1dsconf(8)                   System Manager's Manual                  dsconf(8)
2
3
4

NAME

6       dsconf
7

SYNOPSIS

9       dsconf  [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10       [-Z]   [-j]   instance   {backend,backup,chaining,config,directory_man‐
11       ager,monitor,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-win‐
12       sync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ...
13

OPTIONS

15       instance
16              The instance name OR the LDAP url to connect to,  IE  localhost,
17              ldap://mai.example.com:389
18
19
20   Sub-commands
21       dsconf backend
22              Manage database suffixes and backends
23
24       dsconf backup
25              Manage online backups
26
27       dsconf chaining
28              Manage database chaining/database links
29
30       dsconf config
31              Manage server configuration
32
33       dsconf directory_manager
34              Manage the directory manager account
35
36       dsconf monitor
37              Monitor the state of the instance
38
39       dsconf plugin
40              Manage plugins available on the server
41
42       dsconf pwpolicy
43              Get and set the global password policy settings
44
45       dsconf localpwp
46              Manage local (user/subtree) password policies
47
48       dsconf replication
49              Configure replication for a suffix
50
51       dsconf repl-agmt
52              Manage replication agreements
53
54       dsconf repl-winsync-agmt
55              Manage Winsync Agreements
56
57       dsconf repl-tasks
58              Manage replication tasks
59
60       dsconf sasl
61              Query and manipulate SASL mappings
62
63       dsconf security
64              Query and manipulate security options
65
66       dsconf schema
67              Query and manipulate schema
68
69       dsconf repl-conflict
70              Manage replication conflicts
71

OPTIONS 'dsconf backend'

73       usage: dsconf instance backend [-h]
74                                      {suffix,index,vlv-index,attr-
75       encrypt,config,monitor,import,export,create,delete,get-tree}
76                                      ...
77
78
79   Sub-commands
80       dsconf backend suffix
81              Manage a backend suffix
82
83       dsconf backend index
84              Manage backend indexes
85
86       dsconf backend vlv-index
87              Manage VLV searches and indexes
88
89       dsconf backend attr-encrypt
90              Encrypted attribute options
91
92       dsconf backend config
93              Manage the global database configuration settings
94
95       dsconf backend monitor
96              Get the global database monitor information
97
98       dsconf backend import
99              Do an online import of the suffix
100
101       dsconf backend export
102              Do an online export of the suffix
103
104       dsconf backend create
105              Create a backend database
106
107       dsconf backend delete
108              Delete a backend database
109
110       dsconf backend get-tree
111              Get a representation of the suffix tree
112

OPTIONS 'dsconf backend suffix'

114       usage: dsconf instance backend suffix [-h]
115                                             {list,get,get-dn,get-sub-suf‐
116       fixes,set}
117                                             ...
118
119
120   Sub-commands
121       dsconf backend suffix list
122              List current active backends and suffixes
123
124       dsconf backend suffix get
125              Get the suffix entry
126
127       dsconf backend suffix get-dn
128              get_dn
129
130       dsconf backend suffix get-sub-suffixes
131              Get the sub-suffixes of this backend
132
133       dsconf backend suffix set
134              Set configuration settings for a single backend
135

OPTIONS 'dsconf backend suffix list'

137       usage: dsconf instance backend suffix list [-h] [--suffix]
138                                                  [--skip-subsuffixes]
139
140
141
142       --suffix
143              Just display the suffix, and not the backend name
144
145
146       --skip-subsuffixes
147              Skip over sub-suffixes
148
149

OPTIONS 'dsconf backend suffix get'

151       usage: dsconf instance backend suffix get [-h] [selector]
152
153
154       selector
155              The backend to search for
156
157
158

OPTIONS 'dsconf backend suffix get-dn'

160       usage: dsconf instance backend suffix get-dn [-h] [dn]
161
162
163       dn     The backend dn to get
164
165
166

OPTIONS 'dsconf backend suffix get-sub-suffixes'

168       usage:  dsconf instance backend suffix get-sub-suffixes [-h] [--suffix]
169       be_name
170
171
172       be_name
173              The backend name or suffix to search for sub-suffixes
174
175
176       --suffix
177              Just display the suffix, and not the backend name
178
179

OPTIONS 'dsconf backend suffix set'

181       usage: dsconf instance backend suffix set [-h] [--enable-readonly]
182                                                 [--disable-readonly]
183                                                 [--require-index]  [--ignore-
184       index]
185                                                 [--add-referral ADD_REFERRAL]
186                                                 [--del-referral DEL_REFERRAL]
187                                                 [--enable] [--disable]
188                                                 [--cache-size CACHE_SIZE]
189                                                 [--cache-memsize   CACHE_MEM‐
190       SIZE]
191                                                 [--dncache-memsize
192       DNCACHE_MEMSIZE]
193                                                 be_name
194
195
196       be_name
197              The backend name or suffix to delete
198
199
200       --enable-readonly
201              Set backend database to be read-only
202
203
204       --disable-readonly
205              Disable read-only mode for backend database
206
207
208       --require-index
209              Only allow indexed searches
210
211
212       --ignore-index
213              Allow all searches even if they are unindexed
214
215
216       --add-referral ADD_REFERRAL
217              Add a LDAP referral to the backend
218
219
220       --del-referral DEL_REFERRAL
221              Remove a LDAP referral to the backend
222
223
224       --enable
225              Enable the backend database
226
227
228       --disable
229              Disable the backend database
230
231
232       --cache-size CACHE_SIZE
233              The maximum number of entries to keep in the entry cache
234
235
236       --cache-memsize CACHE_MEMSIZE
237              The maximum size in bytes that the entry cache can grow to
238
239
240       --dncache-memsize DNCACHE_MEMSIZE
241              The maximum size in bytes that the DN cache can grow to
242
243
244

OPTIONS 'dsconf backend index'

246       usage: dsconf instance backend index [-h]
247                                            {add,set,get,list,delete,reindex}
248       ...
249
250
251   Sub-commands
252       dsconf backend index add
253              Set configuration settings for a single backend
254
255       dsconf backend index set
256              Edit an index entry
257
258       dsconf backend index get
259              Get an index entry
260
261       dsconf backend index list
262              Set configuration settings for a single backend
263
264       dsconf backend index delete
265              Set configuration settings for a single backend
266
267       dsconf backend index reindex
268              Reindex the database (for a single index or all indexes
269

OPTIONS 'dsconf backend index add'

271       usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
272                                                [--matching-rule        MATCH‐
273       ING_RULE]
274                                                [--reindex] --attr ATTR
275                                                be_name
276
277
278       be_name
279              The backend name or suffix to delete
280
281
282       --index-type INDEX_TYPE
283              An indexing type: eq, sub, pres, or approximate
284
285
286       --matching-rule MATCHING_RULE
287              Matching rule for the index
288
289
290       --reindex
291              After adding new index, reindex the database
292
293
294       --attr ATTR
295              The index attribute's name
296
297

OPTIONS 'dsconf backend index set'

299       usage: dsconf instance backend index set [-h] --attr ATTR
300                                                [--add-type ADD_TYPE]
301                                                [--del-type DEL_TYPE]
302                                                [--add-mr   ADD_MR]  [--del-mr
303       DEL_MR]
304                                                [--reindex]
305                                                be_name
306
307
308       be_name
309              The backend name or suffix to edit an index from
310
311
312       --attr ATTR
313              The index name to edit
314
315
316       --add-type ADD_TYPE
317              An index type to add to the index: eq, sub, pres, or approx
318
319
320       --del-type DEL_TYPE
321              An index type to remove from the index: eq, sub, pres, or approx
322
323
324       --add-mr ADD_MR
325              A matching-rule to add to the index
326
327
328       --del-mr DEL_MR
329              A matching-rule to remove from the index
330
331
332       --reindex
333              After editing index, reindex the database
334
335

OPTIONS 'dsconf backend index get'

337       usage: dsconf instance backend index get [-h] --attr ATTR be_name
338
339
340       be_name
341              The backend name or suffix to get the index from
342
343
344       --attr ATTR
345              The index name to get
346
347

OPTIONS 'dsconf backend index list'

349       usage: dsconf instance backend index list [-h] [--just-names] be_name
350
351
352       be_name
353              The backend name or suffix to list indexes from
354
355
356       --just-names
357              Return a list of just the attribute names for a backend
358
359

OPTIONS 'dsconf backend index delete'

361       usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
362
363
364       be_name
365              The backend name or suffix to delete
366
367
368       --attr ATTR
369              The index attribute's name
370
371

OPTIONS 'dsconf backend index reindex'

373       usage:  dsconf  instance  backend  index  reindex  [-h]  [--attr  ATTR]
374       [--wait]
375                                                    be_name
376
377
378       be_name
379              The backend name or suffix to reindex
380
381
382       --attr ATTR
383              The  index  attribute's  name  to reindex. Skip this argument to
384              reindex all attributes
385
386
387       --wait Wait for the index task to complete and report the status
388
389
390

OPTIONS 'dsconf backend vlv-index'

392       usage: dsconf instance backend vlv-index [-h]
393                                                {list,get,add-search,edit-
394       search,del-search,add-index,del-index,reindex}
395                                                ...
396
397
398   Sub-commands
399       dsconf backend vlv-index list
400              List VLV search and index entries
401
402       dsconf backend vlv-index get
403              Get a VLV search & index
404
405       dsconf backend vlv-index add-search
406              Add a VLV search entry.  The search entry is the parent entry of
407              the VLV index entries, and it specifies the search  params  that
408              are used to match entries for those indexes.
409
410       dsconf backend vlv-index edit-search
411              Edit a VLV search & index
412
413       dsconf backend vlv-index del-search
414              Delete VLV search & index
415
416       dsconf backend vlv-index add-index
417              Create  a VLV index under a VLV search entry(parent entry).  The
418              VLV index just specifies the attributes to sort
419
420       dsconf backend vlv-index del-index
421              Delete a VLV index under a VLV search entry(parent entry).
422
423       dsconf backend vlv-index reindex
424              Index/reindex the VLV database index
425

OPTIONS 'dsconf backend vlv-index list'

427       usage: dsconf  instance  backend  vlv-index  list  [-h]  [--just-names]
428       be_name
429
430
431       be_name
432              The backend name of the VLV index
433
434
435       --just-names
436              List just the names of the VLV search entries
437
438

OPTIONS 'dsconf backend vlv-index get'

440       usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
441
442
443       be_name
444              The backend name of the VLV index
445
446
447       --name NAME
448              Get the VLV search entry and its index entries
449
450

OPTIONS 'dsconf backend vlv-index add-search'

452       usage: dsconf instance backend vlv-index add-search [-h] --name NAME
453                                                           --search-base
454       SEARCH_BASE
455                                                           --search-scope
456                                                           SEARCH_SCOPE
457                                                           --search-filter
458                                                           SEARCH_FILTER
459                                                           be_name
460
461
462       be_name
463              The backend name of the VLV index
464
465
466       --name NAME
467              Name of the VLV search entry
468
469
470       --search-base SEARCH_BASE
471              The VLV search base
472
473
474       --search-scope SEARCH_SCOPE
475              The VLV search scope: 0 (base search), 1 (one-level search),  or
476              2 (subtree search)
477
478
479       --search-filter SEARCH_FILTER
480              The VLV search filter
481
482

OPTIONS 'dsconf backend vlv-index edit-search'

484       usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
485                                                            [--search-base
486       SEARCH_BASE]
487                                                            [--search-scope
488       SEARCH_SCOPE]
489                                                            [--search-filter
490       SEARCH_FILTER]
491                                                            [--reindex]
492                                                            be_name
493
494
495       be_name
496              The backend name of the VLV index
497
498
499       --name NAME
500              Name of the VLV index
501
502
503       --search-base SEARCH_BASE
504              The VLV search base
505
506
507       --search-scope SEARCH_SCOPE
508              The VLV search scope: 0 (base search), 1 (one-level search),  or
509              2 (subtree search)
510
511
512       --search-filter SEARCH_FILTER
513              The VLV search filter
514
515
516       --reindex
517              Reindex all the VLV database indexes
518
519

OPTIONS 'dsconf backend vlv-index del-search'

521       usage:  dsconf  instance  backend vlv-index del-search [-h] --name NAME
522       be_name
523
524
525       be_name
526              The backend name of the VLV index
527
528
529       --name NAME
530              Name of the VLV search index
531
532

OPTIONS 'dsconf backend vlv-index add-index'

534       usage: dsconf instance backend vlv-index add-index [-h] --parent-name
535                                                          PARENT_NAME --index-
536       name
537                                                          INDEX_NAME    --sort
538       SORT
539                                                          [--index-it]
540                                                          be_name
541
542
543       be_name
544              The backend name of the VLV index
545
546
547       --parent-name PARENT_NAME
548              Name, or "cn" attribute value, of the parent VLV search entry
549
550
551       --index-name INDEX_NAME
552              Name of the new VLV index
553
554
555       --sort SORT
556              A space separated list of attributes to sort for this VLV index
557
558
559       --index-it
560              Create the database index for this VLV index definition
561
562

OPTIONS 'dsconf backend vlv-index del-index'

564       usage: dsconf instance backend vlv-index del-index [-h] --parent-name
565                                                          PARENT_NAME
566                                                          [--index-name
567       INDEX_NAME]
568                                                          [--sort SORT]
569                                                          be_name
570
571
572       be_name
573              The backend name of the VLV index
574
575
576       --parent-name PARENT_NAME
577              Name, or "cn" attribute value, of the parent VLV search entry
578
579
580       --index-name INDEX_NAME
581              Name of the VLV index to delete
582
583
584       --sort SORT
585              Delete a VLV index that has this vlvsort value
586
587

OPTIONS 'dsconf backend vlv-index reindex'

589       usage: dsconf instance backend vlv-index reindex [-h]
590                                                        [--index-name
591       INDEX_NAME]
592                                                        --parent-name     PAR‐
593       ENT_NAME
594                                                        be_name
595
596
597       be_name
598              The backend name of the VLV index
599
600
601       --index-name INDEX_NAME
602              Name  of the VLV Index entry to reindex. If not set, all indexes
603              are reindexed
604
605
606       --parent-name PARENT_NAME
607              Name, or "cn" attribute value, of the parent VLV search entry
608
609
610

OPTIONS 'dsconf backend attr-encrypt'

612       usage: dsconf instance  backend  attr-encrypt  [-h]  [--list]  [--just-
613       names]
614                                                   [--add-attr ADD_ATTR]
615                                                   [--del-attr DEL_ATTR]
616                                                   be_name
617
618
619       be_name
620              The backend name or suffix to to reindex
621
622
623       --list List all the encrypted attributes for this backend
624
625
626       --just-names
627              List  just  the  names  of  the  encrypted attributes (used with
628              --list)
629
630
631       --add-attr ADD_ATTR
632              Add an attribute to be encrypted
633
634
635       --del-attr DEL_ATTR
636              Remove an attribute from being encrypted
637
638

OPTIONS 'dsconf backend config'

640       usage: dsconf instance backend config [-h] {get,set} ...
641
642
643   Sub-commands
644       dsconf backend config get
645              Get the global database configuration
646
647       dsconf backend config set
648              Set the global database configuration
649

OPTIONS 'dsconf backend config get'

651       usage: dsconf instance backend config get [-h]
652
653
654
655

OPTIONS 'dsconf backend config set'

657       usage: dsconf instance backend config set [-h]
658                                                 [--lookthroughlimit     LOOK‐
659       THROUGHLIMIT]
660                                                 [--mode MODE]
661                                                 [--idlistscanlimit
662       IDLISTSCANLIMIT]
663                                                 [--directory DIRECTORY]
664                                                 [--dbcachesize DBCACHESIZE]
665                                                 [--logdirectory LOGDIRECTORY]
666                                                 [--durable-txn DURABLE_TXN]
667                                                 [--txn-wait TXN_WAIT]
668                                                 [--checkpoint-interval CHECK‐
669       POINT_INTERVAL]
670                                                 [--compactdb-interval    COM‐
671       PACTDB_INTERVAL]
672                                                 [--txn-batch-val
673       TXN_BATCH_VAL]
674                                                 [--txn-batch-min
675       TXN_BATCH_MIN]
676                                                 [--txn-batch-max
677       TXN_BATCH_MAX]
678                                                 [--logbufsize LOGBUFSIZE]
679                                                 [--locks LOCKS]
680                                                 [--import-cache-autosize
681       IMPORT_CACHE_AUTOSIZE]
682                                                 [--cache-autosize CACHE_AUTO‐
683       SIZE]
684                                                 [--cache-autosize-split
685       CACHE_AUTOSIZE_SPLIT]
686                                                 [--import-cachesize
687       IMPORT_CACHESIZE]
688                                                 [--exclude-from-export
689       EXCLUDE_FROM_EXPORT]
690                                                 [--pagedlookthroughlimit
691       PAGEDLOOKTHROUGHLIMIT]
692                                                 [--pagedidlistscanlimit PAGE‐
693       DIDLISTSCANLIMIT]
694                                                 [--rangelookthroughlimit
695       RANGELOOKTHROUGHLIMIT]
696                                                 [--backend-opt-level    BACK‐
697       END_OPT_LEVEL]
698                                                 [--deadlock-policy      DEAD‐
699       LOCK_POLICY]
700                                                 [--db-home-directory
701       DB_HOME_DIRECTORY]
702
703
704
705       --lookthroughlimit LOOKTHROUGHLIMIT
706              specifies the maximum  number  of  entries  that  the  Directory
707              Server  will  check when examining candidate entries in response
708              to a search request
709
710
711       --mode MODE
712              Specifies the permissions used for newly created index files
713
714
715       --idlistscanlimit IDLISTSCANLIMIT
716              Specifies the number of entry IDs that  are  searched  during  a
717              search operation
718
719
720       --directory DIRECTORY
721              Specifies absolute path to database instance
722
723
724       --dbcachesize DBCACHESIZE
725              Specifies the database index cache size, in bytes.
726
727
728       --logdirectory LOGDIRECTORY
729              Specifies  the  path to the directory that contains the database
730              transaction logs
731
732
733       --durable-txn DURABLE_TXN
734              Sets whether database transaction log  entries  are  immediately
735              written to the disk.
736
737
738       --txn-wait TXN_WAIT
739              Sets  whether  the  server should should wait if there are no db
740              locks available
741
742
743       --checkpoint-interval CHECKPOINT_INTERVAL
744              Sets the amount of time in seconds  after  which  the  Directory
745              Server sends a checkpoint entry to the database transaction log
746
747
748       --compactdb-interval COMPACTDB_INTERVAL
749              Sets the interval in seconds when the database is compacted
750
751
752       --txn-batch-val TXN_BATCH_VAL
753              Specifies  how  many  transactions  will be batched before being
754              committed
755
756
757       --txn-batch-min TXN_BATCH_MIN
758              Controls when transactions should be flushed earliest,  indepen‐
759              dently of the batch count (only works when txn-batch-val is set)
760
761
762       --txn-batch-max TXN_BATCH_MAX
763              Controls  when  transactions  should be flushed latest, indepen‐
764              dently of the batch count (only works when txn-batch-val is set)
765
766
767       --logbufsize LOGBUFSIZE
768              Specifies the transaction log information buffer size
769
770
771       --locks LOCKS
772              Sets the maximum number of database locks
773
774
775       --import-cache-autosize IMPORT_CACHE_AUTOSIZE
776              Set to "on" or "off" to automatically set the size of the import
777              cache to be used during the the import process of LDIF files
778
779
780       --cache-autosize CACHE_AUTOSIZE
781              Sets the percentage of free memory that is used in total for the
782              database and entry cache. Set to "0" to disable this feature.
783
784
785       --cache-autosize-split CACHE_AUTOSIZE_SPLIT
786              Sets the percentage of RAM that is used for the database  cache.
787              The remaining percentage is used for the entry cache
788
789
790       --import-cachesize IMPORT_CACHESIZE
791              Sets  the  size,  in  bytes,  of  the database cache used in the
792              import process.
793
794
795       --exclude-from-export EXCLUDE_FROM_EXPORT
796              List of attributes to not include during database export  opera‐
797              tions
798
799
800       --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
801              Specifies  the  maximum  number  of  entries  that the Directory
802              Server will check when examining candidate entries for a  search
803              which uses the simple paged results control
804
805
806       --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
807              Specifies  the  number  of entry IDs that are searched, specifi‐
808              cally, for a search operation using  the  simple  paged  results
809              control.
810
811
812       --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
813              Specifies  the  maximum  number  of  entries  that the Directory
814              Server will check when examining candidate entries  in  response
815              to a range search request.
816
817
818       --backend-opt-level BACKEND_OPT_LEVEL
819              WARNING  this parameter can trigger experimental code to improve
820              write performance. Valid values are: 0, 1, 2, or 4
821
822
823       --deadlock-policy DEADLOCK_POLICY
824              Adjusts the backend database deadlock policy (Advanced setting)
825
826
827       --db-home-directory DB_HOME_DIRECTORY
828              Sets the directory for the database mmapped files (Advanced set‐
829              ting)
830
831
832

OPTIONS 'dsconf backend monitor'

834       usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
835
836
837
838       --suffix SUFFIX
839              Get just the suffix monitor entry
840
841

OPTIONS 'dsconf backend import'

843       usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
844                                             [-g GEN_UNIQ_ID] [-O]
845                                             [-s              INCLUDE_SUFFIXES
846       [INCLUDE_SUFFIXES ...]]
847                                             [-x              EXCLUDE_SUFFIXES
848       [EXCLUDE_SUFFIXES ...]]
849                                             [be_name] [ldifs [ldifs ...]]
850
851
852       be_name
853              The backend name or the root suffix where to import
854
855
856       ldifs  Specifies  the  filename  of  the input LDIF files.When multiple
857              files are imported, they are imported in the orderthey are spec‐
858              ified on the command line.
859
860
861       -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
862              The number of chunks to have during the import operation.
863
864
865       -E, --encrypted
866              Decrypts  encrypted  data  during  export.  This  option is used
867              onlyif database encryption is enabled.
868
869
870       -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
871              Generate a unique id. Type none for no unique ID  to  be  gener‐
872              atedand   deterministic  for  the  generated  unique  ID  to  be
873              name-based.By default, a time- based unique ID is generated.When
874              using  the  deterministic generation to have a name-based unique
875              ID,it is also possible to specify the namespace for  the  server
876              to  use.namespaceId  is  a  string  of  charactersin  the format
877              00-xxxxxxxx- xxxxxxxx-xxxxxxxx-xxxxxxxx.
878
879
880       -O, --only-core
881              Requests  that  only  the  core  database  is  created   without
882              attribute indexes.
883
884
885       -s    INCLUDE_SUFFIXES   [INCLUDE_SUFFIXES   ...],   --include-suffixes
886       INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
887              Specifies the suffixes or the subtrees to be included.
888
889
890       -x   EXCLUDE_SUFFIXES   [EXCLUDE_SUFFIXES   ...],    --exclude-suffixes
891       EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
892              Specifies the suffixes to be excluded.
893
894

OPTIONS 'dsconf backend export'

896       usage:  dsconf  instance  backend  export [-h] [-l LDIF] [-C] [-E] [-m]
897       [-N] [-r]
898                                             [-u] [-U]
899                                             [-s              INCLUDE_SUFFIXES
900       [INCLUDE_SUFFIXES ...]]
901                                             [-x              EXCLUDE_SUFFIXES
902       [EXCLUDE_SUFFIXES ...]]
903                                             be_names [be_names ...]
904
905
906       be_names
907              The backend names or the root suffixes from where to export.
908
909
910       -l LDIF, --ldif LDIF
911              Gives the filename of the output LDIF file.If more than one  are
912              specified, use a space as a separator
913
914
915       -C, --use-id2entry
916              Uses only the main database file.
917
918
919       -E, --encrypted
920              Decrypts  encrypted data during export. This option is used only
921              if database encryption is enabled.
922
923
924       -m, --min-base64
925              Sets minimal base-64 encoding.
926
927
928       -N, --no-seq-num
929              Enables you to suppress printing the sequence number.
930
931
932       -r, --replication
933              Exports the information required to initialize  a  replica  when
934              the LDIF is imported
935
936
937       -u, --no-dump-uniq-id
938              Requests that the unique ID is not exported.
939
940
941       -U, --not-folded
942              Requests that the output LDIF is not folded.
943
944
945       -s    INCLUDE_SUFFIXES   [INCLUDE_SUFFIXES   ...],   --include-suffixes
946       INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
947              Specifies the suffixes or the subtrees to be included.
948
949
950       -x   EXCLUDE_SUFFIXES   [EXCLUDE_SUFFIXES   ...],    --exclude-suffixes
951       EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
952              Specifies the suffixes to be excluded.
953
954

OPTIONS 'dsconf backend create'

956       usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
957       FIX]
958                                             --suffix SUFFIX --be-name BE_NAME
959                                             [--create-entries] [--create-suf‐
960       fix]
961
962
963
964       --parent-suffix PARENT_SUFFIX
965              Sets the parent suffix only if this backend is a sub-suffix
966
967
968       --suffix SUFFIX
969              The database suffix DN, for example "dc=example,dc=com"
970
971
972       --be-name BE_NAME
973              The database backend name, for example "userroot"
974
975
976       --create-entries
977              Create sample entries in the database
978
979
980       --create-suffix
981              Create  the  suffix  object entry in the database. Only suffixes
982              using the attributes 'dc', 'o', 'ou', or 'cn' are  supported  in
983              this feature
984
985

OPTIONS 'dsconf backend delete'

987       usage: dsconf instance backend delete [-h] be_name
988
989
990       be_name
991              The backend name or suffix to delete
992
993
994

OPTIONS 'dsconf backend get-tree'

996       usage: dsconf instance backend get-tree [-h]
997
998
999
1000
1001

OPTIONS 'dsconf backup'

1003       usage: dsconf instance backup [-h] {create,restore} ...
1004
1005
1006   Sub-commands
1007       dsconf backup create
1008              Creates a backup of the database
1009
1010       dsconf backup restore
1011              Restores a database from a backup
1012

OPTIONS 'dsconf backup create'

1014       usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]
1015
1016
1017       archive
1018              The   directory  where  the  backup  files  will  be  stored.The
1019              /var/lib/dirsrv/slapd-  instance/bak  directory   is   used   by
1020              default.The    backup   file   is   named   according   to   the
1021              year-month-day-hour format.
1022
1023
1024       -t DB_TYPE, --db-type DB_TYPE
1025              Database type (default: ldbm database).
1026
1027

OPTIONS 'dsconf backup restore'

1029       usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive
1030
1031
1032       archive
1033              The directory of the backup files.
1034
1035
1036       -t DB_TYPE, --db-type DB_TYPE
1037              Database type (default: ldbm database).
1038
1039
1040

OPTIONS 'dsconf chaining'

1042       usage: dsconf instance chaining [-h]
1043                                       {config-get,config-set,config-get-
1044       def,config-set-def,link-create,link-get,link-set,link-delete,moni‐
1045       tor,link-list}
1046                                       ...
1047
1048
1049   Sub-commands
1050       dsconf chaining config-get
1051              Get the chaining controls and server component lists
1052
1053       dsconf chaining config-set
1054              Set the chaining controls and server component lists
1055
1056       dsconf chaining config-get-def
1057              Get the default creation parameters for new database links
1058
1059       dsconf chaining config-set-def
1060              Set the default creation parameters for new database links
1061
1062       dsconf chaining link-create
1063              Create a database link to a remote server
1064
1065       dsconf chaining link-get
1066              get chaining database link
1067
1068       dsconf chaining link-set
1069              Edit a database link to a remote server
1070
1071       dsconf chaining link-delete
1072              Delete a database link
1073
1074       dsconf chaining monitor
1075              Get the monitor information for a database chaining link
1076
1077       dsconf chaining link-list
1078              List database links
1079

OPTIONS 'dsconf chaining config-get'

1081       usage: dsconf instance chaining config-get [-h] [--avail-controls]
1082                                                  [--avail-comps]
1083
1084
1085
1086       --avail-controls
1087              List available controls for chaining
1088
1089
1090       --avail-comps
1091              List available plugin components for chaining
1092
1093

OPTIONS 'dsconf chaining config-set'

1095       usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1096       TROL]
1097                                                  [--del-control DEL_CONTROL]
1098                                                  [--add-comp ADD_COMP]
1099                                                  [--del-comp DEL_COMP]
1100
1101
1102
1103       --add-control ADD_CONTROL
1104              Add a transmitted control OID
1105
1106
1107       --del-control DEL_CONTROL
1108              Delete a transmitted control OID
1109
1110
1111       --add-comp ADD_COMP
1112              Add a chaining component
1113
1114
1115       --del-comp DEL_COMP
1116              Delete a chaining component
1117
1118

OPTIONS 'dsconf chaining config-get-def'

1120       usage: dsconf instance chaining config-get-def [-h]
1121
1122
1123
1124

OPTIONS 'dsconf chaining config-set-def'

