind-dn BIND_DN
7000              The Bind DN the agreement uses to authenticate to the AD Server
7001
7002
7003       --bind-passwd BIND_PASSWD
7004              The credentials for the Bind DN
7005
7006
7007       --frac-list FRAC_LIST
7008              List of attributes to  NOT  replicate  to  the  consumer  during
7009              incremental updates
7010
7011
7012       --schedule SCHEDULE
7013              Sets the replication update schedule
7014
7015
7016       --win-subtree WIN_SUBTREE
7017              The suffix of the AD Server
7018
7019
7020       --ds-subtree DS_SUBTREE
7021              The Directory Server suffix
7022
7023
7024       --win-domain WIN_DOMAIN
7025              The AD Domain
7026
7027
7028       --sync-users SYNC_USERS
7029              Synchronize Users between AD and DS
7030
7031
7032       --sync-groups SYNC_GROUPS
7033              Synchronize Groups between AD and DS
7034
7035
7036       --sync-interval SYNC_INTERVAL
7037              The interval that DS checks AD for changes in entries
7038
7039
7040       --one-way-sync ONE_WAY_SYNC
7041              Sets  which  direction  to perform synchronization: "toWindows",
7042              "fromWindows",
7043              "both"
7044
7045
7046       --move-action MOVE_ACTION
7047              Sets instructions on how to handle  moved  or  deleted  entries:
7048              "none", "unsync",
7049              or "delete"
7050
7051
7052       --win-filter WIN_FILTER
7053              Custom filter for finding users in AD Server
7054
7055
7056       --ds-filter DS_FILTER
7057              Custom filter for finding AD users in DS Server
7058
7059
7060       --subtree-pair SUBTREE_PAIR
7061              Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
7062
7063
7064       --conn-timeout CONN_TIMEOUT
7065              The timeout used for replicaton connections
7066
7067
7068       --busy-wait-time BUSY_WAIT_TIME
7069              The  amount  of  time  in seconds a supplier should wait after a
7070              consumer sends
7071              back a busy response before making another  attempt  to  acquire
7072              access.
7073
7074
7075       --session-pause-time SESSION_PAUSE_TIME
7076              The  amount  of  time  in seconds a supplier should wait between
7077              update sessions.
7078
7079

OPTIONS 'dsconf repl-winsync-agmt get'

7081       usage: dsconf  instance  repl-winsync-agmt  get  [-h]  --suffix  SUFFIX
7082       AGMT_NAME
7083
7084
7085       AGMT_NAME
7086              Get the replication configuration for this suffix DN
7087
7088
7089       --suffix SUFFIX
7090              The DN of the replication suffix
7091
7092
7093

OPTIONS 'dsconf repl-tasks'

7095       usage: dsconf instance repl-tasks [-h]
7096                                         {cleanallruv,list-cleanruv-
7097       tasks,abort-cleanallruv,list-abortruv-tasks}
7098                                         ...
7099
7100
7101   Sub-commands
7102       dsconf repl-tasks cleanallruv
7103              Cleanup old/removed replica IDs
7104
7105       dsconf repl-tasks list-cleanruv-tasks
7106              List all the running CleanAllRUV tasks
7107
7108       dsconf repl-tasks abort-cleanallruv
7109              Abort cleanallruv tasks
7110
7111       dsconf repl-tasks list-abortruv-tasks
7112              List all the running CleanAllRUV abort Tasks
7113

OPTIONS 'dsconf repl-tasks cleanallruv'

7115       usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
7116                                                     --replica-id REPLICA_ID
7117                                                     [--force-cleaning]
7118
7119
7120
7121       --suffix SUFFIX
7122              The Directory Server suffix
7123
7124
7125       --replica-id REPLICA_ID
7126              The replica ID to remove/clean
7127
7128
7129       --force-cleaning
7130              Ignore errors and do a best attempt to clean all the replicas
7131
7132

OPTIONS 'dsconf repl-tasks list-cleanruv-tasks'

7134       usage: dsconf instance repl-tasks  list-cleanruv-tasks  [-h]  [--suffix
7135       SUFFIX]
7136
7137
7138
7139       --suffix SUFFIX
7140              List only tasks from for suffix
7141
7142

OPTIONS 'dsconf repl-tasks abort-cleanallruv'

7144       usage:  dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
7145       FIX
7146                                                           --replica-id
7147       REPLICA_ID
7148                                                           [--certify]
7149
7150
7151
7152       --suffix SUFFIX
7153              The Directory Server suffix
7154
7155
7156       --replica-id REPLICA_ID
7157              The replica ID of the cleaning task to abort
7158
7159
7160       --certify
7161              Enforce that the abort task completed on all replicas
7162
7163

OPTIONS 'dsconf repl-tasks list-abortruv-tasks'

