1dsconf(8) System Manager's Manual dsconf(8)
2
6 dsconf
7
9 dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10 [-Z] [-j] instance {backend,backup,chaining,config,directory_man‐
11 ager,healthcheck,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-
12 winsync-agmt,repl-tasks,sasl,schema} ...
13
15 instance
16 The instance name OR the LDAP url to connect to, IE localhost,
17 ldap://mai.example.com:389
18 Sub-commands
21 dsconf backend
22 Manage database suffixes and backends
23 dsconf backup
25 Manage online backups
26 dsconf chaining
28 Manage database chaining/database links
29 dsconf config
31 Manage server configuration
32 dsconf directory_manager
34 Manage the directory manager account
35 dsconf healthcheck
37 Run a healthcheck report on your Directory Server instance. This
38 is a safe, read only operation.
39 dsconf plugin
41 Manage plugins available on the server
42 dsconf pwpolicy
44 Get and set the global password policy settings
45 dsconf localpwp
47 Manage local (user/subtree) password policies
48 dsconf replication
50 Configure replication for a suffix
51 dsconf repl-agmt
53 Manage replication agreements
54 dsconf repl-winsync-agmt
56 Manage Winsync Agreements
57 dsconf repl-tasks
59 Manage replication tasks
60 dsconf sasl
62 Query and manipulate sasl mappings
63 dsconf schema
65 Query and manipulate schema
66
68 usage: dsconf instance backend [-h]
69 {suffix,index,vlv-index,attr-
70 encrypt,config,monitor,import,export,create,delete,get-tree}
71 ...
72 Sub-commands
75 dsconf backend suffix
76 Manage a backend suffix
77 dsconf backend index
79 Manage backend indexes
80 dsconf backend vlv-index
82 Manage VLV searches and indexes
83 dsconf backend attr-encrypt
85 Encrypted attribute options
86 dsconf backend config
88 Manage the global database configuration settings
89 dsconf backend monitor
91 Get the global database monitor information
92 dsconf backend import
94 Do an online import of the suffix
95 dsconf backend export
97 Do an online export of the suffix
98 dsconf backend create
100 Create a backend database
101 dsconf backend delete
103 Delete a backend database
104 dsconf backend get-tree
106 Get a representation of the suffix tree
107
109 usage: dsconf instance backend suffix [-h]
110 {list,get,get-dn,get-sub-suf‐
111 fixes,set}
112 ...
113 Sub-commands
116 dsconf backend suffix list
117 List current active backends and suffixes
118 dsconf backend suffix get
120 Get the suffix entry
121 dsconf backend suffix get-dn
123 get_dn
124 dsconf backend suffix get-sub-suffixes
126 Get the sub-suffixes of this backend
127 dsconf backend suffix set
129 Set configuration settings for a single backend
130
132 usage: dsconf instance backend suffix list [-h] [--suffix]
133 [--skip-subsuffixes]
134 --suffix
138 Just display the suffix, and not the backend name
139 --skip-subsuffixes
142 Skip over sub-suffixes
143
146 usage: dsconf instance backend suffix get [-h] [selector]
147 selector
150 The backend to search for
151
155 usage: dsconf instance backend suffix get-dn [-h] [dn]
156 dn The backend dn to get
159
163 usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix]
164 be_name
165 be_name
168 The backend name or suffix to search for sub-suffixes
169 --suffix
172 Just display the suffix, and not the backend name
173
176 usage: dsconf instance backend suffix set [-h] [--enable-readonly]
177 [--disable-readonly]
178 [--require-index] [--ignore-
179 index]
180 [--add-referral ADD_REFERRAL]
181 [--del-referral DEL_REFERRAL]
182 [--enable] [--disable]
183 [--cache-size CACHE_SIZE]
184 [--cache-memsize CACHE_MEM‐
185 SIZE]
186 [--dncache-memsize
187 DNCACHE_MEMSIZE]
188 be_name
189 be_name
192 The backend name or suffix to delete
193 --enable-readonly
196 Set backend database to be read-only
197 --disable-readonly
200 Disable read-only mode for backend database
201 --require-index
204 Only allow indexed searches
205 --ignore-index
208 Allow all searches even if they are unindexed
209 --add-referral ADD_REFERRAL
212 Add a LDAP referral to the backend
213 --del-referral DEL_REFERRAL
216 Remove a LDAP referral to the backend
217 --enable
220 Enable the backend database
221 --disable
224 Disable the backend database
225 --cache-size CACHE_SIZE
228 The maximum number of entries to keep in the entry cache
229 --cache-memsize CACHE_MEMSIZE
232 The maximum size in bytes that the entry cache can grow to
233 --dncache-memsize DNCACHE_MEMSIZE
236 The maximum size in bytes that the DN cache can grow to
237
241 usage: dsconf instance backend index [-h]
242 {add,set,get,list,delete,reindex}
243 ...
244 Sub-commands
247 dsconf backend index add
248 Set configuration settings for a single backend
249 dsconf backend index set
251 Edit an index entry
252 dsconf backend index get
254 Get an index entry
255 dsconf backend index list
257 Set configuration settings for a single backend
258 dsconf backend index delete
260 Set configuration settings for a single backend
261 dsconf backend index reindex
263 Reindex the database (for a single index or all indexes
264
266 usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
267 [--matching-rule MATCH‐
268 ING_RULE]
269 [--reindex] --attr ATTR
270 be_name
271 be_name
274 The backend name or suffix to delete
275 --index-type INDEX_TYPE
278 An indexing type: eq, sub, pres, or approximate
279 --matching-rule MATCHING_RULE
282 Matching rule for the index
283 --reindex
286 After adding new index, reindex the database
287 --attr ATTR
290 The index attribute's name
291
294 usage: dsconf instance backend index set [-h] --attr ATTR
295 [--add-type ADD_TYPE]
296 [--del-type DEL_TYPE]
297 [--add-mr ADD_MR] [--del-mr
298 DEL_MR]
299 [--reindex]
300 be_name
301 be_name
304 The backend name or suffix to edit an index from
305 --attr ATTR
308 The index name to edit
309 --add-type ADD_TYPE
312 An index type to add to the index: eq, sub, pres, or approx
313 --del-type DEL_TYPE
316 An index type to remove from the index: eq, sub, pres, or approx
317 --add-mr ADD_MR
320 A matching-rule to add to the index
321 --del-mr DEL_MR
324 A matching-rule to remove from the index
325 --reindex
328 After editing index, reindex the database
329
332 usage: dsconf instance backend index get [-h] --attr ATTR be_name
333 be_name
336 The backend name or suffix to get the index from
337 --attr ATTR
340 The index name to get
341
344 usage: dsconf instance backend index list [-h] [--just-names] be_name
345 be_name
348 The backend name or suffix to list indexes from
349 --just-names
352 Return a list of just the attribute names for a backend
353
356 usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
357 be_name
360 The backend name or suffix to delete
361 --attr ATTR
364 The index attribute's name
365
368 usage: dsconf instance backend index reindex [-h] [--attr ATTR]
369 [--wait]
370 be_name
371 be_name
374 The backend name or suffix to reindex
375 --attr ATTR
378 The index attribute's name to reindex. Skip this argument to
379 reindex all
380 attributes
381 --wait Wait for the index task to complete and report the status
384
388 usage: dsconf instance backend vlv-index [-h]
389 {list,get,add-search,edit-
390 search,del-search,add-index,del-index,reindex}
391 ...
392 Sub-commands
395 dsconf backend vlv-index list
396 List VLV search and index entries
397 dsconf backend vlv-index get
399 Get a VLV search & index
400 dsconf backend vlv-index add-search
402 Add a VLV search entry. The search entry is the parent entry of
403 the VLV index entries, and it specifies the search params that
404 are used to match entries for those indexes.
405 dsconf backend vlv-index edit-search
407 Edit a VLV search & index
408 dsconf backend vlv-index del-search
410 Delete VLV search & index
411 dsconf backend vlv-index add-index
413 Create a VLV index under a VLV search entry(parent entry). The
414 VLV index just specifies the attributes to sort
415 dsconf backend vlv-index del-index
417 Delete a VLV index under a VLV search entry(parent entry).
418 dsconf backend vlv-index reindex
420 Index/reindex the VLV database index
421
423 usage: dsconf instance backend vlv-index list [-h] [--just-names]
424 be_name
425 be_name
428 The backend name of the VLV index
429 --just-names
432 List just the names of the VLV search entries
433
436 usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
437 be_name
440 The backend name of the VLV index
441 --name NAME
444 Get the VLV search entry and its index entries
445
448 usage: dsconf instance backend vlv-index add-search [-h] --name NAME
449 --search-base
450 SEARCH_BASE
451 --search-scope
452 SEARCH_SCOPE
453 --search-filter
454 SEARCH_FILTER
455 be_name
456 be_name
459 The backend name of the VLV index
460 --name NAME
463 Name of the VLV search entry
464 --search-base SEARCH_BASE
467 The VLV search base
468 --search-scope SEARCH_SCOPE
471 The VLV search scope: 0 (base search), 1 (one-level search), or
472 2 (subtree
473 search)
474 --search-filter SEARCH_FILTER
477 The VLV search filter
478
481 usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
482 [--search-base
483 SEARCH_BASE]
484 [--search-scope
485 SEARCH_SCOPE]
486 [--search-filter
487 SEARCH_FILTER]
488 [--reindex]
489 be_name
490 be_name
493 The backend name of the VLV index
494 --name NAME
497 Name of the VLV index
498 --search-base SEARCH_BASE
501 The VLV search base
502 --search-scope SEARCH_SCOPE
505 The VLV search scope: 0 (base search), 1 (one-level search), or
506 2 (subtree
507 search)
508 --search-filter SEARCH_FILTER
511 The VLV search filter
512 --reindex
515 Reindex all the VLV database indexes
516
519 usage: dsconf instance backend vlv-index del-search [-h] --name NAME
520 be_name
521 be_name
524 The backend name of the VLV index
525 --name NAME
528 Name of the VLV search index
529
532 usage: dsconf instance backend vlv-index add-index [-h] --parent-name
533 PARENT_NAME --index-
534 name
535 INDEX_NAME --sort
536 SORT
537 [--index-it]
538 be_name
539 be_name
542 The backend name of the VLV index
543 --parent-name PARENT_NAME
546 Name, or "cn" attribute value, of the parent VLV search entry
547 --index-name INDEX_NAME
550 Name of the new VLV index
551 --sort SORT
554 A space separated list of attributes to sort for this VLV index
555 --index-it
558 Create the database index for this VLV index definition
559
562 usage: dsconf instance backend vlv-index del-index [-h] --parent-name
563 PARENT_NAME
564 [--index-name
565 INDEX_NAME]
566 [--sort SORT]
567 be_name
568 be_name
571 The backend name of the VLV index
572 --parent-name PARENT_NAME
575 Name, or "cn" attribute value, of the parent VLV search entry
576 --index-name INDEX_NAME
579 Name of the VLV index to delete
580 --sort SORT
583 Delete a VLV index that has this vlvsort value
584
587 usage: dsconf instance backend vlv-index reindex [-h]
588 [--index-name
589 INDEX_NAME]
590 --parent-name PAR‐
591 ENT_NAME
592 be_name
593 be_name
596 The backend name of the VLV index
597 --index-name INDEX_NAME
600 Name of the VLV Index entry to reindex. If not set, all indexes
601 are reindexed
602 --parent-name PARENT_NAME
605 Name, or "cn" attribute value, of the parent VLV search entry
606
610 usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-
611 names]
612 [--add-attr ADD_ATTR]
613 [--del-attr DEL_ATTR]
614 be_name
615 be_name
618 The backend name or suffix to to reindex
619 --list List all the encrypted attributes for this backend
622 --just-names
625 List just the names of the encrypted attributes (used with
626 --list)
627 --add-attr ADD_ATTR
630 Add an attribute to be encrypted
631 --del-attr DEL_ATTR
634 Remove an attribute from being encrypted
635
638 usage: dsconf instance backend config [-h] {get,set} ...
639 Sub-commands
642 dsconf backend config get
643 Get the global database configuration
644 dsconf backend config set
646 Set the global database configuration
647
649 usage: dsconf instance backend config get [-h]
650
655 usage: dsconf instance backend config set [-h]
656 [--lookthroughlimit LOOK‐
657 THROUGHLIMIT]
658 [--mode MODE]
659 [--idlistscanlimit
660 IDLISTSCANLIMIT]
661 [--directory DIRECTORY]
662 [--dbcachesize DBCACHESIZE]
663 [--logdirectory LOGDIRECTORY]
664 [--durable-txn DURABLE_TXN]
665 [--txn-wait TXN_WAIT]
666 [--checkpoint-interval CHECK‐
667 POINT_INTERVAL]
668 [--compactdb-interval COM‐
669 PACTDB_INTERVAL]
670 [--txn-batch-val
671 TXN_BATCH_VAL]
672 [--txn-batch-min
673 TXN_BATCH_MIN]
674 [--txn-batch-max
675 TXN_BATCH_MAX]
676 [--logbufsize LOGBUFSIZE]
677 [--locks LOCKS]
678 [--import-cache-autosize
679 IMPORT_CACHE_AUTOSIZE]
680 [--cache-autosize CACHE_AUTO‐
681 SIZE]
682 [--cache-autosize-split
683 CACHE_AUTOSIZE_SPLIT]
684 [--import-cachesize
685 IMPORT_CACHESIZE]
686 [--exclude-from-export
687 EXCLUDE_FROM_EXPORT]
688 [--pagedlookthroughlimit
689 PAGEDLOOKTHROUGHLIMIT]
690 [--pagedidlistscanlimit PAGE‐
691 DIDLISTSCANLIMIT]
692 [--rangelookthroughlimit
693 RANGELOOKTHROUGHLIMIT]
694 [--backend-opt-level BACK‐
695 END_OPT_LEVEL]
696 [--deadlock-policy DEAD‐
697 LOCK_POLICY]
698 [--db-home-directory
699 DB_HOME_DIRECTORY]
700 --lookthroughlimit LOOKTHROUGHLIMIT
704 specifies the maximum number of entries that the Directory
705 Server will check
706 when examining candidate entries in response to a search request
707 --mode MODE
710 Specifies the permissions used for newly created index files
711 --idlistscanlimit IDLISTSCANLIMIT
714 Specifies the number of entry IDs that are searched during a
715 search operation
716 --directory DIRECTORY
719 Specifies absolute path to database instance
720 --dbcachesize DBCACHESIZE
723 Specifies the database index cache size, in bytes.
724 --logdirectory LOGDIRECTORY
727 Specifies the path to the directory that contains the database
728 transaction
729 logs
730 --durable-txn DURABLE_TXN
733 Sets whether database transaction log entries are immediately
734 written to the
735 disk.