1126       usage: dsconf instance chaining config-set-def [-h]
1127                                                      [--conn-bind-limit
1128       CONN_BIND_LIMIT]
1129                                                      [--conn-op-limit
1130       CONN_OP_LIMIT]
1131                                                      [--abandon-check-inter‐
1132       val ABANDON_CHECK_INTERVAL]
1133                                                      [--bind-limit
1134       BIND_LIMIT]
1135                                                      [--op-limit OP_LIMIT]
1136                                                      [--proxied-auth    PROX‐
1137       IED_AUTH]
1138                                                      [--conn-lifetime
1139       CONN_LIFETIME]
1140                                                      [--bind-timeout
1141       BIND_TIMEOUT]
1142                                                      [--return-ref
1143       RETURN_REF]
1144                                                      [--check-aci CHECK_ACI]
1145                                                      [--bind-attempts
1146       BIND_ATTEMPTS]
1147                                                      [--size-limit
1148       SIZE_LIMIT]
1149                                                      [--time-limit
1150       TIME_LIMIT]
1151                                                      [--hop-limit HOP_LIMIT]
1152                                                      [--response-delay
1153       RESPONSE_DELAY]
1154                                                      [--test-response-delay
1155       TEST_RESPONSE_DELAY]
1156                                                      [--use-starttls
1157       USE_STARTTLS]
1158
1159
1160
1161       --conn-bind-limit CONN_BIND_LIMIT
1162              The  maximum number of BIND connections the database link estab‐
1163              lishes with the remote server.
1164
1165
1166       --conn-op-limit CONN_OP_LIMIT
1167              The maximum number of LDAP connections the database link  estab‐
1168              lishes with the remote server.
1169
1170
1171       --abandon-check-interval ABANDON_CHECK_INTERVAL
1172              The  number  of  seconds  that pass before the server checks for
1173              abandoned operations.
1174
1175
1176       --bind-limit BIND_LIMIT
1177              The maximum number of concurrent bind operations per TCP connec‐
1178              tion.
1179
1180
1181       --op-limit OP_LIMIT
1182              The maximum number of concurrent operations allowed.
1183
1184
1185       --proxied-auth PROXIED_AUTH
1186              Set  to  "off"  to disable proxied authorization, then binds for
1187              chained operations are executed as the user set in the  nsMulti‐
1188              plexorBindDn attribute (on/off).
1189
1190
1191       --conn-lifetime CONN_LIFETIME
1192              Specifies  connection  lifetime  in  seconds. 0 keeps connection
1193              open forever.
1194
1195
1196       --bind-timeout BIND_TIMEOUT
1197              The amount of time in seconds before a bind attempt times out.
1198
1199
1200       --return-ref RETURN_REF
1201              Sets whether referrals are returned by scoped searches (on/off).
1202
1203
1204       --check-aci CHECK_ACI
1205              Set whether ACIs are evaluated on the database link as  well  as
1206              the remote data server (on/off).
1207
1208
1209       --bind-attempts BIND_ATTEMPTS
1210              Sets  the  number  of  times  the  server tries to bind with the
1211              remote server.
1212
1213
1214       --size-limit SIZE_LIMIT
1215              Sets the maximum number of entries to return from a search oper‐
1216              ation.
1217
1218
1219       --time-limit TIME_LIMIT
1220              Sets the maximum number of seconds allowed for an operation.
1221
1222
1223       --hop-limit HOP_LIMIT
1224              Sets the maximum number of times a database is allowed to chain;
1225              that is, the number of times a request can be forwarded from one
1226              database link to another.
1227
1228
1229       --response-delay RESPONSE_DELAY
1230              The  maximum  amount  of  time  it  can  take a remote server to
1231              respond to an LDAP operation request made  by  a  database  link
1232              before an error is suspected.
1233
1234
1235       --test-response-delay TEST_RESPONSE_DELAY
1236              Sets  the  duration  of  the test issued by the database link to
1237              check whether the remote server is responding.
1238
1239
1240       --use-starttls USE_STARTTLS
1241              Set to "on" specifies that the database links should use  Start‐
1242              TLS for its secure connections.
1243
1244
1246       usage: dsconf instance chaining link-create [-h]
1247                                                   [--conn-bind-limit
1248       CONN_BIND_LIMIT]
1249                                                   [--conn-op-limit
1250       CONN_OP_LIMIT]
1251                                                   [--abandon-check-interval
1252       ABANDON_CHECK_INTERVAL]
1253                                                   [--bind-limit BIND_LIMIT]
1254                                                   [--op-limit OP_LIMIT]
1255                                                   [--proxied-auth       PROX‐
1256       IED_AUTH]
1257                                                   [--conn-lifetime CONN_LIFE‐
1258       TIME]
1259                                                   [--bind-timeout  BIND_TIME‐
1260       OUT]
1261                                                   [--return-ref RETURN_REF]
1262                                                   [--check-aci CHECK_ACI]
1263                                                   [--bind-attempts
1264       BIND_ATTEMPTS]
1265                                                   [--size-limit SIZE_LIMIT]
1266                                                   [--time-limit TIME_LIMIT]
1267                                                   [--hop-limit HOP_LIMIT]
1268                                                   [--response-delay
1269       RESPONSE_DELAY]
1270                                                   [--test-response-delay
1271       TEST_RESPONSE_DELAY]
1272                                                   [--use-starttls  USE_START‐
1273       TLS]
1274                                                   --suffix  SUFFIX  --server-
1275       url
1276                                                   SERVER_URL      --bind-mech
1277       BIND_MECH
1278                                                   --bind-dn BIND_DN --bind-pw
1279                                                   BIND_PW
1280                                                   CHAIN_NAME
1281
1282
1283       CHAIN_NAME
1284              The name of the database link
1285
1286
1287       --conn-bind-limit CONN_BIND_LIMIT
1288              The  maximum number of BIND connections the database link estab‐
1289              lishes with the remote server.
1290
1291
1292       --conn-op-limit CONN_OP_LIMIT
1293              The maximum number of LDAP connections the database link  estab‐
1294              lishes with the remote server.
1295
1296
1297       --abandon-check-interval ABANDON_CHECK_INTERVAL
1298              The  number  of  seconds  that pass before the server checks for
1299              abandoned operations.
1300
1301
1302       --bind-limit BIND_LIMIT
1303              The maximum number of concurrent bind operations per TCP connec‐
1304              tion.
1305
1306
1307       --op-limit OP_LIMIT
1308              The maximum number of concurrent operations allowed.
1309
1310
1311       --proxied-auth PROXIED_AUTH
1312              Set  to  "off"  to disable proxied authorization, then binds for
1313              chained operations are executed as the user set in the  nsMulti‐
1314              plexorBindDn attribute (on/off).
1315
1316
1317       --conn-lifetime CONN_LIFETIME
1318              Specifies  connection  lifetime  in  seconds. 0 keeps connection
1319              open forever.
1320
1321
1322       --bind-timeout BIND_TIMEOUT
1323              The amount of time in seconds before a bind attempt times out.
1324
1325
1326       --return-ref RETURN_REF
1327              Sets whether referrals are returned by scoped searches (on/off).
1328
1329
1330       --check-aci CHECK_ACI
1331              Set whether ACIs are evaluated on the database link as  well  as
1332              the remote data server (on/off).
1333
1334
1335       --bind-attempts BIND_ATTEMPTS
1336              Sets  the  number  of  times  the  server tries to bind with the
1337              remote server.
1338
1339
1340       --size-limit SIZE_LIMIT
1341              Sets the maximum number of entries to return from a search oper‐
1342              ation.
1343
1344
1345       --time-limit TIME_LIMIT
1346              Sets the maximum number of seconds allowed for an operation.
1347
1348
1349       --hop-limit HOP_LIMIT
1350              Sets the maximum number of times a database is allowed to chain;
1351              that is, the number of times a request can be forwarded from one
1352              database link to another.
1353
1354
1355       --response-delay RESPONSE_DELAY
1356              The  maximum  amount  of  time  it  can  take a remote server to
1357              respond to an LDAP operation request made  by  a  database  link
1358              before an error is suspected.
1359
1360
1361       --test-response-delay TEST_RESPONSE_DELAY
1362              Sets  the  duration  of  the test issued by the database link to
1363              check whether the remote server is responding.
1364
1365
1366       --use-starttls USE_STARTTLS
1367              Set to "on" specifies that the database links should use  Start‐
1368              TLS for its secure connections.
1369
1370
1371       --suffix SUFFIX
1372              The suffix managed by the database link.
1373
1374
1375       --server-url SERVER_URL
1376              Gives the LDAP/LDAPS URL of the remote server.
1377
1378
1379       --bind-mech BIND_MECH
1380              Sets  the  authentication  method  to use to authenticate to the
1381              remote  server:  <leave   empty   for   LDAP/LDAPS>,   EXTERNAL,
1382              DIGEST-MD5, or GSSAPI
1383
1384
1385       --bind-dn BIND_DN
1386              DN  of  the  administrative  entry  used to communicate with the
1387              remote server
1388
1389
1390       --bind-pw BIND_PW
1391              Password for the administrative user.
1392
1393
1395       usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1396
1397
1398       CHAIN_NAME
1399              The chaining link name, or suffix, to retrieve
1400
1401
1402
1404       usage: dsconf instance chaining link-set [-h]
1405                                                [--conn-bind-limit
1406       CONN_BIND_LIMIT]
1407                                                [--conn-op-limit
1408       CONN_OP_LIMIT]
1409                                                [--abandon-check-interval
1410       ABANDON_CHECK_INTERVAL]
1411                                                [--bind-limit BIND_LIMIT]
1412                                                [--op-limit OP_LIMIT]
1413                                                [--proxied-auth PROXIED_AUTH]
1414                                                [--conn-lifetime    CONN_LIFE‐
1415       TIME]
1416                                                [--bind-timeout BIND_TIMEOUT]
1417                                                [--return-ref RETURN_REF]
1418                                                [--check-aci CHECK_ACI]
1419                                                [--bind-attempts
1420       BIND_ATTEMPTS]
1421                                                [--size-limit SIZE_LIMIT]
1422                                                [--time-limit TIME_LIMIT]
1423                                                [--hop-limit HOP_LIMIT]
1424                                                [--response-delay
1425       RESPONSE_DELAY]
1426                                                [--test-response-delay
1427       TEST_RESPONSE_DELAY]
1428                                                [--use-starttls USE_STARTTLS]
1429                                                [--suffix SUFFIX]
1430                                                [--server-url SERVER_URL]
1431                                                [--bind-mech BIND_MECH]
1432                                                [--bind-dn BIND_DN]
1433                                                [--bind-pw BIND_PW]
1434                                                CHAIN_NAME
1435
1436
1437       CHAIN_NAME
1438              The name of the database link
1439
1440
1441       --conn-bind-limit CONN_BIND_LIMIT
1442              The  maximum number of BIND connections the database link estab‐
1443              lishes with the remote server.
1444
1445
1446       --conn-op-limit CONN_OP_LIMIT
1447              The maximum number of LDAP connections the database link  estab‐
1448              lishes with the remote server.
1449
1450
1451       --abandon-check-interval ABANDON_CHECK_INTERVAL
1452              The  number  of  seconds  that pass before the server checks for
1453              abandoned operations.
1454
1455
1456       --bind-limit BIND_LIMIT
1457              The maximum number of concurrent bind operations per TCP connec‐
1458              tion.
1459
1460
1461       --op-limit OP_LIMIT
1462              The maximum number of concurrent operations allowed.
1463
1464
1465       --proxied-auth PROXIED_AUTH
1466              Set  to  "off"  to disable proxied authorization, then binds for
1467              chained operations are executed as the user set in the  nsMulti‐
1468              plexorBindDn attribute (on/off).
1469
1470
1471       --conn-lifetime CONN_LIFETIME
1472              Specifies  connection  lifetime  in  seconds. 0 keeps connection
1473              open forever.
1474
1475
1476       --bind-timeout BIND_TIMEOUT
1477              The amount of time in seconds before a bind attempt times out.
1478
1479
1480       --return-ref RETURN_REF
1481              Sets whether referrals are returned by scoped searches (on/off).
1482
1483
1484       --check-aci CHECK_ACI
1485              Set whether ACIs are evaluated on the database link as  well  as
1486              the remote data server (on/off).
1487
1488
1489       --bind-attempts BIND_ATTEMPTS
1490              Sets  the  number  of  times  the  server tries to bind with the
1491              remote server.
1492
1493
1494       --size-limit SIZE_LIMIT
1495              Sets the maximum number of entries to return from a search oper‐
1496              ation.
1497
1498
1499       --time-limit TIME_LIMIT
1500              Sets the maximum number of seconds allowed for an operation.
1501
1502
1503       --hop-limit HOP_LIMIT
1504              Sets the maximum number of times a database is allowed to chain;
1505              that is, the number of times a request can be forwarded from one
1506              database link to another.
1507
1508
1509       --response-delay RESPONSE_DELAY
1510              The  maximum  amount  of  time  it  can  take a remote server to
1511              respond to an LDAP operation request made  by  a  database  link
1512              before an error is suspected.
1513
1514
1515       --test-response-delay TEST_RESPONSE_DELAY
1516              Sets  the  duration  of  the test issued by the database link to
1517              check whether the remote server is responding.
1518
1519
1520       --use-starttls USE_STARTTLS
1521              Set to "on" specifies that the database links should use  Start‐
1522              TLS for its secure connections.
1523
1524
1525       --suffix SUFFIX
1526              The suffix managed by the database link.
1527
1528
1529       --server-url SERVER_URL
1530              Gives the LDAP/LDAPS URL of the remote server.
1531
1532
1533       --bind-mech BIND_MECH
1534              Sets  the  authentication  method  to use to authenticate to the
1535              remote  server:  <leave   empty   for   LDAP/LDAPS>,   EXTERNAL,
1536              DIGEST-MD5, or GSSAPI
1537
1538
1539       --bind-dn BIND_DN
1540              DN  of  the  administrative  entry  used to communicate with the
1541              remote server
1542
1543
1544       --bind-pw BIND_PW
1545              Password for the administrative user.
1546
1547
1549       usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1550
1551
1552       CHAIN_NAME
1553              The name of the database link
1554
1555
1556

OPTIONS 'dsconf chaining monitor'

1558       usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1559
1560
1561       CHAIN_NAME
1562              The name of the database link
1563
1564
1565
1567       usage: dsconf instance chaining link-list [-h]
1568
1569
1570
1571
1572

OPTIONS 'dsconf config'

1574       usage: dsconf instance config [-h] {get,add,replace,delete} ...
1575
1576
1577   Sub-commands
1578       dsconf config get
1579              get
1580
1581       dsconf config add
1582              Add attribute value to configuration
1583
1584       dsconf config replace
1585              Replace attribute value in configuration
1586
1587       dsconf config delete
1588              Delete attribute value in configuration
1589

OPTIONS 'dsconf config get'

1591       usage: dsconf instance config get [-h] [attrs [attrs ...]]
1592
1593
1594       attrs  Configuration attribute(s) to get
1595
1596
1597

OPTIONS 'dsconf config add'

1599       usage: dsconf instance config add [-h] [attr [attr ...]]
1600
1601
1602       attr   Configuration attribute to add
1603
1604
1605

OPTIONS 'dsconf config replace'

1607       usage: dsconf instance config replace [-h] [attr [attr ...]]
1608
1609
1610       attr   Configuration attribute to replace
1611
1612
1613

OPTIONS 'dsconf config delete'

1615       usage: dsconf instance config delete [-h] [attr [attr ...]]
1616
1617
1618       attr   Configuration attribute to delete
1619
1620
1621
1622

OPTIONS 'dsconf directory_manager'

1624       usage: dsconf instance directory_manager [-h] {password_change} ...
1625
1626
1627   Sub-commands
1628       dsconf directory_manager password_change
1629              Change the directory manager password
1630

OPTIONS 'dsconf directory_manager password_change'

1632       usage: dsconf instance directory_manager password_change [-h]
1633
1634
1635
1636
1637

OPTIONS 'dsconf monitor'

1639       usage: dsconf instance monitor [-h]
1640                                      {server,dbmon,ldbm,backend,snmp,chain‐
1641       ing,disk}
1642                                      ...
1643
1644
1645   Sub-commands
1646       dsconf monitor server
1647              Monitor the server statistics, connections and operations
1648
1649       dsconf monitor dbmon
1650              Monitor the all the database statistics in a single report
1651
1652       dsconf monitor ldbm
1653              Monitor the ldbm statistics, such as dbcache
1654
1655       dsconf monitor backend
1656              Monitor the behavior of a backend database
1657
1658       dsconf monitor snmp
1659              Monitor the SNMP statistics
1660
1661       dsconf monitor chaining
1662              Monitor database chaining statistics
1663
1664       dsconf monitor disk
1665              Disk space statistics.  All values are in bytes
1666

OPTIONS 'dsconf monitor server'

1668       usage: dsconf instance monitor server [-h]
1669
1670
1671
1672

OPTIONS 'dsconf monitor dbmon'

1674       usage: dsconf instance monitor dbmon [-h] [-b BACKENDS] [-x]
1675
1676
1677
1678       -b BACKENDS, --backends BACKENDS
1679              List  of  space  separated  backends  to monitor. Default is all
1680              backends.
1681
1682
1683       -x, --indexes
1684              Show index stats for each backend
1685
1686

OPTIONS 'dsconf monitor ldbm'

1688       usage: dsconf instance monitor ldbm [-h]
1689
1690
1691
1692

OPTIONS 'dsconf monitor backend'

1694       usage: dsconf instance monitor backend [-h] [backend]
1695
1696
1697       backend
1698              Optional name of the backend to monitor
1699
1700
1701

OPTIONS 'dsconf monitor snmp'

1703       usage: dsconf instance monitor snmp [-h]
1704
1705
1706
1707

OPTIONS 'dsconf monitor chaining'

1709       usage: dsconf instance monitor chaining [-h] [backend]
1710
1711
1712       backend
1713              Optional name of the chaining backend to monitor
1714
1715
1716

OPTIONS 'dsconf monitor disk'

1718       usage: dsconf instance monitor disk [-h]
1719
1720
1721
1722
1723

OPTIONS 'dsconf plugin'

1725       usage: dsconf instance plugin [-h]
1726                                     {memberof,automember,referential-
1727       integrity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-
1728       entries,pass-through-auth,retro-changelog,posix-winsync,list,show,set}
1729                                     ...
1730
1731
1732   Sub-commands
1733       dsconf plugin memberof
1734              Manage and configure MemberOf plugin
1735
1736       dsconf plugin automember
1737              Manage and configure Automembership plugin
1738
1739       dsconf plugin referential-integrity
1740              Manage and configure Referential Integrity Postoperation plugin
1741
1742       dsconf plugin root-dn
1743              Manage and configure RootDN Access Control plugin
1744
1745       dsconf plugin usn
1746              Manage and configure USN plugin
1747
1748       dsconf plugin account-policy
1749              Manage and configure Account Policy plugin
1750
1751       dsconf plugin attr-uniq
1752              Manage and configure Attribute Uniqueness plugin
1753
1754       dsconf plugin dna
1755              Manage and configure DNA plugin
1756
1757       dsconf plugin linked-attr
1758              Manage and configure Linked Attributes plugin
1759
1760       dsconf plugin managed-entries
1761              Manage and configure Managed Entries Plugin
1762
1763       dsconf plugin pass-through-auth
1764              Manage and configure Pass-Through Authentication  plugins  (URLs
1765              and PAM)
1766
1767       dsconf plugin retro-changelog
1768              Manage and configure Retro Changelog plugin
1769
1770       dsconf plugin posix-winsync
1771              Manage and configure The Posix Winsync API plugin
1772
1773       dsconf plugin list
1774              List current configured (enabled and disabled) plugins
1775
1776       dsconf plugin show
1777              Show the plugin data
1778
1779       dsconf plugin set
1780              Edit the plugin
1781

OPTIONS 'dsconf plugin memberof'

1783       usage: dsconf instance plugin memberof [-h]
1784                                              {show,enable,disable,sta‐
1785       tus,set,config-entry,fixup}
1786                                              ...
1787
1788
1789   Sub-commands
1790       dsconf plugin memberof show
1791              display plugin configuration
1792
1793       dsconf plugin memberof enable
1794              enable plugin
1795
1796       dsconf plugin memberof disable
1797              disable plugin
1798
1799       dsconf plugin memberof status
1800              display plugin status
1801
1802       dsconf plugin memberof set
1803              Edit the plugin
1804
1805       dsconf plugin memberof config-entry
1806              Manage the config entry
1807
1808       dsconf plugin memberof fixup
1809              Run the fix-up task for memberOf plugin
1810

OPTIONS 'dsconf plugin memberof show'

1812       usage: dsconf instance plugin memberof show [-h]
1813
1814
1815
1816

OPTIONS 'dsconf plugin memberof enable'

1818       usage: dsconf instance plugin memberof enable [-h]
1819
1820
1821
1822

OPTIONS 'dsconf plugin memberof disable'

1824       usage: dsconf instance plugin memberof disable [-h]
1825
1826
1827
1828

OPTIONS 'dsconf plugin memberof status'

1830       usage: dsconf instance plugin memberof status [-h]
1831
1832
1833
1834

OPTIONS 'dsconf plugin memberof set'

1836       usage: dsconf instance plugin memberof  set  [-h]  [--attr  ATTR  [ATTR
1837       ...]]
1838                                                  [--groupattr       GROUPATTR
1839       [GROUPATTR ...]]
1840                                                  [--allbackends {on,off}]
1841                                                  [--skipnested {on,off}]
1842                                                  [--scope  SCOPE]  [--exclude
1843       EXCLUDE]
1844                                                  [--autoaddoc AUTOADDOC]
1845                                                  [--config-entry         CON‐
1846       FIG_ENTRY]
1847
1848
1849
1850       --attr ATTR [ATTR ...]
1851              Specifies the attribute in the  user  entry  for  the  Directory
1852              Server to manage to reflect group membership (memberOfAttr)
1853
1854
1855       --groupattr GROUPATTR [GROUPATTR ...]
1856              Specifies  the  attribute  in the group entry to use to identify
1857              the DNs of group members (memberOfGroupAttr)
1858
1859
1860       --allbackends {on,off}
1861              Specifies whether to search the local suffix for user entries on
1862              all available suffixes (memberOfAllBackends)
1863
1864
1865       --skipnested {on,off}
1866              Specifies  wherher  to  skip nested groups or not (memberOfSkip‐
1867              Nested)
1868
1869
1870       --scope SCOPE
1871              Specifies backends or multiple-nested suffixes for the  MemberOf
1872              plug-in to work on (memberOfEntryScope)
1873
1874
1875       --exclude EXCLUDE
1876              Specifies  backends or multiple-nested suffixes for the MemberOf
1877              plug-in to exclude (memberOfEntryScopeExcludeSubtree)
1878
1879
1880       --autoaddoc AUTOADDOC
1881              If an entry does not have an object class that allows  the  mem‐
1882              berOf  attribute then the memberOf plugin will automatically add
1883              the object class listed in the memberOfAutoAddOC parameter
1884
1885
1886       --config-entry CONFIG_ENTRY
1887              The value to set as nsslapd-pluginConfigArea
1888
1889

OPTIONS 'dsconf plugin memberof config-entry'

1891       usage: dsconf instance plugin memberof config-entry [-h]
1892                                                           {add,set,show,delete}
1893       ...
1894
1895
1896   Sub-commands
1897       dsconf plugin memberof config-entry add
1898              Add the config entry
1899
1900       dsconf plugin memberof config-entry set
1901              Edit the config entry
1902
1903       dsconf plugin memberof config-entry show
1904              Display the config entry
1905
1906       dsconf plugin memberof config-entry delete
1907              Delete the config entry
1908

OPTIONS 'dsconf plugin memberof config-entry add'

1910       usage: dsconf instance plugin memberof config-entry add [-h]
1911                                                               [--attr    ATTR
1912       [ATTR ...]]
1913                                                               [--groupattr
1914       GROUPATTR [GROUPATTR ...]]
1915                                                               [--allbackends
1916       {on,off}]
1917                                                               [--skipnested
1918       {on,off}]
1919                                                               [--scope SCOPE]
1920                                                               [--exclude
1921       EXCLUDE]
1922                                                               [--autoaddoc
1923       AUTOADDOC]
1924                                                               DN
1925
1926
1927       DN     The config entry full DN
1928
1929
1930       --attr ATTR [ATTR ...]
1931              Specifies  the  attribute  in  the  user entry for the Directory
1932              Server to manage to reflect group membership (memberOfAttr)
1933
1934
1935       --groupattr GROUPATTR [GROUPATTR ...]
1936              Specifies the attribute in the group entry to  use  to  identify
1937              the DNs of group members (memberOfGroupAttr)
1938
1939
1940       --allbackends {on,off}
1941              Specifies whether to search the local suffix for user entries on
1942              all available suffixes (memberOfAllBackends)
1943
1944
1945       --skipnested {on,off}
1946              Specifies wherher to skip nested groups  or  not  (memberOfSkip‐
1947              Nested)
1948
1949
1950       --scope SCOPE
1951              Specifies  backends or multiple-nested suffixes for the MemberOf
1952              plug-in to work on (memberOfEntryScope)
1953
1954
1955       --exclude EXCLUDE
1956              Specifies backends or multiple-nested suffixes for the  MemberOf
1957              plug-in to exclude (memberOfEntryScopeExcludeSubtree)
1958
1959
1960       --autoaddoc AUTOADDOC
1961              If  an  entry does not have an object class that allows the mem‐
1962              berOf attribute then the memberOf plugin will automatically  add
1963              the object class listed in the memberOfAutoAddOC parameter
1964
1965

OPTIONS 'dsconf plugin memberof config-entry set'

1967       usage: dsconf instance plugin memberof config-entry set [-h]
1968                                                               [--attr    ATTR
1969       [ATTR ...]]
1970                                                               [--groupattr
1971       GROUPATTR [GROUPATTR ...]]
1972                                                               [--allbackends
1973       {on,off}]
1974                                                               [--skipnested
1975       {on,off}]
1976                                                               [--scope SCOPE]
1977                                                               [--exclude
1978       EXCLUDE]
1979                                                               [--autoaddoc
1980       AUTOADDOC]
1981                                                               DN
1982
1983
1984       DN     The config entry full DN
1985
1986
1987       --attr ATTR [ATTR ...]
1988              Specifies  the  attribute  in  the  user entry for the Directory
1989              Server to manage to reflect group membership (memberOfAttr)
1990
1991
1992       --groupattr GROUPATTR [GROUPATTR ...]
1993              Specifies the attribute in the group entry to  use  to  identify
1994              the DNs of group members (memberOfGroupAttr)
1995
1996
1997       --allbackends {on,off}
1998              Specifies whether to search the local suffix for user entries on
1999              all available suffixes (memberOfAllBackends)
2000
2001
2002       --skipnested {on,off}
2003              Specifies wherher to skip nested groups  or  not  (memberOfSkip‐
2004              Nested)
2005
2006
2007       --scope SCOPE
2008              Specifies  backends or multiple-nested suffixes for the MemberOf
2009              plug-in to work on (memberOfEntryScope)
2010
2011
2012       --exclude EXCLUDE
2013              Specifies backends or multiple-nested suffixes for the  MemberOf
2014              plug-in to exclude (memberOfEntryScopeExcludeSubtree)
2015
2016
2017       --autoaddoc AUTOADDOC
2018              If  an  entry does not have an object class that allows the mem‐
2019              berOf attribute then the memberOf plugin will automatically  add
2020              the object class listed in the memberOfAutoAddOC parameter
2021
2022

OPTIONS 'dsconf plugin memberof config-entry show'

2024       usage: dsconf instance plugin memberof config-entry show [-h] DN
2025
2026
2027       DN     The config entry full DN
2028
2029
2030

OPTIONS 'dsconf plugin memberof config-entry delete'

2032       usage: dsconf instance plugin memberof config-entry delete [-h] DN
2033
2034
2035       DN     The config entry full DN
2036
2037
2038
2039

OPTIONS 'dsconf plugin memberof fixup'

2041       usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN
2042
2043
2044       DN     Base DN that contains entries to fix up
2045
2046
2047       -f FILTER, --filter FILTER
2048              Filter  for  entries  to  fix  up.  If omitted, all entries with
2049              objectclass inetuser/inetadmin/nsmemberof  under  the  specified
2050              base will have their memberOf attribute regenerated.
2051
2052
2053

OPTIONS 'dsconf plugin automember'

2055       usage: dsconf instance plugin automember [-h]
2056                                                {show,enable,disable,sta‐
2057       tus,list,definition,fixup}
2058                                                ...
2059
2060
2061   Sub-commands
2062       dsconf plugin automember show
2063              display plugin configuration
2064
2065       dsconf plugin automember enable
2066              enable plugin
2067
2068       dsconf plugin automember disable
2069              disable plugin
2070
2071       dsconf plugin automember status
2072              display plugin status
2073
2074       dsconf plugin automember list
2075              List Automembership definitions or regex rules.
2076
2077       dsconf plugin automember definition
2078              Manage Automembership definition.
2079
2080       dsconf plugin automember fixup
2081              Run a rebuild membership task.
2082

OPTIONS 'dsconf plugin automember show'

2084       usage: dsconf instance plugin automember show [-h]
2085
2086
2087
2088

OPTIONS 'dsconf plugin automember enable'

2090       usage: dsconf instance plugin automember enable [-h]
2091
2092
2093
2094

OPTIONS 'dsconf plugin automember disable'

2096       usage: dsconf instance plugin automember disable [-h]
2097
2098
2099
2100

OPTIONS 'dsconf plugin automember status'

2102       usage: dsconf instance plugin automember status [-h]
2103
2104
2105
2106

OPTIONS 'dsconf plugin automember list'

2108       usage:  dsconf  instance   plugin   automember   list   [-h]   {defini‐
2109       tions,regexes} ...
2110
2111
2112   Sub-commands
2113       dsconf plugin automember list definitions
2114              List Automembership definitions.
2115
2116       dsconf plugin automember list regexes
2117              List Automembership regex rules.
2118

OPTIONS 'dsconf plugin automember list definitions'

2120       usage: dsconf instance plugin automember list definitions [-h]
2121
2122
2123
2124

OPTIONS 'dsconf plugin automember list regexes'

2126       usage: dsconf instance plugin automember list regexes [-h] DEFNAME
2127
2128
2129       DEFNAME
2130              The definition entry CN.
2131
2132
2133
2134

OPTIONS 'dsconf plugin automember definition'

2136       usage: dsconf instance plugin automember definition [-h]
2137                                                           DEFNAME
2138                                                           {add,set,delete,show,regex}
2139                                                           ...
2140
2141
2142       DEFNAME
2143              The definition entry CN.
2144
2145
2146   Sub-commands
2147       dsconf plugin automember definition add
2148              Create Automembership definition.
2149
2150       dsconf plugin automember definition set
2151              Edit Automembership definition.
2152
2153       dsconf plugin automember definition delete
2154              Remove Automembership definition.
2155
2156       dsconf plugin automember definition show
2157              Display Automembership definition.
2158
2159       dsconf plugin automember definition regex
2160              Manage Automembership regex rules.
2161

OPTIONS 'dsconf plugin automember definition add'

2163       usage: dsconf instance plugin automember definition DEFNAME add
2164              [-h]     --grouping-attr     GROUPING_ATTR      [--default-group
2165       DEFAULT_GROUP]
2166              --scope SCOPE --filter FILTER
2167
2168
2169
2170       --grouping-attr GROUPING_ATTR
2171              Specifies  the  name  of the member attribute in the group entry
2172              and the attribute in the object entry that supplies  the  member
2173              attribute  value,  in  the  format  group_member_attr:entry_attr
2174              (autoMemberGroupingAttr)
2175
2176
2177       --default-group DEFAULT_GROUP
2178              Sets default or fallback group to add the entry to as  a  member
2179              attribute in group entry (autoMemberDefaultGroup)
2180
2181
2182       --scope SCOPE
2183              Sets the subtree DN to search for entries (autoMemberScope)
2184
2185
2186       --filter FILTER
2187              Sets a standard LDAP search filter to use to search for matching
2188              entries (autoMemberFilter)
2189
2190