7165       usage:  dsconf  instance  repl-tasks list-abortruv-tasks [-h] [--suffix
7166       SUFFIX]
7167
7168
7169
7170       --suffix SUFFIX
7171              List only tasks from for suffix
7172
7173
7174

OPTIONS 'dsconf sasl'

7176       usage: dsconf instance sasl [-h] {list,get,create,delete} ...
7177
7178
7179   Sub-commands
7180       dsconf sasl list
7181              List avaliable SASL mappings
7182
7183       dsconf sasl get
7184              get
7185
7186       dsconf sasl create
7187              create
7188
7189       dsconf sasl delete
7190              deletes the object
7191

OPTIONS 'dsconf sasl list'

7193       usage: dsconf instance sasl list [-h]
7194
7195
7196
7197

OPTIONS 'dsconf sasl get'

7199       usage: dsconf instance sasl get [-h] [selector]
7200
7201
7202       selector
7203              SASL mapping name to get
7204
7205
7206

OPTIONS 'dsconf sasl create'

7208       usage: dsconf instance sasl create [-h] [--cn [CN]]
7209                                          [--nsSaslMapRegexString
7210       [NSSASLMAPREGEXSTRING]]
7211                                          [--nsSaslMapBaseDNTemplate
7212       [NSSASLMAPBASEDNTEMPLATE]]
7213                                          [--nsSaslMapFilterTemplate
7214       [NSSASLMAPFILTERTEMPLATE]]
7215                                          [--nsSaslMapPriority  [NSSASLMAPPRI‐
7216       ORITY]]
7217
7218
7219
7220       --cn [CN]
7221              Value of cn
7222
7223
7224       --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
7225              Value of nsSaslMapRegexString
7226
7227
7228       --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
7229              Value of nsSaslMapBaseDNTemplate
7230
7231
7232       --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
7233              Value of nsSaslMapFilterTemplate
7234
7235
7236       --nsSaslMapPriority [NSSASLMAPPRIORITY]
7237              Value of nsSaslMapPriority
7238
7239

OPTIONS 'dsconf sasl delete'

7241       usage: dsconf instance sasl delete [-h] map_name
7242
7243
7244       map_name
7245              The SASL Mapping name ("cn" value)
7246
7247
7248
7249

OPTIONS 'dsconf security'

7251       usage: dsconf instance security [-h]
7252                                       {set,get,enable,disable,certificate,ca-
7253       certificate,rsa,ciphers}
7254                                       ...
7255
7256
7257   Sub-commands
7258       dsconf security set
7259              Set general security options
7260
7261       dsconf security get
7262              Get general security options
7263
7264       dsconf security enable
7265              Enable security
7266
7267       dsconf security disable
7268              Disable security
7269
7270       dsconf security certificate
7271              Manage TLS certificates
7272
7273       dsconf security ca-certificate
7274              Manage TLS Certificate Authorities
7275
7276       dsconf security rsa
7277              Query and manipulate RSA security options
7278
7279       dsconf security ciphers
7280              Manage secure ciphers
7281

OPTIONS 'dsconf security set'