736 --txn-wait TXN_WAIT
739 Sets whether the server should should wait if there are no db
740 locks available
741 --checkpoint-interval CHECKPOINT_INTERVAL
744 Sets the amount of time in seconds after which the Directory
745 Server sends a
746 checkpoint entry to the database transaction log
747 --compactdb-interval COMPACTDB_INTERVAL
750 Sets the interval in seconds when the database is compacted
751 --txn-batch-val TXN_BATCH_VAL
754 Specifies how many transactions will be batched before being
755 committed
756 --txn-batch-min TXN_BATCH_MIN
759 Controls when transactions should be flushed earliest, indepen‐
760 dently of the
761 batch count (only works when txn-batch-val is set)
762 --txn-batch-max TXN_BATCH_MAX
765 Controls when transactions should be flushed latest, indepen‐
766 dently of the
767 batch count (only works when txn-batch-val is set)
768 --logbufsize LOGBUFSIZE
771 Specifies the transaction log information buffer size
772 --locks LOCKS
775 Sets the maximum number of database locks
776 --import-cache-autosize IMPORT_CACHE_AUTOSIZE
779 Set to "on" or "off" to automatically set the size of the import
780 cache to be
781 used during the the import process of LDIF files
782 --cache-autosize CACHE_AUTOSIZE
785 Sets the percentage of free memory that is used in total for the
786 database and
787 entry cache. Set to "0" to disable this feature.
788 --cache-autosize-split CACHE_AUTOSIZE_SPLIT
791 Sets the percentage of RAM that is used for the database cache.
792 The remaining
793 percentage is used for the entry cache
794 --import-cachesize IMPORT_CACHESIZE
797 Sets the size, in bytes, of the database cache used in the
798 import process.
799 --exclude-from-export EXCLUDE_FROM_EXPORT
802 List of attributes to not include during database export opera‐
803 tions
804 --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
807 Specifies the maximum number of entries that the Directory
808 Server will check
809 when examining candidate entries for a search which uses the
810 simple paged
811 results control
812 --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
815 Specifies the number of entry IDs that are searched, specifi‐
816 cally, for a
817 search operation using the simple paged results control.
818 --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
821 Specifies the maximum number of entries that the Directory
822 Server will check
823 when examining candidate entries in response to a range search
824 request.
825 --backend-opt-level BACKEND_OPT_LEVEL
828 WARNING this parameter can trigger experimental code to improve
829 write
830 performance. Valid values are: 0, 1, 2, or 4
831 --deadlock-policy DEADLOCK_POLICY
834 Adjusts the backend database deadlock policy (Advanced setting)
835 --db-home-directory DB_HOME_DIRECTORY
838 Sets the directory for the database mmapped files (Advanced set‐
839 ting)
840
844 usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
845 --suffix SUFFIX
849 Get just the suffix monitor entry
850
853 usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
854 [-g GEN_UNIQ_ID] [-O]
855 [-s INCLUDE_SUFFIXES
856 [INCLUDE_SUFFIXES ...]]
857 [-x EXCLUDE_SUFFIXES
858 [EXCLUDE_SUFFIXES ...]]
859 [be_name] [ldifs [ldifs ...]]
860 be_name
863 The backend name or the root suffix where to import
864 ldifs Specifies the filename of the input LDIF files.When multiple
867 files are
868 imported, they are imported in the orderthey are specified on
869 the command
870 line.
871 -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
874 The number of chunks to have during the import operation.
875 -E, --encrypted
878 Decrypts encrypted data during export. This option is used
879 onlyif database
880 encryption is enabled.
881 -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
884 Generate a unique id. Type none for no unique ID to be gener‐
885 atedand
886 deterministic for the generated unique ID to be name-based.By
887 default, a time-
888 based unique ID is generated.When using the deterministic gener‐
889 ation to have a
890 name-based unique ID,it is also possible to specify the names‐
891 pace for the
892 server to use.namespaceId is a string of charactersin the format
893 00-xxxxxxxx-
894 xxxxxxxx-xxxxxxxx-xxxxxxxx.
895 -O, --only-core
898 Requests that only the core database is created without
899 attribute indexes.
900 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes
903 INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
904 Specifies the suffixes or the subtrees to be included.
905 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes
908 EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
909 Specifies the suffixes to be excluded.
910
913 usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
914 [-N] [-r]
915 [-u] [-U]
916 [-s INCLUDE_SUFFIXES
917 [INCLUDE_SUFFIXES ...]]
918 [-x EXCLUDE_SUFFIXES
919 [EXCLUDE_SUFFIXES ...]]
920 be_names [be_names ...]
921 be_names
924 The backend names or the root suffixes from where to export.
925 -l LDIF, --ldif LDIF
928 Gives the filename of the output LDIF file.If more than one are
929 specified, use
930 a space as a separator
931 -C, --use-id2entry
934 Uses only the main database file.
935 -E, --encrypted
938 Decrypts encrypted data during export. This option is used only
939 if database
940 encryption is enabled.
941 -m, --min-base64
944 Sets minimal base-64 encoding.
945 -N, --no-seq-num
948 Enables you to suppress printing the sequence number.
949 -r, --replication
952 Exports the information required to initialize a replica when
953 the LDIF is
954 imported
955 -u, --no-dump-uniq-id
958 Requests that the unique ID is not exported.
959 -U, --not-folded
962 Requests that the output LDIF is not folded.
963 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes
966 INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
967 Specifies the suffixes or the subtrees to be included.
968 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes
971 EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
972 Specifies the suffixes to be excluded.
973
976 usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
977 FIX]
978 --suffix SUFFIX --be-name BE_NAME
979 [--create-entries]
980 --parent-suffix PARENT_SUFFIX
984 Sets the parent suffix only if this backend is a sub-suffix
985 --suffix SUFFIX
988 The database suffix DN, for example "dc=example,dc=com"
989 --be-name BE_NAME
992 The database backend name, for example "userroot"
993 --create-entries
996 Create sample entries in the database
997
1000 usage: dsconf instance backend delete [-h] be_name
1001 be_name
1004 The backend name or suffix to delete
1005
1009 usage: dsconf instance backend get-tree [-h]
1010
1016 usage: dsconf instance backup [-h] {create,restore} ...
1017 Sub-commands
1020 dsconf backup create
1021 Creates a backup of the database
1022 dsconf backup restore
1024 Restores a database from a backup
1025
1027 usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]
1028 archive
1031 The directory where the backup files will be stored.The
1032 /var/lib/dirsrv/slapd-
1033 instance/bak directory is used by default.The backup file is
1034 named according
1035 to the year-month-day-hour format.
1036 -t DB_TYPE, --db-type DB_TYPE
1039 Database type (default: ldbm database).
1040
1043 usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive
1044 archive
1047 The directory of the backup files.
1048 -t DB_TYPE, --db-type DB_TYPE
1051 Database type (default: ldbm database).
1052
1056 usage: dsconf instance chaining [-h]
1057 {config-get,config-set,config-get-
1058 def,config-set-def,link-create,link-get,link-set,link-delete,moni‐
1059 tor,link-list}
1060 ...
1061 Sub-commands
1064 dsconf chaining config-get
1065 Get the chaining controls and server component lists
1066 dsconf chaining config-set
1068 Set the chaining controls and server component lists
1069 dsconf chaining config-get-def
1071 Get the default creation parameters for new database links
1072 dsconf chaining config-set-def
1074 Set the default creation parameters for new database links
1075 dsconf chaining link-create
1077 Create a database link to a remote server
1078 dsconf chaining link-get
1080 get chaining database link
1081 dsconf chaining link-set
1083 Edit a database link to a remote server
1084 dsconf chaining link-delete
1086 Delete a database link
1087 dsconf chaining monitor
1089 Get the monitor information for a database chaining link
1090 dsconf chaining link-list
1092 List database links
1093
1095 usage: dsconf instance chaining config-get [-h] [--avail-controls]
1096 [--avail-comps]
1097 --avail-controls
1101 List available controls for chaining
1102 --avail-comps
1105 List available plugin components for chaining
1106
1109 usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1110 TROL]
1111 [--del-control DEL_CONTROL]
1112 [--add-comp ADD_COMP]
1113 [--del-comp DEL_COMP]
1114 --add-control ADD_CONTROL
1118 Add a transmitted control OID
1119 --del-control DEL_CONTROL
1122 Delete a transmitted control OID
1123 --add-comp ADD_COMP
1126 Add a chaining component
1127 --del-comp DEL_COMP
1130 Delete a chaining component
1131
1134 usage: dsconf instance chaining config-get-def [-h]
1135
1140 usage: dsconf instance chaining config-set-def [-h]
1141 [--conn-bind-limit
1142 CONN_BIND_LIMIT]
1143 [--conn-op-limit
1144 CONN_OP_LIMIT]
1145 [--abandon-check-inter‐
1146 val ABANDON_CHECK_INTERVAL]
1147 [--bind-limit
1148 BIND_LIMIT]
1149 [--op-limit OP_LIMIT]
1150 [--proxied-auth PROX‐
1151 IED_AUTH]
1152 [--conn-lifetime
1153 CONN_LIFETIME]
1154 [--bind-timeout
1155 BIND_TIMEOUT]
1156 [--return-ref
1157 RETURN_REF]
1158 [--check-aci CHECK_ACI]
1159 [--bind-attempts
1160 BIND_ATTEMPTS]
1161 [--size-limit
1162 SIZE_LIMIT]
1163 [--time-limit
1164 TIME_LIMIT]
1165 [--hop-limit HOP_LIMIT]
1166 [--response-delay
1167 RESPONSE_DELAY]
1168 [--test-response-delay
1169 TEST_RESPONSE_DELAY]
1170 [--use-starttls
1171 USE_STARTTLS]
1172 --conn-bind-limit CONN_BIND_LIMIT
1176 The maximum number of BIND connections the database link estab‐
1177 lishes with the
1178 remote server.
1179 --conn-op-limit CONN_OP_LIMIT
1182 The maximum number of LDAP connections the database link estab‐
1183 lishes with the
1184 remote server.
1185 --abandon-check-interval ABANDON_CHECK_INTERVAL
1188 The number of seconds that pass before the server checks for
1189 abandoned
1190 operations.
1191 --bind-limit BIND_LIMIT
1194 The maximum number of concurrent bind operations per TCP connec‐
1195 tion.
1196 --op-limit OP_LIMIT
1199 The maximum number of concurrent operations allowed.
1200 --proxied-auth PROXIED_AUTH
1203 Set to "off" to disable proxied authorization, then binds for
1204 chained
1205 operations are executed as the user set in the nsMultiplex‐
1206 orBindDn attribute
1207 (on/off).
1208 --conn-lifetime CONN_LIFETIME
1211 Specifies connection lifetime in seconds. 0 keeps connection
1212 open forever.
1213 --bind-timeout BIND_TIMEOUT
1216 The amount of time in seconds before a bind attempt times out.
1217 --return-ref RETURN_REF
1220 Sets whether referrals are returned by scoped searches (on/off).
1221 --check-aci CHECK_ACI
1224 Set whether ACIs are evaluated on the database link as well as
1225 the remote data
1226 server (on/off).
1227 --bind-attempts BIND_ATTEMPTS
1230 Sets the number of times the server tries to bind with the
1231 remote server.
1232 --size-limit SIZE_LIMIT
1235 Sets the maximum number of entries to return from a search oper‐
1236 ation.
1237 --time-limit TIME_LIMIT
1240 Sets the maximum number of seconds allowed for an operation.
1241 --hop-limit HOP_LIMIT
1244 Sets the maximum number of times a database is allowed to chain;
1245 that is, the
1246 number of times a request can be forwarded from one database
1247 link to another.
1248 --response-delay RESPONSE_DELAY
1251 The maximum amount of time it can take a remote server to
1252 respond to an LDAP
1253 operation request made by a database link before an error is
1254 suspected.
1255 --test-response-delay TEST_RESPONSE_DELAY
1258 Sets the duration of the test issued by the database link to
1259 check whether the
1260 remote server is responding.
1261 --use-starttls USE_STARTTLS
1264 Set to "on" specifies that the database links should use Start‐
1265 TLS for its
1266 secure connections.