OPTIONS 'dsconf plugin automember definition set'

2192       usage: dsconf instance plugin automember definition DEFNAME set
2193              [-h]     --grouping-attr     GROUPING_ATTR      [--default-group
2194       DEFAULT_GROUP]
2195              --scope SCOPE --filter FILTER
2196
2197
2198
2199       --grouping-attr GROUPING_ATTR
2200              Specifies  the  name  of the member attribute in the group entry
2201              and the attribute in the object entry that supplies  the  member
2202              attribute  value,  in  the  format  group_member_attr:entry_attr
2203              (autoMemberGroupingAttr)
2204
2205
2206       --default-group DEFAULT_GROUP
2207              Sets default or fallback group to add the entry to as  a  member
2208              attribute in group entry (autoMemberDefaultGroup)
2209
2210
2211       --scope SCOPE
2212              Sets the subtree DN to search for entries (autoMemberScope)
2213
2214
2215       --filter FILTER
2216              Sets a standard LDAP search filter to use to search for matching
2217              entries (autoMemberFilter)
2218
2219

OPTIONS 'dsconf plugin automember definition delete'

2221       usage: dsconf instance plugin automember definition DEFNAME delete [-h]
2222
2223
2224
2225

OPTIONS 'dsconf plugin automember definition show'

2227       usage: dsconf instance plugin automember definition DEFNAME show [-h]
2228
2229
2230
2231

OPTIONS 'dsconf plugin automember definition regex'

2233       usage: dsconf instance plugin automember definition DEFNAME regex
2234              [-h] REGEXNAME {add,set,delete,show} ...
2235
2236
2237       REGEXNAME
2238              The regex entry CN.
2239
2240
2241   Sub-commands
2242       dsconf plugin automember definition regex add
2243              Create Automembership regex.
2244
2245       dsconf plugin automember definition regex set
2246              Edit Automembership regex.
2247
2248       dsconf plugin automember definition regex delete
2249              Remove Automembership regex.
2250
2251       dsconf plugin automember definition regex show
2252              Display Automembership regex.
2253

OPTIONS 'dsconf plugin automember definition regex add'

2255       usage: dsconf  instance  plugin  automember  definition  DEFNAME  regex
2256       REGEXNAME add
2257              [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2258              [--inclusive  INCLUSIVE  [INCLUSIVE  ...]]  --target-group  TAR‐
2259       GET_GROUP
2260
2261
2262
2263       --exclusive EXCLUSIVE [EXCLUSIVE ...]
2264              Sets a single regular expression to use to identify  entries  to
2265              exclude (autoMemberExclusiveRegex)
2266
2267
2268       --inclusive INCLUSIVE [INCLUSIVE ...]
2269              Sets  a  single regular expression to use to identify entries to
2270              include (autoMemberInclusiveRegex)
2271
2272
2273       --target-group TARGET_GROUP
2274              Sets which group to add the entry to as a member,  if  it  meets
2275              the regular expression conditions (autoMemberTargetGroup)
2276
2277

OPTIONS 'dsconf plugin automember definition regex set'

2279       usage:  dsconf  instance  plugin  automember  definition  DEFNAME regex
2280       REGEXNAME set
2281              [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2282              [--inclusive  INCLUSIVE  [INCLUSIVE  ...]]  --target-group  TAR‐
2283       GET_GROUP
2284
2285
2286
2287       --exclusive EXCLUSIVE [EXCLUSIVE ...]
2288              Sets  a  single regular expression to use to identify entries to
2289              exclude (autoMemberExclusiveRegex)
2290
2291
2292       --inclusive INCLUSIVE [INCLUSIVE ...]
2293              Sets a single regular expression to use to identify  entries  to
2294              include (autoMemberInclusiveRegex)
2295
2296
2297       --target-group TARGET_GROUP
2298              Sets  which  group  to add the entry to as a member, if it meets
2299              the regular expression conditions (autoMemberTargetGroup)
2300
2301

OPTIONS 'dsconf plugin automember definition regex delete'

2303       usage: dsconf  instance  plugin  automember  definition  DEFNAME  regex
2304       REGEXNAME delete
2305              [-h]
2306
2307
2308
2309

OPTIONS 'dsconf plugin automember definition regex show'

2311       usage:  dsconf  instance  plugin  automember  definition  DEFNAME regex
2312       REGEXNAME show
2313              [-h]
2314
2315
2316
2317
2318
2319

OPTIONS 'dsconf plugin automember fixup'

2321       usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2322                                                      {sub,base,one}
2323                                                      DN
2324
2325
2326       DN     Base DN that contains entries to fix up
2327
2328
2329       -f FILTER, --filter FILTER
2330              LDAP filter for entries to fix up.
2331
2332
2333       -s {sub,base,one}, --scope {sub,base,one}
2334              LDAP search scope for entries to fix up
2335
2336
2337

OPTIONS 'dsconf plugin referential-integrity'

2339       usage: dsconf instance plugin referential-integrity [-h]
2340                                                           {show,enable,dis‐
2341       able,status,set,config-entry}
2342                                                           ...
2343
2344
2345   Sub-commands
2346       dsconf plugin referential-integrity show
2347              display plugin configuration
2348
2349       dsconf plugin referential-integrity enable
2350              enable plugin
2351
2352       dsconf plugin referential-integrity disable
2353              disable plugin
2354
2355       dsconf plugin referential-integrity status
2356              display plugin status
2357
2358       dsconf plugin referential-integrity set
2359              Edit the plugin
2360
2361       dsconf plugin referential-integrity config-entry
2362              Manage the config entry
2363

OPTIONS 'dsconf plugin referential-integrity show'

2365       usage: dsconf instance plugin referential-integrity show [-h]
2366
2367
2368
2369

OPTIONS 'dsconf plugin referential-integrity enable'

2371       usage: dsconf instance plugin referential-integrity enable [-h]
2372
2373
2374
2375

OPTIONS 'dsconf plugin referential-integrity disable'

2377       usage: dsconf instance plugin referential-integrity disable [-h]
2378
2379
2380
2381

OPTIONS 'dsconf plugin referential-integrity status'

2383       usage: dsconf instance plugin referential-integrity status [-h]
2384
2385
2386
2387

OPTIONS 'dsconf plugin referential-integrity set'

2389       usage: dsconf instance plugin referential-integrity set [-h]
2390                                                               [--update-delay
2391       UPDATE_DELAY]
2392                                                               [--membership-
2393       attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2394                                                               [--entry-scope
2395       ENTRY_SCOPE]
2396                                                               [--exclude-
2397       entry-scope EXCLUDE_ENTRY_SCOPE]
2398                                                               [--container-
2399       scope CONTAINER_SCOPE]
2400                                                               [--log-file
2401       LOG_FILE]
2402                                                               [--config-entry
2403       CONFIG_ENTRY]
2404
2405
2406
2407       --update-delay UPDATE_DELAY
2408              Sets the update interval. Special values: 0 - The check is  per‐
2409              formed    immediately,    -1    -    No   check   is   performed
2410              (referint-update-delay)
2411
2412
2413       --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2414              Specifies attributes to check for and  update  (referint-member‐
2415              ship-attr)
2416
2417
2418       --entry-scope ENTRY_SCOPE
2419              Defines the subtree in which the plug-in looks for the delete or
2420              rename operations of a user entry (nsslapd-pluginEntryScope)
2421
2422
2423       --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2424              Defines the subtree in which the plug-in ignores any  operations
2425              for   deleting  or  renaming  a  user  (nsslapd-pluginExcludeEn‐
2426              tryScope)
2427
2428
2429       --container-scope CONTAINER_SCOPE
2430              Specifies which branch the plug-in searches for  the  groups  to
2431              which  the  user  belongs. It only updates groups that are under
2432              the specified container branch, and leaves all other groups  not
2433              updated (nsslapd-pluginContainerScope)
2434
2435
2436       --log-file LOG_FILE
2437              Specifies  a path to the Referential integrity logfile.For exam‐
2438              ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2439
2440
2441       --config-entry CONFIG_ENTRY
2442              The value to set as nsslapd-pluginConfigArea
2443
2444

OPTIONS 'dsconf plugin referential-integrity config-entry'

2446       usage: dsconf instance plugin referential-integrity config-entry
2447              [-h] {add,set,show,delete} ...
2448
2449
2450   Sub-commands
2451       dsconf plugin referential-integrity config-entry add
2452              Add the config entry
2453
2454       dsconf plugin referential-integrity config-entry set
2455              Edit the config entry
2456
2457       dsconf plugin referential-integrity config-entry show
2458              Display the config entry
2459
2460       dsconf plugin referential-integrity config-entry delete
2461              Delete the config entry
2462

OPTIONS 'dsconf plugin referential-integrity config-entry add'

2464       usage: dsconf instance plugin referential-integrity config-entry add
2465              [-h] [--update-delay UPDATE_DELAY]
2466              [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2467              [--entry-scope        ENTRY_SCOPE]        [--exclude-entry-scope
2468       EXCLUDE_ENTRY_SCOPE]
2469              [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2470              DN
2471
2472
2473       DN     The config entry full DN
2474
2475
2476       --update-delay UPDATE_DELAY
2477              Sets  the update interval. Special values: 0 - The check is per‐
2478              formed   immediately,   -1   -    No    check    is    performed
2479              (referint-update-delay)
2480
2481
2482       --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2483              Specifies  attributes  to check for and update (referint-member‐
2484              ship-attr)
2485
2486
2487       --entry-scope ENTRY_SCOPE
2488              Defines the subtree in which the plug-in looks for the delete or
2489              rename operations of a user entry (nsslapd-pluginEntryScope)
2490
2491
2492       --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2493              Defines  the subtree in which the plug-in ignores any operations
2494              for  deleting  or  renaming  a  user   (nsslapd-pluginExcludeEn‐
2495              tryScope)
2496
2497
2498       --container-scope CONTAINER_SCOPE
2499              Specifies  which  branch  the plug-in searches for the groups to
2500              which the user belongs. It only updates groups  that  are  under
2501              the  specified container branch, and leaves all other groups not
2502              updated (nsslapd-pluginContainerScope)
2503
2504
2505       --log-file LOG_FILE
2506              Specifies a path to the Referential integrity logfile.For  exam‐
2507              ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2508
2509

OPTIONS 'dsconf plugin referential-integrity config-entry set'

2511       usage: dsconf instance plugin referential-integrity config-entry set
2512              [-h] [--update-delay UPDATE_DELAY]
2513              [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2514              [--entry-scope        ENTRY_SCOPE]        [--exclude-entry-scope
2515       EXCLUDE_ENTRY_SCOPE]
2516              [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2517              DN
2518
2519
2520       DN     The config entry full DN
2521
2522
2523       --update-delay UPDATE_DELAY
2524              Sets the update interval. Special values: 0 - The check is  per‐
2525              formed    immediately,    -1    -    No   check   is   performed
2526              (referint-update-delay)
2527
2528
2529       --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2530              Specifies attributes to check for and  update  (referint-member‐
2531              ship-attr)
2532
2533
2534       --entry-scope ENTRY_SCOPE
2535              Defines the subtree in which the plug-in looks for the delete or
2536              rename operations of a user entry (nsslapd-pluginEntryScope)
2537
2538
2539       --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2540              Defines the subtree in which the plug-in ignores any  operations
2541              for   deleting  or  renaming  a  user  (nsslapd-pluginExcludeEn‐
2542              tryScope)
2543
2544
2545       --container-scope CONTAINER_SCOPE
2546              Specifies which branch the plug-in searches for  the  groups  to
2547              which  the  user  belongs. It only updates groups that are under
2548              the specified container branch, and leaves all other groups  not
2549              updated (nsslapd-pluginContainerScope)
2550
2551
2552       --log-file LOG_FILE
2553              Specifies  a path to the Referential integrity logfile.For exam‐
2554              ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2555
2556

OPTIONS 'dsconf plugin referential-integrity config-entry show'

2558       usage: dsconf instance plugin referential-integrity  config-entry  show
2559       [-h] DN
2560
2561
2562       DN     The config entry full DN
2563
2564
2565

OPTIONS 'dsconf plugin referential-integrity config-entry delete'

2567       usage: dsconf instance plugin referential-integrity config-entry delete
2568              [-h] DN
2569
2570
2571       DN     The config entry full DN
2572
2573
2574
2575
2576

OPTIONS 'dsconf plugin root-dn'

2578       usage: dsconf instance plugin root-dn [-h]
2579                                             {show,enable,disable,status,set}
2580       ...
2581
2582
2583   Sub-commands
2584       dsconf plugin root-dn show
2585              display plugin configuration
2586
2587       dsconf plugin root-dn enable
2588              enable plugin
2589
2590       dsconf plugin root-dn disable
2591              disable plugin
2592
2593       dsconf plugin root-dn status
2594              display plugin status
2595
2596       dsconf plugin root-dn set
2597              Edit the plugin
2598

OPTIONS 'dsconf plugin root-dn show'

2600       usage: dsconf instance plugin root-dn show [-h]
2601
2602
2603
2604

OPTIONS 'dsconf plugin root-dn enable'

2606       usage: dsconf instance plugin root-dn enable [-h]
2607
2608
2609
2610

OPTIONS 'dsconf plugin root-dn disable'

2612       usage: dsconf instance plugin root-dn disable [-h]
2613
2614
2615
2616

OPTIONS 'dsconf plugin root-dn status'

2618       usage: dsconf instance plugin root-dn status [-h]
2619
2620
2621
2622

OPTIONS 'dsconf plugin root-dn set'

2624       usage: dsconf instance plugin root-dn set [-h]
2625                                                 [--allow-host      ALLOW_HOST
2626       [ALLOW_HOST ...]]
2627                                                 [--deny-host        DENY_HOST
2628       [DENY_HOST ...]]
2629                                                 [--allow-ip          ALLOW_IP
2630       [ALLOW_IP ...]]
2631                                                 [--deny-ip  DENY_IP  [DENY_IP
2632       ...]]
2633                                                 [--open-time OPEN_TIME]
2634                                                 [--close-time CLOSE_TIME]
2635                                                 [--days-allowed DAYS_ALLOWED]
2636
2637
2638
2639       --allow-host ALLOW_HOST [ALLOW_HOST ...]
2640              Sets what hosts, by fully-qualified domain name, the  root  user
2641              is  allowed to use to access the Directory Server. Any hosts not
2642              listed are implicitly denied (rootdn-allow-host)
2643
2644
2645       --deny-host DENY_HOST [DENY_HOST ...]
2646              Sets what hosts, by fully-qualified domain name, the  root  user
2647              is  not  allowed to use to access the Directory Server Any hosts
2648              not listed are implicitly allowed (rootdn-deny-host). If an host
2649              address   is   listed   in   both  the  rootdn-  allow-host  and
2650              rootdn-deny-host attributes, it is denied access.
2651
2652
2653       --allow-ip ALLOW_IP [ALLOW_IP ...]
2654              Sets what IP addresses, either IPv4 or IPv6,  for  machines  the
2655              root  user  is allowed to use to access the Directory Server Any
2656              IP addresses not listed are implicitly denied (rootdn-allow-ip)
2657
2658
2659       --deny-ip DENY_IP [DENY_IP ...]
2660              Sets what IP addresses, either IPv4 or IPv6,  for  machines  the
2661              root  user is not allowed to use to access the Directory Server.
2662              Any   IP   addresses   not   listed   are   implicitly   allowed
2663              (rootdn-deny-ip)  If  an  IP  address  is  listed  in  both  the
2664              rootdn-allow-ip and  rootdn-deny-ip  attributes,  it  is  denied
2665              access.
2666
2667
2668       --open-time OPEN_TIME
2669              Sets  part  of  a  time  period  or  range when the root user is
2670              allowed to access the  Directory  Server.  This  sets  when  the
2671              time-based access begins (rootdn- open-time)
2672
2673
2674       --close-time CLOSE_TIME
2675              Sets  part  of  a  time  period  or  range when the root user is
2676              allowed to access the  Directory  Server.  This  sets  when  the
2677              time-based access ends (rootdn-close- time)
2678
2679
2680       --days-allowed DAYS_ALLOWED
2681              Gives  a  comma-separated  list  of  what  days the root user is
2682              allowed to use to access the Directory Server. Any  days  listed
2683              are implicitly denied (rootdn- days-allowed)
2684
2685
2686

OPTIONS 'dsconf plugin usn'

2688       usage: dsconf instance plugin usn [-h]
2689                                         {show,enable,disable,sta‐
2690       tus,global,cleanup}
2691                                         ...
2692
2693
2694   Sub-commands
2695       dsconf plugin usn show
2696              display plugin configuration
2697
2698       dsconf plugin usn enable
2699              enable plugin
2700
2701       dsconf plugin usn disable
2702              disable plugin
2703
2704       dsconf plugin usn status
2705              display plugin status
2706
2707       dsconf plugin usn global
2708              Get or manage global usn mode (nsslapd-entryusn-global)
2709
2710       dsconf plugin usn cleanup
2711              Run the USN tombstone cleanup task
2712

OPTIONS 'dsconf plugin usn show'

2714       usage: dsconf instance plugin usn show [-h]
2715
2716
2717
2718

OPTIONS 'dsconf plugin usn enable'

2720       usage: dsconf instance plugin usn enable [-h]
2721
2722
2723
2724

OPTIONS 'dsconf plugin usn disable'

2726       usage: dsconf instance plugin usn disable [-h]
2727
2728
2729
2730

OPTIONS 'dsconf plugin usn status'

2732       usage: dsconf instance plugin usn status [-h]
2733
2734
2735
2736

OPTIONS 'dsconf plugin usn global'

2738       usage: dsconf instance plugin usn global [-h] {on,off} ...
2739
2740
2741   Sub-commands
2742       dsconf plugin usn global on
2743              Enable usn global mode
2744
2745       dsconf plugin usn global off
2746              Disable usn global mode
2747

OPTIONS 'dsconf plugin usn global on'

2749       usage: dsconf instance plugin usn global on [-h]
2750
2751
2752
2753

OPTIONS 'dsconf plugin usn global off'

2755       usage: dsconf instance plugin usn global off [-h]
2756
2757
2758
2759
2760

OPTIONS 'dsconf plugin usn cleanup'

2762       usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2763                                                 [-m MAX_USN]
2764
2765
2766
2767       -s SUFFIX, --suffix SUFFIX
2768              Gives the suffix or subtree in the Directory Server to  run  the
2769              cleanup  operation against. If the suffix is not specified, then
2770              the back end must be given (suffix)
2771
2772
2773       -n BACKEND, --backend BACKEND
2774              Gives the Directory Server instance back end,  or  database,  to
2775              run the cleanup operation against. If the back end is not speci‐
2776              fied, then the suffix must be  specified.  Backend  instance  in
2777              which USN tombstone entries (backend)
2778
2779
2780       -m MAX_USN, --max-usn MAX_USN
2781              Gives  the  highest  USN value to delete when removing tombstone
2782              entries (max_usn_to_delete)
2783
2784
2785

OPTIONS 'dsconf plugin account-policy'

2787       usage: dsconf instance plugin account-policy [-h]
2788                                                    {show,enable,disable,sta‐
2789       tus,set,config-entry}
2790                                                    ...
2791
2792
2793   Sub-commands
2794       dsconf plugin account-policy show
2795              display plugin configuration
2796
2797       dsconf plugin account-policy enable
2798              enable plugin
2799
2800       dsconf plugin account-policy disable
2801              disable plugin
2802
2803       dsconf plugin account-policy status
2804              display plugin status
2805
2806       dsconf plugin account-policy set
2807              Edit the plugin
2808
2809       dsconf plugin account-policy config-entry
2810              Manage the config entry
2811

OPTIONS 'dsconf plugin account-policy show'

2813       usage: dsconf instance plugin account-policy show [-h]
2814
2815
2816
2817

OPTIONS 'dsconf plugin account-policy enable'

2819       usage: dsconf instance plugin account-policy enable [-h]
2820
2821
2822
2823

OPTIONS 'dsconf plugin account-policy disable'

2825       usage: dsconf instance plugin account-policy disable [-h]
2826
2827
2828
2829

OPTIONS 'dsconf plugin account-policy status'

2831       usage: dsconf instance plugin account-policy status [-h]
2832
2833
2834
2835

OPTIONS 'dsconf plugin account-policy set'

2837       usage: dsconf instance plugin account-policy set [-h]
2838                                                        [--config-entry   CON‐
2839       FIG_ENTRY]
2840
2841
2842
2843       --config-entry CONFIG_ENTRY
2844              The value to set as nsslapd-pluginConfigArea
2845
2846

OPTIONS 'dsconf plugin account-policy config-entry'

2848       usage: dsconf instance plugin account-policy config-entry [-h]
2849                                                                 {add,set,show,delete}
2850                                                                 ...
2851
2852
2853   Sub-commands
2854       dsconf plugin account-policy config-entry add
2855              Add the config entry
2856
2857       dsconf plugin account-policy config-entry set
2858              Edit the config entry
2859
2860       dsconf plugin account-policy config-entry show
2861              Display the config entry
2862
2863       dsconf plugin account-policy config-entry delete
2864              Delete the config entry
2865

OPTIONS 'dsconf plugin account-policy config-entry add'

2867       usage: dsconf instance plugin account-policy config-entry add
2868              [-h]    [--always-record-login    {yes,no}]    [--alt-state-attr
2869       ALT_STATE_ATTR]
2870              [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2871              [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2872              [--state-attr STATE_ATTR]
2873              DN
2874
2875
2876       DN     The config entry full DN
2877
2878
2879       --always-record-login {yes,no}
2880              Sets that every entry records its last login time (alwaysRecord‐
2881              Login)
2882
2883
2884       --alt-state-attr ALT_STATE_ATTR
2885              Provides a backup attribute for the server to reference to eval‐
2886              uate the expiration time (altStateAttrName)
2887
2888
2889       --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2890              Specifies the attribute to store the time of the last successful
2891              login   in   this   attribute   in  the  users  directory  entry
2892              (alwaysRecordLoginAttr)
2893
2894
2895       --limit-attr LIMIT_ATTR
2896              Specifies the attribute within the policy to use for the account
2897              inactivation limit (limitAttrName)
2898
2899
2900       --spec-attr SPEC_ATTR
2901              Specifies  the  attribute  to identify which entries are account
2902              policy configuration entries (specAttrName)
2903
2904
2905       --state-attr STATE_ATTR
2906              Specifies the primary time attribute used to evaluate an account
2907              policy (stateAttrName)
2908
2909

OPTIONS 'dsconf plugin account-policy config-entry set'

2911       usage: dsconf instance plugin account-policy config-entry set
2912              [-h]    [--always-record-login    {yes,no}]    [--alt-state-attr
2913       ALT_STATE_ATTR]
2914              [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2915              [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2916              [--state-attr STATE_ATTR]
2917              DN
2918
2919
2920       DN     The config entry full DN
2921
2922
2923       --always-record-login {yes,no}
2924              Sets that every entry records its last login time (alwaysRecord‐
2925              Login)
2926
2927
2928       --alt-state-attr ALT_STATE_ATTR
2929              Provides a backup attribute for the server to reference to eval‐
2930              uate the expiration time (altStateAttrName)
2931
2932
2933       --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2934              Specifies the attribute to store the time of the last successful
2935              login   in   this   attribute   in  the  users  directory  entry
2936              (alwaysRecordLoginAttr)
2937
2938
2939       --limit-attr LIMIT_ATTR
2940              Specifies the attribute within the policy to use for the account
2941              inactivation limit (limitAttrName)
2942
2943
2944       --spec-attr SPEC_ATTR
2945              Specifies  the  attribute  to identify which entries are account
2946              policy configuration entries (specAttrName)
2947
2948
2949       --state-attr STATE_ATTR
2950              Specifies the primary time attribute used to evaluate an account
2951              policy (stateAttrName)
2952
2953

OPTIONS 'dsconf plugin account-policy config-entry show'

2955       usage: dsconf instance plugin account-policy config-entry show [-h] DN
2956
2957
2958       DN     The config entry full DN
2959
2960
2961

OPTIONS 'dsconf plugin account-policy config-entry delete'

2963       usage:  dsconf  instance plugin account-policy config-entry delete [-h]
2964       DN
2965
2966
2967       DN     The config entry full DN
2968
2969
2970
2971
2972

OPTIONS 'dsconf plugin attr-uniq'

2974       usage: dsconf instance plugin attr-uniq [-h]
2975                                               {list,add,set,show,delete,enable,dis‐
2976       able,status}
2977                                               ...
2978
2979
2980   Sub-commands
2981       dsconf plugin attr-uniq list
2982              List available plugin configs
2983
2984       dsconf plugin attr-uniq add
2985              Add the config entry
2986
2987       dsconf plugin attr-uniq set
2988              Edit the config entry
2989
2990       dsconf plugin attr-uniq show
2991              Display the config entry
2992
2993       dsconf plugin attr-uniq delete
2994              Delete the config entry
2995
2996       dsconf plugin attr-uniq enable
2997              enable plugin
2998
2999       dsconf plugin attr-uniq disable
3000              disable plugin
3001
3002       dsconf plugin attr-uniq status
3003              display plugin status
3004

OPTIONS 'dsconf plugin attr-uniq list'

3006       usage: dsconf instance plugin attr-uniq list [-h]
3007
3008
3009
3010

OPTIONS 'dsconf plugin attr-uniq add'

3012       usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}]
3013                                                   [--attr-name      ATTR_NAME
3014       [ATTR_NAME ...]]
3015                                                   [--subtree SUBTREE [SUBTREE
3016       ...]]
3017                                                   [--across-all-subtrees
3018       {on,off}]
3019                                                   [--top-entry-oc
3020       TOP_ENTRY_OC]
3021                                                   [--subtree-entries-oc  SUB‐
3022       TREE_ENTRIES_OC]
3023                                                   NAME
3024
3025
3026       NAME   Sets the name of the plug-in configuration record. (cn) You  can
3027              use  any  string,  but  "attribute_name Attribute Uniqueness" is
3028              recommended.
3029
3030
3031       --enabled {on,off}
3032              Identifies whether or not the config is enabled.
3033
3034
3035       --attr-name ATTR_NAME [ATTR_NAME ...]
3036              Sets the name of the attribute whose values must be unique. This
3037              attribute is multi-valued. (uniqueness-attribute-name)
3038
3039
3040       --subtree SUBTREE [SUBTREE ...]
3041              Sets the DN under which the plug-in checks for uniqueness of the
3042              attributes  value.  This  attribute  is  multi-valued   (unique‐
3043              ness-subtrees)
3044
3045
3046       --across-all-subtrees {on,off}
3047              If enabled (on), the plug-in checks that the attribute is unique
3048              across all subtrees set.  If  you  set  the  attribute  to  off,
3049              uniqueness  is  only  enforced within the subtree of the updated
3050              entry (uniqueness-across-all-subtrees)
3051
3052
3053       --top-entry-oc TOP_ENTRY_OC
3054              Verifies  that  the  value  of  the  attribute  set  in  unique‐
3055              ness-attribute-name   is   unique   in   this  subtree  (unique‐
3056              ness-top-entry-oc)
3057
3058
3059       --subtree-entries-oc SUBTREE_ENTRIES_OC
3060              Verifies if an attribute is unique, if the  entry  contains  the
3061              object    class   set   in   this   parameter   (uniqueness-sub‐
3062              tree-entries-oc)
3063
3064

OPTIONS 'dsconf plugin attr-uniq set'

3066       usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}]
3067                                                   [--attr-name      ATTR_NAME
3068       [ATTR_NAME ...]]
3069                                                   [--subtree SUBTREE [SUBTREE
3070       ...]]
3071                                                   [--across-all-subtrees
3072       {on,off}]
3073                                                   [--top-entry-oc
3074       TOP_ENTRY_OC]
3075                                                   [--subtree-entries-oc  SUB‐
3076       TREE_ENTRIES_OC]
3077                                                   NAME
3078
3079
3080       NAME   Sets  the name of the plug-in configuration record. (cn) You can
3081              use any string, but  "attribute_name  Attribute  Uniqueness"  is
3082              recommended.
3083
3084
3085       --enabled {on,off}
3086              Identifies whether or not the config is enabled.
3087
3088
3089       --attr-name ATTR_NAME [ATTR_NAME ...]
3090              Sets the name of the attribute whose values must be unique. This
3091              attribute is multi-valued. (uniqueness-attribute-name)
3092
3093
3094       --subtree SUBTREE [SUBTREE ...]
3095              Sets the DN under which the plug-in checks for uniqueness of the
3096              attributes   value.  This  attribute  is  multi-valued  (unique‐
3097              ness-subtrees)
3098
3099
3100       --across-all-subtrees {on,off}
3101              If enabled (on), the plug-in checks that the attribute is unique
3102              across  all  subtrees  set.  If  you  set  the attribute to off,
3103              uniqueness is only enforced within the subtree  of  the  updated
3104              entry (uniqueness-across-all-subtrees)
3105
3106
3107       --top-entry-oc TOP_ENTRY_OC
3108              Verifies  that  the  value  of  the  attribute  set  in  unique‐
3109              ness-attribute-name  is  unique   in   this   subtree   (unique‐
3110              ness-top-entry-oc)
3111
3112
3113       --subtree-entries-oc SUBTREE_ENTRIES_OC
3114              Verifies  if  an  attribute is unique, if the entry contains the
3115              object   class   set   in   this   parameter    (uniqueness-sub‐
3116              tree-entries-oc)
3117
3118

OPTIONS 'dsconf plugin attr-uniq show'

3120       usage: dsconf instance plugin attr-uniq show [-h] NAME
3121
3122
3123       NAME   The name of the plug-in configuration record
3124
3125
3126

OPTIONS 'dsconf plugin attr-uniq delete'

3128       usage: dsconf instance plugin attr-uniq delete [-h] NAME
3129
3130
3131       NAME   Sets the name of the plug-in configuration record
3132
3133
3134