7283       usage: dsconf instance security set [-h] [--security SECURITY]
7284                                           [--listen-host LISTEN_HOST]
7285                                           [--secure-port SECURE_PORT]
7286                                           [--tls-client-auth TLS_CLIENT_AUTH]
7287                                           [--tls-client-renegotiation
7288       TLS_CLIENT_RENEGOTIATION]
7289                                           [--require-secure-authentication
7290       REQUIRE_SECURE_AUTHENTICATION]
7291                                           [--check-hostname CHECK_HOSTNAME]
7292                                           [--verify-cert-chain-on-startup
7293       VERIFY_CERT_CHAIN_ON_STARTUP]
7294                                           [--session-timeout SESSION_TIMEOUT]
7295                                           [--tls-protocol-min      TLS_PROTO‐
7296       COL_MIN]
7297                                           [--tls-protocol-max      TLS_PROTO‐
7298       COL_MAX]
7299                                           [--allow-insecure-ciphers
7300       ALLOW_INSECURE_CIPHERS]
7301                                           [--allow-weak-dh-param
7302       ALLOW_WEAK_DH_PARAM]
7303                                           [--cipher-pref CIPHER_PREF]
7304
7305       Use this command  for  setting  security  related  options  located  in
7306       cn=config and cn=encryption,cn=config.
7307
7308       To  enable/disable  security  you  can  use enable and disable commands
7309       instead.
7310
7311
7312
7313       --security SECURITY
7314              Enable or disable security (nsslapd-security)
7315
7316
7317       --listen-host LISTEN_HOST
7318              Host/address to listen on for LDAPS (nsslapd-securelistenhost)
7319
7320
7321       --secure-port SECURE_PORT
7322              Port for LDAPS to listen on (nsslapd-securePort)
7323
7324
7325       --tls-client-auth TLS_CLIENT_AUTH
7326              Client authentication requirement (nsSSLClientAuth)
7327
7328
7329       --tls-client-renegotiation TLS_CLIENT_RENEGOTIATION
7330              Allow client TLS renegotiation (nsTLSAllowClientRenegotiation)
7331
7332
7333       --require-secure-authentication REQUIRE_SECURE_AUTHENTICATION
7334              Require   binds   over   LDAPS,   StartTLS,   or   SASL    (nss‐
7335              lapd-require-secure-binds)
7336
7337
7338       --check-hostname CHECK_HOSTNAME
7339              Check  Subject  of remote certificate against the hostname (nss‐
7340              lapd-ssl-check-
7341              hostname)
7342
7343
7344       --verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP
7345              Validate  server  certificate  during   startup   (nsslapd-vali‐
7346              date-cert)
7347
7348
7349       --session-timeout SESSION_TIMEOUT
7350              Secure session timeout (nsSSLSessionTimeout)
7351
7352
7353       --tls-protocol-min TLS_PROTOCOL_MIN
7354              Secure protocol minimal allowed version (sslVersionMin)
7355
7356
7357       --tls-protocol-max TLS_PROTOCOL_MAX
7358              Secure protocol maximal allowed version (sslVersionMax)
7359
7360
7361       --allow-insecure-ciphers ALLOW_INSECURE_CIPHERS
7362              Allow weak ciphers for legacy use (allowWeakCipher)
7363
7364
7365       --allow-weak-dh-param ALLOW_WEAK_DH_PARAM
7366              Allow short DH params for legacy use (allowWeakDHParam)
7367
7368
7369       --cipher-pref CIPHER_PREF
7370              Use  this command to directly set nsSSL3Ciphers attribute. It is
7371              a comma
7372              separated list of cipher names (prefixed with + or  -),  option‐
7373              ally including
7374              +all  or  -all. The attribute may optionally be prefixed by key‐
7375              word default.
7376              Please refer to  documentation  of  the  attribute  for  a  more
7377              detailed
7378              description. (nsSSL3Ciphers)
7379
7380

OPTIONS 'dsconf security get'

7382       usage: dsconf instance security get [-h]
7383
7384
7385
7386

OPTIONS 'dsconf security enable'

7388       usage: dsconf instance security enable [-h] [--cert-name CERT_NAME]
7389
7390       If missing, create security database, then turn on security functional‐
7391       ity. Please note this is usually not enough for TLS connections to work
7392       - proper setup of CA and server certificate is necessary.
7393
7394
7395
7396       --cert-name CERT_NAME
7397              The name of the certificate the server should use
7398
7399

OPTIONS 'dsconf security disable'

7401       usage: dsconf instance security disable [-h]
7402
7403       Turn  off security functionality. The rest of the configuration will be
7404       left untouched.
7405
7406
7407
7408

OPTIONS 'dsconf security certificate'

7410       usage: dsconf instance security certificate [-h]
7411                                                   {add,set-trust-
7412       flags,del,get,list}
7413                                                   ...
7414
7415
7416   Sub-commands
7417       dsconf security certificate add
7418              Add a server certificate
7419
7420       dsconf security certificate set-trust-flags
7421              Set the Trust flags
7422
7423       dsconf security certificate del
7424              Delete a certificate
7425
7426       dsconf security certificate get
7427              Get a server certificate's information
7428
7429       dsconf security certificate list
7430              List the server certificates
7431

OPTIONS 'dsconf security certificate add'

7433       usage: dsconf instance security certificate add [-h] --file FILE --name
7434       NAME
7435                                                       [--primary-cert]
7436
7437       Add a server certificate to the NSS database
7438
7439
7440
7441       --file FILE
7442              The file name of the certificate
7443
7444
7445       --name NAME
7446              The name/nickname of the certificate
7447
7448
7449       --primary-cert
7450              Set this certificate as the server's certificate
7451
7452

OPTIONS 'dsconf security certificate set-trust-flags'

7454       usage: dsconf instance security certificate set-trust-flags
7455              [-h] --flags FLAGS name
7456
7457       Change the trust flags of a server certificate
7458
7459
7460       name   The name/nickname of the certificate
7461
7462
7463       --flags FLAGS
7464              The trust flags for the server certificate
7465
7466

OPTIONS 'dsconf security certificate del'

7468       usage: dsconf instance security certificate del [-h] name
7469
7470       Delete a certificate from the NSS database
7471
7472
7473       name   The name/nickname of the certificate
7474
7475
7476

OPTIONS 'dsconf security certificate get'

7478       usage: dsconf instance security certificate get [-h] name
7479
7480       Get detailed information about a certificate,  like  trust  attributes,
7481       expiration dates, Subject and Issuer DNs
7482
7483
7484       name   The name/nickname of the certificate
7485
7486
7487