1267
1270 usage: dsconf instance chaining link-create [-h]
1271 [--conn-bind-limit
1272 CONN_BIND_LIMIT]
1273 [--conn-op-limit
1274 CONN_OP_LIMIT]
1275 [--abandon-check-interval
1276 ABANDON_CHECK_INTERVAL]
1277 [--bind-limit BIND_LIMIT]
1278 [--op-limit OP_LIMIT]
1279 [--proxied-auth PROX‐
1280 IED_AUTH]
1281 [--conn-lifetime CONN_LIFE‐
1282 TIME]
1283 [--bind-timeout BIND_TIME‐
1284 OUT]
1285 [--return-ref RETURN_REF]
1286 [--check-aci CHECK_ACI]
1287 [--bind-attempts
1288 BIND_ATTEMPTS]
1289 [--size-limit SIZE_LIMIT]
1290 [--time-limit TIME_LIMIT]
1291 [--hop-limit HOP_LIMIT]
1292 [--response-delay
1293 RESPONSE_DELAY]
1294 [--test-response-delay
1295 TEST_RESPONSE_DELAY]
1296 [--use-starttls USE_START‐
1297 TLS]
1298 --suffix SUFFIX --server-
1299 url
1300 SERVER_URL --bind-mech
1301 BIND_MECH
1302 --bind-dn BIND_DN --bind-pw
1303 BIND_PW
1304 CHAIN_NAME
1305 CHAIN_NAME
1308 The name of the database link
1309 --conn-bind-limit CONN_BIND_LIMIT
1312 The maximum number of BIND connections the database link estab‐
1313 lishes with the
1314 remote server.
1315 --conn-op-limit CONN_OP_LIMIT
1318 The maximum number of LDAP connections the database link estab‐
1319 lishes with the
1320 remote server.
1321 --abandon-check-interval ABANDON_CHECK_INTERVAL
1324 The number of seconds that pass before the server checks for
1325 abandoned
1326 operations.
1327 --bind-limit BIND_LIMIT
1330 The maximum number of concurrent bind operations per TCP connec‐
1331 tion.
1332 --op-limit OP_LIMIT
1335 The maximum number of concurrent operations allowed.
1336 --proxied-auth PROXIED_AUTH
1339 Set to "off" to disable proxied authorization, then binds for
1340 chained
1341 operations are executed as the user set in the nsMultiplex‐
1342 orBindDn attribute
1343 (on/off).
1344 --conn-lifetime CONN_LIFETIME
1347 Specifies connection lifetime in seconds. 0 keeps connection
1348 open forever.
1349 --bind-timeout BIND_TIMEOUT
1352 The amount of time in seconds before a bind attempt times out.
1353 --return-ref RETURN_REF
1356 Sets whether referrals are returned by scoped searches (on/off).
1357 --check-aci CHECK_ACI
1360 Set whether ACIs are evaluated on the database link as well as
1361 the remote data
1362 server (on/off).
1363 --bind-attempts BIND_ATTEMPTS
1366 Sets the number of times the server tries to bind with the
1367 remote server.
1368 --size-limit SIZE_LIMIT
1371 Sets the maximum number of entries to return from a search oper‐
1372 ation.
1373 --time-limit TIME_LIMIT
1376 Sets the maximum number of seconds allowed for an operation.
1377 --hop-limit HOP_LIMIT
1380 Sets the maximum number of times a database is allowed to chain;
1381 that is, the
1382 number of times a request can be forwarded from one database
1383 link to another.
1384 --response-delay RESPONSE_DELAY
1387 The maximum amount of time it can take a remote server to
1388 respond to an LDAP
1389 operation request made by a database link before an error is
1390 suspected.
1391 --test-response-delay TEST_RESPONSE_DELAY
1394 Sets the duration of the test issued by the database link to
1395 check whether the
1396 remote server is responding.
1397 --use-starttls USE_STARTTLS
1400 Set to "on" specifies that the database links should use Start‐
1401 TLS for its
1402 secure connections.
1403 --suffix SUFFIX
1406 The suffix managed by the database link.
1407 --server-url SERVER_URL
1410 Gives the LDAP/LDAPS URL of the remote server.
1411 --bind-mech BIND_MECH
1414 Sets the authentication method to use to authenticate to the
1415 remote server:
1416 <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1417 --bind-dn BIND_DN
1420 DN of the administrative entry used to communicate with the
1421 remote server
1422 --bind-pw BIND_PW
1425 Password for the administrative user.
1426
1429 usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1430 CHAIN_NAME
1433 The chaining link name, or suffix, to retrieve
1434
1438 usage: dsconf instance chaining link-set [-h]
1439 [--conn-bind-limit
1440 CONN_BIND_LIMIT]
1441 [--conn-op-limit
1442 CONN_OP_LIMIT]
1443 [--abandon-check-interval
1444 ABANDON_CHECK_INTERVAL]
1445 [--bind-limit BIND_LIMIT]
1446 [--op-limit OP_LIMIT]
1447 [--proxied-auth PROXIED_AUTH]
1448 [--conn-lifetime CONN_LIFE‐
1449 TIME]
1450 [--bind-timeout BIND_TIMEOUT]
1451 [--return-ref RETURN_REF]
1452 [--check-aci CHECK_ACI]
1453 [--bind-attempts
1454 BIND_ATTEMPTS]
1455 [--size-limit SIZE_LIMIT]
1456 [--time-limit TIME_LIMIT]
1457 [--hop-limit HOP_LIMIT]
1458 [--response-delay
1459 RESPONSE_DELAY]
1460 [--test-response-delay
1461 TEST_RESPONSE_DELAY]
1462 [--use-starttls USE_STARTTLS]
1463 [--suffix SUFFIX]
1464 [--server-url SERVER_URL]
1465 [--bind-mech BIND_MECH]
1466 [--bind-dn BIND_DN]
1467 [--bind-pw BIND_PW]
1468 CHAIN_NAME
1469 CHAIN_NAME
1472 The name of the database link
1473 --conn-bind-limit CONN_BIND_LIMIT
1476 The maximum number of BIND connections the database link estab‐
1477 lishes with the
1478 remote server.
1479 --conn-op-limit CONN_OP_LIMIT
1482 The maximum number of LDAP connections the database link estab‐
1483 lishes with the
1484 remote server.
1485 --abandon-check-interval ABANDON_CHECK_INTERVAL
1488 The number of seconds that pass before the server checks for
1489 abandoned
1490 operations.
1491 --bind-limit BIND_LIMIT
1494 The maximum number of concurrent bind operations per TCP connec‐
1495 tion.
1496 --op-limit OP_LIMIT
1499 The maximum number of concurrent operations allowed.
1500 --proxied-auth PROXIED_AUTH
1503 Set to "off" to disable proxied authorization, then binds for
1504 chained
1505 operations are executed as the user set in the nsMultiplex‐
1506 orBindDn attribute
1507 (on/off).
1508 --conn-lifetime CONN_LIFETIME
1511 Specifies connection lifetime in seconds. 0 keeps connection
1512 open forever.
1513 --bind-timeout BIND_TIMEOUT
1516 The amount of time in seconds before a bind attempt times out.
1517 --return-ref RETURN_REF
1520 Sets whether referrals are returned by scoped searches (on/off).
1521 --check-aci CHECK_ACI
1524 Set whether ACIs are evaluated on the database link as well as
1525 the remote data
1526 server (on/off).
1527 --bind-attempts BIND_ATTEMPTS
1530 Sets the number of times the server tries to bind with the
1531 remote server.
1532 --size-limit SIZE_LIMIT
1535 Sets the maximum number of entries to return from a search oper‐
1536 ation.
1537 --time-limit TIME_LIMIT
1540 Sets the maximum number of seconds allowed for an operation.
1541 --hop-limit HOP_LIMIT
1544 Sets the maximum number of times a database is allowed to chain;
1545 that is, the
1546 number of times a request can be forwarded from one database
1547 link to another.
1548 --response-delay RESPONSE_DELAY
1551 The maximum amount of time it can take a remote server to
1552 respond to an LDAP
1553 operation request made by a database link before an error is
1554 suspected.
1555 --test-response-delay TEST_RESPONSE_DELAY
1558 Sets the duration of the test issued by the database link to
1559 check whether the
1560 remote server is responding.
1561 --use-starttls USE_STARTTLS
1564 Set to "on" specifies that the database links should use Start‐
1565 TLS for its
1566 secure connections.
1567 --suffix SUFFIX
1570 The suffix managed by the database link.
1571 --server-url SERVER_URL
1574 Gives the LDAP/LDAPS URL of the remote server.
1575 --bind-mech BIND_MECH
1578 Sets the authentication method to use to authenticate to the
1579 remote server:
1580 <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1581 --bind-dn BIND_DN
1584 DN of the administrative entry used to communicate with the
1585 remote server
1586 --bind-pw BIND_PW
1589 Password for the administrative user.
1590
1593 usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1594 CHAIN_NAME
1597 The name of the database link
1598
1602 usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1603 CHAIN_NAME
1606 The name of the database link
1607
1611 usage: dsconf instance chaining link-list [-h]
1612
1618 usage: dsconf instance config [-h] {get,add,replace,delete} ...
1619 Sub-commands
1622 dsconf config get
1623 get
1624 dsconf config add
1626 Add attribute value to configuration
1627 dsconf config replace
1629 Replace attribute value in configuration
1630 dsconf config delete
1632 Delete attribute value in configuration
1633
1635 usage: dsconf instance config get [-h] [attrs [attrs ...]]
1636 attrs Configuration attribute(s) to get
1639
1643 usage: dsconf instance config add [-h] [attr [attr ...]]
1644 attr Configuration attribute to add
1647
1651 usage: dsconf instance config replace [-h] [attr [attr ...]]
1652 attr Configuration attribute to replace
1655
1659 usage: dsconf instance config delete [-h] [attr [attr ...]]
1660 attr Configuration attribute to delete
1663
1668 usage: dsconf instance directory_manager [-h] {password_change} ...
1669 Sub-commands
1672 dsconf directory_manager password_change
1673 Change the directory manager password
1674
1676 usage: dsconf instance directory_manager password_change [-h]
1677
1683 usage: dsconf instance healthcheck [-h]
1684
1689 usage: dsconf instance plugin [-h]
1690 {memberof,automember,referential-
1691 integrity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-
1692 entries,pass-through-auth,retro-changelog,posix-winsync,list,show,set}
1693 ...
1694 Sub-commands
1697 dsconf plugin memberof
1698 Manage and configure MemberOf plugin
1699 dsconf plugin automember
1701 Manage and configure Automembership plugin
1702 dsconf plugin referential-integrity
1704 Manage and configure Referential Integrity Postoperation plugin
1705 dsconf plugin root-dn
1707 Manage and configure RootDN Access Control plugin
1708 dsconf plugin usn
1710 Manage and configure USN plugin
1711 dsconf plugin account-policy
1713 Manage and configure Account Policy plugin
1714 dsconf plugin attr-uniq
1716 Manage and configure Attribute Uniqueness plugin
1717 dsconf plugin dna
1719 Manage and configure DNA plugin
1720 dsconf plugin linked-attr
1722 Manage and configure Linked Attributes plugin
1723 dsconf plugin managed-entries
1725 Manage and configure Managed Entries Plugin
1726 dsconf plugin pass-through-auth
1728 Manage and configure Pass-Through Authentication plugins (URLs
1729 and PAM)
1730 dsconf plugin retro-changelog
1732 Manage and configure Retro Changelog plugin
1733 dsconf plugin posix-winsync
1735 Manage and configure The Posix Winsync API plugin
1736 dsconf plugin list
1738 List current configured (enabled and disabled) plugins
1739 dsconf plugin show
1741 Show the plugin data
1742 dsconf plugin set
1744 Edit the plugin
1745
1747 usage: dsconf instance plugin memberof [-h]
1748 {show,enable,disable,sta‐
1749 tus,set,config-entry,fixup}
1750 ...
1751 Sub-commands
1754 dsconf plugin memberof show
1755 display plugin configuration
1756 dsconf plugin memberof enable
1758 enable plugin
1759 dsconf plugin memberof disable
1761 disable plugin
1762 dsconf plugin memberof status
1764 display plugin status
1765 dsconf plugin memberof set
1767 Edit the plugin
1768 dsconf plugin memberof config-entry
1770 Manage the config entry
1771 dsconf plugin memberof fixup
1773 Run the fix-up task for memberOf plugin
1774
1776 usage: dsconf instance plugin memberof show [-h]
1777
1782 usage: dsconf instance plugin memberof enable [-h]
1783
1788 usage: dsconf instance plugin memberof disable [-h]
1789
1794 usage: dsconf instance plugin memberof status [-h]
1795
1800 usage: dsconf instance plugin memberof set [-h] [--attr ATTR [ATTR
1801 ...]]
1802 [--groupattr GROUPATTR
1803 [GROUPATTR ...]]
1804 [--allbackends {on,off}]
1805 [--skipnested {on,off}]
1806 [--scope SCOPE] [--exclude
1807 EXCLUDE]
1808 [--autoaddoc AUTOADDOC]
1809 [--config-entry CON‐
1810 FIG_ENTRY]
1811 --attr ATTR [ATTR ...]
1815 Specifies the attribute in the user entry for the Directory
1816 Server to manage
1817 to reflect group membership (memberOfAttr)
1818 --groupattr GROUPATTR [GROUPATTR ...]
1821 Specifies the attribute in the group entry to use to identify
1822 the DNs of group
1823 members (memberOfGroupAttr)
1824 --allbackends {on,off}
1827 Specifies whether to search the local suffix for user entries on
1828 all available
1829 suffixes (memberOfAllBackends)
1830 --skipnested {on,off}
1833 Specifies wherher to skip nested groups or not (memberOfSkip‐
1834 Nested)
1835 --scope SCOPE
1838 Specifies backends or multiple-nested suffixes for the MemberOf
1839 plug-in to
1840 work on (memberOfEntryScope)
1841 --exclude EXCLUDE
1844 Specifies backends or multiple-nested suffixes for the MemberOf
1845 plug-in to
1846 exclude (memberOfEntryScopeExcludeSubtree)
1847 --autoaddoc AUTOADDOC
1850 If an entry does not have an object class that allows the mem‐
1851 berOf attribute
1852 then the memberOf plugin will automatically add the object class
1853 listed in the
1854 memberOfAutoAddOC parameter
1855 --config-entry CONFIG_ENTRY
1858 The value to set as nsslapd-pluginConfigArea
1859
1862 usage: dsconf instance plugin memberof config-entry [-h]
1863 {add,set,show,delete}
1864 ...