OPTIONS 'dsconf plugin attr-uniq enable'

3136       usage: dsconf instance plugin attr-uniq enable [-h] NAME
3137
3138
3139       NAME   Sets the name of the plug-in configuration record
3140
3141
3142

OPTIONS 'dsconf plugin attr-uniq disable'

3144       usage: dsconf instance plugin attr-uniq disable [-h] NAME
3145
3146
3147       NAME   Sets the name of the plug-in configuration record
3148
3149
3150

OPTIONS 'dsconf plugin attr-uniq status'

3152       usage: dsconf instance plugin attr-uniq status [-h] NAME
3153
3154
3155       NAME   Sets the name of the plug-in configuration record
3156
3157
3158
3159

OPTIONS 'dsconf plugin dna'

3161       usage: dsconf instance plugin dna [-h]
3162                                         {show,enable,disable,status,list,con‐
3163       fig} ...
3164
3165
3166   Sub-commands
3167       dsconf plugin dna show
3168              display plugin configuration
3169
3170       dsconf plugin dna enable
3171              enable plugin
3172
3173       dsconf plugin dna disable
3174              disable plugin
3175
3176       dsconf plugin dna status
3177              display plugin status
3178
3179       dsconf plugin dna list
3180              List available plugin configs
3181
3182       dsconf plugin dna config
3183              Manage plugin configs
3184

OPTIONS 'dsconf plugin dna show'

3186       usage: dsconf instance plugin dna show [-h]
3187
3188
3189
3190

OPTIONS 'dsconf plugin dna enable'

3192       usage: dsconf instance plugin dna enable [-h]
3193
3194
3195
3196

OPTIONS 'dsconf plugin dna disable'

3198       usage: dsconf instance plugin dna disable [-h]
3199
3200
3201
3202

OPTIONS 'dsconf plugin dna status'

3204       usage: dsconf instance plugin dna status [-h]
3205
3206
3207
3208

OPTIONS 'dsconf plugin dna list'

3210       usage: dsconf instance plugin dna  list  [-h]  {configs,shared-configs}
3211       ...
3212
3213
3214   Sub-commands
3215       dsconf plugin dna list configs
3216              List main DNA plugin config entries
3217
3218       dsconf plugin dna list shared-configs
3219              List DNA plugin shared config entries
3220

OPTIONS 'dsconf plugin dna list configs'

3222       usage: dsconf instance plugin dna list configs [-h]
3223
3224
3225
3226

OPTIONS 'dsconf plugin dna list shared-configs'

3228       usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3229
3230
3231       BASEDN The search DN
3232
3233
3234
3235

OPTIONS 'dsconf plugin dna config'

3237       usage: dsconf instance plugin dna config [-h]
3238                                                NAME
3239                                                {add,set,show,delete,shared-
3240       config-entry}
3241                                                ...
3242
3243
3244       NAME   The DNA configuration name
3245
3246
3247   Sub-commands
3248       dsconf plugin dna config add
3249              Add the config entry
3250
3251       dsconf plugin dna config set
3252              Edit the config entry
3253
3254       dsconf plugin dna config show
3255              Display the config entry
3256
3257       dsconf plugin dna config delete
3258              Delete the config entry
3259
3260       dsconf plugin dna config shared-config-entry
3261              Manage the shared config entry
3262

OPTIONS 'dsconf plugin dna config add'

3264       usage: dsconf instance plugin dna config NAME add [-h]
3265                                                         [--type  TYPE   [TYPE
3266       ...]]
3267                                                         [--prefix PREFIX]
3268                                                         [--next-value
3269       NEXT_VALUE]
3270                                                         [--max-value
3271       MAX_VALUE]
3272                                                         [--interval INTERVAL]
3273                                                         [--magic-regen
3274       MAGIC_REGEN]
3275                                                         [--filter FILTER]
3276                                                         [--scope SCOPE]
3277                                                         [--remote-bind-dn
3278       REMOTE_BIND_DN]
3279                                                         [--remote-bind-cred
3280       REMOTE_BIND_CRED]
3281                                                         [--shared-config-
3282       entry SHARED_CONFIG_ENTRY]
3283                                                         [--threshold  THRESH‐
3284       OLD]
3285                                                         [--next-range
3286       NEXT_RANGE]
3287                                                         [--range-request-
3288       timeout RANGE_REQUEST_TIMEOUT]
3289
3290
3291
3292       --type TYPE [TYPE ...]
3293              Sets which attributes have unique numbers  being  generated  for
3294              them (dnaType)
3295
3296
3297       --prefix PREFIX
3298              Defines  a  prefix that can be prepended to the generated number
3299              values for the attribute (dnaPrefix)
3300
3301
3302       --next-value NEXT_VALUE
3303              Gives  the  next  available  number  which   can   be   assigned
3304              (dnaNextValue)
3305
3306
3307       --max-value MAX_VALUE
3308              Sets  the maximum value that can be assigned for the range (dna‐
3309              MaxValue)
3310
3311
3312       --interval INTERVAL
3313              Sets an interval to use to increment through numbers in a  range
3314              (dnaInterval)
3315
3316
3317       --magic-regen MAGIC_REGEN
3318              Sets a user-defined value that instructs the plug-in to assign a
3319              new value for the entry (dnaMagicRegen)
3320
3321
3322       --filter FILTER
3323              Sets an LDAP filter to  use  to  search  for  and  identify  the
3324              entries  to  which  to  apply the distributed numeric assignment
3325              range (dnaFilter)
3326
3327
3328       --scope SCOPE
3329              Sets the base DN to search for entries to  which  to  apply  the
3330              distributed numeric assignment (dnaScope)
3331
3332
3333       --remote-bind-dn REMOTE_BIND_DN
3334              Specifies the Replication Manager DN (dnaRemoteBindDN)
3335
3336
3337       --remote-bind-cred REMOTE_BIND_CRED
3338              Specifies the Replication Manager's password (dnaRemoteBindCred)
3339
3340
3341       --shared-config-entry SHARED_CONFIG_ENTRY
3342              Defines  a  shared identity that the servers can use to transfer
3343              ranges to one another (dnaSharedCfgDN)
3344
3345
3346       --threshold THRESHOLD
3347              Sets a threshold of remaining available numbers  in  the  range.
3348              When the server hits the threshold, it sends a request for a new
3349              range (dnaThreshold)
3350
3351
3352       --next-range NEXT_RANGE
3353              Defines the  next  range  to  use  when  the  current  range  is
3354              exhausted (dnaNextRange)
3355
3356
3357       --range-request-timeout RANGE_REQUEST_TIMEOUT
3358              sets  a  timeout  period, in seconds, for range requests so that
3359              the server does not stall waiting on a new range from one server
3360              and  can request a range from a new server (dnaRangeRequestTime‐
3361              out)
3362
3363

OPTIONS 'dsconf plugin dna config set'

3365       usage: dsconf instance plugin dna config NAME set [-h]
3366                                                         [--type  TYPE   [TYPE
3367       ...]]
3368                                                         [--prefix PREFIX]
3369                                                         [--next-value
3370       NEXT_VALUE]
3371                                                         [--max-value
3372       MAX_VALUE]
3373                                                         [--interval INTERVAL]
3374                                                         [--magic-regen
3375       MAGIC_REGEN]
3376                                                         [--filter FILTER]
3377                                                         [--scope SCOPE]
3378                                                         [--remote-bind-dn
3379       REMOTE_BIND_DN]
3380                                                         [--remote-bind-cred
3381       REMOTE_BIND_CRED]
3382                                                         [--shared-config-
3383       entry SHARED_CONFIG_ENTRY]
3384                                                         [--threshold  THRESH‐
3385       OLD]
3386                                                         [--next-range
3387       NEXT_RANGE]
3388                                                         [--range-request-
3389       timeout RANGE_REQUEST_TIMEOUT]
3390
3391
3392
3393       --type TYPE [TYPE ...]
3394              Sets which attributes have unique numbers  being  generated  for
3395              them (dnaType)
3396
3397
3398       --prefix PREFIX
3399              Defines  a  prefix that can be prepended to the generated number
3400              values for the attribute (dnaPrefix)
3401
3402
3403       --next-value NEXT_VALUE
3404              Gives  the  next  available  number  which   can   be   assigned
3405              (dnaNextValue)
3406
3407
3408       --max-value MAX_VALUE
3409              Sets  the maximum value that can be assigned for the range (dna‐
3410              MaxValue)
3411
3412
3413       --interval INTERVAL
3414              Sets an interval to use to increment through numbers in a  range
3415              (dnaInterval)
3416
3417
3418       --magic-regen MAGIC_REGEN
3419              Sets a user-defined value that instructs the plug-in to assign a
3420              new value for the entry (dnaMagicRegen)
3421
3422
3423       --filter FILTER
3424              Sets an LDAP filter to  use  to  search  for  and  identify  the
3425              entries  to  which  to  apply the distributed numeric assignment
3426              range (dnaFilter)
3427
3428
3429       --scope SCOPE
3430              Sets the base DN to search for entries to  which  to  apply  the
3431              distributed numeric assignment (dnaScope)
3432
3433
3434       --remote-bind-dn REMOTE_BIND_DN
3435              Specifies the Replication Manager DN (dnaRemoteBindDN)
3436
3437
3438       --remote-bind-cred REMOTE_BIND_CRED
3439              Specifies the Replication Manager's password (dnaRemoteBindCred)
3440
3441
3442       --shared-config-entry SHARED_CONFIG_ENTRY
3443              Defines  a  shared identity that the servers can use to transfer
3444              ranges to one another (dnaSharedCfgDN)
3445
3446
3447       --threshold THRESHOLD
3448              Sets a threshold of remaining available numbers  in  the  range.
3449              When the server hits the threshold, it sends a request for a new
3450              range (dnaThreshold)
3451
3452
3453       --next-range NEXT_RANGE
3454              Defines the  next  range  to  use  when  the  current  range  is
3455              exhausted (dnaNextRange)
3456
3457
3458       --range-request-timeout RANGE_REQUEST_TIMEOUT
3459              sets  a  timeout  period, in seconds, for range requests so that
3460              the server does not stall waiting on a new range from one server
3461              and  can request a range from a new server (dnaRangeRequestTime‐
3462              out)
3463
3464

OPTIONS 'dsconf plugin dna config show'

3466       usage: dsconf instance plugin dna config NAME show [-h]
3467
3468
3469
3470

OPTIONS 'dsconf plugin dna config delete'

3472       usage: dsconf instance plugin dna config NAME delete [-h]
3473
3474
3475
3476

OPTIONS 'dsconf plugin dna config shared-config-entry'

3478       usage: dsconf instance plugin dna config NAME shared-config-entry
3479              [-h] HOSTNAME PORT {add,set,show,delete} ...
3480
3481
3482       HOSTNAME
3483              Identifies the host name of a server in a shared range, as  part
3484              of  the  DNA  range  configuration  for  that  specific  host in
3485              multi-master replication (dnaHostname)
3486
3487
3488       PORT   Gives the standard port number to use to  connect  to  the  host
3489              identified in dnaHostname (dnaPortNum)
3490
3491
3492   Sub-commands
3493       dsconf plugin dna config shared-config-entry add
3494              Add the shared config entry
3495
3496       dsconf plugin dna config shared-config-entry set
3497              Edit the shared config entry
3498
3499       dsconf plugin dna config shared-config-entry show
3500              Display the shared config entry
3501
3502       dsconf plugin dna config shared-config-entry delete
3503              Delete the shared config entry
3504

OPTIONS 'dsconf plugin dna config shared-config-entry add'

3506       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3507       NAME PORT add
3508              [-h] [--secure-port SECURE_PORT]
3509              [--remote-bind-method REMOTE_BIND_METHOD]
3510              [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3511              [--remaining-values REMAINING_VALUES]
3512
3513
3514
3515       --secure-port SECURE_PORT
3516              Gives the secure (TLS) port number to use to connect to the host
3517              identified in dnaHostname (dnaSecurePortNum)
3518
3519
3520       --remote-bind-method REMOTE_BIND_METHOD
3521              Specifies the remote bind method (dnaRemoteBindMethod)
3522
3523
3524       --remote-conn-protocol REMOTE_CONN_PROTOCOL
3525              Specifies the remote connection protocol (dnaRemoteConnProtocol)
3526
3527
3528       --remaining-values REMAINING_VALUES
3529              Contains  the  number of values that are remaining and available
3530              to a server to assign to entries (dnaRemainingValues)
3531
3532

OPTIONS 'dsconf plugin dna config shared-config-entry set'

3534       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3535       NAME PORT set
3536              [-h] [--secure-port SECURE_PORT]
3537              [--remote-bind-method REMOTE_BIND_METHOD]
3538              [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3539              [--remaining-values REMAINING_VALUES]
3540
3541
3542
3543       --secure-port SECURE_PORT
3544              Gives the secure (TLS) port number to use to connect to the host
3545              identified in dnaHostname (dnaSecurePortNum)
3546
3547
3548       --remote-bind-method REMOTE_BIND_METHOD
3549              Specifies the remote bind method (dnaRemoteBindMethod)
3550
3551
3552       --remote-conn-protocol REMOTE_CONN_PROTOCOL
3553              Specifies the remote connection protocol (dnaRemoteConnProtocol)
3554
3555
3556       --remaining-values REMAINING_VALUES
3557              Contains the number of values that are remaining  and  available
3558              to a server to assign to entries (dnaRemainingValues)
3559
3560

OPTIONS 'dsconf plugin dna config shared-config-entry show'

3562       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3563       NAME PORT show
3564              [-h]
3565
3566
3567
3568

OPTIONS 'dsconf plugin dna config shared-config-entry delete'

3570       usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3571       NAME PORT delete
3572              [-h]
3573
3574
3575
3576
3577
3578
3579

OPTIONS 'dsconf plugin linked-attr'

3581       usage: dsconf instance plugin linked-attr [-h]
3582                                                 {show,enable,disable,sta‐
3583       tus,fixup,list,config}
3584                                                 ...
3585
3586
3587   Sub-commands
3588       dsconf plugin linked-attr show
3589              display plugin configuration
3590
3591       dsconf plugin linked-attr enable
3592              enable plugin
3593
3594       dsconf plugin linked-attr disable
3595              disable plugin
3596
3597       dsconf plugin linked-attr status
3598              display plugin status
3599
3600       dsconf plugin linked-attr fixup
3601              Run the fix-up task for linked attributes plugin
3602
3603       dsconf plugin linked-attr list
3604              List available plugin configs
3605
3606       dsconf plugin linked-attr config
3607              Manage plugin configs
3608

OPTIONS 'dsconf plugin linked-attr show'

3610       usage: dsconf instance plugin linked-attr show [-h]
3611
3612
3613
3614

OPTIONS 'dsconf plugin linked-attr enable'

3616       usage: dsconf instance plugin linked-attr enable [-h]
3617
3618
3619
3620

OPTIONS 'dsconf plugin linked-attr disable'

3622       usage: dsconf instance plugin linked-attr disable [-h]
3623
3624
3625
3626

OPTIONS 'dsconf plugin linked-attr status'

3628       usage: dsconf instance plugin linked-attr status [-h]
3629
3630
3631
3632

OPTIONS 'dsconf plugin linked-attr fixup'

3634       usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3635
3636
3637
3638       -l LINKDN, --linkdn LINKDN
3639              Base DN that contains entries to fix up
3640
3641

OPTIONS 'dsconf plugin linked-attr list'

3643       usage: dsconf instance plugin linked-attr list [-h]
3644
3645
3646
3647

OPTIONS 'dsconf plugin linked-attr config'

3649       usage: dsconf instance plugin linked-attr config [-h]
3650                                                        NAME
3651       {add,set,show,delete}
3652                                                        ...
3653
3654
3655       NAME   The Linked Attributes configuration name
3656
3657
3658   Sub-commands
3659       dsconf plugin linked-attr config add
3660              Add the config entry
3661
3662       dsconf plugin linked-attr config set
3663              Edit the config entry
3664
3665       dsconf plugin linked-attr config show
3666              Display the config entry
3667
3668       dsconf plugin linked-attr config delete
3669              Delete the config entry
3670

OPTIONS 'dsconf plugin linked-attr config add'

3672       usage: dsconf instance plugin linked-attr config NAME add [-h]
3673                                                                 [--link-type
3674       LINK_TYPE]
3675                                                                 [--managed-
3676       type MANAGED_TYPE]
3677                                                                 [--link-scope
3678       LINK_SCOPE]
3679
3680
3681
3682       --link-type LINK_TYPE
3683              Sets the attribute that is managed  manually  by  administrators
3684              (linkType)
3685
3686
3687       --managed-type MANAGED_TYPE
3688              Sets  the  attribute  that  is created dynamically by the plugin
3689              (managedType)
3690
3691
3692       --link-scope LINK_SCOPE
3693              Sets the scope that restricts the plugin to a specific  part  of
3694              the directory tree (linkScope)
3695
3696

OPTIONS 'dsconf plugin linked-attr config set'

3698       usage: dsconf instance plugin linked-attr config NAME set [-h]
3699                                                                 [--link-type
3700       LINK_TYPE]
3701                                                                 [--managed-
3702       type MANAGED_TYPE]
3703                                                                 [--link-scope
3704       LINK_SCOPE]
3705
3706
3707
3708       --link-type LINK_TYPE
3709              Sets the attribute that is managed  manually  by  administrators
3710              (linkType)
3711
3712
3713       --managed-type MANAGED_TYPE
3714              Sets  the  attribute  that  is created dynamically by the plugin
3715              (managedType)
3716
3717
3718       --link-scope LINK_SCOPE
3719              Sets the scope that restricts the plugin to a specific  part  of
3720              the directory tree (linkScope)
3721
3722

OPTIONS 'dsconf plugin linked-attr config show'

3724       usage: dsconf instance plugin linked-attr config NAME show [-h]
3725
3726
3727
3728

OPTIONS 'dsconf plugin linked-attr config delete'

3730       usage: dsconf instance plugin linked-attr config NAME delete [-h]
3731
3732
3733
3734
3735
3736

OPTIONS 'dsconf plugin managed-entries'

3738       usage: dsconf instance plugin managed-entries [-h]
3739                                                     {show,enable,disable,sta‐
3740       tus,set,list,config,template}
3741                                                     ...
3742
3743
3744   Sub-commands
3745       dsconf plugin managed-entries show
3746              display plugin configuration
3747
3748       dsconf plugin managed-entries enable
3749              enable plugin
3750
3751       dsconf plugin managed-entries disable
3752              disable plugin
3753
3754       dsconf plugin managed-entries status
3755              display plugin status
3756
3757       dsconf plugin managed-entries set
3758              Edit the plugin
3759
3760       dsconf plugin managed-entries list
3761              List Managed Entries Plugin configs and templates
3762
3763       dsconf plugin managed-entries config
3764              Handle Managed Entries Plugin configs
3765
3766       dsconf plugin managed-entries template
3767              Handle Managed Entries Plugin templates
3768

OPTIONS 'dsconf plugin managed-entries show'

3770       usage: dsconf instance plugin managed-entries show [-h]
3771
3772
3773
3774

OPTIONS 'dsconf plugin managed-entries enable'

3776       usage: dsconf instance plugin managed-entries enable [-h]
3777
3778
3779
3780

OPTIONS 'dsconf plugin managed-entries disable'

3782       usage: dsconf instance plugin managed-entries disable [-h]
3783
3784
3785
3786

OPTIONS 'dsconf plugin managed-entries status'

3788       usage: dsconf instance plugin managed-entries status [-h]
3789
3790
3791
3792

OPTIONS 'dsconf plugin managed-entries set'

3794       usage: dsconf instance plugin managed-entries set [-h]
3795                                                         [--config-area   CON‐
3796       FIG_AREA]
3797
3798
3799
3800       --config-area CONFIG_AREA
3801              The value to set as nsslapd-pluginConfigArea
3802
3803

OPTIONS 'dsconf plugin managed-entries list'

3805       usage: dsconf instance plugin managed-entries list [-h]
3806                                                          {configs,templates}
3807       ...
3808
3809
3810   Sub-commands
3811       dsconf plugin managed-entries list configs
3812              List Managed Entries Plugin configs (list config-area if  speci‐
3813              fied in the main plugin entry)
3814
3815       dsconf plugin managed-entries list templates
3816              List Managed Entries Plugin templates in the directory
3817

OPTIONS 'dsconf plugin managed-entries list configs'

3819       usage: dsconf instance plugin managed-entries list configs [-h]
3820
3821
3822
3823

OPTIONS 'dsconf plugin managed-entries list templates'

3825       usage:  dsconf  instance  plugin  managed-entries  list  templates [-h]
3826       BASEDN
3827
3828
3829       BASEDN The base DN where to search the templates.
3830
3831
3832
3833

OPTIONS 'dsconf plugin managed-entries config'

3835       usage: dsconf instance plugin managed-entries config [-h]
3836                                                            NAME
3837                                                            {add,set,show,delete}
3838       ...
3839
3840
3841       NAME   The config entry CN.
3842
3843
3844   Sub-commands
3845       dsconf plugin managed-entries config add
3846              Add the config entry
3847
3848       dsconf plugin managed-entries config set
3849              Edit the config entry
3850
3851       dsconf plugin managed-entries config show
3852              Display the config entry
3853
3854       dsconf plugin managed-entries config delete
3855              Delete the config entry
3856

OPTIONS 'dsconf plugin managed-entries config add'

3858       usage: dsconf instance plugin managed-entries config NAME add
3859              [-h]  [--scope  SCOPE]  [--filter  FILTER]  [--managed-base MAN‐
3860       AGED_BASE]
3861              [--managed-template MANAGED_TEMPLATE]
3862
3863
3864
3865       --scope SCOPE
3866              Sets the scope of the search to use to  see  which  entries  the
3867              plug-in monitors (originScope)
3868
3869
3870       --filter FILTER
3871              Sets  the  search  filter  to use to search for and identify the
3872              entries within the subtree which require a managed entry  (orig‐
3873              inFilter)
3874
3875
3876       --managed-base MANAGED_BASE
3877              Sets the subtree under which to create the managed entries (man‐
3878              agedBase)
3879
3880
3881       --managed-template MANAGED_TEMPLATE
3882              Identifies the template entry to use to create the managed entry
3883              (managedTemplate)
3884
3885

OPTIONS 'dsconf plugin managed-entries config set'

3887       usage: dsconf instance plugin managed-entries config NAME set
3888              [-h]  [--scope  SCOPE]  [--filter  FILTER]  [--managed-base MAN‐
3889       AGED_BASE]
3890              [--managed-template MANAGED_TEMPLATE]
3891
3892
3893
3894       --scope SCOPE
3895              Sets the scope of the search to use to  see  which  entries  the
3896              plug-in monitors (originScope)
3897
3898
3899       --filter FILTER
3900              Sets  the  search  filter  to use to search for and identify the
3901              entries within the subtree which require a managed entry  (orig‐
3902              inFilter)
3903
3904
3905       --managed-base MANAGED_BASE
3906              Sets the subtree under which to create the managed entries (man‐
3907              agedBase)
3908
3909
3910       --managed-template MANAGED_TEMPLATE
3911              Identifies the template entry to use to create the managed entry
3912              (managedTemplate)
3913
3914

OPTIONS 'dsconf plugin managed-entries config show'

3916       usage: dsconf instance plugin managed-entries config NAME show [-h]
3917
3918
3919
3920

OPTIONS 'dsconf plugin managed-entries config delete'

3922       usage: dsconf instance plugin managed-entries config NAME delete [-h]
3923
3924
3925
3926
3927

OPTIONS 'dsconf plugin managed-entries template'

3929       usage: dsconf instance plugin managed-entries template [-h]
3930                                                              DN
3931                                                              {add,set,show,delete}
3932                                                              ...
3933
3934
3935       DN     The template entry DN.
3936
3937
3938   Sub-commands
3939       dsconf plugin managed-entries template add
3940              Add the template entry
3941
3942       dsconf plugin managed-entries template set
3943              Edit the template entry
3944
3945       dsconf plugin managed-entries template show
3946              Display the template entry
3947
3948       dsconf plugin managed-entries template delete
3949              Delete the template entry
3950

OPTIONS 'dsconf plugin managed-entries template add'

3952       usage: dsconf instance plugin managed-entries template DN add
3953              [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
3954              [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3955
3956
3957
3958       --rdn-attr RDN_ATTR
3959              Sets which attribute to use as the naming attribute in the auto‐
3960              matically- generated entry (mepRDNAttr)
3961
3962
3963       --static-attr STATIC_ATTR
3964              Sets an attribute with a defined value that must be added to the
3965              automatically-generated entry (mepStaticAttr)
3966
3967
3968       --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3969              Sets attributes in the Managed Entries template entry which must
3970              exist in the generated entry (mepMappedAttr)
3971
3972

OPTIONS 'dsconf plugin managed-entries template set'

3974       usage: dsconf instance plugin managed-entries template DN set
3975              [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
3976              [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3977
3978
3979
3980       --rdn-attr RDN_ATTR
3981              Sets which attribute to use as the naming attribute in the auto‐
3982              matically- generated entry (mepRDNAttr)
3983
3984
3985       --static-attr STATIC_ATTR
3986              Sets an attribute with a defined value that must be added to the
3987              automatically-generated entry (mepStaticAttr)
3988
3989
3990       --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3991              Sets attributes in the Managed Entries template entry which must
3992              exist in the generated entry (mepMappedAttr)
3993
3994

OPTIONS 'dsconf plugin managed-entries template show'

3996       usage: dsconf instance plugin managed-entries template DN show [-h]
3997
3998
3999
4000

OPTIONS 'dsconf plugin managed-entries template delete'

4002       usage: dsconf instance plugin managed-entries template DN delete [-h]
4003
4004
4005
4006
4007
4008

OPTIONS 'dsconf plugin pass-through-auth'

4010       usage: dsconf instance plugin pass-through-auth [-h]
4011                                                       {show,enable,dis‐
4012       able,status,list,url,pam-config}
4013                                                       ...
4014
4015
4016   Sub-commands
4017       dsconf plugin pass-through-auth show
4018              display plugin configuration
4019
4020       dsconf plugin pass-through-auth enable
4021              enable plugin
4022
4023       dsconf plugin pass-through-auth disable
4024              disable plugin
4025
4026       dsconf plugin pass-through-auth status
4027              display plugin status
4028
4029       dsconf plugin pass-through-auth list
4030              List pass-though plugin URLs or PAM configurations.
4031
4032       dsconf plugin pass-through-auth url
4033              Manage PTA URL configurations.
4034
4035       dsconf plugin pass-through-auth pam-config
4036              Manage PAM PTA configurations.
4037

OPTIONS 'dsconf plugin pass-through-auth show'

4039       usage: dsconf instance plugin pass-through-auth show [-h]
4040
4041
4042
4043

OPTIONS 'dsconf plugin pass-through-auth enable'

4045       usage: dsconf instance plugin pass-through-auth enable [-h]
4046
4047
4048
4049

OPTIONS 'dsconf plugin pass-through-auth disable'

4051       usage: dsconf instance plugin pass-through-auth disable [-h]
4052
4053
4054
4055

OPTIONS 'dsconf plugin pass-through-auth status'

4057       usage: dsconf instance plugin pass-through-auth status [-h]
4058
4059
4060
4061

OPTIONS 'dsconf plugin pass-through-auth list'

4063       usage: dsconf instance plugin pass-through-auth list [-h]
4064                                                            {urls,pam-configs}
4065       ...
4066
4067
4068   Sub-commands
4069       dsconf plugin pass-through-auth list urls
4070              List URLs.
4071
4072       dsconf plugin pass-through-auth list pam-configs
4073              List PAM configurations.
4074

OPTIONS 'dsconf plugin pass-through-auth list urls'

4076       usage: dsconf instance plugin pass-through-auth list urls [-h]
4077
4078
4079
4080

OPTIONS 'dsconf plugin pass-through-auth list pam-configs'

4082       usage: dsconf instance plugin pass-through-auth list pam-configs [-h]
4083
4084
4085
4086
4087

OPTIONS 'dsconf plugin pass-through-auth url'

4089       usage: dsconf instance plugin pass-through-auth url [-h]
4090                                                           {add,modify,delete}
4091       ...
4092
4093
4094   Sub-commands
4095       dsconf plugin pass-through-auth url add
4096              Add the config entry
4097
4098       dsconf plugin pass-through-auth url modify
4099              Edit the config entry
4100
4101       dsconf plugin pass-through-auth url delete
4102              Delete the config entry
4103

OPTIONS 'dsconf plugin pass-through-auth url add'

4105       usage: dsconf instance plugin pass-through-auth url add [-h] URL
4106
4107
4108       URL    The  full  LDAP  URL in format "ldap|ldaps://authDS/subtree max‐
4109              conns,maxops,timeout,ldver,connlifetime,startTLS".    If     one
4110              optional parameter is specified the rest should be specified too
4111
4112
4113

OPTIONS 'dsconf plugin pass-through-auth url modify'

4115       usage: dsconf instance plugin pass-through-auth url modify [-h]
4116                                                                  OLD_URL
4117       NEW_URL
4118
4119
4120       OLD_URL
4121              The full LDAP URL you get from the "list" command
4122
4123
4124       NEW_URL
4125              The full LDAP URL in  format  "ldap|ldaps://authDS/subtree  max‐
4126              conns,maxops,timeout,ldver,connlifetime,startTLS".     If    one
4127              optional parameter is specified the rest should be specified too
4128
4129
4130

OPTIONS 'dsconf plugin pass-through-auth url delete'

4132       usage: dsconf instance plugin pass-through-auth url delete [-h] URL
4133
4134
4135       URL    The full LDAP URL you get from the "list" command
4136
4137
4138
4139

OPTIONS 'dsconf plugin pass-through-auth pam-config'

4141       usage: dsconf instance plugin pass-through-auth pam-config [-h]
4142                                                                  NAME
4143                                                                  {add,set,show,delete}
4144                                                                  ...
4145
4146
4147       NAME   The PAM PTA configuration name
4148
4149
4150   Sub-commands
4151       dsconf plugin pass-through-auth pam-config add
4152              Add the config entry
4153
4154       dsconf plugin pass-through-auth pam-config set
4155              Edit the config entry
4156
4157       dsconf plugin pass-through-auth pam-config show
4158              Display the config entry
4159
4160       dsconf plugin pass-through-auth pam-config delete
4161              Delete the config entry
4162