OPTIONS 'dsconf security certificate list'

7489       usage: dsconf instance security certificate list [-h]
7490
7491       List the server certificates in the NSS database
7492
7493
7494
7495
7496

OPTIONS 'dsconf security ca-certificate'

7498       usage: dsconf instance security ca-certificate [-h]
7499                                                      {add,set-trust-
7500       flags,del,get,list}
7501                                                      ...
7502
7503
7504   Sub-commands
7505       dsconf security ca-certificate add
7506              Add a Certificate Authority
7507
7508       dsconf security ca-certificate set-trust-flags
7509              Set the Trust flags
7510
7511       dsconf security ca-certificate del
7512              Delete a certificate
7513
7514       dsconf security ca-certificate get
7515              Get a Certificate Authority's information
7516
7517       dsconf security ca-certificate list
7518              List the Certificate Authorities
7519

OPTIONS 'dsconf security ca-certificate add'

7521       usage: dsconf instance security ca-certificate  add  [-h]  --file  FILE
7522       --name
7523                                                          NAME
7524
7525       Add a Certificate Authority to the NSS database
7526
7527
7528
7529       --file FILE
7530              The file name of the CA certificate
7531
7532
7533       --name NAME
7534              The name/nickname of the CA certificate
7535
7536

OPTIONS 'dsconf security ca-certificate set-trust-flags'

7538       usage: dsconf instance security ca-certificate set-trust-flags
7539              [-h] --flags FLAGS name
7540
7541       Change  the trust attributes of a CA certificate.  Certificate Authori‐
7542       ties typically use "CT,,"
7543
7544
7545       name   The name/nickname of the CA certificate
7546
7547
7548       --flags FLAGS
7549              The trust flags for the CA certificate
7550
7551

OPTIONS 'dsconf security ca-certificate del'

7553       usage: dsconf instance security ca-certificate del [-h] name
7554
7555       Delete a CA certificate from the NSS database
7556
7557
7558       name   The name/nickname of the CA certificate
7559
7560
7561

OPTIONS 'dsconf security ca-certificate get'

7563       usage: dsconf instance security ca-certificate get [-h] name
7564
7565       Get detailed information about a CA certificate, like trust attributes,
7566       expiration dates, Subject and Issuer DN
7567
7568
7569       name   The name/nickname of the CA certificate
7570
7571
7572

OPTIONS 'dsconf security ca-certificate list'

7574       usage: dsconf instance security ca-certificate list [-h]
7575
7576       List the CA certificates in the NSS database
7577
7578
7579
7580
7581

OPTIONS 'dsconf security rsa'

7583       usage: dsconf instance security rsa [-h] {set,get,enable,disable} ...
7584
7585
7586   Sub-commands
7587       dsconf security rsa set
7588              Set RSA security options
7589
7590       dsconf security rsa get
7591              Get RSA security options
7592
7593       dsconf security rsa enable
7594              Enable RSA
7595
7596       dsconf security rsa disable
7597              Disable RSA
7598

OPTIONS 'dsconf security rsa set'

7600       usage: dsconf instance security rsa set [-h]
7601                                               [--tls-allow-rsa-certificates
7602       TLS_ALLOW_RSA_CERTIFICATES]
7603                                               [--nss-cert-name NSS_CERT_NAME]
7604                                               [--nss-token NSS_TOKEN]
7605
7606       Use this command for setting RSA (private key) related options  located
7607       in cn=RSA,cn=encryption,cn=config.
7608
7609       To enable/disable RSA you can use enable and disable commands instead.
7610
7611
7612
7613       --tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES
7614              Activate use of RSA certificates (nsSSLActivation)
7615
7616
7617       --nss-cert-name NSS_CERT_NAME
7618              Server certificate name in NSS DB (nsSSLPersonalitySSL)
7619
7620
7621       --nss-token NSS_TOKEN
7622              Security token name (module of NSS DB) (nsSSLToken)
7623
7624

OPTIONS 'dsconf security rsa get'

7626       usage: dsconf instance security rsa get [-h]
7627
7628
7629
7630

OPTIONS 'dsconf security rsa enable'

7632       usage: dsconf instance security rsa enable [-h]
7633
7634
7635
7636

OPTIONS 'dsconf security rsa disable'

7638       usage: dsconf instance security rsa disable [-h]
7639
7640
7641
7642
7643

OPTIONS 'dsconf security ciphers'

7645       usage:    dsconf    instance   security   ciphers   [-h]   {enable,dis‐
7646       able,get,set,list} ...
7647
7648
7649   Sub-commands
7650       dsconf security ciphers enable
7651              Enable ciphers
7652
7653       dsconf security ciphers disable
7654              Disable ciphers
7655
7656       dsconf security ciphers get
7657              Get ciphers attribute
7658
7659       dsconf security ciphers set
7660              Set ciphers attribute
7661
7662       dsconf security ciphers list
7663              List ciphers
7664