1865 Sub-commands
1868 dsconf plugin memberof config-entry add
1869 Add the config entry
1870 dsconf plugin memberof config-entry set
1872 Edit the config entry
1873 dsconf plugin memberof config-entry show
1875 Display the config entry
1876 dsconf plugin memberof config-entry delete
1878 Delete the config entry
1879
1881 usage: dsconf instance plugin memberof config-entry add [-h]
1882 [--attr ATTR
1883 [ATTR ...]]
1884 [--groupattr
1885 GROUPATTR [GROUPATTR ...]]
1886 [--allbackends
1887 {on,off}]
1888 [--skipnested
1889 {on,off}]
1890 [--scope SCOPE]
1891 [--exclude
1892 EXCLUDE]
1893 [--autoaddoc
1894 AUTOADDOC]
1895 DN
1896 DN The config entry full DN
1899 --attr ATTR [ATTR ...]
1902 Specifies the attribute in the user entry for the Directory
1903 Server to manage
1904 to reflect group membership (memberOfAttr)
1905 --groupattr GROUPATTR [GROUPATTR ...]
1908 Specifies the attribute in the group entry to use to identify
1909 the DNs of group
1910 members (memberOfGroupAttr)
1911 --allbackends {on,off}
1914 Specifies whether to search the local suffix for user entries on
1915 all available
1916 suffixes (memberOfAllBackends)
1917 --skipnested {on,off}
1920 Specifies wherher to skip nested groups or not (memberOfSkip‐
1921 Nested)
1922 --scope SCOPE
1925 Specifies backends or multiple-nested suffixes for the MemberOf
1926 plug-in to
1927 work on (memberOfEntryScope)
1928 --exclude EXCLUDE
1931 Specifies backends or multiple-nested suffixes for the MemberOf
1932 plug-in to
1933 exclude (memberOfEntryScopeExcludeSubtree)
1934 --autoaddoc AUTOADDOC
1937 If an entry does not have an object class that allows the mem‐
1938 berOf attribute
1939 then the memberOf plugin will automatically add the object class
1940 listed in the
1941 memberOfAutoAddOC parameter
1942
1945 usage: dsconf instance plugin memberof config-entry set [-h]
1946 [--attr ATTR
1947 [ATTR ...]]
1948 [--groupattr
1949 GROUPATTR [GROUPATTR ...]]
1950 [--allbackends
1951 {on,off}]
1952 [--skipnested
1953 {on,off}]
1954 [--scope SCOPE]
1955 [--exclude
1956 EXCLUDE]
1957 [--autoaddoc
1958 AUTOADDOC]
1959 DN
1960 DN The config entry full DN
1963 --attr ATTR [ATTR ...]
1966 Specifies the attribute in the user entry for the Directory
1967 Server to manage
1968 to reflect group membership (memberOfAttr)
1969 --groupattr GROUPATTR [GROUPATTR ...]
1972 Specifies the attribute in the group entry to use to identify
1973 the DNs of group
1974 members (memberOfGroupAttr)
1975 --allbackends {on,off}
1978 Specifies whether to search the local suffix for user entries on
1979 all available
1980 suffixes (memberOfAllBackends)
1981 --skipnested {on,off}
1984 Specifies wherher to skip nested groups or not (memberOfSkip‐
1985 Nested)
1986 --scope SCOPE
1989 Specifies backends or multiple-nested suffixes for the MemberOf
1990 plug-in to
1991 work on (memberOfEntryScope)
1992 --exclude EXCLUDE
1995 Specifies backends or multiple-nested suffixes for the MemberOf
1996 plug-in to
1997 exclude (memberOfEntryScopeExcludeSubtree)
1998 --autoaddoc AUTOADDOC
2001 If an entry does not have an object class that allows the mem‐
2002 berOf attribute
2003 then the memberOf plugin will automatically add the object class
2004 listed in the
2005 memberOfAutoAddOC parameter
2006
2009 usage: dsconf instance plugin memberof config-entry show [-h] DN
2010 DN The config entry full DN
2013
2017 usage: dsconf instance plugin memberof config-entry delete [-h] DN
2018 DN The config entry full DN
2021
2026 usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN
2027 DN Base DN that contains entries to fix up
2030 -f FILTER, --filter FILTER
2033 Filter for entries to fix up. If omitted, all entries with
2034 objectclass
2035 inetuser/inetadmin/nsmemberof under the specified base will have
2036 their
2037 memberOf attribute regenerated.
2038
2042 usage: dsconf instance plugin automember [-h]
2043 {show,enable,disable,sta‐
2044 tus,list,definition,fixup}
2045 ...
2046 Sub-commands
2049 dsconf plugin automember show
2050 display plugin configuration
2051 dsconf plugin automember enable
2053 enable plugin
2054 dsconf plugin automember disable
2056 disable plugin
2057 dsconf plugin automember status
2059 display plugin status
2060 dsconf plugin automember list
2062 List Automembership definitions or regex rules.
2063 dsconf plugin automember definition
2065 Manage Automembership definition.
2066 dsconf plugin automember fixup
2068 Run a rebuild membership task.
2069
2071 usage: dsconf instance plugin automember show [-h]
2072
2077 usage: dsconf instance plugin automember enable [-h]
2078
2083 usage: dsconf instance plugin automember disable [-h]
2084
2089 usage: dsconf instance plugin automember status [-h]
2090
2095 usage: dsconf instance plugin automember list [-h] {defini‐
2096 tions,regexes} ...
2097 Sub-commands
2100 dsconf plugin automember list definitions
2101 List Automembership definitions.
2102 dsconf plugin automember list regexes
2104 List Automembership regex rules.
2105
2107 usage: dsconf instance plugin automember list definitions [-h]
2108
2113 usage: dsconf instance plugin automember list regexes [-h] DEF-NAME
2114 DEF-NAME
2117 The definition entry CN.
2118
2123 usage: dsconf instance plugin automember definition [-h]
2124 DEF-NAME
2125 {add,set,delete,regex}
2126 ...
2127 DEF-NAME
2130 The definition entry CN.
2131 Sub-commands
2134 dsconf plugin automember definition add
2135 Create Automembership definition.
2136 dsconf plugin automember definition set
2138 Edit Automembership definition.
2139 dsconf plugin automember definition delete
2141 Remove Automembership definition.
2142 dsconf plugin automember definition regex
2144 Manage Automembership regex rules.
2145
2147 usage: dsconf instance plugin automember definition DEF-NAME add
2148 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2149 DEFAULT_GROUP
2150 --scope SCOPE [--filter FILTER]
2151 --grouping-attr GROUPING_ATTR
2155 Specifies the name of the member attribute in the group entry
2156 and the
2157 attribute in the object entry that supplies the member attribute
2158 value, in the
2159 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2160 --default-group DEFAULT_GROUP
2163 Sets default or fallback group to add the entry to as a member
2164 member
2165 attribute in group entry (autoMemberDefaultGroup)
2166 --scope SCOPE
2169 Sets the subtree DN to search for entries (autoMemberScope)
2170 --filter FILTER
2173 Sets a standard LDAP search filter to use to search for matching
2174 entries
2175 (autoMemberFilter)
2176
2179 usage: dsconf instance plugin automember definition DEF-NAME set
2180 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2181 DEFAULT_GROUP
2182 --scope SCOPE [--filter FILTER]
2183 --grouping-attr GROUPING_ATTR
2187 Specifies the name of the member attribute in the group entry
2188 and the
2189 attribute in the object entry that supplies the member attribute
2190 value, in the
2191 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2192 --default-group DEFAULT_GROUP
2195 Sets default or fallback group to add the entry to as a member
2196 member
2197 attribute in group entry (autoMemberDefaultGroup)
2198 --scope SCOPE
2201 Sets the subtree DN to search for entries (autoMemberScope)
2202 --filter FILTER
2205 Sets a standard LDAP search filter to use to search for matching
2206 entries
2207 (autoMemberFilter)
2208
2211 usage: dsconf instance plugin automember definition DEF-NAME delete
2212 [-h]
2213
2218 usage: dsconf instance plugin automember definition DEF-NAME regex
2219 [-h] REGEX-NAME {add,set,delete} ...
2220 REGEX-NAME
2223 The regex entry CN.
2224 Sub-commands
2227 dsconf plugin automember definition regex add
2228 Create Automembership regex.
2229 dsconf plugin automember definition regex set
2231 Edit Automembership regex.
2232 dsconf plugin automember definition regex delete
2234 Remove Automembership regex.
2235
2237 usage: dsconf instance plugin automember definition DEF-NAME regex
2238 REGEX-NAME add
2239 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2240 DEFAULT_GROUP
2241 --scope SCOPE [--filter FILTER]
2242 --grouping-attr GROUPING_ATTR
2246 Specifies the name of the member attribute in the group entry
2247 and the
2248 attribute in the object entry that supplies the member attribute
2249 value, in the
2250 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2251 --default-group DEFAULT_GROUP
2254 Sets default or fallback group to add the entry to as a member
2255 member
2256 attribute in group entry (autoMemberDefaultGroup)
2257 --scope SCOPE
2260 Sets the subtree DN to search for entries (autoMemberScope)
2261 --filter FILTER
2264 Sets a standard LDAP search filter to use to search for matching
2265 entries
2266 (autoMemberFilter)
2267
2270 usage: dsconf instance plugin automember definition DEF-NAME regex
2271 REGEX-NAME set
2272 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2273 DEFAULT_GROUP
2274 --scope SCOPE [--filter FILTER]
2275 --grouping-attr GROUPING_ATTR
2279 Specifies the name of the member attribute in the group entry
2280 and the
2281 attribute in the object entry that supplies the member attribute
2282 value, in the
2283 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2284 --default-group DEFAULT_GROUP
2287 Sets default or fallback group to add the entry to as a member
2288 member
2289 attribute in group entry (autoMemberDefaultGroup)
2290 --scope SCOPE
2293 Sets the subtree DN to search for entries (autoMemberScope)
2294 --filter FILTER
2297 Sets a standard LDAP search filter to use to search for matching
2298 entries
2299 (autoMemberFilter)
2300
2303 usage: dsconf instance plugin automember definition DEF-NAME regex
2304 REGEX-NAME delete
2305 [-h]
2306
2313 usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2314 {sub,base,one}
2315 DN
2316 DN Base DN that contains entries to fix up
2319 -f FILTER, --filter FILTER
2322 LDAP filter for entries to fix up.
2323 -s {sub,base,one}, --scope {sub,base,one}
2326 LDAP search scope for entries to fix up
2327
2331 usage: dsconf instance plugin referential-integrity [-h]
2332 {show,enable,dis‐
2333 able,status,set}
2334 ...
2335 Sub-commands
2338 dsconf plugin referential-integrity show
2339 display plugin configuration
2340 dsconf plugin referential-integrity enable
2342 enable plugin
2343 dsconf plugin referential-integrity disable
2345 disable plugin
2346 dsconf plugin referential-integrity status
2348 display plugin status
2349 dsconf plugin referential-integrity set
2351 Edit the plugin
2352
2354 usage: dsconf instance plugin referential-integrity show [-h]
2355
2360 usage: dsconf instance plugin referential-integrity enable [-h]
2361
2366 usage: dsconf instance plugin referential-integrity disable [-h]
2367
2372 usage: dsconf instance plugin referential-integrity status [-h]
2373
2378 usage: dsconf instance plugin referential-integrity set [-h]
2379 [--update-delay
2380 UPDATE_DELAY]
2381 [--membership-
2382 attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2383 [--entry-scope
2384 ENTRY_SCOPE]
2385 [--exclude-
2386 entry-scope EXCLUDE_ENTRY_SCOPE]
2387 [--con‐
2388 tainer_scope CONTAINER_SCOPE]
2389 --update-delay UPDATE_DELAY
2393 Sets the update interval. Special values: 0 - The check is per‐
2394 formed
2395 immediately, -1 - No check is performed (referint-update-delay)
2396 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2399 Specifies attributes to check for and update (referint-member‐
2400 ship-attr)
2401 --entry-scope ENTRY_SCOPE
2404 Defines the subtree in which the plug-in looks for the delete or
2405 rename
2406 operations of a user entry (nsslapd-pluginEntryScope)
2407 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2410 Defines the subtree in which the plug-in ignores any operations
2411 for deleting
2412 or renaming a user (nsslapd-pluginExcludeEntryScope)
2413 --container_scope CONTAINER_SCOPE
2416 Specifies which branch the plug-in searches for the groups to
2417 which the user
2418 belongs. It only updates groups that are under the specified
2419 container branch,
2420 and leaves all other groups not updated (nsslapd-pluginContain‐
2421 erScope)
2422
2426 usage: dsconf instance plugin root-dn [-h]
2427 {show,enable,disable,status,set}
2428 ...
2429 Sub-commands
2432 dsconf plugin root-dn show
2433 display plugin configuration
2434 dsconf plugin root-dn enable
2436 enable plugin
2437 dsconf plugin root-dn disable
2439 disable plugin
2440 dsconf plugin root-dn status
2442 display plugin status
2443 dsconf plugin root-dn set
2445 Edit the plugin
2446
2448 usage: dsconf instance plugin root-dn show [-h]
2449
2454 usage: dsconf instance plugin root-dn enable [-h]
2455
2460 usage: dsconf instance plugin root-dn disable [-h]
2461
2466 usage: dsconf instance plugin root-dn status [-h]
2467
2472 usage: dsconf instance plugin root-dn set [-h]
2473 [--allow-host ALLOW_HOST
2474 [ALLOW_HOST ...]]