OPTIONS 'dsconf plugin pass-through-auth pam-config add'

4164       usage: dsconf instance plugin pass-through-auth pam-config NAME add
4165              [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4166              [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4167              [--missing-suffix  {ERROR,ALLOW,IGNORE,delete,}]  [--filter FIL‐
4168       TER]
4169              [--id-attr    ID_ATTR    [ID_ATTR     ...]]     [--id_map_method
4170       ID_MAP_METHOD]
4171              [--fallback  {TRUE,FALSE}]  [--secure  {TRUE,FALSE}]  [--service
4172       SERVICE]
4173
4174
4175
4176       --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4177              Specifies a suffix to exclude from  PAM  authentication  (pamEx‐
4178              cludeSuffix)
4179
4180
4181       --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4182              Sets  a suffix to include for PAM authentication (pamIncludeSuf‐
4183              fix)
4184
4185
4186       --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4187              Identifies how to handle missing  include  or  exclude  suffixes
4188              (pamMissingSuffix)
4189
4190
4191       --filter FILTER
4192              Sets  an  LDAP filter to use to identify specific entries within
4193              the included suffixes for which to use PAM pass-through  authen‐
4194              tication (pamFilter)
4195
4196
4197       --id-attr ID_ATTR [ID_ATTR ...]
4198              Contains  the  attribute name which is used to hold the PAM user
4199              ID (pamIDAttr)
4200
4201
4202       --id_map_method ID_MAP_METHOD
4203              Gives the method to use to map the LDAP bind DN to a  PAM  iden‐
4204              tity (pamIDMapMethod)
4205
4206
4207       --fallback {TRUE,FALSE}
4208              Sets  whether  to fallback to regular LDAP authentication if PAM
4209              authentication fails (pamFallback)
4210
4211
4212       --secure {TRUE,FALSE}
4213              Requires secure TLS connection for  PAM  authentication  (pamSe‐
4214              cure)
4215
4216
4217       --service SERVICE
4218              Contains the service name to pass to PAM (pamService)
4219
4220

OPTIONS 'dsconf plugin pass-through-auth pam-config set'

4222       usage: dsconf instance plugin pass-through-auth pam-config NAME set
4223              [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4224              [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4225              [--missing-suffix  {ERROR,ALLOW,IGNORE,delete,}]  [--filter FIL‐
4226       TER]
4227              [--id-attr    ID_ATTR    [ID_ATTR     ...]]     [--id_map_method
4228       ID_MAP_METHOD]
4229              [--fallback  {TRUE,FALSE}]  [--secure  {TRUE,FALSE}]  [--service
4230       SERVICE]
4231
4232
4233
4234       --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4235              Specifies a suffix to exclude from  PAM  authentication  (pamEx‐
4236              cludeSuffix)
4237
4238
4239       --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4240              Sets  a suffix to include for PAM authentication (pamIncludeSuf‐
4241              fix)
4242
4243
4244       --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4245              Identifies how to handle missing  include  or  exclude  suffixes
4246              (pamMissingSuffix)
4247
4248
4249       --filter FILTER
4250              Sets  an  LDAP filter to use to identify specific entries within
4251              the included suffixes for which to use PAM pass-through  authen‐
4252              tication (pamFilter)
4253
4254
4255       --id-attr ID_ATTR [ID_ATTR ...]
4256              Contains  the  attribute name which is used to hold the PAM user
4257              ID (pamIDAttr)
4258
4259
4260       --id_map_method ID_MAP_METHOD
4261              Gives the method to use to map the LDAP bind DN to a  PAM  iden‐
4262              tity (pamIDMapMethod)
4263
4264
4265       --fallback {TRUE,FALSE}
4266              Sets  whether  to fallback to regular LDAP authentication if PAM
4267              authentication fails (pamFallback)
4268
4269
4270       --secure {TRUE,FALSE}
4271              Requires secure TLS connection for  PAM  authentication  (pamSe‐
4272              cure)
4273
4274
4275       --service SERVICE
4276              Contains the service name to pass to PAM (pamService)
4277
4278

OPTIONS 'dsconf plugin pass-through-auth pam-config show'

4280       usage:  dsconf  instance  plugin pass-through-auth pam-config NAME show
4281       [-h]
4282
4283
4284
4285

OPTIONS 'dsconf plugin pass-through-auth pam-config delete'

4287       usage: dsconf instance plugin pass-through-auth pam-config NAME  delete
4288       [-h]
4289
4290
4291
4292
4293
4294

OPTIONS 'dsconf plugin retro-changelog'

4296       usage: dsconf instance plugin retro-changelog [-h]
4297                                                     {show,enable,disable,sta‐
4298       tus,set}
4299                                                     ...
4300
4301
4302   Sub-commands
4303       dsconf plugin retro-changelog show
4304              display plugin configuration
4305
4306       dsconf plugin retro-changelog enable
4307              enable plugin
4308
4309       dsconf plugin retro-changelog disable
4310              disable plugin
4311
4312       dsconf plugin retro-changelog status
4313              display plugin status
4314
4315       dsconf plugin retro-changelog set
4316              Edit the plugin
4317

OPTIONS 'dsconf plugin retro-changelog show'

4319       usage: dsconf instance plugin retro-changelog show [-h]
4320
4321
4322
4323

OPTIONS 'dsconf plugin retro-changelog enable'

4325       usage: dsconf instance plugin retro-changelog enable [-h]
4326
4327
4328
4329

OPTIONS 'dsconf plugin retro-changelog disable'

4331       usage: dsconf instance plugin retro-changelog disable [-h]
4332
4333
4334
4335

OPTIONS 'dsconf plugin retro-changelog status'

4337       usage: dsconf instance plugin retro-changelog status [-h]
4338
4339
4340
4341

OPTIONS 'dsconf plugin retro-changelog set'

4343       usage: dsconf instance plugin retro-changelog set [-h]
4344                                                         [--is-replicated
4345       {TRUE,FALSE}]
4346                                                         [--attribute
4347       ATTRIBUTE]
4348                                                         [--directory   DIREC‐
4349       TORY]
4350                                                         [--max-age MAX_AGE]
4351                                                         [--exclude-suffix
4352       EXCLUDE_SUFFIX]
4353
4354
4355
4356       --is-replicated {TRUE,FALSE}
4357              Sets a flag to indicate on a change in the changelog whether the
4358              change is newly made on that server or whether it was replicated
4359              over from another server (isReplicated)
4360
4361
4362       --attribute ATTRIBUTE
4363              Specifies another  Directory  Server  attribute  which  must  be
4364              included in the retro changelog entries (nsslapd-attribute)
4365
4366
4367       --directory DIRECTORY
4368              Specifies the name of the directory in which the changelog data‐
4369              base is created the first time the plug-in is run
4370
4371
4372       --max-age MAX_AGE
4373              This attribute specifies the maximum age of  any  entry  in  the
4374              changelog (nsslapd-changelogmaxage)
4375
4376
4377       --exclude-suffix EXCLUDE_SUFFIX
4378              This  attribute specifies the suffix which will be excluded from
4379              the scope of the plugin (nsslapd-exclude-suffix)
4380
4381
4382

OPTIONS 'dsconf plugin posix-winsync'

4384       usage: dsconf instance plugin posix-winsync [-h]
4385                                                   {show,enable,disable,sta‐
4386       tus,set,fixup}
4387                                                   ...
4388
4389
4390   Sub-commands
4391       dsconf plugin posix-winsync show
4392              display plugin configuration
4393
4394       dsconf plugin posix-winsync enable
4395              enable plugin
4396
4397       dsconf plugin posix-winsync disable
4398              disable plugin
4399
4400       dsconf plugin posix-winsync status
4401              display plugin status
4402
4403       dsconf plugin posix-winsync set
4404              Edit the plugin
4405
4406       dsconf plugin posix-winsync fixup
4407              Run  the  memberOf  fix-up task to correct mismatched member and
4408              uniquemember values for synced users
4409

OPTIONS 'dsconf plugin posix-winsync show'

4411       usage: dsconf instance plugin posix-winsync show [-h]
4412
4413
4414
4415

OPTIONS 'dsconf plugin posix-winsync enable'

4417       usage: dsconf instance plugin posix-winsync enable [-h]
4418
4419
4420
4421

OPTIONS 'dsconf plugin posix-winsync disable'

4423       usage: dsconf instance plugin posix-winsync disable [-h]
4424
4425
4426
4427

OPTIONS 'dsconf plugin posix-winsync status'

4429       usage: dsconf instance plugin posix-winsync status [-h]
4430
4431
4432
4433

OPTIONS 'dsconf plugin posix-winsync set'

4435       usage: dsconf instance plugin posix-winsync set [-h]
4436                                                       [--create-memberof-task
4437       {true,false}]
4438                                                       [--lower-case-uid
4439       {true,false}]
4440                                                       [--map-member-uid
4441       {true,false}]
4442                                                       [--map-nested-grouping
4443       {true,false}]
4444                                                       [--ms-sfu-schema
4445       {true,false}]
4446
4447
4448
4449       --create-memberof-task {true,false}
4450              Sets  whether to run the memberUID fix-up task immediately after
4451              a sync run in order to update group memberships for synced users
4452              (posixWinsyncCreateMemberOfTask)
4453
4454
4455       --lower-case-uid {true,false}
4456              Sets whether to store (and, if necessary, convert) the UID value
4457              in the memberUID  attribute  in  lower  case.(posixWinsyncLower‐
4458              CaseUID)
4459
4460
4461       --map-member-uid {true,false}
4462              Sets  whether to map the memberUID attribute in an Active Direc‐
4463              tory group to the uniqueMember attribute in a  Directory  Server
4464              group (posixWinsyncMapMemberUID)
4465
4466
4467       --map-nested-grouping {true,false}
4468              Manages  if  nested groups are updated when memberUID attributes
4469              in an Active Directory POSIX group change  (posixWinsyncMapNest‐
4470              edGrouping)
4471
4472
4473       --ms-sfu-schema {true,false}
4474              Sets whether to the older Microsoft System Services for Unix 3.0
4475              (msSFU30) schema  when  syncing  Posix  attributes  from  Active
4476              Directory (posixWinsyncMsSFUSchema)
4477
4478

OPTIONS 'dsconf plugin posix-winsync fixup'

4480       usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER] DN
4481
4482
4483       DN     Base DN that contains entries to fix up
4484
4485
4486       -f FILTER, --filter FILTER
4487              Filter  for  entries  to  fix  up.  If omitted, all entries with
4488              objectclass inetuser/inetadmin/nsmemberof  under  the  specified
4489              base will have their memberOf attribute regenerated.
4490
4491
4492

OPTIONS 'dsconf plugin list'

4494       usage: dsconf instance plugin list [-h]
4495
4496
4497
4498

OPTIONS 'dsconf plugin show'

4500       usage: dsconf instance plugin show [-h] [selector]
4501
4502
4503       selector
4504              The plugin to search for
4505
4506
4507

OPTIONS 'dsconf plugin set'

4509       usage:  dsconf  instance  plugin  set  [-h]  [--type  TYPE]  [--enabled
4510       {on,off}]
4511                                         [--path PATH] [--initfunc INITFUNC]
4512                                         [--id ID] [--vendor VENDOR]
4513                                         [--version VERSION]
4514                                         [--description DESCRIPTION]
4515                                         [--depends-on-type DEPENDS_ON_TYPE]
4516                                         [--depends-on-named DEPENDS_ON_NAMED]
4517                                         [--precedence PRECEDENCE]
4518                                         [selector]
4519
4520
4521       selector
4522              The plugin to edit
4523
4524
4525       --type TYPE
4526              The type of plugin.
4527
4528
4529       --enabled {on,off}
4530              Identifies whether or not the plugin is enabled.
4531
4532
4533       --path PATH
4534              The plugin library name (without the library suffix).
4535
4536
4537       --initfunc INITFUNC
4538              An initialization function of the plugin.
4539
4540
4541       --id ID
4542              The plugin ID.
4543
4544
4545       --vendor VENDOR
4546              The vendor of plugin.
4547
4548
4549       --version VERSION
4550              The version of plugin.
4551
4552
4553       --description DESCRIPTION
4554              The description of the plugin.
4555
4556
4557       --depends-on-type DEPENDS_ON_TYPE
4558              All plug-ins with a type value which matches one of  the  values
4559              in the following valid range will be started by the server prior
4560              to this plug-in.
4561
4562
4563       --depends-on-named DEPENDS_ON_NAMED
4564              The plug-in name matching one of the following  values  will  be
4565              started by the server prior to this plug-in
4566
4567
4568       --precedence PRECEDENCE
4569              The priority it has in the execution order of plug-ins
4570
4571
4572

OPTIONS 'dsconf pwpolicy'

4574       usage: dsconf instance pwpolicy [-h] {get,set} ...
4575
4576
4577   Sub-commands
4578       dsconf pwpolicy get
4579              Get the global password policy entry
4580
4581       dsconf pwpolicy set
4582              Set an attribute in a global password policy
4583

OPTIONS 'dsconf pwpolicy get'

4585       usage: dsconf instance pwpolicy get [-h]
4586
4587
4588
4589

OPTIONS 'dsconf pwpolicy set'

4591       usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4592                                           [--pwdchange PWDCHANGE]
4593                                           [--pwdmustchange PWDMUSTCHANGE]
4594                                           [--pwdhistory PWDHISTORY]
4595                                           [--pwdhistorycount PWDHISTORYCOUNT]
4596                                           [--pwdadmin PWDADMIN]
4597                                           [--pwdtrack PWDTRACK]
4598                                           [--pwdwarning PWDWARNING]
4599                                           [--pwdexpire PWDEXPIRE]
4600                                           [--pwdmaxage PWDMAXAGE]
4601                                           [--pwdminage PWDMINAGE]
4602                                           [--pwdgracelimit PWDGRACELIMIT]
4603                                           [--pwdsendexpiring PWDSENDEXPIRING]
4604                                           [--pwdlockout PWDLOCKOUT]
4605                                           [--pwdunlock PWDUNLOCK]
4606                                           [--pwdlockoutduration PWDLOCKOUTDU‐
4607       RATION]
4608                                           [--pwdmaxfailures PWDMAXFAILURES]
4609                                           [--pwdresetfailcount  PWDRESETFAIL‐
4610       COUNT]
4611                                           [--pwdchecksyntax PWDCHECKSYNTAX]
4612                                           [--pwdminlen PWDMINLEN]
4613                                           [--pwdmindigits PWDMINDIGITS]
4614                                           [--pwdminalphas PWDMINALPHAS]
4615                                           [--pwdminuppers PWDMINUPPERS]
4616                                           [--pwdminlowers PWDMINLOWERS]
4617                                           [--pwdminspecials PWDMINSPECIALS]
4618                                           [--pwdmin8bits PWDMIN8BITS]
4619                                           [--pwdmaxrepeats PWDMAXREPEATS]
4620                                           [--pwdpalindrome PWDPALINDROME]
4621                                           [--pwdmaxseq PWDMAXSEQ]
4622                                           [--pwdmaxseqsets PWDMAXSEQSETS]
4623                                           [--pwdmaxclasschars    PWDMAXCLASS‐
4624       CHARS]
4625                                           [--pwdmincatagories         PWDMIN‐
4626       CATAGORIES]
4627                                           [--pwdmintokenlen PWDMINTOKENLEN]
4628                                           [--pwdbadwords PWDBADWORDS]
4629                                           [--pwduserattrs PWDUSERATTRS]
4630                                           [--pwpinheritglobal     PWPINHERIT‐
4631       GLOBAL]
4632                                           [--pwddictcheck PWDDICTCHECK]
4633                                           [--pwddictpath PWDDICTPATH]
4634                                           [--pwdlocal PWDLOCAL]
4635                                           [--pwdisglobal PWDISGLOBAL]
4636                                           [--pwdallowhash PWDALLOWHASH]
4637
4638
4639
4640       --pwdscheme PWDSCHEME
4641              The password storage scheme
4642
4643
4644       --pwdchange PWDCHANGE
4645              Allow users to change their passwords
4646
4647
4648       --pwdmustchange PWDMUSTCHANGE
4649              User must change their passwrod after it is reset by an Adminis‐
4650              trator
4651
4652
4653       --pwdhistory PWDHISTORY
4654              To enable password history set this to "on", otherwise "off"
4655
4656
4657       --pwdhistorycount PWDHISTORYCOUNT
4658              The number of password to keep in history
4659
4660
4661       --pwdadmin PWDADMIN
4662              The  DN  of an entry or a group of account that can bypass pass‐
4663              word policy constraints
4664
4665
4666       --pwdtrack PWDTRACK
4667              Set to "on" to track the time the password was last changed
4668
4669
4670       --pwdwarning PWDWARNING
4671              Send an expiring warning if password expires  within  this  time
4672              (in seconds)
4673
4674
4675       --pwdexpire PWDEXPIRE
4676              Set to "on" to enable password expiration
4677
4678
4679       --pwdmaxage PWDMAXAGE
4680              The password expiration time in seconds
4681
4682
4683       --pwdminage PWDMINAGE
4684              The  number  of  seconds that must pass before a user can change
4685              their password
4686
4687
4688       --pwdgracelimit PWDGRACELIMIT
4689              The number of allowed logins after the password has expired
4690
4691
4692       --pwdsendexpiring PWDSENDEXPIRING
4693              Set to "on" to always send the expiring  control  regardless  of
4694              the warning period
4695
4696
4697       --pwdlockout PWDLOCKOUT
4698              Set to "on" to enable account lockout
4699
4700
4701       --pwdunlock PWDUNLOCK
4702              Set  to  "on"  to  allow an account to become unlocked after the
4703              lockout duration
4704
4705
4706       --pwdlockoutduration PWDLOCKOUTDURATION
4707              The number of seconds an account stays locked out
4708
4709
4710       --pwdmaxfailures PWDMAXFAILURES
4711              The maximum number of allowed failed  password  attempts  before
4712              the account gets locked
4713
4714
4715       --pwdresetfailcount PWDRESETFAILCOUNT
4716              The  number  of seconds to wait before reducing the failed login
4717              count on an account
4718
4719
4720       --pwdchecksyntax PWDCHECKSYNTAX
4721              Set to "on" to Enable password syntax checking
4722
4723
4724       --pwdminlen PWDMINLEN
4725              The minimum number of characters required in a password
4726
4727
4728       --pwdmindigits PWDMINDIGITS
4729              The minimum number of digit/number characters in a password
4730
4731
4732       --pwdminalphas PWDMINALPHAS
4733              The minimum number of alpha characters required in a password
4734
4735
4736       --pwdminuppers PWDMINUPPERS
4737              The minimum number of uppercase characters required in  a  pass‐
4738              word
4739
4740
4741       --pwdminlowers PWDMINLOWERS
4742              The  minimum  number of lowercase characters required in a pass‐
4743              word
4744
4745
4746       --pwdminspecials PWDMINSPECIALS
4747              The minimum number of special characters required in a password
4748
4749
4750       --pwdmin8bits PWDMIN8BITS
4751              The minimum number of 8-bit characters required in a password
4752
4753
4754       --pwdmaxrepeats PWDMAXREPEATS
4755              The maximum number  of  times  the  same  character  can  appear
4756              sequentially in the password
4757
4758
4759       --pwdpalindrome PWDPALINDROME
4760              Set to "on" to reject passwords that are palindromes
4761
4762
4763       --pwdmaxseq PWDMAXSEQ
4764              The maximum number of allowed monotonic character sequences in a
4765              password
4766
4767
4768       --pwdmaxseqsets PWDMAXSEQSETS
4769              The maximum number of allowed monotonic character sequences that
4770              can be duplicated in a password
4771
4772
4773       --pwdmaxclasschars PWDMAXCLASSCHARS
4774              The  maximum number of sequential characters from the same char‐
4775              acter class that is allowed in a password
4776
4777
4778       --pwdmincatagories PWDMINCATAGORIES
4779              The minimum number of syntax category checks
4780
4781
4782       --pwdmintokenlen PWDMINTOKENLEN
4783              Sets the smallest attribute value length that is used for  triv‐
4784              ial/user words checking. This also impacts "--pwduserattrs"
4785
4786
4787       --pwdbadwords PWDBADWORDS
4788              A space-separated list of words that can not be in a password
4789
4790
4791       --pwduserattrs PWDUSERATTRS
4792              A space-separated list of attributes whose values can not appear
4793              in the password (See "--pwdmintokenlen")
4794
4795
4796       --pwpinheritglobal PWPINHERITGLOBAL
4797              Set to "on" to allow local policies to inherit the global policy
4798
4799
4800       --pwddictcheck PWDDICTCHECK
4801              Set to "on" to enforce CrackLib dictionary checking
4802
4803
4804       --pwddictpath PWDDICTPATH
4805              Filesystem path to specific/custom CrackLib dictionary files
4806
4807
4808       --pwdlocal PWDLOCAL
4809              Set to "on" to enable fine-grained (subtree/user-level) password
4810              policies
4811
4812
4813       --pwdisglobal PWDISGLOBAL
4814              Set  to  "on"  to  enable  password policy state attributesto be
4815              replicated
4816
4817
4818       --pwdallowhash PWDALLOWHASH
4819              Set to "on" to allow adding prehashed passwords
4820
4821
4822

OPTIONS 'dsconf localpwp'

4824       usage: dsconf instance localpwp [-h]
4825                                       {list,get,set,remove,adduser,addsub‐
4826       tree} ...
4827
4828
4829   Sub-commands
4830       dsconf localpwp list
4831              List all the local password policies
4832
4833       dsconf localpwp get
4834              Get local password policy entry
4835
4836       dsconf localpwp set
4837              Set an attribute in a local password policy
4838
4839       dsconf localpwp remove
4840              Remove a local password policy
4841
4842       dsconf localpwp adduser
4843              Add new user password policy
4844
4845       dsconf localpwp addsubtree
4846              Add new subtree password policy
4847

OPTIONS 'dsconf localpwp list'

4849       usage: dsconf instance localpwp list [-h] [DN]
4850
4851
4852       DN     Suffix to search for local password policies
4853
4854
4855

OPTIONS 'dsconf localpwp get'

4857       usage: dsconf instance localpwp get [-h] DN
4858
4859
4860       DN     Get the local policy for this entry DN
4861
4862
4863

OPTIONS 'dsconf localpwp set'

4865       usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
4866                                           [--pwdchange PWDCHANGE]
4867                                           [--pwdmustchange PWDMUSTCHANGE]
4868                                           [--pwdhistory PWDHISTORY]
4869                                           [--pwdhistorycount PWDHISTORYCOUNT]
4870                                           [--pwdadmin PWDADMIN]
4871                                           [--pwdtrack PWDTRACK]
4872                                           [--pwdwarning PWDWARNING]
4873                                           [--pwdexpire PWDEXPIRE]
4874                                           [--pwdmaxage PWDMAXAGE]
4875                                           [--pwdminage PWDMINAGE]
4876                                           [--pwdgracelimit PWDGRACELIMIT]
4877                                           [--pwdsendexpiring PWDSENDEXPIRING]
4878                                           [--pwdlockout PWDLOCKOUT]
4879                                           [--pwdunlock PWDUNLOCK]
4880                                           [--pwdlockoutduration PWDLOCKOUTDU‐
4881       RATION]
4882                                           [--pwdmaxfailures PWDMAXFAILURES]
4883                                           [--pwdresetfailcount  PWDRESETFAIL‐
4884       COUNT]
4885                                           [--pwdchecksyntax PWDCHECKSYNTAX]
4886                                           [--pwdminlen PWDMINLEN]
4887                                           [--pwdmindigits PWDMINDIGITS]
4888                                           [--pwdminalphas PWDMINALPHAS]
4889                                           [--pwdminuppers PWDMINUPPERS]
4890                                           [--pwdminlowers PWDMINLOWERS]
4891                                           [--pwdminspecials PWDMINSPECIALS]
4892                                           [--pwdmin8bits PWDMIN8BITS]
4893                                           [--pwdmaxrepeats PWDMAXREPEATS]
4894                                           [--pwdpalindrome PWDPALINDROME]
4895                                           [--pwdmaxseq PWDMAXSEQ]
4896                                           [--pwdmaxseqsets PWDMAXSEQSETS]
4897                                           [--pwdmaxclasschars    PWDMAXCLASS‐
4898       CHARS]
4899                                           [--pwdmincatagories         PWDMIN‐
4900       CATAGORIES]
4901                                           [--pwdmintokenlen PWDMINTOKENLEN]
4902                                           [--pwdbadwords PWDBADWORDS]
4903                                           [--pwduserattrs PWDUSERATTRS]
4904                                           [--pwpinheritglobal     PWPINHERIT‐
4905       GLOBAL]
4906                                           [--pwddictcheck PWDDICTCHECK]
4907                                           [--pwddictpath PWDDICTPATH]
4908                                           DN
4909
4910
4911       DN     Set the local policy for this entry DN
4912
4913
4914       --pwdscheme PWDSCHEME
4915              The password storage scheme
4916
4917
4918       --pwdchange PWDCHANGE
4919              Allow users to change their passwords
4920
4921
4922       --pwdmustchange PWDMUSTCHANGE
4923              User must change their passwrod after it is reset by an Adminis‐
4924              trator
4925
4926
4927       --pwdhistory PWDHISTORY
4928              To enable password history set this to "on", otherwise "off"
4929
4930
4931       --pwdhistorycount PWDHISTORYCOUNT
4932              The number of password to keep in history
4933
4934
4935       --pwdadmin PWDADMIN
4936              The  DN  of an entry or a group of account that can bypass pass‐
4937              word policy constraints
4938
4939
4940       --pwdtrack PWDTRACK
4941              Set to "on" to track the time the password was last changed
4942
4943
4944       --pwdwarning PWDWARNING
4945              Send an expiring warning if password expires  within  this  time
4946              (in seconds)
4947
4948
4949       --pwdexpire PWDEXPIRE
4950              Set to "on" to enable password expiration
4951
4952
4953       --pwdmaxage PWDMAXAGE
4954              The password expiration time in seconds
4955
4956
4957       --pwdminage PWDMINAGE
4958              The  number  of  seconds that must pass before a user can change
4959              their password
4960
4961
4962       --pwdgracelimit PWDGRACELIMIT
4963              The number of allowed logins after the password has expired
4964
4965
4966       --pwdsendexpiring PWDSENDEXPIRING
4967              Set to "on" to always send the expiring  control  regardless  of
4968              the warning period
4969
4970
4971       --pwdlockout PWDLOCKOUT
4972              Set to "on" to enable account lockout
4973
4974
4975       --pwdunlock PWDUNLOCK
4976              Set  to  "on"  to  allow an account to become unlocked after the
4977              lockout duration
4978
4979
4980       --pwdlockoutduration PWDLOCKOUTDURATION
4981              The number of seconds an account stays locked out
4982
4983
4984       --pwdmaxfailures PWDMAXFAILURES
4985              The maximum number of allowed failed  password  attempts  before
4986              the account gets locked
4987
4988
4989       --pwdresetfailcount PWDRESETFAILCOUNT
4990              The  number  of seconds to wait before reducing the failed login
4991              count on an account
4992
4993
4994       --pwdchecksyntax PWDCHECKSYNTAX
4995              Set to "on" to Enable password syntax checking
4996
4997
4998       --pwdminlen PWDMINLEN
4999              The minimum number of characters required in a password
5000
5001
5002       --pwdmindigits PWDMINDIGITS
5003              The minimum number of digit/number characters in a password
5004
5005
5006       --pwdminalphas PWDMINALPHAS
5007              The minimum number of alpha characters required in a password
5008
5009
5010       --pwdminuppers PWDMINUPPERS
5011              The minimum number of uppercase characters required in  a  pass‐
5012              word
5013
5014
5015       --pwdminlowers PWDMINLOWERS
5016              The  minimum  number of lowercase characters required in a pass‐
5017              word
5018
5019
5020       --pwdminspecials PWDMINSPECIALS
5021              The minimum number of special characters required in a password
5022
5023
5024       --pwdmin8bits PWDMIN8BITS
5025              The minimum number of 8-bit characters required in a password
5026
5027
5028       --pwdmaxrepeats PWDMAXREPEATS
5029              The maximum number  of  times  the  same  character  can  appear
5030              sequentially in the password
5031
5032
5033       --pwdpalindrome PWDPALINDROME
5034              Set to "on" to reject passwords that are palindromes
5035
5036
5037       --pwdmaxseq PWDMAXSEQ
5038              The maximum number of allowed monotonic character sequences in a
5039              password
5040
5041
5042       --pwdmaxseqsets PWDMAXSEQSETS
5043              The maximum number of allowed monotonic character sequences that
5044              can be duplicated in a password
5045
5046
5047       --pwdmaxclasschars PWDMAXCLASSCHARS
5048              The  maximum number of sequential characters from the same char‐
5049              acter class that is allowed in a password
5050
5051
5052       --pwdmincatagories PWDMINCATAGORIES
5053              The minimum number of syntax category checks
5054
5055
5056       --pwdmintokenlen PWDMINTOKENLEN
5057              Sets the smallest attribute value length that is used for  triv‐
5058              ial/user words checking. This also impacts "--pwduserattrs"
5059
5060
5061       --pwdbadwords PWDBADWORDS
5062              A space-separated list of words that can not be in a password
5063
5064
5065       --pwduserattrs PWDUSERATTRS
5066              A space-separated list of attributes whose values can not appear
5067              in the password (See "--pwdmintokenlen")
5068
5069
5070       --pwpinheritglobal PWPINHERITGLOBAL
5071              Set to "on" to allow local policies to inherit the global policy
5072
5073
5074       --pwddictcheck PWDDICTCHECK
5075              Set to "on" to enforce CrackLib dictionary checking
5076
5077
5078       --pwddictpath PWDDICTPATH
5079              Filesystem path to specific/custom CrackLib dictionary files
5080
5081

OPTIONS 'dsconf localpwp remove'

5083       usage: dsconf instance localpwp remove [-h] DN
5084
5085
5086       DN     Remove local policy for this entry DN
5087
5088
5089

OPTIONS 'dsconf localpwp adduser'