OPTIONS 'dsconf security ciphers enable'

7666       usage: dsconf instance security ciphers enable [-h] cipher [cipher ...]
7667
7668       Use this command to enable specific ciphers.
7669
7670
7671       cipher
7672
7673

OPTIONS 'dsconf security ciphers disable'

7675       usage: dsconf instance security ciphers  disable  [-h]  cipher  [cipher
7676       ...]
7677
7678       Use this command to disable specific ciphers.
7679
7680
7681       cipher
7682
7683

OPTIONS 'dsconf security ciphers get'

7685       usage: dsconf instance security ciphers get [-h]
7686
7687       Use this command to get contents of nsSSL3Ciphers attribute.
7688
7689
7690
7691

OPTIONS 'dsconf security ciphers set'

7693       usage: dsconf instance security ciphers set [-h] cipher-string
7694
7695       Use this command to directly set nsSSL3Ciphers attribute. It is a comma
7696       separated list of cipher names  (prefixed  with  +  or  -),  optionally
7697       including  +all  or  -all.  The attribute may optionally be prefixed by
7698       keyword default. Please refer to documentation of the attribute  for  a
7699       more detailed description.
7700
7701
7702       cipher-string
7703
7704

OPTIONS 'dsconf security ciphers list'

7706       usage: dsconf instance security ciphers list [-h]
7707                                                    [--enabled | --supported |
7708       --disabled]
7709
7710       List secure ciphers. Without arguments, list ciphers as  configured  in
7711       nsSSL3Ciphers attribute.
7712
7713
7714
7715       --enabled
7716              Only enabled ciphers
7717
7718
7719       --supported
7720              Only supported ciphers
7721
7722
7723       --disabled
7724              Only supported ciphers without enabled ciphers
7725
7726
7727
7728

OPTIONS 'dsconf schema'

7730       usage: dsconf instance schema [-h]
7731                                     {list,attributetypes,objectclasses,match‐
7732       ingrules,reload,validate-syntax}
7733                                     ...
7734
7735
7736   Sub-commands
7737       dsconf schema list
7738              List all schema objects on this system
7739
7740       dsconf schema attributetypes
7741              Work with attribute types on this system
7742
7743       dsconf schema objectclasses
7744              Work with objectClasses on this system
7745
7746       dsconf schema matchingrules
7747              Work with matching rules on this system
7748
7749       dsconf schema reload
7750              Dynamically reload schema while server is running
7751
7752       dsconf schema validate-syntax
7753              Run a task to check every modification  to  attributes  to  make
7754              sure  that  the  new  value  has  the  required  syntax for that
7755              attribute type
7756

OPTIONS 'dsconf schema list'

7758       usage: dsconf instance schema list [-h]
7759
7760
7761
7762

OPTIONS 'dsconf schema attributetypes'

7764       usage: dsconf instance schema attributetypes [-h]
7765                                                    {get_syn‐
7766       taxes,list,query,add,replace,remove}
7767                                                    ...
7768
7769
7770   Sub-commands
7771       dsconf schema attributetypes get_syntaxes
7772              List all available attribute type syntaxes
7773
7774       dsconf schema attributetypes list
7775              List available attribute types on this system
7776
7777       dsconf schema attributetypes query
7778              Query  an attribute to determine object classes that may or must
7779              take it
7780
7781       dsconf schema attributetypes add
7782              Add an attribute type to this system
7783
7784       dsconf schema attributetypes replace
7785              Replace an attribute type on this system
7786
7787       dsconf schema attributetypes remove
7788              Remove an attribute type on this system
7789

OPTIONS 'dsconf schema attributetypes get_syntaxes'

7791       usage: dsconf instance schema attributetypes get_syntaxes [-h]
7792
7793
7794
7795

OPTIONS 'dsconf schema attributetypes list'

7797       usage: dsconf instance schema attributetypes list [-h]
7798
7799
7800
7801

OPTIONS 'dsconf schema attributetypes query'

7803       usage: dsconf instance schema attributetypes query [-h] [name]
7804
7805
7806       name   Attribute type to query
7807
7808
7809

OPTIONS 'dsconf schema attributetypes add'