2475 [--deny-host DENY_HOST
2476 [DENY_HOST ...]]
2477 [--allow-ip ALLOW_IP
2478 [ALLOW_IP ...]]
2479 [--deny-ip DENY_IP [DENY_IP
2480 ...]]
2481 [--open-time OPEN_TIME]
2482 [--close-time CLOSE_TIME]
2483 [--days-allowed DAYS_ALLOWED]
2484 --allow-host ALLOW_HOST [ALLOW_HOST ...]
2488 Sets what hosts, by fully-qualified domain name, the root user
2489 is allowed to
2490 use to access the Directory Server. Any hosts not listed are
2491 implicitly denied
2492 (rootdn-allow-host)
2493 --deny-host DENY_HOST [DENY_HOST ...]
2496 Sets what hosts, by fully-qualified domain name, the root user
2497 is not allowed
2498 to use to access the Directory Server Any hosts not listed are
2499 implicitly
2500 allowed (rootdn-deny-host). If an host address is listed in both
2501 the rootdn-
2502 allow-host and rootdn-deny-host attributes, it is denied access.
2503 --allow-ip ALLOW_IP [ALLOW_IP ...]
2506 Sets what IP addresses, either IPv4 or IPv6, for machines the
2507 root user is
2508 allowed to use to access the Directory Server Any IP addresses
2509 not listed are
2510 implicitly denied (rootdn-allow-ip)
2511 --deny-ip DENY_IP [DENY_IP ...]
2514 Sets what IP addresses, either IPv4 or IPv6, for machines the
2515 root user is not
2516 allowed to use to access the Directory Server. Any IP addresses
2517 not listed are
2518 implicitly allowed (rootdn-deny-ip) If an IP address is listed
2519 in both the
2520 rootdn-allow-ip and rootdn-deny-ip attributes, it is denied
2521 access.
2522 --open-time OPEN_TIME
2525 Sets part of a time period or range when the root user is
2526 allowed to access
2527 the Directory Server. This sets when the time-based access
2528 begins (rootdn-
2529 open-time)
2530 --close-time CLOSE_TIME
2533 Sets part of a time period or range when the root user is
2534 allowed to access
2535 the Directory Server. This sets when the time-based access ends
2536 (rootdn-close-
2537 time)
2538 --days-allowed DAYS_ALLOWED
2541 Gives a comma-separated list of what days the root user is
2542 allowed to use to
2543 access the Directory Server. Any days listed are implicitly
2544 denied (rootdn-
2545 days-allowed)
2546
2550 usage: dsconf instance plugin usn [-h]
2551 {show,enable,disable,sta‐
2552 tus,global,cleanup}
2553 ...
2554 Sub-commands
2557 dsconf plugin usn show
2558 display plugin configuration
2559 dsconf plugin usn enable
2561 enable plugin
2562 dsconf plugin usn disable
2564 disable plugin
2565 dsconf plugin usn status
2567 display plugin status
2568 dsconf plugin usn global
2570 Get or manage global usn mode (nsslapd-entryusn-global)
2571 dsconf plugin usn cleanup
2573 Run the USN tombstone cleanup task
2574
2576 usage: dsconf instance plugin usn show [-h]
2577
2582 usage: dsconf instance plugin usn enable [-h]
2583
2588 usage: dsconf instance plugin usn disable [-h]
2589
2594 usage: dsconf instance plugin usn status [-h]
2595
2600 usage: dsconf instance plugin usn global [-h] {on,off} ...
2601 Sub-commands
2604 dsconf plugin usn global on
2605 Enable usn global mode
2606 dsconf plugin usn global off
2608 Disable usn global mode
2609
2611 usage: dsconf instance plugin usn global on [-h]
2612
2617 usage: dsconf instance plugin usn global off [-h]
2618
2624 usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2625 [-m MAXUSN]
2626 -s SUFFIX, --suffix SUFFIX
2630 Gives the suffix or subtree in the Directory Server to run the
2631 cleanup
2632 operation against. If the suffix is not specified, then the back
2633 end must be
2634 given (suffix)
2635 -n BACKEND, --backend BACKEND
2638 Gives the Directory Server instance back end, or database, to
2639 run the cleanup
2640 operation against. If the back end is not specified, then the
2641 suffix must be
2642 specified.Backend instance in which USN tombstone entries (back‐
2643 end)
2644 -m MAXUSN, --maxusn MAXUSN
2647 Gives the highest USN value to delete when removing tombstone
2648 entries
2649 (max_usn_to_delete)
2650
2654 usage: dsconf instance plugin account-policy [-h]
2655 {show,enable,disable,sta‐
2656 tus,set,config-entry}
2657 ...
2658 Sub-commands
2661 dsconf plugin account-policy show
2662 display plugin configuration
2663 dsconf plugin account-policy enable
2665 enable plugin
2666 dsconf plugin account-policy disable
2668 disable plugin
2669 dsconf plugin account-policy status
2671 display plugin status
2672 dsconf plugin account-policy set
2674 Edit the plugin
2675 dsconf plugin account-policy config-entry
2677 Manage the config entry
2678
2680 usage: dsconf instance plugin account-policy show [-h]
2681
2686 usage: dsconf instance plugin account-policy enable [-h]
2687
2692 usage: dsconf instance plugin account-policy disable [-h]
2693
2698 usage: dsconf instance plugin account-policy status [-h]
2699
2704 usage: dsconf instance plugin account-policy set [-h]
2705 [--config-entry CON‐
2706 FIG_ENTRY]
2707 --config-entry CONFIG_ENTRY
2711 The value to set as nsslapd-pluginConfigArea
2712
2715 usage: dsconf instance plugin account-policy config-entry [-h]
2716 {add,set,show,delete}
2717 ...
2718 Sub-commands
2721 dsconf plugin account-policy config-entry add
2722 Add the config entry
2723 dsconf plugin account-policy config-entry set
2725 Edit the config entry
2726 dsconf plugin account-policy config-entry show
2728 Display the config entry
2729 dsconf plugin account-policy config-entry delete
2731 Delete the config entry
2732
2734 usage: dsconf instance plugin account-policy config-entry add
2735 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2736 ALT_STATE_ATTR]
2737 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2738 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2739 [--state-attr STATE_ATTR]
2740 DN
2741 DN The config entry full DN
2744 --always-record-login {yes,no}
2747 Sets that every entry records its last login time (alwaysRecord‐
2748 Login)
2749 --alt-state-attr ALT_STATE_ATTR
2752 Provides a backup attribute for the server to reference to eval‐
2753 uate the
2754 expiration time (altStateAttrName)
2755 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2758 Specifies the attribute to store the time of the last successful
2759 login in this
2760 attribute in the users directory entry (alwaysRecordLoginAttr)
2761 --limit-attr LIMIT_ATTR
2764 Specifies the attribute within the policy to use for the account
2765 inactivation
2766 limit (limitAttrName)
2767 --spec-attr SPEC_ATTR
2770 Specifies the attribute to identify which entries are account
2771 policy
2772 configuration entries (specAttrName)
2773 --state-attr STATE_ATTR
2776 Specifies the primary time attribute used to evaluate an account
2777 policy
2778 (stateAttrName)
2779
2782 usage: dsconf instance plugin account-policy config-entry set
2783 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2784 ALT_STATE_ATTR]
2785 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2786 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2787 [--state-attr STATE_ATTR]
2788 DN
2789 DN The config entry full DN
2792 --always-record-login {yes,no}
2795 Sets that every entry records its last login time (alwaysRecord‐
2796 Login)
2797 --alt-state-attr ALT_STATE_ATTR
2800 Provides a backup attribute for the server to reference to eval‐
2801 uate the
2802 expiration time (altStateAttrName)
2803 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2806 Specifies the attribute to store the time of the last successful
2807 login in this
2808 attribute in the users directory entry (alwaysRecordLoginAttr)
2809 --limit-attr LIMIT_ATTR
2812 Specifies the attribute within the policy to use for the account
2813 inactivation
2814 limit (limitAttrName)
2815 --spec-attr SPEC_ATTR
2818 Specifies the attribute to identify which entries are account
2819 policy
2820 configuration entries (specAttrName)
2821 --state-attr STATE_ATTR
2824 Specifies the primary time attribute used to evaluate an account
2825 policy
2826 (stateAttrName)
2827
2830 usage: dsconf instance plugin account-policy config-entry show [-h] DN
2831 DN The config entry full DN
2834
2838 usage: dsconf instance plugin account-policy config-entry delete [-h]
2839 DN
2840 DN The config entry full DN
2843
2849 usage: dsconf instance plugin attr-uniq [-h]
2850 {show,enable,disable,sta‐
2851 tus,list,add,set,delete}
2852 ...
2853 Sub-commands
2856 dsconf plugin attr-uniq show
2857 display plugin configuration
2858 dsconf plugin attr-uniq enable
2860 enable plugin
2861 dsconf plugin attr-uniq disable
2863 disable plugin
2864 dsconf plugin attr-uniq status
2866 display plugin status
2867 dsconf plugin attr-uniq list
2869 List available plugin configs
2870 dsconf plugin attr-uniq add
2872 Add the config entry
2873 dsconf plugin attr-uniq set
2875 Edit the config entry
2876 dsconf plugin attr-uniq show
2878 Display the config entry
2879 dsconf plugin attr-uniq delete
2881 Delete the config entry
2882 dsconf plugin attr-uniq enable
2884 enable plugin
2885 dsconf plugin attr-uniq disable
2887 disable plugin
2888 dsconf plugin attr-uniq status
2890 display plugin status
2891
2893 usage: dsconf instance plugin attr-uniq show [-h] NAME
2894 NAME The name of the plug-in configuration record
2897
2901 usage: dsconf instance plugin attr-uniq enable [-h] NAME
2902 NAME Sets the name of the plug-in configuration record
2905
2909 usage: dsconf instance plugin attr-uniq disable [-h] NAME
2910 NAME Sets the name of the plug-in configuration record
2913
2917 usage: dsconf instance plugin attr-uniq status [-h] NAME
2918 NAME Sets the name of the plug-in configuration record
2921
2925 usage: dsconf instance plugin attr-uniq list [-h]
2926
2931 usage: dsconf instance plugin attr-uniq add [-h]
2932 [--attr-name ATTR_NAME
2933 [ATTR_NAME ...]]
2934 [--subtree SUBTREE [SUBTREE
2935 ...]]
2936 [--across-all-subtrees
2937 {on,off}]
2938 [--top-entry-oc
2939 TOP_ENTRY_OC]
2940 [--subtree-entries-oc SUB‐
2941 TREE_ENTRIES_OC]
2942 NAME
2943 NAME Sets the name of the plug-in configuration record. (cn) You can
2946 use any
2947 string, but "attribute_name Attribute Uniqueness" is recom‐
2948 mended.
2949 --attr-name ATTR_NAME [ATTR_NAME ...]
2952 Sets the name of the attribute whose values must be unique. This
2953 attribute is
2954 multi-valued. (uniqueness-attribute-name)
2955 --subtree SUBTREE [SUBTREE ...]
2958 Sets the DN under which the plug-in checks for uniqueness of the
2959 attributes
2960 value. This attribute is multi-valued (uniqueness-subtrees)
2961 --across-all-subtrees {on,off}
2964 If enabled (on), the plug-in checks that the attribute is unique
2965 across all
2966 subtrees set. If you set the attribute to off, uniqueness is
2967 only enforced
2968 within the subtree of the updated entry (unique‐
2969 ness-across-all-subtrees)
2970 --top-entry-oc TOP_ENTRY_OC
2973 Verifies that the value of the attribute set in unique‐
2974 ness-attribute-name is
2975 unique in this subtree (uniqueness-top-entry-oc)
2976 --subtree-entries-oc SUBTREE_ENTRIES_OC
2979 Verifies if an attribute is unique, if the entry contains the
2980 object class set
2981 in this parameter (uniqueness-subtree-entries-oc)
2982
2985 usage: dsconf instance plugin attr-uniq set [-h]
2986 [--attr-name ATTR_NAME
2987 [ATTR_NAME ...]]
2988 [--subtree SUBTREE [SUBTREE
2989 ...]]
2990 [--across-all-subtrees
2991 {on,off}]
2992 [--top-entry-oc
2993 TOP_ENTRY_OC]
2994 [--subtree-entries-oc SUB‐
2995 TREE_ENTRIES_OC]
2996 NAME
2997 NAME Sets the name of the plug-in configuration record. (cn) You can
3000 use any
3001 string, but "attribute_name Attribute Uniqueness" is recom‐
3002 mended.
3003 --attr-name ATTR_NAME [ATTR_NAME ...]
3006 Sets the name of the attribute whose values must be unique. This
3007 attribute is
3008 multi-valued. (uniqueness-attribute-name)
3009 --subtree SUBTREE [SUBTREE ...]
3012 Sets the DN under which the plug-in checks for uniqueness of the
3013 attributes
3014 value. This attribute is multi-valued (uniqueness-subtrees)
3015 --across-all-subtrees {on,off}
3018 If enabled (on), the plug-in checks that the attribute is unique
3019 across all
3020 subtrees set. If you set the attribute to off, uniqueness is
3021 only enforced
3022 within the subtree of the updated entry (unique‐
3023 ness-across-all-subtrees)
3024 --top-entry-oc TOP_ENTRY_OC
3027 Verifies that the value of the attribute set in unique‐
3028 ness-attribute-name is
3029 unique in this subtree (uniqueness-top-entry-oc)
3030 --subtree-entries-oc SUBTREE_ENTRIES_OC
3033 Verifies if an attribute is unique, if the entry contains the
3034 object class set
3035 in this parameter (uniqueness-subtree-entries-oc)
3036
3039 usage: dsconf instance plugin attr-uniq delete [-h] NAME
3040 NAME Sets the name of the plug-in configuration record
3043
3048 usage: dsconf instance plugin dna [-h]
3049 {show,enable,disable,status,list,con‐
3050 fig} ...