5091       usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5092                                               [--pwdchange PWDCHANGE]
5093                                               [--pwdmustchange PWDMUSTCHANGE]
5094                                               [--pwdhistory PWDHISTORY]
5095                                               [--pwdhistorycount    PWDHISTO‐
5096       RYCOUNT]
5097                                               [--pwdadmin PWDADMIN]
5098                                               [--pwdtrack PWDTRACK]
5099                                               [--pwdwarning PWDWARNING]
5100                                               [--pwdexpire PWDEXPIRE]
5101                                               [--pwdmaxage PWDMAXAGE]
5102                                               [--pwdminage PWDMINAGE]
5103                                               [--pwdgracelimit PWDGRACELIMIT]
5104                                               [--pwdsendexpiring   PWDSENDEX‐
5105       PIRING]
5106                                               [--pwdlockout PWDLOCKOUT]
5107                                               [--pwdunlock PWDUNLOCK]
5108                                               [--pwdlockoutduration  PWDLOCK‐
5109       OUTDURATION]
5110                                               [--pwdmaxfailures   PWDMAXFAIL‐
5111       URES]
5112                                               [--pwdresetfailcount  PWDRESET‐
5113       FAILCOUNT]
5114                                               [--pwdchecksyntax  PWDCHECKSYN‐
5115       TAX]
5116                                               [--pwdminlen PWDMINLEN]
5117                                               [--pwdmindigits PWDMINDIGITS]
5118                                               [--pwdminalphas PWDMINALPHAS]
5119                                               [--pwdminuppers PWDMINUPPERS]
5120                                               [--pwdminlowers PWDMINLOWERS]
5121                                               [--pwdminspecials    PWDMINSPE‐
5122       CIALS]
5123                                               [--pwdmin8bits PWDMIN8BITS]
5124                                               [--pwdmaxrepeats PWDMAXREPEATS]
5125                                               [--pwdpalindrome PWDPALINDROME]
5126                                               [--pwdmaxseq PWDMAXSEQ]
5127                                               [--pwdmaxseqsets PWDMAXSEQSETS]
5128                                               [--pwdmaxclasschars     PWDMAX‐
5129       CLASSCHARS]
5130                                               [--pwdmincatagories     PWDMIN‐
5131       CATAGORIES]
5132                                               [--pwdmintokenlen     PWDMINTO‐
5133       KENLEN]
5134                                               [--pwdbadwords PWDBADWORDS]
5135                                               [--pwduserattrs PWDUSERATTRS]
5136                                               [--pwpinheritglobal PWPINHERIT‐
5137       GLOBAL]
5138                                               [--pwddictcheck PWDDICTCHECK]
5139                                               [--pwddictpath PWDDICTPATH]
5140                                               DN
5141
5142
5143       DN     Add/replace the local password policy for this entry DN
5144
5145
5146       --pwdscheme PWDSCHEME
5147              The password storage scheme
5148
5149
5150       --pwdchange PWDCHANGE
5151              Allow users to change their passwords
5152
5153
5154       --pwdmustchange PWDMUSTCHANGE
5155              User must change their passwrod after it is reset by an Adminis‐
5156              trator
5157
5158
5159       --pwdhistory PWDHISTORY
5160              To enable password history set this to "on", otherwise "off"
5161
5162
5163       --pwdhistorycount PWDHISTORYCOUNT
5164              The number of password to keep in history
5165
5166
5167       --pwdadmin PWDADMIN
5168              The DN of an entry or a group of account that can  bypass  pass‐
5169              word policy constraints
5170
5171
5172       --pwdtrack PWDTRACK
5173              Set to "on" to track the time the password was last changed
5174
5175
5176       --pwdwarning PWDWARNING
5177              Send  an  expiring  warning if password expires within this time
5178              (in seconds)
5179
5180
5181       --pwdexpire PWDEXPIRE
5182              Set to "on" to enable password expiration
5183
5184
5185       --pwdmaxage PWDMAXAGE
5186              The password expiration time in seconds
5187
5188
5189       --pwdminage PWDMINAGE
5190              The number of seconds that must pass before a  user  can  change
5191              their password
5192
5193
5194       --pwdgracelimit PWDGRACELIMIT
5195              The number of allowed logins after the password has expired
5196
5197
5198       --pwdsendexpiring PWDSENDEXPIRING
5199              Set  to  "on"  to always send the expiring control regardless of
5200              the warning period
5201
5202
5203       --pwdlockout PWDLOCKOUT
5204              Set to "on" to enable account lockout
5205
5206
5207       --pwdunlock PWDUNLOCK
5208              Set to "on" to allow an account to  become  unlocked  after  the
5209              lockout duration
5210
5211
5212       --pwdlockoutduration PWDLOCKOUTDURATION
5213              The number of seconds an account stays locked out
5214
5215
5216       --pwdmaxfailures PWDMAXFAILURES
5217              The  maximum  number  of allowed failed password attempts before
5218              the account gets locked
5219
5220
5221       --pwdresetfailcount PWDRESETFAILCOUNT
5222              The number of seconds to wait before reducing the  failed  login
5223              count on an account
5224
5225
5226       --pwdchecksyntax PWDCHECKSYNTAX
5227              Set to "on" to Enable password syntax checking
5228
5229
5230       --pwdminlen PWDMINLEN
5231              The minimum number of characters required in a password
5232
5233
5234       --pwdmindigits PWDMINDIGITS
5235              The minimum number of digit/number characters in a password
5236
5237
5238       --pwdminalphas PWDMINALPHAS
5239              The minimum number of alpha characters required in a password
5240
5241
5242       --pwdminuppers PWDMINUPPERS
5243              The  minimum  number of uppercase characters required in a pass‐
5244              word
5245
5246
5247       --pwdminlowers PWDMINLOWERS
5248              The minimum number of lowercase characters required in  a  pass‐
5249              word
5250
5251
5252       --pwdminspecials PWDMINSPECIALS
5253              The minimum number of special characters required in a password
5254
5255
5256       --pwdmin8bits PWDMIN8BITS
5257              The minimum number of 8-bit characters required in a password
5258
5259
5260       --pwdmaxrepeats PWDMAXREPEATS
5261              The  maximum  number  of  times  the  same  character can appear
5262              sequentially in the password
5263
5264
5265       --pwdpalindrome PWDPALINDROME
5266              Set to "on" to reject passwords that are palindromes
5267
5268
5269       --pwdmaxseq PWDMAXSEQ
5270              The maximum number of allowed monotonic character sequences in a
5271              password
5272
5273
5274       --pwdmaxseqsets PWDMAXSEQSETS
5275              The maximum number of allowed monotonic character sequences that
5276              can be duplicated in a password
5277
5278
5279       --pwdmaxclasschars PWDMAXCLASSCHARS
5280              The maximum number of sequential characters from the same  char‐
5281              acter class that is allowed in a password
5282
5283
5284       --pwdmincatagories PWDMINCATAGORIES
5285              The minimum number of syntax category checks
5286
5287
5288       --pwdmintokenlen PWDMINTOKENLEN
5289              Sets  the smallest attribute value length that is used for triv‐
5290              ial/user words checking. This also impacts "--pwduserattrs"
5291
5292
5293       --pwdbadwords PWDBADWORDS
5294              A space-separated list of words that can not be in a password
5295
5296
5297       --pwduserattrs PWDUSERATTRS
5298              A space-separated list of attributes whose values can not appear
5299              in the password (See "--pwdmintokenlen")
5300
5301
5302       --pwpinheritglobal PWPINHERITGLOBAL
5303              Set to "on" to allow local policies to inherit the global policy
5304
5305
5306       --pwddictcheck PWDDICTCHECK
5307              Set to "on" to enforce CrackLib dictionary checking
5308
5309
5310       --pwddictpath PWDDICTPATH
5311              Filesystem path to specific/custom CrackLib dictionary files
5312
5313

OPTIONS 'dsconf localpwp addsubtree'

5315       usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5316                                                  [--pwdchange PWDCHANGE]
5317                                                  [--pwdmustchange        PWD‐
5318       MUSTCHANGE]
5319                                                  [--pwdhistory PWDHISTORY]
5320                                                  [--pwdhistorycount PWDHISTO‐
5321       RYCOUNT]
5322                                                  [--pwdadmin PWDADMIN]
5323                                                  [--pwdtrack PWDTRACK]
5324                                                  [--pwdwarning PWDWARNING]
5325                                                  [--pwdexpire PWDEXPIRE]
5326                                                  [--pwdmaxage PWDMAXAGE]
5327                                                  [--pwdminage PWDMINAGE]
5328                                                  [--pwdgracelimit   PWDGRACE‐
5329       LIMIT]
5330                                                  [--pwdsendexpiring  PWDSEND‐
5331       EXPIRING]
5332                                                  [--pwdlockout PWDLOCKOUT]
5333                                                  [--pwdunlock PWDUNLOCK]
5334                                                  [--pwdlockoutduration   PWD‐
5335       LOCKOUTDURATION]
5336                                                  [--pwdmaxfailures    PWDMAX‐
5337       FAILURES]
5338                                                  [--pwdresetfailcount
5339       PWDRESETFAILCOUNT]
5340                                                  [--pwdchecksyntax       PWD‐
5341       CHECKSYNTAX]
5342                                                  [--pwdminlen PWDMINLEN]
5343                                                  [--pwdmindigits   PWDMINDIG‐
5344       ITS]
5345                                                  [--pwdminalphas    PWDMINAL‐
5346       PHAS]
5347                                                  [--pwdminuppers    PWDMINUP‐
5348       PERS]
5349                                                  [--pwdminlowers   PWDMINLOW‐
5350       ERS]
5351                                                  [--pwdminspecials PWDMINSPE‐
5352       CIALS]
5353                                                  [--pwdmin8bits PWDMIN8BITS]
5354                                                  [--pwdmaxrepeats   PWDMAXRE‐
5355       PEATS]
5356                                                  [--pwdpalindrome   PWDPALIN‐
5357       DROME]
5358                                                  [--pwdmaxseq PWDMAXSEQ]
5359                                                  [--pwdmaxseqsets   PWDMAXSE‐
5360       QSETS]
5361                                                  [--pwdmaxclasschars  PWDMAX‐
5362       CLASSCHARS]
5363                                                  [--pwdmincatagories  PWDMIN‐
5364       CATAGORIES]
5365                                                  [--pwdmintokenlen  PWDMINTO‐
5366       KENLEN]
5367                                                  [--pwdbadwords PWDBADWORDS]
5368                                                  [--pwduserattrs   PWDUSERAT‐
5369       TRS]
5370                                                  [--pwpinheritglobal   PWPIN‐
5371       HERITGLOBAL]
5372                                                  [--pwddictcheck         PWD‐
5373       DICTCHECK]
5374                                                  [--pwddictpath PWDDICTPATH]
5375                                                  DN
5376
5377
5378       DN     Add/replace the subtree policy for this entry DN
5379
5380
5381       --pwdscheme PWDSCHEME
5382              The password storage scheme
5383
5384
5385       --pwdchange PWDCHANGE
5386              Allow users to change their passwords
5387
5388
5389       --pwdmustchange PWDMUSTCHANGE
5390              User must change their passwrod after it is reset by an Adminis‐
5391              trator
5392
5393
5394       --pwdhistory PWDHISTORY
5395              To enable password history set this to "on", otherwise "off"
5396
5397
5398       --pwdhistorycount PWDHISTORYCOUNT
5399              The number of password to keep in history
5400
5401
5402       --pwdadmin PWDADMIN
5403              The DN of an entry or a group of account that can  bypass  pass‐
5404              word policy constraints
5405
5406
5407       --pwdtrack PWDTRACK
5408              Set to "on" to track the time the password was last changed
5409
5410
5411       --pwdwarning PWDWARNING
5412              Send  an  expiring  warning if password expires within this time
5413              (in seconds)
5414
5415
5416       --pwdexpire PWDEXPIRE
5417              Set to "on" to enable password expiration
5418
5419
5420       --pwdmaxage PWDMAXAGE
5421              The password expiration time in seconds
5422
5423
5424       --pwdminage PWDMINAGE
5425              The number of seconds that must pass before a  user  can  change
5426              their password
5427
5428
5429       --pwdgracelimit PWDGRACELIMIT
5430              The number of allowed logins after the password has expired
5431
5432
5433       --pwdsendexpiring PWDSENDEXPIRING
5434              Set  to  "on"  to always send the expiring control regardless of
5435              the warning period
5436
5437
5438       --pwdlockout PWDLOCKOUT
5439              Set to "on" to enable account lockout
5440
5441
5442       --pwdunlock PWDUNLOCK
5443              Set to "on" to allow an account to  become  unlocked  after  the
5444              lockout duration
5445
5446
5447       --pwdlockoutduration PWDLOCKOUTDURATION
5448              The number of seconds an account stays locked out
5449
5450
5451       --pwdmaxfailures PWDMAXFAILURES
5452              The  maximum  number  of allowed failed password attempts before
5453              the account gets locked
5454
5455
5456       --pwdresetfailcount PWDRESETFAILCOUNT
5457              The number of seconds to wait before reducing the  failed  login
5458              count on an account
5459
5460
5461       --pwdchecksyntax PWDCHECKSYNTAX
5462              Set to "on" to Enable password syntax checking
5463
5464
5465       --pwdminlen PWDMINLEN
5466              The minimum number of characters required in a password
5467
5468
5469       --pwdmindigits PWDMINDIGITS
5470              The minimum number of digit/number characters in a password
5471
5472
5473       --pwdminalphas PWDMINALPHAS
5474              The minimum number of alpha characters required in a password
5475
5476
5477       --pwdminuppers PWDMINUPPERS
5478              The  minimum  number of uppercase characters required in a pass‐
5479              word
5480
5481
5482       --pwdminlowers PWDMINLOWERS
5483              The minimum number of lowercase characters required in  a  pass‐
5484              word
5485
5486
5487       --pwdminspecials PWDMINSPECIALS
5488              The minimum number of special characters required in a password
5489
5490
5491       --pwdmin8bits PWDMIN8BITS
5492              The minimum number of 8-bit characters required in a password
5493
5494
5495       --pwdmaxrepeats PWDMAXREPEATS
5496              The  maximum  number  of  times  the  same  character can appear
5497              sequentially in the password
5498
5499
5500       --pwdpalindrome PWDPALINDROME
5501              Set to "on" to reject passwords that are palindromes
5502
5503
5504       --pwdmaxseq PWDMAXSEQ
5505              The maximum number of allowed monotonic character sequences in a
5506              password
5507
5508
5509       --pwdmaxseqsets PWDMAXSEQSETS
5510              The maximum number of allowed monotonic character sequences that
5511              can be duplicated in a password
5512
5513
5514       --pwdmaxclasschars PWDMAXCLASSCHARS
5515              The maximum number of sequential characters from the same  char‐
5516              acter class that is allowed in a password
5517
5518
5519       --pwdmincatagories PWDMINCATAGORIES
5520              The minimum number of syntax category checks
5521
5522
5523       --pwdmintokenlen PWDMINTOKENLEN
5524              Sets  the smallest attribute value length that is used for triv‐
5525              ial/user words checking. This also impacts "--pwduserattrs"
5526
5527
5528       --pwdbadwords PWDBADWORDS
5529              A space-separated list of words that can not be in a password
5530
5531
5532       --pwduserattrs PWDUSERATTRS
5533              A space-separated list of attributes whose values can not appear
5534              in the password (See "--pwdmintokenlen")
5535
5536
5537       --pwpinheritglobal PWPINHERITGLOBAL
5538              Set to "on" to allow local policies to inherit the global policy
5539
5540
5541       --pwddictcheck PWDDICTCHECK
5542              Set to "on" to enforce CrackLib dictionary checking
5543
5544
5545       --pwddictpath PWDDICTPATH
5546              Filesystem path to specific/custom CrackLib dictionary files
5547
5548
5549

OPTIONS 'dsconf replication'

5551       usage: dsconf instance replication [-h]
5552                                          {enable,disable,get-ruv,list,sta‐
5553       tus,winsync-status,promote,create-manager,delete-man‐
5554       ager,demote,get,create-changelog,delete-changelog,set-changelog,get-
5555       changelog,dump-changelog,restore-changelog,set,monitor}
5556                                          ...
5557
5558
5559   Sub-commands
5560       dsconf replication enable
5561              Enable replication for a suffix
5562
5563       dsconf replication disable
5564              Disable replication for a suffix
5565
5566       dsconf replication get-ruv
5567              Get the database RUV entry for his suffix
5568
5569       dsconf replication list
5570              List all the replicated suffixes
5571
5572       dsconf replication status
5573              Get the current status of all the replication agreements
5574
5575       dsconf replication winsync-status
5576              Get the current status of all the replication agreements
5577
5578       dsconf replication promote
5579              Promte replica to a Hub or Master
5580
5581       dsconf replication create-manager
5582              Create a replication manager entry
5583
5584       dsconf replication delete-manager
5585              Delete a replication manager entry
5586
5587       dsconf replication demote
5588              Demote replica to a Hub or Consumer
5589
5590       dsconf replication get
5591              Get replication configuration
5592
5593       dsconf replication create-changelog
5594              Create the replication changelog
5595
5596       dsconf replication delete-changelog
5597              Delete the replication  changelog.   This  will  invalidate  any
5598              existing replication agreements
5599
5600       dsconf replication set-changelog
5601              Set replication changelog attributes.
5602
5603       dsconf replication get-changelog
5604              Display replication changelog attributes.
5605
5606       dsconf replication dump-changelog
5607              Decode Directory Server replication change log and dump it to an
5608              LDIF
5609
5610       dsconf replication restore-changelog
5611              Restore Directory Server replication change log from  LDIF  file
5612              or change log directory
5613
5614       dsconf replication set
5615              Set an attribute in the replication configuration
5616
5617       dsconf replication monitor
5618              Get the full replication topology report
5619

OPTIONS 'dsconf replication enable'

5621       usage:  dsconf  instance replication enable [-h] --suffix SUFFIX --role
5622       ROLE
5623                                                 [--replica-id REPLICA_ID]
5624                                                 [--bind-group-dn
5625       BIND_GROUP_DN]
5626                                                 [--bind-dn BIND_DN]
5627                                                 [--bind-passwd BIND_PASSWD]
5628
5629
5630
5631       --suffix SUFFIX
5632              The DN of the suffix to be enabled for replication
5633
5634
5635       --role ROLE
5636              The Replication role: "master", "hub", or "consumer"
5637
5638
5639       --replica-id REPLICA_ID
5640              The replication identifier for a "master". Values range from 1 -
5641              65534
5642
5643
5644       --bind-group-dn BIND_GROUP_DN
5645              A group entry DN containing members that are "bind/supplier" DNs
5646
5647
5648       --bind-dn BIND_DN
5649              The Bind or Supplier DN that can make replication updates
5650
5651
5652       --bind-passwd BIND_PASSWD
5653              Password for replication manager(--bind-dn).  This  will  create
5654              the manager entry if a value is set
5655
5656

OPTIONS 'dsconf replication disable'

5658       usage: dsconf instance replication disable [-h] --suffix SUFFIX
5659
5660
5661
5662       --suffix SUFFIX
5663              The DN of the suffix to have replication disabled
5664
5665

OPTIONS 'dsconf replication get-ruv'

5667       usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX
5668
5669
5670
5671       --suffix SUFFIX
5672              The DN of the replicated suffix
5673
5674

OPTIONS 'dsconf replication list'

5676       usage: dsconf instance replication list [-h]
5677
5678
5679
5680

OPTIONS 'dsconf replication status'

5682       usage: dsconf instance replication status [-h] --suffix SUFFIX
5683                                                 [--bind-dn BIND_DN]
5684                                                 [--bind-passwd BIND_PASSWD]
5685
5686
5687
5688       --suffix SUFFIX
5689              The DN of the replication suffix
5690
5691
5692       --bind-dn BIND_DN
5693              The DN to use to authenticate to the consumer
5694
5695
5696       --bind-passwd BIND_PASSWD
5697              The password for the bind DN
5698
5699

OPTIONS 'dsconf replication winsync-status'

5701       usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX
5702                                                         [--bind-dn BIND_DN]
5703                                                         [--bind-passwd
5704       BIND_PASSWD]
5705
5706
5707
5708       --suffix SUFFIX
5709              The DN of the replication suffix
5710
5711
5712       --bind-dn BIND_DN
5713              The DN to use to authenticate to the consumer
5714
5715
5716       --bind-passwd BIND_PASSWD
5717              The password for the bind DN
5718
5719

OPTIONS 'dsconf replication promote'

5721       usage: dsconf instance replication promote [-h] --suffix SUFFIX  --new‐
5722       role
5723                                                  NEWROLE        [--replica-id
5724       REPLICA_ID]
5725                                                  [--bind-group-dn
5726       BIND_GROUP_DN]
5727                                                  [--bind-dn BIND_DN]
5728
5729
5730
5731       --suffix SUFFIX
5732              The DN of the replication suffix to promote
5733
5734
5735       --newrole NEWROLE
5736              Promote this replica to a "hub" or "master"
5737
5738
5739       --replica-id REPLICA_ID
5740              The replication identifier for a "master". Values range from 1 -
5741              65534
5742
5743
5744       --bind-group-dn BIND_GROUP_DN
5745              A group entry DN containing members that are "bind/supplier" DNs
5746
5747
5748       --bind-dn BIND_DN
5749              The Bind or Supplier DN that can make replication updates
5750
5751

OPTIONS 'dsconf replication create-manager'

5753       usage: dsconf instance replication create-manager [-h] [--name NAME]
5754                                                         [--passwd PASSWD]
5755                                                         [--suffix SUFFIX]
5756
5757
5758
5759       --name NAME
5760              The NAME of the new replication manager entry. For  example,  if
5761              the  NAME  is "replication manager" then the new manager entry's
5762              DN would be "cn=replication manager,cn=config".
5763
5764
5765       --passwd PASSWD
5766              Password for replication manager. If not provided, you  will  be
5767              prompted for the password
5768
5769
5770       --suffix SUFFIX
5771              The DN of the replication suffix whose replication configuration
5772              you want to add this new manager to (OPTIONAL)
5773
5774

OPTIONS 'dsconf replication delete-manager'

5776       usage: dsconf instance replication delete-manager [-h] [--name NAME]
5777                                                         [--suffix SUFFIX]
5778
5779
5780
5781       --name NAME
5782              The NAME of  the  replication  manager  entry  under  cn=config:
5783              "cn=NAME,cn=config"
5784
5785
5786       --suffix SUFFIX
5787              The DN of the replication suffix whose replication configuration
5788              you want to remove this manager from (OPTIONAL)
5789
5790

OPTIONS 'dsconf replication demote'

5792       usage: dsconf instance replication demote [-h] --suffix  SUFFIX  --new‐
5793       role
5794                                                 NEWROLE
5795
5796
5797
5798       --suffix SUFFIX
5799              Promte this replica to a "hub" or "consumer"
5800
5801
5802       --newrole NEWROLE
5803              The Replication role: "hub", or "consumer"
5804
5805

OPTIONS 'dsconf replication get'

5807       usage: dsconf instance replication get [-h] --suffix SUFFIX
5808
5809
5810
5811       --suffix SUFFIX
5812              Get the replication configuration for this suffix DN
5813
5814

OPTIONS 'dsconf replication create-changelog'

5816       usage: dsconf instance replication create-changelog [-h]
5817
5818
5819
5820

OPTIONS 'dsconf replication delete-changelog'

5822       usage: dsconf instance replication delete-changelog [-h]
5823
5824
5825
5826

OPTIONS 'dsconf replication set-changelog'

5828       usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR]
5829                                                        [--max-entries
5830       MAX_ENTRIES]
5831                                                        [--max-age MAX_AGE]
5832                                                        [--compact-interval
5833       COMPACT_INTERVAL]
5834                                                        [--trim-interval
5835       TRIM_INTERVAL]
5836
5837
5838
5839       --cl-dir CL_DIR
5840              The replication changelog location on the filesystem
5841
5842
5843       --max-entries MAX_ENTRIES
5844              The  maximum  number  of  entries  to  get  in  the  replication
5845              changelog
5846
5847
5848       --max-age MAX_AGE
5849              The maximum age of a replication changelog entry
5850
5851
5852       --compact-interval COMPACT_INTERVAL
5853              The replication changelog compaction interval
5854
5855
5856       --trim-interval TRIM_INTERVAL
5857              The  interval  to  check  if  the  replication  changelog can be
5858              trimmed
5859
5860

OPTIONS 'dsconf replication get-changelog'

5862       usage: dsconf instance replication get-changelog [-h]
5863
5864
5865
5866

OPTIONS 'dsconf replication dump-changelog'

5868       usage: dsconf instance replication dump-changelog [-h] [-c] [-l]
5869                                                         [-i CHANGELOG_LDIF]
5870                                                         [-o OUTPUT_FILE]
5871                                                         [-r     REPLICA_ROOTS
5872       [REPLICA_ROOTS ...]]
5873
5874
5875
5876       -c, --csn-only
5877              Dump  and  interpret  CSN  only. This option can be used with or
5878              without -i option.
5879
5880
5881       -l, --preserve-ldif-done
5882              Preserve generated ldif.done files from changelogdir.
5883
5884
5885       -i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF
5886              If you already have a ldif-like changelog, but  the  changes  in
5887              that  file  are  encoded, you may use this option to decode that
5888              ldif-like changelog. It should be base64 encoded.
5889
5890
5891       -o OUTPUT_FILE, --output-file OUTPUT_FILE
5892              Path name for the final result. Default to STDOUT if omitted.
5893
5894
5895       -r REPLICA_ROOTS  [REPLICA_ROOTS  ...],  --replica-roots  REPLICA_ROOTS
5896       [REPLICA_ROOTS ...]
5897              Specify  replica  roots  whose  changelog  you want to dump. The
5898              replica roots may be seperated by comma. All the  replica  roots
5899              would be dumped if the option is omitted.
5900
5901

OPTIONS 'dsconf replication restore-changelog'

5903       usage: dsconf instance replication restore-changelog [-h]
5904                                                            {from-ldif,from-
5905       changelogdir}
5906                                                            ...
5907
5908
5909   Sub-commands
5910       dsconf replication restore-changelog from-ldif
5911              Restore a single LDIF file.
5912
5913       dsconf replication restore-changelog from-changelogdir
5914              Restore LDIF files from changelogdir.
5915

OPTIONS 'dsconf replication restore-changelog from-ldif'

5917       usage: dsconf instance replication restore-changelog from-ldif
5918              [-h] -r REPLICA_ROOT LDIF_PATH
5919
5920
5921       LDIF_PATH
5922              The path of changelog LDIF file.
5923
5924
5925       -r REPLICA_ROOT, --replica-root REPLICA_ROOT
5926              Specify one replica root whose changelog you  want  to  restore.
5927              The replica root will be consumed from the LDIF file name if the
5928              option is omitted.
5929
5930

OPTIONS 'dsconf replication restore-changelog from-changelogdir'

5932       usage: dsconf instance replication restore-changelog from-changelogdir
5933              [-h] REPLICA_ROOTS [REPLICA_ROOTS ...]
5934
5935
5936       REPLICA_ROOTS
5937              Specify replica roots whose changelog you want to  restore.  The
5938              replica  roots  may be seperated by comma. All the replica roots
5939              would be dumped if the option is omitted.
5940
5941
5942
5943

OPTIONS 'dsconf replication set'

5945       usage: dsconf instance replication set [-h] --suffix SUFFIX
5946                                              [--repl-add-bind-dn
5947       REPL_ADD_BIND_DN]
5948                                              [--repl-del-bind-dn
5949       REPL_DEL_BIND_DN]
5950                                              [--repl-add-ref REPL_ADD_REF]
5951                                              [--repl-del-ref REPL_DEL_REF]
5952                                              [--repl-purge-delay
5953       REPL_PURGE_DELAY]
5954                                              [--repl-tombstone-purge-interval
5955       REPL_TOMBSTONE_PURGE_INTERVAL]
5956                                              [--repl-fast-tombstone-purging
5957       REPL_FAST_TOMBSTONE_PURGING]
5958                                              [--repl-bind-group
5959       REPL_BIND_GROUP]
5960                                              [--repl-bind-group-interval
5961       REPL_BIND_GROUP_INTERVAL]
5962                                              [--repl-protocol-timeout
5963       REPL_PROTOCOL_TIMEOUT]
5964                                              [--repl-backoff-max   REPL_BACK‐
5965       OFF_MAX]
5966                                              [--repl-backoff-min   REPL_BACK‐
5967       OFF_MIN]
5968                                              [--repl-release-timeout
5969       REPL_RELEASE_TIMEOUT]
5970
5971
5972
5973       --suffix SUFFIX
5974              The DN of the replication suffix
5975
5976
5977       --repl-add-bind-dn REPL_ADD_BIND_DN
5978              Add a bind (supplier) DN
5979
5980
5981       --repl-del-bind-dn REPL_DEL_BIND_DN
5982              Remove a bind (supplier) DN
5983
5984
5985       --repl-add-ref REPL_ADD_REF
5986              Add a replication referral (for consumers only)
5987
5988
5989       --repl-del-ref REPL_DEL_REF
5990              Remove a replication referral (for conusmers only)
5991
5992
5993       --repl-purge-delay REPL_PURGE_DELAY
5994              The replication purge delay
5995
5996
5997       --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
5998              The  interval  in  seconds  to  check for tombstones that can be
5999              purged
6000
6001
6002       --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
6003              Set to "on" to improve tombstone purging performance
6004
6005
6006       --repl-bind-group REPL_BIND_GROUP
6007              A group entry DN containing members that are "bind/supplier" DNs
6008
6009
6010       --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
6011              An interval in seconds to check  if  the  bind  group  has  been
6012              updated
6013
6014
6015       --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
6016              A  timeout in seconds on how long to wait before stopping repli‐
6017              cation when the server is under load
6018
6019
6020       --repl-backoff-max REPL_BACKOFF_MAX
6021              The maximum time in seconds a replication agreement should  stay
6022              in  a  backoff  state  while  waiting  to  acquire the consumer.
6023              Default is 300 seconds
6024
6025
6026       --repl-backoff-min REPL_BACKOFF_MIN
6027              The starting time in seconds a replication agreement should stay
6028              in  a  backoff  state  while  waiting  to  acquire the consumer.
6029              Default is 3 seconds
6030
6031
6032       --repl-release-timeout REPL_RELEASE_TIMEOUT
6033              A timeout in seconds a replication master  should  send  updates
6034              before it yields its replication session
6035
6036

OPTIONS 'dsconf replication monitor'