7811       usage: dsconf instance schema attributetypes add [-h] [--oid OID]
7812                                                        [--desc DESC]
7813                                                        [--x-origin X_ORIGIN]
7814                                                        [--aliases     ALIASES
7815       [ALIASES ...]]
7816                                                        [--single-value]
7817                                                        [--multi-value]
7818                                                        [--no-user-mod]
7819       [--user-mod]
7820                                                        [--equality EQUALITY]
7821                                                        [--substr SUBSTR]
7822                                                        [--ordering ORDERING]
7823                                                        [--usage USAGE]
7824                                                        [--sup SUP [SUP ...]]
7825                                                        --syntax SYNTAX
7826                                                        name
7827
7828
7829       name   NAME of the object
7830
7831
7832       --oid OID
7833              OID assigned to the object
7834
7835
7836       --desc DESC
7837              Description text(DESC) of the object
7838
7839
7840       --x-origin X_ORIGIN
7841              Provides information about where the attribute type is defined
7842
7843
7844       --aliases ALIASES [ALIASES ...]
7845              Additional NAMEs of the object.
7846
7847
7848       --single-value
7849              True if the matching rule must have only one  valueOnly  one  of
7850              the flags this
7851              or --multi-value should be specified
7852
7853
7854       --multi-value
7855              True if the matching rule may have multiple values (default)Only
7856              one of the
7857              flags this or --single-value should be specified
7858
7859
7860       --no-user-mod
7861              True if the attribute is not modifiable  by  a  client  applica‐
7862              tionOnly one of the
7863              flags this or --user-mod should be specified
7864
7865
7866       --user-mod
7867              True  if  the  attribute  is  modifiable by a client application
7868              (default)Only one
7869              of the flags this or --no-user-mode should be specified
7870
7871
7872       --equality EQUALITY
7873              NAME or OID  of  the  matching  rule  used  for  checkingwhether
7874              attribute values are
7875              equal
7876
7877
7878       --substr SUBSTR
7879              NAME  or  OID  of  the matching rule used for checkingwhether an
7880              attribute value
7881              contains another value
7882
7883
7884       --ordering ORDERING
7885              NAME or OID  of  the  matching  rule  used  for  checkingwhether
7886              attribute values are
7887              lesser - equal than
7888
7889
7890       --usage USAGE
7891              The  flag indicates how the attribute type is to be used. Choose
7892              from the list:
7893              userApplications (default), directoryOperation, distributedOper‐
7894              ation,
7895              dSAOperation
7896
7897
7898       --sup SUP [SUP ...]
7899              The  list of NAMEs or OIDs of attribute typesthis attribute type
7900              is derived
7901              from
7902
7903
7904       --syntax SYNTAX
7905              OID of the LDAP syntax assigned to the attribute
7906
7907

OPTIONS 'dsconf schema attributetypes replace'

7909       usage: dsconf instance schema attributetypes replace [-h] [--oid OID]
7910                                                            [--desc DESC]
7911                                                            [--x-origin X_ORI‐
7912       GIN]
7913                                                            [--aliases ALIASES
7914       [ALIASES ...]]
7915                                                            [--single-value]
7916                                                            [--multi-value]
7917                                                            [--no-user-mod]
7918                                                            [--user-mod]
7919                                                            [--equality EQUAL‐
7920       ITY]
7921                                                            [--substr SUBSTR]
7922                                                            [--ordering ORDER‐
7923       ING]
7924                                                            [--usage USAGE]
7925                                                            [--sup  SUP   [SUP
7926       ...]]
7927                                                            [--syntax SYNTAX]
7928                                                            name
7929
7930
7931       name   NAME of the object
7932
7933
7934       --oid OID
7935              OID assigned to the object
7936
7937
7938       --desc DESC
7939              Description text(DESC) of the object
7940
7941
7942       --x-origin X_ORIGIN
7943              Provides information about where the attribute type is defined
7944
7945
7946       --aliases ALIASES [ALIASES ...]
7947              Additional NAMEs of the object.
7948
7949
7950       --single-value
7951              True  if  the  matching rule must have only one valueOnly one of
7952              the flags this
7953              or --multi-value should be specified
7954
7955
7956       --multi-value
7957              True if the matching rule may have multiple values (default)Only
7958              one of the
7959              flags this or --single-value should be specified
7960
7961
7962       --no-user-mod
7963              True  if  the  attribute  is not modifiable by a client applica‐
7964              tionOnly one of the
7965              flags this or --user-mod should be specified
7966
7967
7968       --user-mod
7969              True if the attribute is  modifiable  by  a  client  application
7970              (default)Only one
7971              of the flags this or --no-user-mode should be specified
7972
7973
7974       --equality EQUALITY
7975              NAME  or  OID  of  the  matching  rule  used for checkingwhether
7976              attribute values are
7977              equal
7978
7979
7980       --substr SUBSTR
7981              NAME or OID of the matching rule  used  for  checkingwhether  an
7982              attribute value
7983              contains another value
7984
7985
7986       --ordering ORDERING
7987              NAME  or  OID  of  the  matching  rule  used for checkingwhether
7988              attribute values are
7989              lesser - equal than
7990
7991
7992       --usage USAGE
7993              The flag indicates how the attribute type is to be used.  Choose
7994              from the list:
7995              userApplications (default), directoryOperation, distributedOper‐
7996              ation,
7997              dSAOperation
7998
7999
8000       --sup SUP [SUP ...]
8001              The list of NAMEs or OIDs of attribute typesthis attribute  type
8002              is derived
8003              from
8004
8005
8006       --syntax SYNTAX
8007              OID of the LDAP syntax assigned to the attribute
8008
8009