3051 Sub-commands
3054 dsconf plugin dna show
3055 display plugin configuration
3056 dsconf plugin dna enable
3058 enable plugin
3059 dsconf plugin dna disable
3061 disable plugin
3062 dsconf plugin dna status
3064 display plugin status
3065 dsconf plugin dna list
3067 List available plugin configs
3068 dsconf plugin dna config
3070 Manage plugin configs
3071
3073 usage: dsconf instance plugin dna show [-h]
3074
3079 usage: dsconf instance plugin dna enable [-h]
3080
3085 usage: dsconf instance plugin dna disable [-h]
3086
3091 usage: dsconf instance plugin dna status [-h]
3092
3097 usage: dsconf instance plugin dna list [-h] {configs,shared-configs}
3098 ...
3099 Sub-commands
3102 dsconf plugin dna list configs
3103 List main DNA plugin config entries
3104 dsconf plugin dna list shared-configs
3106 List DNA plugin shared config entries
3107
3109 usage: dsconf instance plugin dna list configs [-h]
3110
3115 usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3116 BASEDN The search DN
3119
3124 usage: dsconf instance plugin dna config [-h]
3125 NAME
3126 {add,set,show,delete,shared-
3127 config-entry}
3128 ...
3129 NAME The DNA configuration name
3132 Sub-commands
3135 dsconf plugin dna config add
3136 Add the config entry
3137 dsconf plugin dna config set
3139 Edit the config entry
3140 dsconf plugin dna config show
3142 Display the config entry
3143 dsconf plugin dna config delete
3145 Delete the config entry
3146 dsconf plugin dna config shared-config-entry
3148 Manage the shared config entry
3149
3151 usage: dsconf instance plugin dna config NAME add [-h]
3152 [--type TYPE [TYPE
3153 ...]]
3154 [--prefix PREFIX]
3155 [--next-value
3156 NEXT_VALUE]
3157 [--max-value
3158 MAX_VALUE]
3159 [--interval INTERVAL]
3160 [--magic-regen
3161 MAGIC_REGEN]
3162 [--filter FILTER]
3163 [--scope SCOPE]
3164 [--remote-bind-dn
3165 REMOTE_BIND_DN]
3166 [--remote-bind-cred
3167 REMOTE_BIND_CRED]
3168 [--shared-config-
3169 entry SHARED_CONFIG_ENTRY]
3170 [--threshold THRESH‐
3171 OLD]
3172 [--next-range
3173 NEXT_RANGE]
3174 [--range-request-
3175 timeout RANGE_REQUEST_TIMEOUT]
3176 --type TYPE [TYPE ...]
3180 Sets which attributes have unique numbers being generated for
3181 them (dnaType)
3182 --prefix PREFIX
3185 Defines a prefix that can be prepended to the generated number
3186 values for the
3187 attribute (dnaPrefix)
3188 --next-value NEXT_VALUE
3191 Gives the next available number which can be assigned
3192 (dnaNextValue)
3193 --max-value MAX_VALUE
3196 Sets the maximum value that can be assigned for the range (dna‐
3197 MaxValue)
3198 --interval INTERVAL
3201 Sets an interval to use to increment through numbers in a range
3202 (dnaInterval)
3203 --magic-regen MAGIC_REGEN
3206 Sets a user-defined value that instructs the plug-in to assign a
3207 new value for
3208 the entry (dnaMagicRegen)
3209 --filter FILTER
3212 Sets an LDAP filter to use to search for and identify the
3213 entries to which to
3214 apply the distributed numeric assignment range (dnaFilter)
3215 --scope SCOPE
3218 Sets the base DN to search for entries to which to apply the
3219 distributed
3220 numeric assignment (dnaScope)
3221 --remote-bind-dn REMOTE_BIND_DN
3224 Specifies the Replication Manager DN (dnaRemoteBindDN)
3225 --remote-bind-cred REMOTE_BIND_CRED
3228 Specifies the Replication Manager's password (dnaRemoteBindCred)
3229 --shared-config-entry SHARED_CONFIG_ENTRY
3232 Defines a shared identity that the servers can use to transfer
3233 ranges to one
3234 another (dnaSharedCfgDN)
3235 --threshold THRESHOLD
3238 Sets a threshold of remaining available numbers in the range.
3239 When the server
3240 hits the threshold, it sends a request for a new range
3241 (dnaThreshold)
3242 --next-range NEXT_RANGE
3245 Defines the next range to use when the current range is
3246 exhausted
3247 (dnaNextRange)
3248 --range-request-timeout RANGE_REQUEST_TIMEOUT
3251 sets a timeout period, in seconds, for range requests so that
3252 the server does
3253 not stall waiting on a new range from one server and can request
3254 a range from
3255 a new server (dnaRangeRequestTimeout)
3256
3259 usage: dsconf instance plugin dna config NAME set [-h]
3260 [--type TYPE [TYPE
3261 ...]]
3262 [--prefix PREFIX]
3263 [--next-value
3264 NEXT_VALUE]
3265 [--max-value
3266 MAX_VALUE]
3267 [--interval INTERVAL]
3268 [--magic-regen
3269 MAGIC_REGEN]
3270 [--filter FILTER]
3271 [--scope SCOPE]
3272 [--remote-bind-dn
3273 REMOTE_BIND_DN]
3274 [--remote-bind-cred
3275 REMOTE_BIND_CRED]
3276 [--shared-config-
3277 entry SHARED_CONFIG_ENTRY]
3278 [--threshold THRESH‐
3279 OLD]
3280 [--next-range
3281 NEXT_RANGE]
3282 [--range-request-
3283 timeout RANGE_REQUEST_TIMEOUT]
3284 --type TYPE [TYPE ...]
3288 Sets which attributes have unique numbers being generated for
3289 them (dnaType)
3290 --prefix PREFIX
3293 Defines a prefix that can be prepended to the generated number
3294 values for the
3295 attribute (dnaPrefix)
3296 --next-value NEXT_VALUE
3299 Gives the next available number which can be assigned
3300 (dnaNextValue)
3301 --max-value MAX_VALUE
3304 Sets the maximum value that can be assigned for the range (dna‐
3305 MaxValue)
3306 --interval INTERVAL
3309 Sets an interval to use to increment through numbers in a range
3310 (dnaInterval)
3311 --magic-regen MAGIC_REGEN
3314 Sets a user-defined value that instructs the plug-in to assign a
3315 new value for
3316 the entry (dnaMagicRegen)
3317 --filter FILTER
3320 Sets an LDAP filter to use to search for and identify the
3321 entries to which to
3322 apply the distributed numeric assignment range (dnaFilter)
3323 --scope SCOPE
3326 Sets the base DN to search for entries to which to apply the
3327 distributed
3328 numeric assignment (dnaScope)
3329 --remote-bind-dn REMOTE_BIND_DN
3332 Specifies the Replication Manager DN (dnaRemoteBindDN)
3333 --remote-bind-cred REMOTE_BIND_CRED
3336 Specifies the Replication Manager's password (dnaRemoteBindCred)
3337 --shared-config-entry SHARED_CONFIG_ENTRY
3340 Defines a shared identity that the servers can use to transfer
3341 ranges to one
3342 another (dnaSharedCfgDN)
3343 --threshold THRESHOLD
3346 Sets a threshold of remaining available numbers in the range.
3347 When the server
3348 hits the threshold, it sends a request for a new range
3349 (dnaThreshold)
3350 --next-range NEXT_RANGE
3353 Defines the next range to use when the current range is
3354 exhausted
3355 (dnaNextRange)
3356 --range-request-timeout RANGE_REQUEST_TIMEOUT
3359 sets a timeout period, in seconds, for range requests so that
3360 the server does
3361 not stall waiting on a new range from one server and can request
3362 a range from
3363 a new server (dnaRangeRequestTimeout)
3364
3367 usage: dsconf instance plugin dna config NAME show [-h]
3368
3373 usage: dsconf instance plugin dna config NAME delete [-h]
3374
3379 usage: dsconf instance plugin dna config NAME shared-config-entry
3380 [-h] {add,edit,show,delete} ...
3381 Sub-commands
3384 dsconf plugin dna config shared-config-entry add
3385 Add the shared config entry
3386 dsconf plugin dna config shared-config-entry edit
3388 Edit the shared config entry
3389 dsconf plugin dna config shared-config-entry show
3391 Display the shared config entry
3392 dsconf plugin dna config shared-config-entry delete
3394 Delete the shared config entry
3395
3397 usage: dsconf instance plugin dna config NAME shared-config-entry add
3398 [-h] [--hostname HOSTNAME] [--port PORT] [--secure-port
3399 SECURE_PORT]
3400 [--remote-bind-method REMOTE_BIND_METHOD]
3401 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3402 [--remaining-values REMAINING_VALUES]
3403 BASEDN
3404 BASEDN The shared config entry BASE DN. The new DN will be constructed
3407 with
3408 dnaHostname and dnaPortNum
3409 --hostname HOSTNAME
3412 Identifies the host name of a server in a shared range, as part
3413 of the DNA
3414 range configuration for that specific host in multi-master
3415 replication
3416 (dnaHostname)
3417 --port PORT
3420 Gives the standard port number to use to connect to the host
3421 identified in
3422 dnaHostname (dnaPortNum)
3423 --secure-port SECURE_PORT
3426 Gives the secure (TLS) port number to use to connect to the host
3427 identified in
3428 dnaHostname (dnaSecurePortNum)
3429 --remote-bind-method REMOTE_BIND_METHOD
3432 Specifies the remote bind method (dnaRemoteBindMethod)
3433 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3436 Specifies the remote connection protocol (dnaRemoteConnProtocol)
3437 --remaining-values REMAINING_VALUES
3440 Contains the number of values that are remaining and available
3441 to a server to
3442 assign to entries (dnaRemainingValues)
3443
3446 usage: dsconf instance plugin dna config NAME shared-config-entry edit
3447 [-h] [--hostname HOSTNAME] [--port PORT] [--secure-port
3448 SECURE_PORT]
3449 [--remote-bind-method REMOTE_BIND_METHOD]
3450 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3451 [--remaining-values REMAINING_VALUES]
3452 DN
3453 DN The shared config entry DN
3456 --hostname HOSTNAME
3459 Identifies the host name of a server in a shared range, as part
3460 of the DNA
3461 range configuration for that specific host in multi-master
3462 replication
3463 (dnaHostname)
3464 --port PORT
3467 Gives the standard port number to use to connect to the host
3468 identified in
3469 dnaHostname (dnaPortNum)
3470 --secure-port SECURE_PORT
3473 Gives the secure (TLS) port number to use to connect to the host
3474 identified in
3475 dnaHostname (dnaSecurePortNum)
3476 --remote-bind-method REMOTE_BIND_METHOD
3479 Specifies the remote bind method (dnaRemoteBindMethod)
3480 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3483 Specifies the remote connection protocol (dnaRemoteConnProtocol)
3484 --remaining-values REMAINING_VALUES
3487 Contains the number of values that are remaining and available
3488 to a server to
3489 assign to entries (dnaRemainingValues)
3490
3493 usage: dsconf instance plugin dna config NAME shared-config-entry show
3494 [-h] DN
3495 DN The shared config entry DN
3498
3502 usage: dsconf instance plugin dna config NAME shared-config-entry
3503 delete
3504 [-h] DN
3505 DN The shared config entry DN
3508
3515 usage: dsconf instance plugin linked-attr [-h]
3516 {show,enable,disable,sta‐
3517 tus,fixup,list,config}
3518 ...
3519 Sub-commands
3522 dsconf plugin linked-attr show
3523 display plugin configuration
3524 dsconf plugin linked-attr enable
3526 enable plugin
3527 dsconf plugin linked-attr disable
3529 disable plugin
3530 dsconf plugin linked-attr status
3532 display plugin status
3533 dsconf plugin linked-attr fixup
3535 Run the fix-up task for linked attributes plugin
3536 dsconf plugin linked-attr list
3538 List available plugin configs
3539 dsconf plugin linked-attr config
3541 Manage plugin configs
3542
3544 usage: dsconf instance plugin linked-attr show [-h]
3545
3550 usage: dsconf instance plugin linked-attr enable [-h]
3551
3556 usage: dsconf instance plugin linked-attr disable [-h]
3557
3562 usage: dsconf instance plugin linked-attr status [-h]
3563
3568 usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3569 -l LINKDN, --linkdn LINKDN
3573 Base DN that contains entries to fix up
3574
3577 usage: dsconf instance plugin linked-attr list [-h]
3578
3583 usage: dsconf instance plugin linked-attr config [-h]
3584 NAME
3585 {add,set,show,delete}
3586 ...