6038       usage: dsconf instance replication monitor [-h]
6039                                                  [-c   [CONNECTIONS  [CONNEC‐
6040       TIONS ...]]]
6041                                                  [-a [ALIASES [ALIASES ...]]]
6042
6043
6044
6045       -c [CONNECTIONS [CONNECTIONS ...]], --connections [CONNECTIONS [CONNEC‐
6046       TIONS ...]]
6047              The connection values for monitoring other not connected topolo‐
6048              gies. The format: 'host:port:binddn:bindpwd'. You can use  regex
6049              for  host  and  port.  You  can  set bindpwd to * and it will be
6050              requested at the runtime or you can  include  the  path  to  the
6051              password file in square brackets - [~/pwd.txt]
6052
6053
6054       -a [ALIASES [ALIASES ...]], --aliases [ALIASES [ALIASES ...]]
6055              If  a  host:port is assigned an alias, then the alias instead of
6056              host:port  will  be  displayed  in  the  output.   The   format:
6057              alias=host:port
6058
6059
6060

OPTIONS 'dsconf repl-agmt'

6062       usage: dsconf instance repl-agmt [-h]
6063                                        {list,enable,disable,init,init-sta‐
6064       tus,poke,status,delete,create,set,get}
6065                                        ...
6066
6067
6068   Sub-commands
6069       dsconf repl-agmt list
6070              List all the replication agreements
6071
6072       dsconf repl-agmt enable
6073              Enable replication agreement
6074
6075       dsconf repl-agmt disable
6076              Disable replication agreement
6077
6078       dsconf repl-agmt init
6079              Initialize replication agreement
6080
6081       dsconf repl-agmt init-status
6082              Check the agreement initialization status
6083
6084       dsconf repl-agmt poke
6085              Trigger replication to send updates now
6086
6087       dsconf repl-agmt status
6088              Get the current status of the replication agreement
6089
6090       dsconf repl-agmt delete
6091              Delete replication agreement
6092
6093       dsconf repl-agmt create
6094              Initialize replication agreement
6095
6096       dsconf repl-agmt set
6097              Set an attribute in the replication agreement
6098
6099       dsconf repl-agmt get
6100              Get replication configuration
6101

OPTIONS 'dsconf repl-agmt list'

6103       usage: dsconf instance repl-agmt list  [-h]  --suffix  SUFFIX  [--entry
6104       ENTRY]
6105
6106
6107
6108       --suffix SUFFIX
6109              The DN of the suffix to look up replication agreements
6110
6111
6112       --entry ENTRY
6113              Return the entire entry for each agreement
6114
6115

OPTIONS 'dsconf repl-agmt enable'

6117       usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
6118
6119
6120       AGMT_NAME
6121              The name of the replication agreement
6122
6123
6124       --suffix SUFFIX
6125              The DN of the replication suffix
6126
6127

OPTIONS 'dsconf repl-agmt disable'

6129       usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
6130
6131
6132       AGMT_NAME
6133              The name of the replication agreement
6134
6135
6136       --suffix SUFFIX
6137              The DN of the replication suffix
6138
6139

OPTIONS 'dsconf repl-agmt init'

6141       usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
6142
6143
6144       AGMT_NAME
6145              The name of the replication agreement
6146
6147
6148       --suffix SUFFIX
6149              The DN of the replication suffix
6150
6151

OPTIONS 'dsconf repl-agmt init-status'

6153       usage:  dsconf  instance  repl-agmt  init-status  [-h]  --suffix SUFFIX
6154       AGMT_NAME
6155
6156
6157       AGMT_NAME
6158              The name of the replication agreement
6159
6160
6161       --suffix SUFFIX
6162              The DN of the replication suffix
6163
6164

OPTIONS 'dsconf repl-agmt poke'

6166       usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
6167
6168
6169       AGMT_NAME
6170              The name of the replication agreement
6171
6172
6173       --suffix SUFFIX
6174              The DN of the replication suffix
6175
6176

OPTIONS 'dsconf repl-agmt status'

6178       usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
6179                                               [--bind-dn BIND_DN]
6180                                               [--bind-passwd BIND_PASSWD]
6181                                               AGMT_NAME
6182
6183
6184       AGMT_NAME
6185              The name of the replication agreement
6186
6187
6188       --suffix SUFFIX
6189              The DN of the replication suffix
6190
6191
6192       --bind-dn BIND_DN
6193              The DN to use to authenticate to the consumer
6194
6195
6196       --bind-passwd BIND_PASSWD
6197              The password for the bind DN
6198
6199

OPTIONS 'dsconf repl-agmt delete'

6201       usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6202
6203
6204       AGMT_NAME
6205              The name of the replication agreement
6206
6207
6208       --suffix SUFFIX
6209              The DN of the replication suffix
6210
6211

OPTIONS 'dsconf repl-agmt create'

6213       usage: dsconf instance repl-agmt create  [-h]  --suffix  SUFFIX  --host
6214       HOST
6215                                               --port PORT --conn-protocol
6216                                               CONN_PROTOCOL        [--bind-dn
6217       BIND_DN]
6218                                               [--bind-passwd BIND_PASSWD]
6219                                               --bind-method BIND_METHOD
6220                                               [--frac-list FRAC_LIST]
6221                                               [--frac-list-total
6222       FRAC_LIST_TOTAL]
6223                                               [--strip-list STRIP_LIST]
6224                                               [--schedule SCHEDULE]
6225                                               [--conn-timeout CONN_TIMEOUT]
6226                                               [--protocol-timeout      PROTO‐
6227       COL_TIMEOUT]
6228                                               [--wait-async-results
6229       WAIT_ASYNC_RESULTS]
6230                                               [--busy-wait-time
6231       BUSY_WAIT_TIME]
6232                                               [--session-pause-time      SES‐
6233       SION_PAUSE_TIME]
6234                                               [--flow-control-window
6235       FLOW_CONTROL_WINDOW]
6236                                               [--flow-control-pause FLOW_CON‐
6237       TROL_PAUSE]
6238                                               [--init]
6239                                               AGMT_NAME
6240
6241
6242       AGMT_NAME
6243              The name of the replication agreement
6244
6245
6246       --suffix SUFFIX
6247              The DN of the replication suffix
6248
6249
6250       --host HOST
6251              The hostname of the remote replica
6252
6253
6254       --port PORT
6255              The port number of the remote replica
6256
6257
6258       --conn-protocol CONN_PROTOCOL
6259              The replication connection protocol: LDAP, LDAPS, or StartTLS
6260
6261
6262       --bind-dn BIND_DN
6263              The Bind DN the agreement uses to authenticate to the replica
6264
6265
6266       --bind-passwd BIND_PASSWD
6267              The credentials for the Bind DN
6268
6269
6270       --bind-method BIND_METHOD
6271              The  bind  method:  "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6272              "SASL/GSSAPI"
6273
6274
6275       --frac-list FRAC_LIST
6276              List of attributes to  NOT  replicate  to  the  consumer  during
6277              incremental updates
6278
6279
6280       --frac-list-total FRAC_LIST_TOTAL
6281              List  of  attributes to NOT replicate during a total initializa‐
6282              tion
6283
6284
6285       --strip-list STRIP_LIST
6286              A list of attributes that are removed from updates only  if  the
6287              event  would otherwise be empty. Typically this is set to "modi‐
6288              fiersname" and "modifytimestmap"
6289
6290
6291       --schedule SCHEDULE
6292              Sets the replication update schedule: 'HHMM-HHMM  DDDDDDD'  D  =
6293              0-6 (Sunday - Saturday).
6294
6295
6296       --conn-timeout CONN_TIMEOUT
6297              The timeout used for replicaton connections
6298
6299
6300       --protocol-timeout PROTOCOL_TIMEOUT
6301              A  timeout in seconds on how long to wait before stopping repli‐
6302              cation when the server is under load
6303
6304
6305       --wait-async-results WAIT_ASYNC_RESULTS
6306              The amount of time in milliseconds the server waits if the  con‐
6307              sumer is not ready before resending data
6308
6309
6310       --busy-wait-time BUSY_WAIT_TIME
6311              The  amount  of  time  in seconds a supplier should wait after a
6312              consumer sends  back  a  busy  response  before  making  another
6313              attempt to acquire access.
6314
6315
6316       --session-pause-time SESSION_PAUSE_TIME
6317              The  amount  of  time  in seconds a supplier should wait between
6318              update sessions.
6319
6320
6321       --flow-control-window FLOW_CONTROL_WINDOW
6322              Sets the maximum number of entries and updates sent  by  a  sup‐
6323              plier, which are not acknowledged by the consumer.
6324
6325
6326       --flow-control-pause FLOW_CONTROL_PAUSE
6327              The  time  in milliseconds to pause after reaching the number of
6328              entries and updates set in "--flow-control-window"
6329
6330
6331       --init Initialize the agreement after creating it.
6332
6333

OPTIONS 'dsconf repl-agmt set'

6335       usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6336                                            [--port PORT]
6337                                            [--conn-protocol CONN_PROTOCOL]
6338                                            [--bind-dn BIND_DN]
6339                                            [--bind-passwd BIND_PASSWD]
6340                                            [--bind-method BIND_METHOD]
6341                                            [--frac-list FRAC_LIST]
6342                                            [--frac-list-total
6343       FRAC_LIST_TOTAL]
6344                                            [--strip-list STRIP_LIST]
6345                                            [--schedule SCHEDULE]
6346                                            [--conn-timeout CONN_TIMEOUT]
6347                                            [--protocol-timeout PROTOCOL_TIME‐
6348       OUT]
6349                                            [--wait-async-results
6350       WAIT_ASYNC_RESULTS]
6351                                            [--busy-wait-time BUSY_WAIT_TIME]
6352                                            [--session-pause-time         SES‐
6353       SION_PAUSE_TIME]
6354                                            [--flow-control-window   FLOW_CON‐
6355       TROL_WINDOW]
6356                                            [--flow-control-pause    FLOW_CON‐
6357       TROL_PAUSE]
6358                                            AGMT_NAME
6359
6360
6361       AGMT_NAME
6362              The name of the replication agreement
6363
6364
6365       --suffix SUFFIX
6366              The DN of the replication suffix
6367
6368
6369       --host HOST
6370              The hostname of the remote replica
6371
6372
6373       --port PORT
6374              The port number of the remote replica
6375
6376
6377       --conn-protocol CONN_PROTOCOL
6378              The replication connection protocol: LDAP, LDAPS, or StartTLS
6379
6380
6381       --bind-dn BIND_DN
6382              The Bind DN the agreement uses to authenticate to the replica
6383
6384
6385       --bind-passwd BIND_PASSWD
6386              The credentials for the Bind DN
6387
6388
6389       --bind-method BIND_METHOD
6390              The bind method: "SIMPLE",  "SSLCLIENTAUTH",  "SASL/DIGEST",  or
6391              "SASL/GSSAPI"
6392
6393
6394       --frac-list FRAC_LIST
6395              List  of  attributes  to  NOT  replicate  to the consumer during
6396              incremental updates
6397
6398
6399       --frac-list-total FRAC_LIST_TOTAL
6400              List of attributes to NOT replicate during a  total  initializa‐
6401              tion
6402
6403
6404       --strip-list STRIP_LIST
6405              A  list  of attributes that are removed from updates only if the
6406              event would otherwise be empty. Typically this is set to  "modi‐
6407              fiersname" and "modifytimestmap"
6408
6409
6410       --schedule SCHEDULE
6411              Sets  the  replication  update schedule: 'HHMM-HHMM DDDDDDD' D =
6412              0-6 (Sunday - Saturday).
6413
6414
6415       --conn-timeout CONN_TIMEOUT
6416              The timeout used for replicaton connections
6417
6418
6419       --protocol-timeout PROTOCOL_TIMEOUT
6420              A timeout in seconds on how long to wait before stopping  repli‐
6421              cation when the server is under load
6422
6423
6424       --wait-async-results WAIT_ASYNC_RESULTS
6425              The  amount of time in milliseconds the server waits if the con‐
6426              sumer is not ready before resending data
6427
6428
6429       --busy-wait-time BUSY_WAIT_TIME
6430              The amount of time in seconds a supplier  should  wait  after  a
6431              consumer  sends  back  a  busy  response  before  making another
6432              attempt to acquire access.
6433
6434
6435       --session-pause-time SESSION_PAUSE_TIME
6436              The amount of time in seconds a  supplier  should  wait  between
6437              update sessions.
6438
6439
6440       --flow-control-window FLOW_CONTROL_WINDOW
6441              Sets  the  maximum  number of entries and updates sent by a sup‐
6442              plier, which are not acknowledged by the consumer.
6443
6444
6445       --flow-control-pause FLOW_CONTROL_PAUSE
6446              The time in milliseconds to pause after reaching the  number  of
6447              entries and updates set in "--flow-control-window"
6448
6449

OPTIONS 'dsconf repl-agmt get'

6451       usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
6452
6453
6454       AGMT_NAME
6455              Get the replication configuration for this suffix DN
6456
6457
6458       --suffix SUFFIX
6459              The DN of the replication suffix
6460
6461
6462

OPTIONS 'dsconf repl-winsync-agmt'

6464       usage: dsconf instance repl-winsync-agmt [-h]
6465                                                {list,enable,dis‐
6466       able,init,init-status,poke,status,delete,create,set,get}
6467                                                ...
6468
6469
6470   Sub-commands
6471       dsconf repl-winsync-agmt list
6472              List all the replication winsync agreements
6473
6474       dsconf repl-winsync-agmt enable
6475              Enable replication winsync agreement
6476
6477       dsconf repl-winsync-agmt disable
6478              Disable replication winsync agreement
6479
6480       dsconf repl-winsync-agmt init
6481              Initialize replication winsync agreement
6482
6483       dsconf repl-winsync-agmt init-status
6484              Check the agreement initialization status
6485
6486       dsconf repl-winsync-agmt poke
6487              Trigger replication to send updates now
6488
6489       dsconf repl-winsync-agmt status
6490              Get the current status of the replication agreement
6491
6492       dsconf repl-winsync-agmt delete
6493              Delete replication winsync agreement
6494
6495       dsconf repl-winsync-agmt create
6496              Initialize replication winsync agreement
6497
6498       dsconf repl-winsync-agmt set
6499              Set an attribute in the replication winsync agreement
6500
6501       dsconf repl-winsync-agmt get
6502              Get replication configuration
6503

OPTIONS 'dsconf repl-winsync-agmt list'

6505       usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
6506
6507
6508
6509       --suffix SUFFIX
6510              The DN of the suffix to look up replication winsync agreements
6511
6512

OPTIONS 'dsconf repl-winsync-agmt enable'

6514       usage: dsconf instance repl-winsync-agmt enable  [-h]  --suffix  SUFFIX
6515       AGMT_NAME
6516
6517
6518       AGMT_NAME
6519              The name of the replication winsync agreement
6520
6521
6522       --suffix SUFFIX
6523              The DN of the replication winsync suffix
6524
6525

OPTIONS 'dsconf repl-winsync-agmt disable'

6527       usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
6528                                                        AGMT_NAME
6529
6530
6531       AGMT_NAME
6532              The name of the replication winsync agreement
6533
6534
6535       --suffix SUFFIX
6536              The DN of the replication winsync suffix
6537
6538

OPTIONS 'dsconf repl-winsync-agmt init'

6540       usage:  dsconf  instance  repl-winsync-agmt  init  [-h] --suffix SUFFIX
6541       AGMT_NAME
6542
6543
6544       AGMT_NAME
6545              The name of the replication winsync agreement
6546
6547
6548       --suffix SUFFIX
6549              The DN of the replication winsync suffix
6550
6551

OPTIONS 'dsconf repl-winsync-agmt init-status'

6553       usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
6554       FIX
6555                                                            AGMT_NAME
6556
6557
6558       AGMT_NAME
6559              The name of the replication agreement
6560
6561
6562       --suffix SUFFIX
6563              The DN of the replication suffix
6564
6565

OPTIONS 'dsconf repl-winsync-agmt poke'

6567       usage:  dsconf  instance  repl-winsync-agmt  poke  [-h] --suffix SUFFIX
6568       AGMT_NAME
6569
6570
6571       AGMT_NAME
6572              The name of the replication winsync agreement
6573
6574
6575       --suffix SUFFIX
6576              The DN of the replication winsync suffix
6577
6578

OPTIONS 'dsconf repl-winsync-agmt status'

6580       usage: dsconf instance repl-winsync-agmt status  [-h]  --suffix  SUFFIX
6581       AGMT_NAME
6582
6583
6584       AGMT_NAME
6585              The name of the replication agreement
6586
6587
6588       --suffix SUFFIX
6589              The DN of the replication suffix
6590
6591

OPTIONS 'dsconf repl-winsync-agmt delete'

6593       usage:  dsconf  instance  repl-winsync-agmt delete [-h] --suffix SUFFIX
6594       AGMT_NAME
6595
6596
6597       AGMT_NAME
6598              The name of the replication winsync agreement
6599
6600
6601       --suffix SUFFIX
6602              The DN of the replication winsync suffix
6603
6604

OPTIONS 'dsconf repl-winsync-agmt create'

6606       usage: dsconf instance repl-winsync-agmt create  [-h]  --suffix  SUFFIX
6607       --host
6608                                                       HOST --port PORT
6609                                                       --conn-protocol
6610       CONN_PROTOCOL
6611                                                       --bind-dn BIND_DN
6612                                                       --bind-passwd
6613       BIND_PASSWD
6614                                                       [--frac-list FRAC_LIST]
6615                                                       [--schedule SCHEDULE]
6616                                                       --win-subtree  WIN_SUB‐
6617       TREE
6618                                                       --ds-subtree DS_SUBTREE
6619                                                       --win-domain WIN_DOMAIN
6620                                                       [--sync-users
6621       SYNC_USERS]
6622                                                       [--sync-groups
6623       SYNC_GROUPS]
6624                                                       [--sync-interval
6625       SYNC_INTERVAL]
6626                                                       [--one-way-sync
6627       ONE_WAY_SYNC]
6628                                                       [--move-action
6629       MOVE_ACTION]
6630                                                       [--win-filter  WIN_FIL‐
6631       TER]
6632                                                       [--ds-filter DS_FILTER]
6633                                                       [--subtree-pair    SUB‐
6634       TREE_PAIR]
6635                                                       [--conn-timeout
6636       CONN_TIMEOUT]
6637                                                       [--busy-wait-time
6638       BUSY_WAIT_TIME]
6639                                                       [--session-pause-time
6640       SESSION_PAUSE_TIME]
6641                                                       [--init]
6642                                                       AGMT_NAME
6643
6644
6645       AGMT_NAME
6646              The name of the replication winsync agreement
6647
6648
6649       --suffix SUFFIX
6650              The DN of the replication winsync suffix
6651
6652
6653       --host HOST
6654              The hostname of the AD server
6655
6656
6657       --port PORT
6658              The port number of the AD server
6659
6660
6661       --conn-protocol CONN_PROTOCOL
6662              The replication winsync connection  protocol:  LDAP,  LDAPS,  or
6663              StartTLS
6664
6665
6666       --bind-dn BIND_DN
6667              The Bind DN the agreement uses to authenticate to the AD Server
6668
6669
6670       --bind-passwd BIND_PASSWD
6671              The credentials for the Bind DN
6672
6673
6674       --frac-list FRAC_LIST
6675              List  of  attributes  to  NOT  replicate  to the consumer during
6676              incremental updates
6677
6678
6679       --schedule SCHEDULE
6680              Sets the replication update schedule
6681
6682
6683       --win-subtree WIN_SUBTREE
6684              The suffix of the AD Server
6685
6686
6687       --ds-subtree DS_SUBTREE
6688              The Directory Server suffix
6689
6690
6691       --win-domain WIN_DOMAIN
6692              The AD Domain
6693
6694
6695       --sync-users SYNC_USERS
6696              Synchronize Users between AD and DS
6697
6698
6699       --sync-groups SYNC_GROUPS
6700              Synchronize Groups between AD and DS
6701
6702
6703       --sync-interval SYNC_INTERVAL
6704              The interval that DS checks AD for changes in entries
6705
6706
6707       --one-way-sync ONE_WAY_SYNC
6708              Sets which direction to  perform  synchronization:  "toWindows",
6709              "fromWindows", "both"
6710
6711
6712       --move-action MOVE_ACTION
6713              Sets  instructions  on  how  to handle moved or deleted entries:
6714              "none", "unsync", or "delete"
6715
6716
6717       --win-filter WIN_FILTER
6718              Custom filter for finding users in AD Server
6719
6720
6721       --ds-filter DS_FILTER
6722              Custom filter for finding AD users in DS Server
6723
6724
6725       --subtree-pair SUBTREE_PAIR
6726              Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6727
6728
6729       --conn-timeout CONN_TIMEOUT
6730              The timeout used for replicaton connections
6731
6732
6733       --busy-wait-time BUSY_WAIT_TIME
6734              The amount of time in seconds a supplier  should  wait  after  a
6735              consumer  sends  back  a  busy  response  before  making another
6736              attempt to acquire access.
6737
6738
6739       --session-pause-time SESSION_PAUSE_TIME
6740              The amount of time in seconds a  supplier  should  wait  between
6741              update sessions.
6742
6743
6744       --init Initialize the agreement after creating it.
6745
6746

OPTIONS 'dsconf repl-winsync-agmt set'

6748       usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
6749                                                    [--host    HOST]   [--port
6750       PORT]
6751                                                    [--conn-protocol CONN_PRO‐
6752       TOCOL]
6753                                                    [--bind-dn BIND_DN]
6754                                                    [--bind-passwd
6755       BIND_PASSWD]
6756                                                    [--frac-list FRAC_LIST]
6757                                                    [--schedule SCHEDULE]
6758                                                    [--win-subtree    WIN_SUB‐
6759       TREE]
6760                                                    [--ds-subtree DS_SUBTREE]
6761                                                    [--win-domain WIN_DOMAIN]
6762                                                    [--sync-users SYNC_USERS]
6763                                                    [--sync-groups
6764       SYNC_GROUPS]
6765                                                    [--sync-interval
6766       SYNC_INTERVAL]
6767                                                    [--one-way-sync
6768       ONE_WAY_SYNC]
6769                                                    [--move-action
6770       MOVE_ACTION]
6771                                                    [--win-filter WIN_FILTER]
6772                                                    [--ds-filter DS_FILTER]
6773                                                    [--subtree-pair       SUB‐
6774       TREE_PAIR]
6775                                                    [--conn-timeout CONN_TIME‐
6776       OUT]
6777                                                    [--busy-wait-time
6778       BUSY_WAIT_TIME]
6779                                                    [--session-pause-time SES‐
6780       SION_PAUSE_TIME]
6781                                                    AGMT_NAME
6782
6783
6784       AGMT_NAME
6785              The name of the replication winsync agreement
6786
6787
6788       --suffix SUFFIX
6789              The DN of the replication winsync suffix
6790
6791
6792       --host HOST
6793              The hostname of the AD server
6794
6795
6796       --port PORT
6797              The port number of the AD server
6798
6799
6800       --conn-protocol CONN_PROTOCOL
6801              The  replication  winsync  connection  protocol: LDAP, LDAPS, or
6802              StartTLS
6803
6804
6805       --bind-dn BIND_DN
6806              The Bind DN the agreement uses to authenticate to the AD Server
6807
6808
6809       --bind-passwd BIND_PASSWD
6810              The credentials for the Bind DN
6811
6812
6813       --frac-list FRAC_LIST
6814              List of attributes to  NOT  replicate  to  the  consumer  during
6815              incremental updates
6816
6817
6818       --schedule SCHEDULE
6819              Sets the replication update schedule
6820
6821
6822       --win-subtree WIN_SUBTREE
6823              The suffix of the AD Server
6824
6825
6826       --ds-subtree DS_SUBTREE
6827              The Directory Server suffix
6828
6829
6830       --win-domain WIN_DOMAIN
6831              The AD Domain
6832
6833
6834       --sync-users SYNC_USERS
6835              Synchronize Users between AD and DS
6836
6837
6838       --sync-groups SYNC_GROUPS
6839              Synchronize Groups between AD and DS
6840
6841
6842       --sync-interval SYNC_INTERVAL
6843              The interval that DS checks AD for changes in entries
6844
6845
6846       --one-way-sync ONE_WAY_SYNC
6847              Sets  which  direction  to perform synchronization: "toWindows",
6848              "fromWindows", "both"
6849
6850
6851       --move-action MOVE_ACTION
6852              Sets instructions on how to handle  moved  or  deleted  entries:
6853              "none", "unsync", or "delete"
6854
6855
6856       --win-filter WIN_FILTER
6857              Custom filter for finding users in AD Server
6858
6859
6860       --ds-filter DS_FILTER
6861              Custom filter for finding AD users in DS Server
6862
6863
6864       --subtree-pair SUBTREE_PAIR
6865              Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6866
6867
6868       --conn-timeout CONN_TIMEOUT
6869              The timeout used for replicaton connections
6870
6871
6872       --busy-wait-time BUSY_WAIT_TIME
6873              The  amount  of  time  in seconds a supplier should wait after a
6874              consumer sends  back  a  busy  response  before  making  another
6875              attempt to acquire access.
6876
6877
6878       --session-pause-time SESSION_PAUSE_TIME
6879              The  amount  of  time  in seconds a supplier should wait between
6880              update sessions.
6881
6882

OPTIONS 'dsconf repl-winsync-agmt get'

6884       usage: dsconf  instance  repl-winsync-agmt  get  [-h]  --suffix  SUFFIX
6885       AGMT_NAME
6886
6887
6888       AGMT_NAME
6889              Get the replication configuration for this suffix DN
6890
6891
6892       --suffix SUFFIX
6893              The DN of the replication suffix
6894
6895
6896

OPTIONS 'dsconf repl-tasks'

6898       usage: dsconf instance repl-tasks [-h]
6899                                         {cleanallruv,list-cleanruv-
6900       tasks,abort-cleanallruv,list-abortruv-tasks}
6901                                         ...
6902
6903
6904   Sub-commands
6905       dsconf repl-tasks cleanallruv
6906              Cleanup old/removed replica IDs
6907
6908       dsconf repl-tasks list-cleanruv-tasks
6909              List all the running CleanAllRUV tasks
6910
6911       dsconf repl-tasks abort-cleanallruv
6912              Abort cleanallruv tasks
6913
6914       dsconf repl-tasks list-abortruv-tasks
6915              List all the running CleanAllRUV abort Tasks
6916

OPTIONS 'dsconf repl-tasks cleanallruv'

6918       usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
6919                                                     --replica-id REPLICA_ID
6920                                                     [--force-cleaning]
6921
6922
6923
6924       --suffix SUFFIX
6925              The Directory Server suffix
6926
6927
6928       --replica-id REPLICA_ID
6929              The replica ID to remove/clean
6930
6931
6932       --force-cleaning
6933              Ignore errors and do a best attempt to clean all the replicas
6934
6935

OPTIONS 'dsconf repl-tasks list-cleanruv-tasks'

6937       usage: dsconf instance repl-tasks  list-cleanruv-tasks  [-h]  [--suffix
6938       SUFFIX]
6939
6940
6941
6942       --suffix SUFFIX
6943              List only tasks from for suffix
6944
6945

OPTIONS 'dsconf repl-tasks abort-cleanallruv'

6947       usage:  dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
6948       FIX
6949                                                           --replica-id
6950       REPLICA_ID
6951                                                           [--certify]
6952
6953
6954
6955       --suffix SUFFIX
6956              The Directory Server suffix
6957
6958
6959       --replica-id REPLICA_ID
6960              The replica ID of the cleaning task to abort
6961
6962
6963       --certify
6964              Enforce that the abort task completed on all replicas
6965
6966

OPTIONS 'dsconf repl-tasks list-abortruv-tasks'

6968       usage:  dsconf  instance  repl-tasks list-abortruv-tasks [-h] [--suffix
6969       SUFFIX]
6970
6971
6972
6973       --suffix SUFFIX
6974              List only tasks from for suffix
6975
6976
6977

OPTIONS 'dsconf sasl'

6979       usage: dsconf instance sasl [-h] {list,get-mechs,get,create,delete} ...
6980
6981
6982   Sub-commands
6983       dsconf sasl list
6984              List available SASL mappings
6985
6986       dsconf sasl get-mechs
6987              List available SASL mechanisms
6988
6989       dsconf sasl get
6990              get
6991
6992       dsconf sasl create
6993              create
6994
6995       dsconf sasl delete
6996              deletes the object
6997

OPTIONS 'dsconf sasl list'

6999       usage: dsconf instance sasl list [-h] [--details]
7000
7001
7002
7003       --details
7004              Get each SASL Mapping in detail.
7005
7006

OPTIONS 'dsconf sasl get-mechs'

7008       usage: dsconf instance sasl get-mechs [-h]
7009
7010
7011
7012

OPTIONS 'dsconf sasl get'

7014       usage: dsconf instance sasl get [-h] [selector]
7015
7016
7017       selector
7018              SASL mapping name to get
7019
7020
7021

OPTIONS 'dsconf sasl create'

7023       usage: dsconf instance sasl create [-h] [--cn [CN]]
7024                                          [--nsSaslMapRegexString
7025       [NSSASLMAPREGEXSTRING]]
7026                                          [--nsSaslMapBaseDNTemplate
7027       [NSSASLMAPBASEDNTEMPLATE]]
7028                                          [--nsSaslMapFilterTemplate
7029       [NSSASLMAPFILTERTEMPLATE]]
7030                                          [--nsSaslMapPriority  [NSSASLMAPPRI‐
7031       ORITY]]
7032
7033
7034
7035       --cn [CN]
7036              Value of cn
7037
7038
7039       --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
7040              Value of nsSaslMapRegexString
7041
7042
7043       --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
7044              Value of nsSaslMapBaseDNTemplate
7045
7046
7047       --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
7048              Value of nsSaslMapFilterTemplate
7049
7050
7051       --nsSaslMapPriority [NSSASLMAPPRIORITY]
7052              Value of nsSaslMapPriority
7053
7054

OPTIONS 'dsconf sasl delete'

7056       usage: dsconf instance sasl delete [-h] map_name
7057
7058
7059       map_name
7060              The SASL Mapping name ("cn" value)
7061
7062
7063
7064

OPTIONS 'dsconf security'