OPTIONS 'dsconf schema attributetypes remove'

8011       usage: dsconf instance schema attributetypes remove [-h] name
8012
8013
8014       name   NAME of the object
8015
8016
8017
8018

OPTIONS 'dsconf schema objectclasses'

8020       usage: dsconf instance schema objectclasses [-h]
8021                                                   {list,query,add,replace,remove}
8022                                                   ...
8023
8024
8025   Sub-commands
8026       dsconf schema objectclasses list
8027              List available objectClasses on this system
8028
8029       dsconf schema objectclasses query
8030              Query an objectClass
8031
8032       dsconf schema objectclasses add
8033              Add an objectClass to this system
8034
8035       dsconf schema objectclasses replace
8036              Replace an objectClass on this system
8037
8038       dsconf schema objectclasses remove
8039              Remove an objectClass on this system
8040

OPTIONS 'dsconf schema objectclasses list'

8042       usage: dsconf instance schema objectclasses list [-h]
8043
8044
8045
8046

OPTIONS 'dsconf schema objectclasses query'

8048       usage: dsconf instance schema objectclasses query [-h] [name]
8049
8050
8051       name   ObjectClass to query
8052
8053
8054

OPTIONS 'dsconf schema objectclasses add'

8056       usage: dsconf  instance  schema  objectclasses  add  [-h]  [--oid  OID]
8057       [--desc DESC]
8058                                                       [--x-origin X_ORIGIN]
8059                                                       [--must    MUST   [MUST
8060       ...]]
8061                                                       [--may MAY [MAY ...]]
8062                                                       [--kind KIND]
8063                                                       [--sup SUP [SUP ...]]
8064                                                       name
8065
8066
8067       name   NAME of the object
8068
8069
8070       --oid OID
8071              OID assigned to the object
8072
8073
8074       --desc DESC
8075              Description text(DESC) of the object
8076
8077
8078       --x-origin X_ORIGIN
8079              Provides information about where the attribute type is defined
8080
8081
8082       --must MUST [MUST ...]
8083              NAMEs or OIDs of all attributes an entry of the object must have
8084
8085
8086       --may MAY [MAY ...]
8087              NAMEs or OIDs of additional attributes an entry  of  the  object
8088              may have
8089
8090
8091       --kind KIND
8092              Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8093
8094
8095       --sup SUP [SUP ...]
8096              NAMEs or OIDs of object classes this object is derived from
8097
8098

OPTIONS 'dsconf schema objectclasses replace'

8100       usage: dsconf instance schema objectclasses replace [-h] [--oid OID]
8101                                                           [--desc DESC]
8102                                                           [--x-origin  X_ORI‐
8103       GIN]
8104                                                           [--must MUST  [MUST
8105       ...]]
8106                                                           [--may   MAY   [MAY
8107       ...]]
8108                                                           [--kind KIND]
8109                                                           [--sup   SUP   [SUP
8110       ...]]
8111                                                           name
8112
8113
8114       name   NAME of the object
8115
8116
8117       --oid OID
8118              OID assigned to the object
8119
8120
8121       --desc DESC
8122              Description text(DESC) of the object
8123
8124
8125       --x-origin X_ORIGIN
8126              Provides information about where the attribute type is defined
8127
8128
8129       --must MUST [MUST ...]
8130              NAMEs or OIDs of all attributes an entry of the object must have
8131
8132
8133       --may MAY [MAY ...]
8134              NAMEs  or  OIDs  of additional attributes an entry of the object
8135              may have
8136
8137
8138       --kind KIND
8139              Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8140
8141
8142       --sup SUP [SUP ...]
8143              NAMEs or OIDs of object classes this object is derived from
8144
8145

OPTIONS 'dsconf schema objectclasses remove'

8147       usage: dsconf instance schema objectclasses remove [-h] name
8148
8149
8150       name   NAME of the object
8151
8152
8153
8154

OPTIONS 'dsconf schema matchingrules'

8156       usage: dsconf instance schema matchingrules [-h] {list,query} ...
8157
8158
8159   Sub-commands
8160       dsconf schema matchingrules list
8161              List available matching rules on this system
8162
8163       dsconf schema matchingrules query
8164              Query a matching rule
8165

OPTIONS 'dsconf schema matchingrules list'

8167       usage: dsconf instance schema matchingrules list [-h]
8168
8169
8170
8171

OPTIONS 'dsconf schema matchingrules query'