3587 NAME The Linked Attributes configuration name
3590 Sub-commands
3593 dsconf plugin linked-attr config add
3594 Add the config entry
3595 dsconf plugin linked-attr config set
3597 Edit the config entry
3598 dsconf plugin linked-attr config show
3600 Display the config entry
3601 dsconf plugin linked-attr config delete
3603 Delete the config entry
3604
3606 usage: dsconf instance plugin linked-attr config NAME add [-h]
3607 [--link-type
3608 LINK_TYPE]
3609 [--managed-
3610 type MANAGED_TYPE]
3611 [--link-scope
3612 LINK_SCOPE]
3613 --link-type LINK_TYPE
3617 Sets the attribute that is managed manually by administrators
3618 (linkType)
3619 --managed-type MANAGED_TYPE
3622 Sets the attribute that is created dynamically by the plugin
3623 (managedType)
3624 --link-scope LINK_SCOPE
3627 Sets the scope that restricts the plugin to a specific part of
3628 the directory
3629 tree (linkScope)
3630
3633 usage: dsconf instance plugin linked-attr config NAME set [-h]
3634 [--link-type
3635 LINK_TYPE]
3636 [--managed-
3637 type MANAGED_TYPE]
3638 [--link-scope
3639 LINK_SCOPE]
3640 --link-type LINK_TYPE
3644 Sets the attribute that is managed manually by administrators
3645 (linkType)
3646 --managed-type MANAGED_TYPE
3649 Sets the attribute that is created dynamically by the plugin
3650 (managedType)
3651 --link-scope LINK_SCOPE
3654 Sets the scope that restricts the plugin to a specific part of
3655 the directory
3656 tree (linkScope)
3657
3660 usage: dsconf instance plugin linked-attr config NAME show [-h]
3661
3666 usage: dsconf instance plugin linked-attr config NAME delete [-h]
3667
3674 usage: dsconf instance plugin managed-entries [-h]
3675 {show,enable,disable,sta‐
3676 tus,set,list,config,template}
3677 ...
3678 Sub-commands
3681 dsconf plugin managed-entries show
3682 display plugin configuration
3683 dsconf plugin managed-entries enable
3685 enable plugin
3686 dsconf plugin managed-entries disable
3688 disable plugin
3689 dsconf plugin managed-entries status
3691 display plugin status
3692 dsconf plugin managed-entries set
3694 Edit the plugin
3695 dsconf plugin managed-entries list
3697 List Managed Entries Plugin configs and templates
3698 dsconf plugin managed-entries config
3700 Handle Managed Entries Plugin configs
3701 dsconf plugin managed-entries template
3703 Handle Managed Entries Plugin templates
3704
3706 usage: dsconf instance plugin managed-entries show [-h]
3707
3712 usage: dsconf instance plugin managed-entries enable [-h]
3713
3718 usage: dsconf instance plugin managed-entries disable [-h]
3719
3724 usage: dsconf instance plugin managed-entries status [-h]
3725
3730 usage: dsconf instance plugin managed-entries set [-h]
3731 [--config-area CON‐
3732 FIG_AREA]
3733 --config-area CONFIG_AREA
3737 The value to set as nsslapd-pluginConfigArea
3738
3741 usage: dsconf instance plugin managed-entries list [-h]
3742 {configs,templates}
3743 ...
3744 Sub-commands
3747 dsconf plugin managed-entries list configs
3748 List Managed Entries Plugin configs (list config-area if speci‐
3749 fied in the main plugin entry)
3750 dsconf plugin managed-entries list templates
3752 List Managed Entries Plugin templates in the directory
3753
3755 usage: dsconf instance plugin managed-entries list configs [-h]
3756
3761 usage: dsconf instance plugin managed-entries list templates [-h]
3762 BASEDN
3763 BASEDN The base DN where to search the templates.
3766
3771 usage: dsconf instance plugin managed-entries config [-h]
3772 NAME
3773 {add,set,show,delete}
3774 ...
3775 NAME The config entry CN.
3778 Sub-commands
3781 dsconf plugin managed-entries config add
3782 Add the config entry
3783 dsconf plugin managed-entries config set
3785 Edit the config entry
3786 dsconf plugin managed-entries config show
3788 Display the config entry
3789 dsconf plugin managed-entries config delete
3791 Delete the config entry
3792
3794 usage: dsconf instance plugin managed-entries config NAME add
3795 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
3796 AGED_BASE]
3797 [--managed-template MANAGED_TEMPLATE]
3798 --scope SCOPE
3802 Sets the scope of the search to use to see which entries the
3803 plug-in monitors
3804 (originScope)
3805 --filter FILTER
3808 Sets the search filter to use to search for and identify the
3809 entries within
3810 the subtree which require a managed entry (originFilter)
3811 --managed-base MANAGED_BASE
3814 Sets the subtree under which to create the managed entries (man‐
3815 agedBase)
3816 --managed-template MANAGED_TEMPLATE
3819 Identifies the template entry to use to create the managed entry
3820 (managedTemplate)
3821
3824 usage: dsconf instance plugin managed-entries config NAME set
3825 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
3826 AGED_BASE]
3827 [--managed-template MANAGED_TEMPLATE]
3828 --scope SCOPE
3832 Sets the scope of the search to use to see which entries the
3833 plug-in monitors
3834 (originScope)
3835 --filter FILTER
3838 Sets the search filter to use to search for and identify the
3839 entries within
3840 the subtree which require a managed entry (originFilter)
3841 --managed-base MANAGED_BASE
3844 Sets the subtree under which to create the managed entries (man‐
3845 agedBase)
3846 --managed-template MANAGED_TEMPLATE
3849 Identifies the template entry to use to create the managed entry
3850 (managedTemplate)
3851
3854 usage: dsconf instance plugin managed-entries config NAME show [-h]
3855
3860 usage: dsconf instance plugin managed-entries config NAME delete [-h]
3861
3867 usage: dsconf instance plugin managed-entries template [-h]
3868 DN
3869 {add,set,show,delete}
3870 ...
3871 DN The template entry DN.
3874 Sub-commands
3877 dsconf plugin managed-entries template add
3878 Add the template entry
3879 dsconf plugin managed-entries template set
3881 Edit the template entry
3882 dsconf plugin managed-entries template show
3884 Display the template entry
3885 dsconf plugin managed-entries template delete
3887 Delete the template entry
3888
3890 usage: dsconf instance plugin managed-entries template DN add
3891 [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
3892 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3893 --rdn-attr RDN_ATTR
3897 Sets which attribute to use as the naming attribute in the auto‐
3898 matically-
3899 generated entry (mepRDNAttr)
3900 --static-attr STATIC_ATTR
3903 Sets an attribute with a defined value that must be added to the
3904 automatically-generated entry (mepStaticAttr)
3905 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3908 Sets an attribute in the Managed Entries template entry which
3909 must exist in
3910 the generated entry (mepMappedAttr)
3911
3914 usage: dsconf instance plugin managed-entries template DN set
3915 [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
3916 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3917 --rdn-attr RDN_ATTR
3921 Sets which attribute to use as the naming attribute in the auto‐
3922 matically-
3923 generated entry (mepRDNAttr)
3924 --static-attr STATIC_ATTR
3927 Sets an attribute with a defined value that must be added to the
3928 automatically-generated entry (mepStaticAttr)
3929 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3932 Sets an attribute in the Managed Entries template entry which
3933 must exist in
3934 the generated entry (mepMappedAttr)
3935
3938 usage: dsconf instance plugin managed-entries template DN show [-h]
3939
3944 usage: dsconf instance plugin managed-entries template DN delete [-h]
3945
3952 usage: dsconf instance plugin pass-through-auth [-h]
3953 {show,enable,dis‐
3954 able,status,list,url,pam-config}
3955 ...
3956 Sub-commands
3959 dsconf plugin pass-through-auth show
3960 display plugin configuration
3961 dsconf plugin pass-through-auth enable
3963 enable plugin
3964 dsconf plugin pass-through-auth disable
3966 disable plugin
3967 dsconf plugin pass-through-auth status
3969 display plugin status
3970 dsconf plugin pass-through-auth list
3972 List pass-though plugin URLs or PAM configurations.
3973 dsconf plugin pass-through-auth url
3975 Manage PTA URL configurations.
3976 dsconf plugin pass-through-auth pam-config
3978 Manage PAM PTA configurations.
3979
3981 usage: dsconf instance plugin pass-through-auth show [-h]
3982
3987 usage: dsconf instance plugin pass-through-auth enable [-h]
3988
3993 usage: dsconf instance plugin pass-through-auth disable [-h]
3994
3999 usage: dsconf instance plugin pass-through-auth status [-h]
4000
4005 usage: dsconf instance plugin pass-through-auth list [-h]
4006 {urls,pam-configs}
4007 ...
4008 Sub-commands
4011 dsconf plugin pass-through-auth list urls
4012 List URLs.
4013 dsconf plugin pass-through-auth list pam-configs
4015 List PAM configurations.
4016
4018 usage: dsconf instance plugin pass-through-auth list urls [-h]
4019
4024 usage: dsconf instance plugin pass-through-auth list pam-configs [-h]
4025
4031 usage: dsconf instance plugin pass-through-auth url [-h]
4032 {add,modify,delete}
4033 ...
4034 Sub-commands
4037 dsconf plugin pass-through-auth url add
4038 Add the config entry
4039 dsconf plugin pass-through-auth url modify
4041 Edit the config entry
4042 dsconf plugin pass-through-auth url delete
4044 Delete the config entry
4045
4047 usage: dsconf instance plugin pass-through-auth url add [-h] URL
4048 URL The full LDAP URL in format "ldap|ldaps://authDS/subtree
4051 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one
4052 optional
4053 parameter is specified the rest should be specified too
4054
4058 usage: dsconf instance plugin pass-through-auth url modify [-h]
4059 OLD_URL
4060 NEW_URL
4061 OLD_URL
4064 The full LDAP URL you get from the "list" command
4065 NEW_URL
4068 The full LDAP URL in format "ldap|ldaps://authDS/subtree
4069 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one
4070 optional
4071 parameter is specified the rest should be specified too
4072
4076 usage: dsconf instance plugin pass-through-auth url delete [-h] URL
4077 URL The full LDAP URL you get from the "list" command
4080
4085 usage: dsconf instance plugin pass-through-auth pam-config [-h]
4086 NAME
4087 {add,set,show,delete}
4088 ...
4089 NAME The PAM PTA configuration name
4092 Sub-commands
4095 dsconf plugin pass-through-auth pam-config add
4096 Add the config entry
4097 dsconf plugin pass-through-auth pam-config set
4099 Edit the config entry
4100 dsconf plugin pass-through-auth pam-config show
4102 Display the config entry
4103 dsconf plugin pass-through-auth pam-config delete
4105 Delete the config entry
4106
4108 usage: dsconf instance plugin pass-through-auth pam-config NAME add
4109 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4110 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4111 [--missing-suffix {ERROR,ALLOW,IGNORE}] [--filter FILTER]
4112 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4113 ID_MAP_METHOD]
4114 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4115 SERVICE]
4116 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4120 Specifies a suffix to exclude from PAM authentication (pamEx‐
4121 cludeSuffix)
4122 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4125 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4126 fix)
4127 --missing-suffix {ERROR,ALLOW,IGNORE}
4130 Identifies how to handle missing include or exclude suffixes
4131 (pamMissingSuffix)
4132 --filter FILTER
4135 Sets an LDAP filter to use to identify specific entries within
4136 the included
4137 suffixes for which to use PAM pass-through authentication (pam‐
4138 Filter)
4139 --id-attr ID_ATTR [ID_ATTR ...]
4142 Contains the attribute name which is used to hold the PAM user
4143 ID (pamIDAttr)
4144 --id_map_method ID_MAP_METHOD
4147 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4148 tity
4149 (pamIDMapMethod)
4150 --fallback {TRUE,FALSE}
4153 Sets whether to fallback to regular LDAP authentication if PAM
4154 authentication
4155 fails (pamFallback)
4156 --secure {TRUE,FALSE}
4159 Requires secure TLS connection for PAM authentication (pamSe‐
4160 cure)
4161 --service SERVICE
4164 Contains the service name to pass to PAM (pamService)
4165
4168 usage: dsconf instance plugin pass-through-auth pam-config NAME set
4169 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4170 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4171 [--missing-suffix {ERROR,ALLOW,IGNORE}] [--filter FILTER]
4172 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4173 ID_MAP_METHOD]
4174 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4175 SERVICE]
4176 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4180 Specifies a suffix to exclude from PAM authentication (pamEx‐
4181 cludeSuffix)
4182 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4185 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4186 fix)
4187 --missing-suffix {ERROR,ALLOW,IGNORE}
4190 Identifies how to handle missing include or exclude suffixes
4191 (pamMissingSuffix)
4192 --filter FILTER
4195 Sets an LDAP filter to use to identify specific entries within
4196 the included
4197 suffixes for which to use PAM pass-through authentication (pam‐
4198 Filter)
4199 --id-attr ID_ATTR [ID_ATTR ...]
4202 Contains the attribute name which is used to hold the PAM user
4203 ID (pamIDAttr)
4204 --id_map_method ID_MAP_METHOD
4207 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4208 tity
4209 (pamIDMapMethod)
4210 --fallback {TRUE,FALSE}
4213 Sets whether to fallback to regular LDAP authentication if PAM
4214 authentication
4215 fails (pamFallback)
4216 --secure {TRUE,FALSE}
4219 Requires secure TLS connection for PAM authentication (pamSe‐
4220 cure)
4221 --service SERVICE
4224 Contains the service name to pass to PAM (pamService)
4225
4228 usage: dsconf instance plugin pass-through-auth pam-config NAME show
4229 [-h]
4230
4235 usage: dsconf instance plugin pass-through-auth pam-config NAME delete
4236 [-h]
4237
4244 usage: dsconf instance plugin retro-changelog [-h]
4245 {show,enable,disable,sta‐
4246 tus,set}
4247 ...