7066       usage: dsconf instance security [-h]
7067                                       {set,get,enable,disable,dis‐
7068       able_plain_port,certificate,ca-certificate,rsa,ciphers}
7069                                       ...
7070
7071
7072   Sub-commands
7073       dsconf security set
7074              Set general security options
7075
7076       dsconf security get
7077              Get general security options
7078
7079       dsconf security enable
7080              Enable security
7081
7082       dsconf security disable
7083              Disable security
7084
7085       dsconf security disable_plain_port
7086              Disables  the plain text LDAP port, allowing only LDAPS to func‐
7087              tion
7088
7089       dsconf security certificate
7090              Manage TLS certificates
7091
7092       dsconf security ca-certificate
7093              Manage TLS Certificate Authorities
7094
7095       dsconf security rsa
7096              Query and manipulate RSA security options
7097
7098       dsconf security ciphers
7099              Manage secure ciphers
7100

OPTIONS 'dsconf security set'

7102       usage: dsconf instance security set [-h] [--security SECURITY]
7103                                           [--listen-host LISTEN_HOST]
7104                                           [--secure-port SECURE_PORT]
7105                                           [--tls-client-auth TLS_CLIENT_AUTH]
7106                                           [--tls-client-renegotiation
7107       TLS_CLIENT_RENEGOTIATION]
7108                                           [--require-secure-authentication
7109       REQUIRE_SECURE_AUTHENTICATION]
7110                                           [--check-hostname CHECK_HOSTNAME]
7111                                           [--verify-cert-chain-on-startup
7112       VERIFY_CERT_CHAIN_ON_STARTUP]
7113                                           [--session-timeout SESSION_TIMEOUT]
7114                                           [--tls-protocol-min      TLS_PROTO‐
7115       COL_MIN]
7116                                           [--tls-protocol-max      TLS_PROTO‐
7117       COL_MAX]
7118                                           [--allow-insecure-ciphers
7119       ALLOW_INSECURE_CIPHERS]
7120                                           [--allow-weak-dh-param
7121       ALLOW_WEAK_DH_PARAM]
7122                                           [--cipher-pref CIPHER_PREF]
7123
7124       Use  this  command  for  setting  security  related  options located in
7125       cn=config and cn=encryption,cn=config.
7126
7127       To enable/disable security you can  use  enable  and  disable  commands
7128       instead.
7129
7130
7131
7132       --security SECURITY
7133              Enable or disable security (nsslapd-security)
7134
7135
7136       --listen-host LISTEN_HOST
7137              Host/address to listen on for LDAPS (nsslapd-securelistenhost)
7138
7139
7140       --secure-port SECURE_PORT
7141              Port for LDAPS to listen on (nsslapd-securePort)
7142
7143
7144       --tls-client-auth TLS_CLIENT_AUTH
7145              Client authentication requirement (nsSSLClientAuth)
7146
7147
7148       --tls-client-renegotiation TLS_CLIENT_RENEGOTIATION
7149              Allow client TLS renegotiation (nsTLSAllowClientRenegotiation)
7150
7151
7152       --require-secure-authentication REQUIRE_SECURE_AUTHENTICATION
7153              Require    binds   over   LDAPS,   StartTLS,   or   SASL   (nss‐
7154              lapd-require-secure-binds)
7155
7156
7157       --check-hostname CHECK_HOSTNAME
7158              Check Subject of remote certificate against the  hostname  (nss‐
7159              lapd-ssl-check- hostname)
7160
7161
7162       --verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP
7163              Validate   server   certificate  during  startup  (nsslapd-vali‐
7164              date-cert)
7165
7166
7167       --session-timeout SESSION_TIMEOUT
7168              Secure session timeout (nsSSLSessionTimeout)
7169
7170
7171       --tls-protocol-min TLS_PROTOCOL_MIN
7172              Secure protocol minimal allowed version (sslVersionMin)
7173
7174
7175       --tls-protocol-max TLS_PROTOCOL_MAX
7176              Secure protocol maximal allowed version (sslVersionMax)
7177
7178
7179       --allow-insecure-ciphers ALLOW_INSECURE_CIPHERS
7180              Allow weak ciphers for legacy use (allowWeakCipher)
7181
7182
7183       --allow-weak-dh-param ALLOW_WEAK_DH_PARAM
7184              Allow short DH params for legacy use (allowWeakDHParam)
7185
7186
7187       --cipher-pref CIPHER_PREF
7188              Use this command to directly set nsSSL3Ciphers attribute. It  is
7189              a  comma  separated list of cipher names (prefixed with + or -),
7190              optionally including +all or -all. The attribute may  optionally
7191              be  prefixed  by keyword default.  Please refer to documentation
7192              of   the   attribute   for   a   more   detailed    description.
7193              (nsSSL3Ciphers)
7194
7195

OPTIONS 'dsconf security get'

7197       usage: dsconf instance security get [-h]
7198
7199
7200
7201

OPTIONS 'dsconf security enable'

7203       usage: dsconf instance security enable [-h] [--cert-name CERT_NAME]
7204
7205       If missing, create security database, then turn on security functional‐
7206       ity. Please note this is usually not enough for TLS connections to work
7207       - proper setup of CA and server certificate is necessary.
7208
7209
7210
7211       --cert-name CERT_NAME
7212              The name of the certificate the server should use
7213
7214

OPTIONS 'dsconf security disable'

7216       usage: dsconf instance security disable [-h]
7217
7218       Turn  off security functionality. The rest of the configuration will be
7219       left untouched.
7220
7221
7222
7223

OPTIONS 'dsconf security disable_plain_port'

7225       usage: dsconf instance security disable_plain_port [-h]
7226
7227
7228
7229

OPTIONS 'dsconf security certificate'

7231       usage: dsconf instance security certificate [-h]
7232                                                   {add,set-trust-
7233       flags,del,get,list}
7234                                                   ...
7235
7236
7237   Sub-commands
7238       dsconf security certificate add
7239              Add a server certificate
7240
7241       dsconf security certificate set-trust-flags
7242              Set the Trust flags
7243
7244       dsconf security certificate del
7245              Delete a certificate
7246
7247       dsconf security certificate get
7248              Get a server certificate's information
7249
7250       dsconf security certificate list
7251              List the server certificates
7252

OPTIONS 'dsconf security certificate add'

7254       usage: dsconf instance security certificate add [-h] --file FILE --name
7255       NAME
7256                                                       [--primary-cert]
7257
7258       Add a server certificate to the NSS database
7259
7260
7261
7262       --file FILE
7263              The file name of the certificate
7264
7265
7266       --name NAME
7267              The name/nickname of the certificate
7268
7269
7270       --primary-cert
7271              Set this certificate as the server's certificate
7272
7273

OPTIONS 'dsconf security certificate set-trust-flags'

7275       usage: dsconf instance security certificate set-trust-flags
7276              [-h] --flags FLAGS name
7277
7278       Change the trust flags of a server certificate
7279
7280
7281       name   The name/nickname of the certificate
7282
7283
7284       --flags FLAGS
7285              The trust flags for the server certificate
7286
7287

OPTIONS 'dsconf security certificate del'

7289       usage: dsconf instance security certificate del [-h] name
7290
7291       Delete a certificate from the NSS database
7292
7293
7294       name   The name/nickname of the certificate
7295
7296
7297

OPTIONS 'dsconf security certificate get'

7299       usage: dsconf instance security certificate get [-h] name
7300
7301       Get detailed information about a certificate,  like  trust  attributes,
7302       expiration dates, Subject and Issuer DNs
7303
7304
7305       name   The name/nickname of the certificate
7306
7307
7308

OPTIONS 'dsconf security certificate list'

7310       usage: dsconf instance security certificate list [-h]
7311
7312       List the server certificates in the NSS database
7313
7314
7315
7316
7317

OPTIONS 'dsconf security ca-certificate'

7319       usage: dsconf instance security ca-certificate [-h]
7320                                                      {add,set-trust-
7321       flags,del,get,list}
7322                                                      ...
7323
7324
7325   Sub-commands
7326       dsconf security ca-certificate add
7327              Add a Certificate Authority
7328
7329       dsconf security ca-certificate set-trust-flags
7330              Set the Trust flags
7331
7332       dsconf security ca-certificate del
7333              Delete a certificate
7334
7335       dsconf security ca-certificate get
7336              Get a Certificate Authority's information
7337
7338       dsconf security ca-certificate list
7339              List the Certificate Authorities
7340

OPTIONS 'dsconf security ca-certificate add'

7342       usage: dsconf instance security ca-certificate  add  [-h]  --file  FILE
7343       --name
7344                                                          NAME
7345
7346       Add a Certificate Authority to the NSS database
7347
7348
7349
7350       --file FILE
7351              The file name of the CA certificate
7352
7353
7354       --name NAME
7355              The name/nickname of the CA certificate
7356
7357

OPTIONS 'dsconf security ca-certificate set-trust-flags'

7359       usage: dsconf instance security ca-certificate set-trust-flags
7360              [-h] --flags FLAGS name
7361
7362       Change  the trust attributes of a CA certificate.  Certificate Authori‐
7363       ties typically use "CT,,"
7364
7365
7366       name   The name/nickname of the CA certificate
7367
7368
7369       --flags FLAGS
7370              The trust flags for the CA certificate
7371
7372

OPTIONS 'dsconf security ca-certificate del'

7374       usage: dsconf instance security ca-certificate del [-h] name
7375
7376       Delete a CA certificate from the NSS database
7377
7378
7379       name   The name/nickname of the CA certificate
7380
7381
7382

OPTIONS 'dsconf security ca-certificate get'

7384       usage: dsconf instance security ca-certificate get [-h] name
7385
7386       Get detailed information about a CA certificate, like trust attributes,
7387       expiration dates, Subject and Issuer DN
7388
7389
7390       name   The name/nickname of the CA certificate
7391
7392
7393

OPTIONS 'dsconf security ca-certificate list'

7395       usage: dsconf instance security ca-certificate list [-h]
7396
7397       List the CA certificates in the NSS database
7398
7399
7400
7401
7402

OPTIONS 'dsconf security rsa'

7404       usage: dsconf instance security rsa [-h] {set,get,enable,disable} ...
7405
7406
7407   Sub-commands
7408       dsconf security rsa set
7409              Set RSA security options
7410
7411       dsconf security rsa get
7412              Get RSA security options
7413
7414       dsconf security rsa enable
7415              Enable RSA
7416
7417       dsconf security rsa disable
7418              Disable RSA
7419

OPTIONS 'dsconf security rsa set'

7421       usage: dsconf instance security rsa set [-h]
7422                                               [--tls-allow-rsa-certificates
7423       TLS_ALLOW_RSA_CERTIFICATES]
7424                                               [--nss-cert-name NSS_CERT_NAME]
7425                                               [--nss-token NSS_TOKEN]
7426
7427       Use this command for setting RSA (private key) related options  located
7428       in cn=RSA,cn=encryption,cn=config.
7429
7430       To enable/disable RSA you can use enable and disable commands instead.
7431
7432
7433
7434       --tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES
7435              Activate use of RSA certificates (nsSSLActivation)
7436
7437
7438       --nss-cert-name NSS_CERT_NAME
7439              Server certificate name in NSS DB (nsSSLPersonalitySSL)
7440
7441
7442       --nss-token NSS_TOKEN
7443              Security token name (module of NSS DB) (nsSSLToken)
7444
7445

OPTIONS 'dsconf security rsa get'

7447       usage: dsconf instance security rsa get [-h]
7448
7449
7450
7451

OPTIONS 'dsconf security rsa enable'

7453       usage: dsconf instance security rsa enable [-h]
7454
7455
7456
7457

OPTIONS 'dsconf security rsa disable'

7459       usage: dsconf instance security rsa disable [-h]
7460
7461
7462
7463
7464

OPTIONS 'dsconf security ciphers'

7466       usage:    dsconf    instance   security   ciphers   [-h]   {enable,dis‐
7467       able,get,set,list} ...
7468
7469
7470   Sub-commands
7471       dsconf security ciphers enable
7472              Enable ciphers
7473
7474       dsconf security ciphers disable
7475              Disable ciphers
7476
7477       dsconf security ciphers get
7478              Get ciphers attribute
7479
7480       dsconf security ciphers set
7481              Set ciphers attribute
7482
7483       dsconf security ciphers list
7484              List ciphers
7485

OPTIONS 'dsconf security ciphers enable'

7487       usage: dsconf instance security ciphers enable [-h] cipher [cipher ...]
7488
7489       Use this command to enable specific ciphers.
7490
7491
7492       cipher
7493
7494

OPTIONS 'dsconf security ciphers disable'

7496       usage: dsconf instance security ciphers  disable  [-h]  cipher  [cipher
7497       ...]
7498
7499       Use this command to disable specific ciphers.
7500
7501
7502       cipher
7503
7504

OPTIONS 'dsconf security ciphers get'

7506       usage: dsconf instance security ciphers get [-h]
7507
7508       Use this command to get contents of nsSSL3Ciphers attribute.
7509
7510
7511
7512

OPTIONS 'dsconf security ciphers set'

7514       usage: dsconf instance security ciphers set [-h] cipher-string
7515
7516       Use this command to directly set nsSSL3Ciphers attribute. It is a comma
7517       separated list of cipher names  (prefixed  with  +  or  -),  optionally
7518       including  +all  or  -all.  The attribute may optionally be prefixed by
7519       keyword default. Please refer to documentation of the attribute  for  a
7520       more detailed description.
7521
7522
7523       cipher-string
7524
7525

OPTIONS 'dsconf security ciphers list'

7527       usage: dsconf instance security ciphers list [-h]
7528                                                    [--enabled | --supported |
7529       --disabled]
7530
7531       List secure ciphers. Without arguments, list ciphers as  configured  in
7532       nsSSL3Ciphers attribute.
7533
7534
7535
7536       --enabled
7537              Only enabled ciphers
7538
7539
7540       --supported
7541              Only supported ciphers
7542
7543
7544       --disabled
7545              Only supported ciphers without enabled ciphers
7546
7547
7548
7549

OPTIONS 'dsconf schema'

7551       usage: dsconf instance schema [-h]
7552                                     {list,attributetypes,objectclasses,match‐
7553       ingrules,reload,validate-syntax}
7554                                     ...
7555
7556
7557   Sub-commands
7558       dsconf schema list
7559              List all schema objects on this system
7560
7561       dsconf schema attributetypes
7562              Work with attribute types on this system
7563
7564       dsconf schema objectclasses
7565              Work with objectClasses on this system
7566
7567       dsconf schema matchingrules
7568              Work with matching rules on this system
7569
7570       dsconf schema reload
7571              Dynamically reload schema while server is running
7572
7573       dsconf schema validate-syntax
7574              Run a task to check every modification  to  attributes  to  make
7575              sure  that  the  new  value  has  the  required  syntax for that
7576              attribute type
7577

OPTIONS 'dsconf schema list'

7579       usage: dsconf instance schema list [-h]
7580
7581
7582
7583

OPTIONS 'dsconf schema attributetypes'

7585       usage: dsconf instance schema attributetypes [-h]
7586                                                    {get_syn‐
7587       taxes,list,query,add,replace,remove}
7588                                                    ...
7589
7590
7591   Sub-commands
7592       dsconf schema attributetypes get_syntaxes
7593              List all available attribute type syntaxes
7594
7595       dsconf schema attributetypes list
7596              List available attribute types on this system
7597
7598       dsconf schema attributetypes query
7599              Query  an attribute to determine object classes that may or must
7600              take it
7601
7602       dsconf schema attributetypes add
7603              Add an attribute type to this system
7604
7605       dsconf schema attributetypes replace
7606              Replace an attribute type on this system
7607
7608       dsconf schema attributetypes remove
7609              Remove an attribute type on this system
7610

OPTIONS 'dsconf schema attributetypes get_syntaxes'

7612       usage: dsconf instance schema attributetypes get_syntaxes [-h]
7613
7614
7615
7616

OPTIONS 'dsconf schema attributetypes list'

7618       usage: dsconf instance schema attributetypes list [-h]
7619
7620
7621
7622

OPTIONS 'dsconf schema attributetypes query'

7624       usage: dsconf instance schema attributetypes query [-h] [name]
7625
7626
7627       name   Attribute type to query
7628
7629
7630

OPTIONS 'dsconf schema attributetypes add'

7632       usage: dsconf instance schema attributetypes add [-h] [--oid OID]
7633                                                        [--desc DESC]
7634                                                        [--x-origin X_ORIGIN]
7635                                                        [--aliases     ALIASES
7636       [ALIASES ...]]
7637                                                        [--single-value]
7638                                                        [--multi-value]
7639                                                        [--no-user-mod]
7640       [--user-mod]
7641                                                        [--equality EQUALITY]
7642                                                        [--substr SUBSTR]
7643                                                        [--ordering ORDERING]
7644                                                        [--usage USAGE]
7645                                                        [--sup SUP [SUP ...]]
7646                                                        --syntax SYNTAX
7647                                                        name
7648
7649
7650       name   NAME of the object
7651
7652
7653       --oid OID
7654              OID assigned to the object
7655
7656
7657       --desc DESC
7658              Description text(DESC) of the object
7659
7660
7661       --x-origin X_ORIGIN
7662              Provides information about where the attribute type is defined
7663
7664
7665       --aliases ALIASES [ALIASES ...]
7666              Additional NAMEs of the object.
7667
7668
7669       --single-value
7670              True if the matching rule must have only one  valueOnly  one  of
7671              the flags this or --multi-value should be specified
7672
7673
7674       --multi-value
7675              True if the matching rule may have multiple values (default)Only
7676              one of the flags this or --single-value should be specified
7677
7678
7679       --no-user-mod
7680              True if the attribute is not modifiable  by  a  client  applica‐
7681              tionOnly one of the flags this or --user-mod should be specified
7682
7683
7684       --user-mod
7685              True  if  the  attribute  is  modifiable by a client application
7686              (default)Only one of the flags this or --no-user-mode should  be
7687              specified
7688
7689
7690       --equality EQUALITY
7691              NAME  or  OID  of  the  matching  rule  used for checkingwhether
7692              attribute values are equal
7693
7694
7695       --substr SUBSTR
7696              NAME or OID of the matching rule  used  for  checkingwhether  an
7697              attribute value contains another value
7698
7699
7700       --ordering ORDERING
7701              NAME  or  OID  of  the  matching  rule  used for checkingwhether
7702              attribute values are lesser - equal than
7703
7704
7705       --usage USAGE
7706              The flag indicates how the attribute type is to be used.  Choose
7707              from  the  list: userApplications (default), directoryOperation,
7708              distributedOperation, dSAOperation
7709
7710
7711       --sup SUP [SUP ...]
7712              The list of NAMEs or OIDs of attribute typesthis attribute  type
7713              is derived from
7714
7715
7716       --syntax SYNTAX
7717              OID of the LDAP syntax assigned to the attribute
7718
7719

OPTIONS 'dsconf schema attributetypes replace'

7721       usage: dsconf instance schema attributetypes replace [-h] [--oid OID]
7722                                                            [--desc DESC]
7723                                                            [--x-origin X_ORI‐
7724       GIN]
7725                                                            [--aliases ALIASES
7726       [ALIASES ...]]
7727                                                            [--single-value]
7728                                                            [--multi-value]
7729                                                            [--no-user-mod]
7730                                                            [--user-mod]
7731                                                            [--equality EQUAL‐
7732       ITY]
7733                                                            [--substr SUBSTR]
7734                                                            [--ordering ORDER‐
7735       ING]
7736                                                            [--usage USAGE]
7737                                                            [--sup   SUP  [SUP
7738       ...]]
7739                                                            [--syntax SYNTAX]
7740                                                            name
7741
7742
7743       name   NAME of the object
7744
7745
7746       --oid OID
7747              OID assigned to the object
7748
7749
7750       --desc DESC
7751              Description text(DESC) of the object
7752
7753
7754       --x-origin X_ORIGIN
7755              Provides information about where the attribute type is defined
7756
7757
7758       --aliases ALIASES [ALIASES ...]
7759              Additional NAMEs of the object.
7760
7761
7762       --single-value
7763              True if the matching rule must have only one  valueOnly  one  of
7764              the flags this or --multi-value should be specified
7765
7766
7767       --multi-value
7768              True if the matching rule may have multiple values (default)Only
7769              one of the flags this or --single-value should be specified
7770
7771
7772       --no-user-mod
7773              True if the attribute is not modifiable  by  a  client  applica‐
7774              tionOnly one of the flags this or --user-mod should be specified
7775
7776
7777       --user-mod
7778              True  if  the  attribute  is  modifiable by a client application
7779              (default)Only one of the flags this or --no-user-mode should  be
7780              specified
7781
7782
7783       --equality EQUALITY
7784              NAME  or  OID  of  the  matching  rule  used for checkingwhether
7785              attribute values are equal
7786
7787
7788       --substr SUBSTR
7789              NAME or OID of the matching rule  used  for  checkingwhether  an
7790              attribute value contains another value
7791
7792
7793       --ordering ORDERING
7794              NAME  or  OID  of  the  matching  rule  used for checkingwhether
7795              attribute values are lesser - equal than
7796
7797
7798       --usage USAGE
7799              The flag indicates how the attribute type is to be used.  Choose
7800              from  the  list: userApplications (default), directoryOperation,
7801              distributedOperation, dSAOperation
7802
7803
7804       --sup SUP [SUP ...]
7805              The list of NAMEs or OIDs of attribute typesthis attribute  type
7806              is derived from
7807
7808
7809       --syntax SYNTAX
7810              OID of the LDAP syntax assigned to the attribute
7811
7812

OPTIONS 'dsconf schema attributetypes remove'

7814       usage: dsconf instance schema attributetypes remove [-h] name
7815
7816
7817       name   NAME of the object
7818
7819
7820
7821

OPTIONS 'dsconf schema objectclasses'

7823       usage: dsconf instance schema objectclasses [-h]
7824                                                   {list,query,add,replace,remove}
7825                                                   ...
7826
7827
7828   Sub-commands
7829       dsconf schema objectclasses list
7830              List available objectClasses on this system
7831
7832       dsconf schema objectclasses query
7833              Query an objectClass
7834
7835       dsconf schema objectclasses add
7836              Add an objectClass to this system
7837
7838       dsconf schema objectclasses replace
7839              Replace an objectClass on this system
7840
7841       dsconf schema objectclasses remove
7842              Remove an objectClass on this system
7843

OPTIONS 'dsconf schema objectclasses list'

7845       usage: dsconf instance schema objectclasses list [-h]
7846
7847
7848
7849

OPTIONS 'dsconf schema objectclasses query'

7851       usage: dsconf instance schema objectclasses query [-h] [name]
7852
7853
7854       name   ObjectClass to query
7855
7856
7857

OPTIONS 'dsconf schema objectclasses add'

7859       usage: dsconf  instance  schema  objectclasses  add  [-h]  [--oid  OID]
7860       [--desc DESC]
7861                                                       [--x-origin X_ORIGIN]
7862                                                       [--must    MUST   [MUST
7863       ...]]
7864                                                       [--may MAY [MAY ...]]
7865                                                       [--kind KIND]
7866                                                       [--sup SUP [SUP ...]]
7867                                                       name
7868
7869
7870       name   NAME of the object
7871
7872
7873       --oid OID
7874              OID assigned to the object
7875
7876
7877       --desc DESC
7878              Description text(DESC) of the object
7879
7880
7881       --x-origin X_ORIGIN
7882              Provides information about where the attribute type is defined
7883
7884
7885       --must MUST [MUST ...]
7886              NAMEs or OIDs of all attributes an entry of the object must have
7887
7888
7889       --may MAY [MAY ...]
7890              NAMEs or OIDs of additional attributes an entry  of  the  object
7891              may have
7892
7893
7894       --kind KIND
7895              Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
7896
7897
7898       --sup SUP [SUP ...]
7899              NAMEs or OIDs of object classes this object is derived from
7900
7901

OPTIONS 'dsconf schema objectclasses replace'

7903       usage: dsconf instance schema objectclasses replace [-h] [--oid OID]
7904                                                           [--desc DESC]
7905                                                           [--x-origin  X_ORI‐
7906       GIN]
7907                                                           [--must MUST  [MUST
7908       ...]]
7909                                                           [--may   MAY   [MAY
7910       ...]]
7911                                                           [--kind KIND]
7912                                                           [--sup   SUP   [SUP
7913       ...]]
7914                                                           name
7915
7916
7917       name   NAME of the object
7918
7919
7920       --oid OID
7921              OID assigned to the object
7922
7923
7924       --desc DESC
7925              Description text(DESC) of the object
7926
7927
7928       --x-origin X_ORIGIN
7929              Provides information about where the attribute type is defined
7930
7931
7932       --must MUST [MUST ...]
7933              NAMEs or OIDs of all attributes an entry of the object must have
7934
7935
7936       --may MAY [MAY ...]
7937              NAMEs  or  OIDs  of additional attributes an entry of the object
7938              may have
7939
7940
7941       --kind KIND
7942              Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
7943
7944
7945       --sup SUP [SUP ...]
7946              NAMEs or OIDs of object classes this object is derived from
7947
7948

OPTIONS 'dsconf schema objectclasses remove'

7950       usage: dsconf instance schema objectclasses remove [-h] name
7951
7952
7953       name   NAME of the object
7954
7955
7956
7957

OPTIONS 'dsconf schema matchingrules'

7959       usage: dsconf instance schema matchingrules [-h] {list,query} ...
7960
7961
7962   Sub-commands
7963       dsconf schema matchingrules list
7964              List available matching rules on this system
7965
7966       dsconf schema matchingrules query
7967              Query a matching rule
7968

OPTIONS 'dsconf schema matchingrules list'

7970       usage: dsconf instance schema matchingrules list [-h]
7971
7972
7973
7974

OPTIONS 'dsconf schema matchingrules query'

7976       usage: dsconf instance schema matchingrules query [-h] [name]
7977
7978
7979       name   Matching rule to query
7980
7981
7982
7983

OPTIONS 'dsconf schema reload'

7985       usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
7986
7987
7988
7989       -d SCHEMADIR, --schemadir SCHEMADIR
7990              directory where schema files are located
7991
7992
7993       --wait Wait for the reload task to complete
7994
7995

OPTIONS 'dsconf schema validate-syntax'

7997       usage: dsconf instance schema validate-syntax [-h] [-f FILTER] DN
7998
7999
8000       DN     Base DN that contains entries to validate
8001
8002
8003       -f FILTER, --filter FILTER
8004              Filter for entries to validate. If  omitted,  all  entries  with
8005              filter "(objectclass=*)" are validated
8006
8007
8008

OPTIONS 'dsconf repl-conflict'

8010       usage: dsconf instance repl-conflict [-h]
8011                                            {list,compare,delete,swap,con‐
8012       vert,list-glue,delete-glue,convert-glue}
8013                                            ...
8014
8015
8016   Sub-commands
8017       dsconf repl-conflict list
8018              List conflict entries
8019
8020       dsconf repl-conflict compare
8021              Compare the conflict entry with its valid counterpart
8022
8023       dsconf repl-conflict delete
8024              Delete a conflict entry
8025
8026       dsconf repl-conflict swap
8027              Replace the valid entry with the conflict entry
8028
8029       dsconf repl-conflict convert
8030              Convert the conflict entry to a valid entry, while  keeping  the
8031              original  valid  entry counterpart.  This requires that the con‐
8032              verted conflict entry  have  a  new  RDN  value.   For  example:
8033              "cn=my_new_rdn_value".
8034
8035       dsconf repl-conflict list-glue
8036              List replication glue entries
8037
8038       dsconf repl-conflict delete-glue
8039              Delete the glue entry and its child entries
8040
8041       dsconf repl-conflict convert-glue
8042              Convert the glue entry into a regular entry
8043

OPTIONS 'dsconf repl-conflict list'

8045       usage: dsconf instance repl-conflict list [-h] suffix
8046
8047
8048       suffix The backend name, or suffix, to look for conflict entries
8049
8050
8051

OPTIONS 'dsconf repl-conflict compare'

8053       usage: dsconf instance repl-conflict compare [-h] DN
8054
8055
8056       DN     The DN of the conflict entry
8057
8058
8059

OPTIONS 'dsconf repl-conflict delete'

8061       usage: dsconf instance repl-conflict delete [-h] DN
8062
8063
8064       DN     The DN of the conflict entry
8065
8066
8067

OPTIONS 'dsconf repl-conflict swap'

8069       usage: dsconf instance repl-conflict swap [-h] DN
8070
8071
8072       DN     The DN of the conflict entry
8073
8074
8075

OPTIONS 'dsconf repl-conflict convert'

8077       usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN
8078
8079
8080       DN     The DN of the conflict entry
8081
8082
8083       --new-rdn NEW_RDN
8084              The  new  RDN  for  the  converted  conflict entry. For example:
8085              "cn=my_new_rdn_value"
8086
8087

OPTIONS 'dsconf repl-conflict list-glue'

8089       usage: dsconf instance repl-conflict list-glue [-h] suffix
8090
8091
8092       suffix The backend name, or suffix, to look for glue entries
8093
8094
8095

OPTIONS 'dsconf repl-conflict delete-glue'

8097       usage: dsconf instance repl-conflict delete-glue [-h] DN
8098
8099
8100       DN     The DN of the glue entry
8101
8102
8103

OPTIONS 'dsconf repl-conflict convert-glue'

8105       usage: dsconf instance repl-conflict convert-glue [-h] DN
8106
8107
8108       DN     The DN of the glue entry
8109
8110
8111
8112
8113       -v, --verbose
8114              Display verbose operation tracing during command execution
8115
8116
8117       -D BINDDN, --binddn BINDDN
8118              The account to bind as for executing operations
8119
8120
8121       -w BINDPW, --bindpw BINDPW
8122              Password for binddn
8123
8124
8125       -W, --prompt
8126              Prompt for password for the bind DN
8127
8128
8129       -y PWDFILE, --pwdfile PWDFILE
8130              Specifies a file containing the password for the binddn
8131
8132
8133       -b BASEDN, --basedn BASEDN
8134              Basedn (root naming context) of the instance to manage
8135
8136
8137       -Z, --starttls
8138              Connect with StartTLS
8139
8140
8141       -j, --json
8142              Return result in JSON object
8143
8144

AUTHORS

8146       lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
8147

DISTRIBUTION

8149       The   latest   version   of   lib389    may    be    downloaded    from
8150http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
8151
8152
8153
8154                                    Manual                           dsconf(8)
Impressum