8173       usage: dsconf instance schema matchingrules query [-h] [name]
8174
8175
8176       name   Matching rule to query
8177
8178
8179
8180

OPTIONS 'dsconf schema reload'

8182       usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
8183
8184
8185
8186       -d SCHEMADIR, --schemadir SCHEMADIR
8187              directory where schema files are located
8188
8189
8190       --wait Wait for the reload task to complete
8191
8192

OPTIONS 'dsconf schema validate-syntax'

8194       usage: dsconf instance schema validate-syntax [-h] [-f FILTER] DN
8195
8196
8197       DN     Base DN that contains entries to validate
8198
8199
8200       -f FILTER, --filter FILTER
8201              Filter for entries to validate. If  omitted,  all  entries  with
8202              filter
8203              "(objectclass=*)" are validated
8204
8205
8206

OPTIONS 'dsconf repl-conflict'

8208       usage: dsconf instance repl-conflict [-h]
8209                                            {list,compare,delete,swap,con‐
8210       vert,list-glue,delete-glue,convert-glue}
8211                                            ...
8212
8213
8214   Sub-commands
8215       dsconf repl-conflict list
8216              List conflict entries
8217
8218       dsconf repl-conflict compare
8219              Compare the conflict entry with its valid counterpart
8220
8221       dsconf repl-conflict delete
8222              Delete a conflict entry
8223
8224       dsconf repl-conflict swap
8225              Replace the valid entry with the conflict entry
8226
8227       dsconf repl-conflict convert
8228              Convert the conflict entry to a valid entry, while  keeping  the
8229              original  valid  entry counterpart.  This requires that the con‐
8230              verted conflict entry  have  a  new  RDN  value.   For  example:
8231              "cn=my_new_rdn_value".
8232
8233       dsconf repl-conflict list-glue
8234              List replication glue entries
8235
8236       dsconf repl-conflict delete-glue
8237              Delete the glue entry and its child entries
8238
8239       dsconf repl-conflict convert-glue
8240              Convert the glue entry into a regular entry
8241

OPTIONS 'dsconf repl-conflict list'

8243       usage: dsconf instance repl-conflict list [-h] suffix
8244
8245
8246       suffix The backend name, or suffix, to look for conflict entries
8247
8248
8249

OPTIONS 'dsconf repl-conflict compare'

8251       usage: dsconf instance repl-conflict compare [-h] DN
8252
8253
8254       DN     The DN of the conflict entry
8255
8256
8257

OPTIONS 'dsconf repl-conflict delete'

8259       usage: dsconf instance repl-conflict delete [-h] DN
8260
8261
8262       DN     The DN of the conflict entry
8263
8264
8265

OPTIONS 'dsconf repl-conflict swap'

8267       usage: dsconf instance repl-conflict swap [-h] DN
8268
8269
8270       DN     The DN of the conflict entry
8271
8272
8273

OPTIONS 'dsconf repl-conflict convert'

8275       usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN
8276
8277
8278       DN     The DN of the conflict entry
8279
8280
8281       --new-rdn NEW_RDN
8282              The new RDN for the converted conflict entry. For example:
8283              "cn=my_new_rdn_value"
8284
8285

OPTIONS 'dsconf repl-conflict list-glue'

8287       usage: dsconf instance repl-conflict list-glue [-h] suffix
8288
8289
8290       suffix The backend name, or suffix, to look for glue entries
8291
8292
8293

OPTIONS 'dsconf repl-conflict delete-glue'

8295       usage: dsconf instance repl-conflict delete-glue [-h] DN
8296
8297
8298       DN     The DN of the glue entry
8299
8300
8301

OPTIONS 'dsconf repl-conflict convert-glue'

8303       usage: dsconf instance repl-conflict convert-glue [-h] DN
8304
8305
8306       DN     The DN of the glue entry
8307
8308
8309
8310
8311       -v, --verbose
8312              Display verbose operation tracing during command execution
8313
8314
8315       -D BINDDN, --binddn BINDDN
8316              The account to bind as for executing operations
8317
8318
8319       -w BINDPW, --bindpw BINDPW
8320              Password for binddn
8321
8322
8323       -W, --prompt
8324              Prompt for password for the bind DN
8325
8326
8327       -y PWDFILE, --pwdfile PWDFILE
8328              Specifies a file containing the password for the binddn
8329
8330
8331       -b BASEDN, --basedn BASEDN
8332              Basedn (root naming context) of the instance to manage
8333
8334
8335       -Z, --starttls
8336              Connect with StartTLS
8337
8338
8339       -j, --json
8340              Return result in JSON object
8341
8342

AUTHORS

8344       lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
8345

DISTRIBUTION

8347       The    latest    version    of    lib389   may   be   downloaded   from
8348http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
8349
8350
8351
8352                                    Manual                           dsconf(8)
Impressum