4248 Sub-commands
4251 dsconf plugin retro-changelog show
4252 display plugin configuration
4253 dsconf plugin retro-changelog enable
4255 enable plugin
4256 dsconf plugin retro-changelog disable
4258 disable plugin
4259 dsconf plugin retro-changelog status
4261 display plugin status
4262 dsconf plugin retro-changelog set
4264 Edit the plugin
4265
4267 usage: dsconf instance plugin retro-changelog show [-h]
4268
4273 usage: dsconf instance plugin retro-changelog enable [-h]
4274
4279 usage: dsconf instance plugin retro-changelog disable [-h]
4280
4285 usage: dsconf instance plugin retro-changelog status [-h]
4286
4291 usage: dsconf instance plugin retro-changelog set [-h]
4292 [--is-replicated
4293 {true,false}]
4294 [--attribute
4295 ATTRIBUTE]
4296 [--directory DIREC‐
4297 TORY]
4298 [--max-age MAX_AGE]
4299 [--exclude-suffix
4300 EXCLUDE_SUFFIX]
4301 --is-replicated {true,false}
4305 Sets a flag to indicate on a change in the changelog whether the
4306 change is
4307 newly made on that server or whether it was replicated over from
4308 another
4309 server (isReplicated)
4310 --attribute ATTRIBUTE
4313 Specifies another Directory Server attribute which must be
4314 included in the
4315 retro changelog entries (nsslapd-attribute)
4316 --directory DIRECTORY
4319 Specifies the name of the directory in which the changelog data‐
4320 base is created
4321 the first time the plug-in is run
4322 --max-age MAX_AGE
4325 This attribute specifies the maximum age of any entry in the
4326 changelog
4327 (nsslapd-changelogmaxage)
4328 --exclude-suffix EXCLUDE_SUFFIX
4331 This attribute specifies the suffix which will be excluded from
4332 the scope of
4333 the plugin (nsslapd-exclude-suffix)
4334
4338 usage: dsconf instance plugin posix-winsync [-h]
4339 {show,enable,disable,sta‐
4340 tus,set}
4341 ...
4342 Sub-commands
4345 dsconf plugin posix-winsync show
4346 display plugin configuration
4347 dsconf plugin posix-winsync enable
4349 enable plugin
4350 dsconf plugin posix-winsync disable
4352 disable plugin
4353 dsconf plugin posix-winsync status
4355 display plugin status
4356 dsconf plugin posix-winsync set
4358 Edit the plugin
4359
4361 usage: dsconf instance plugin posix-winsync show [-h]
4362
4367 usage: dsconf instance plugin posix-winsync enable [-h]
4368
4373 usage: dsconf instance plugin posix-winsync disable [-h]
4374
4379 usage: dsconf instance plugin posix-winsync status [-h]
4380
4385 usage: dsconf instance plugin posix-winsync set [-h]
4386 [--create-memberof-task
4387 {true,false}]
4388 [--lower-case-uid
4389 {true,false}]
4390 [--map-member-uid
4391 {true,false}]
4392 [--map-nested-grouping
4393 {true,false}]
4394 [--ms-sfu-schema
4395 {true,false}]
4396 --create-memberof-task {true,false}
4400 sets whether to run the memberOf fix-up task immediately after a
4401 sync run in
4402 order to update group memberships for synced users
4403 (posixWinsyncCreateMemberOfTask)
4404 --lower-case-uid {true,false}
4407 Sets whether to store (and, if necessary, convert) the UID value
4408 in the
4409 memberUID attribute in lower case.(posixWinsyncLowerCaseUID)
4410 --map-member-uid {true,false}
4413 Sets whether to map the memberUID attribute in an Active Direc‐
4414 tory group to
4415 the uniqueMember attribute in a Directory Server group
4416 (posixWinsyncMapMemberUID)
4417 --map-nested-grouping {true,false}
4420 Manages if nested groups are updated when memberUID attributes
4421 in an Active
4422 Directory POSIX group change (posixWinsyncMapNestedGrouping)
4423 --ms-sfu-schema {true,false}
4426 Sets whether to the older Microsoft System Services for Unix 3.0
4427 (msSFU30)
4428 schema when syncing Posix attributes from Active Directory
4429 (posixWinsyncMsSFUSchema)
4430
4434 usage: dsconf instance plugin list [-h]
4435
4440 usage: dsconf instance plugin show [-h] [selector]
4441 selector
4444 The plugin to search for
4445
4449 usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled
4450 {on,off}]
4451 [--path PATH] [--initfunc INITFUNC]
4452 [--id ID] [--vendor VENDOR]
4453 [--version VERSION]
4454 [--description DESCRIPTION]
4455 [--depends-on-type DEPENDS_ON_TYPE]
4456 [--depends-on-named DEPENDS_ON_NAMED]
4457 [--precedence PRECEDENCE]
4458 [selector]
4459 selector
4462 The plugin to edit
4463 --type TYPE
4466 The type of plugin.
4467 --enabled {on,off}
4470 Identifies whether or not the plugin is enabled.
4471 --path PATH
4474 The plugin library name (without the library suffix).
4475 --initfunc INITFUNC
4478 An initialization function of the plugin.
4479 --id ID
4482 The plugin ID.
4483 --vendor VENDOR
4486 The vendor of plugin.
4487 --version VERSION
4490 The version of plugin.
4491 --description DESCRIPTION
4494 The description of the plugin.
4495 --depends-on-type DEPENDS_ON_TYPE
4498 All plug-ins with a type value which matches one of the values
4499 in the
4500 following valid range will be started by the server prior to
4501 this plug-in.
4502 --depends-on-named DEPENDS_ON_NAMED
4505 The plug-in name matching one of the following values will be
4506 started by the
4507 server prior to this plug-in
4508 --precedence PRECEDENCE
4511 The priority it has in the execution order of plug-ins
4512
4516 usage: dsconf instance pwpolicy [-h] {get,set} ...
4517 Sub-commands
4520 dsconf pwpolicy get
4521 Get the global password policy entry
4522 dsconf pwpolicy set
4524 Set an attribute in a global password policy
4525
4527 usage: dsconf instance pwpolicy get [-h]
4528
4533 usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4534 [--pwdchange PWDCHANGE]
4535 [--pwdmustchange PWDMUSTCHANGE]
4536 [--pwdhistory PWDHISTORY]
4537 [--pwdhistorycount PWDHISTORYCOUNT]
4538 [--pwdadmin PWDADMIN]
4539 [--pwdtrack PWDTRACK]
4540 [--pwdwarning PWDWARNING]
4541 [--pwdexpire PWDEXPIRE]
4542 [--pwdmaxage PWDMAXAGE]
4543 [--pwdminage PWDMINAGE]
4544 [--pwdgracelimit PWDGRACELIMIT]
4545 [--pwdsendexpiring PWDSENDEXPIRING]
4546 [--pwdlockout PWDLOCKOUT]
4547 [--pwdunlock PWDUNLOCK]
4548 [--pwdlockoutduration PWDLOCKOUTDU‐
4549 RATION]
4550 [--pwdmaxfailures PWDMAXFAILURES]
4551 [--pwdresetfailcount PWDRESETFAIL‐
4552 COUNT]
4553 [--pwdchecksyntax PWDCHECKSYNTAX]
4554 [--pwdminlen PWDMINLEN]
4555 [--pwdmindigits PWDMINDIGITS]
4556 [--pwdminalphas PWDMINALPHAS]
4557 [--pwdminuppers PWDMINUPPERS]
4558 [--pwdminlowers PWDMINLOWERS]
4559 [--pwdminspecials PWDMINSPECIALS]
4560 [--pwdmin8bits PWDMIN8BITS]
4561 [--pwdmaxrepeats PWDMAXREPEATS]
4562 [--pwdpalindrome PWDPALINDROME]
4563 [--pwdmaxseq PWDMAXSEQ]
4564 [--pwdmaxseqsets PWDMAXSEQSETS]
4565 [--pwdmaxclasschars PWDMAXCLASS‐
4566 CHARS]
4567 [--pwdmincatagories PWDMIN‐
4568 CATAGORIES]
4569 [--pwdmintokenlen PWDMINTOKENLEN]
4570 [--pwdbadwords PWDBADWORDS]
4571 [--pwduserattrs PWDUSERATTRS]
4572 [--pwddictcheck PWDDICTCHECK]
4573 [--pwddictpath PWDDICTPATH]
4574 [--pwdlocal PWDLOCAL]
4575 [--pwdisglobal PWDISGLOBAL]
4576 [--pwdallowhash PWDALLOWHASH]
4577 --pwdscheme PWDSCHEME
4581 The password storage scheme
4582 --pwdchange PWDCHANGE
4585 Allow users to change their passwords
4586 --pwdmustchange PWDMUSTCHANGE
4589 User must change their passwrod after it is reset by an Adminis‐
4590 trator
4591 --pwdhistory PWDHISTORY
4594 To enable password history set this to "on", otherwise "off"
4595 --pwdhistorycount PWDHISTORYCOUNT
4598 The number of password to keep in history
4599 --pwdadmin PWDADMIN
4602 The DN of an entry or a group of account that can bypass pass‐
4603 word policy
4604 constraints
4605 --pwdtrack PWDTRACK
4608 Set to "on" to track the time the password was last changed
4609 --pwdwarning PWDWARNING
4612 Send an expiring warning if password expires within this time
4613 (in seconds)
4614 --pwdexpire PWDEXPIRE
4617 Set to "on" to enable password expiration
4618 --pwdmaxage PWDMAXAGE
4621 The password expiration time in seconds
4622 --pwdminage PWDMINAGE
4625 The number of seconds that must pass before a user can change
4626 their password
4627 --pwdgracelimit PWDGRACELIMIT
4630 The number of allowed logins after the password has expired
4631 --pwdsendexpiring PWDSENDEXPIRING
4634 Set to "on" to always send the expiring control regardless of
4635 the warning
4636 period
4637 --pwdlockout PWDLOCKOUT
4640 Set to "on" to enable account lockout
4641 --pwdunlock PWDUNLOCK
4644 Set to "on" to allow an account to become unlocked after the
4645 lockout duration
4646 --pwdlockoutduration PWDLOCKOUTDURATION
4649 The number of seconds an account stays locked out
4650 --pwdmaxfailures PWDMAXFAILURES
4653 The maximum number of allowed failed password attempts before
4654 the account gets
4655 locked
4656 --pwdresetfailcount PWDRESETFAILCOUNT
4659 The number of seconds to wait before reducing the failed login
4660 count on an
4661 account
4662 --pwdchecksyntax PWDCHECKSYNTAX
4665 Set to "on" to Enable password syntax checking
4666 --pwdminlen PWDMINLEN
4669 The minimum number of characters required in a password
4670 --pwdmindigits PWDMINDIGITS
4673 The minimum number of digit/number characters in a password
4674 --pwdminalphas PWDMINALPHAS
4677 The minimum number of alpha characters required in a password
4678 --pwdminuppers PWDMINUPPERS
4681 The minimum number of uppercase characters required in a pass‐
4682 word
4683 --pwdminlowers PWDMINLOWERS
4686 The minimum number of lowercase characters required in a pass‐
4687 word
4688 --pwdminspecials PWDMINSPECIALS
4691 The minimum number of special characters required in a password
4692 --pwdmin8bits PWDMIN8BITS
4695 The minimum number of 8-bit characters required in a password
4696 --pwdmaxrepeats PWDMAXREPEATS
4699 The maximum number of times the same character can appear
4700 sequentially in the
4701 password
4702 --pwdpalindrome PWDPALINDROME
4705 Set to "on" to reject passwords that are palindromes
4706 --pwdmaxseq PWDMAXSEQ
4709 The maximum number of allowed monotonic character sequences in a
4710 password
4711 --pwdmaxseqsets PWDMAXSEQSETS
4714 The maximum number of allowed monotonic character sequences that
4715 can be
4716 duplicated in a password
4717 --pwdmaxclasschars PWDMAXCLASSCHARS
4720 The maximum number of sequential characters from the same char‐
4721 acter class that
4722 is allowed in a password
4723 --pwdmincatagories PWDMINCATAGORIES
4726 The minimum number of syntax catagory checks
4727 --pwdmintokenlen PWDMINTOKENLEN
4730 Sets the smallest attribute value length that is used for triv‐
4731 ial/user words
4732 checking. This also impacts "--pwduserattrs"
4733 --pwdbadwords PWDBADWORDS
4736 A space-separated list of words that can not be in a password
4737 --pwduserattrs PWDUSERATTRS
4740 A space-separated list of attributes whose values can not appear
4741 in the
4742 password (See "--pwdmintokenlen")
4743 --pwddictcheck PWDDICTCHECK
4746 Set to "on" to enfore CrackLib dictionary checking
4747 --pwddictpath PWDDICTPATH
4750 Filesystem path to specific/custom CrackLib dictionary files
4751 --pwdlocal PWDLOCAL
4754 Set to "on" to enable fine-grained (subtree/user-level) password
4755 policies
4756 --pwdisglobal PWDISGLOBAL
4759 Set to "on" to enable password policy state attributesto be
4760 replicated
4761 --pwdallowhash PWDALLOWHASH
4764 Set to "on" to allow adding prehashed passwords
4765
4769 usage: dsconf instance localpwp [-h]
4770 {list,get,set,remove,adduser,addsub‐
4771 tree} ...
4772 Sub-commands
4775 dsconf localpwp list
4776 List all the local password policies
4777 dsconf localpwp get
4779 Get local password policy entry
4780 dsconf localpwp set
4782 Set an attribute in a local password policy
4783 dsconf localpwp remove
4785 Remove a local password policy
4786 dsconf localpwp adduser
4788 Add new user password policy
4789 dsconf localpwp addsubtree
4791 Add new subtree password policy
4792
4794 usage: dsconf instance localpwp list [-h] DN
4795 DN Suffix to search for local password policies
4798
4802 usage: dsconf instance localpwp get [-h] DN
4803 DN Get the local policy for this entry DN
4806
4810 usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
4811 [--pwdchange PWDCHANGE]
4812 [--pwdmustchange PWDMUSTCHANGE]
4813 [--pwdhistory PWDHISTORY]
4814 [--pwdhistorycount PWDHISTORYCOUNT]
4815 [--pwdadmin PWDADMIN]
4816 [--pwdtrack PWDTRACK]
4817 [--pwdwarning PWDWARNING]
4818 [--pwdexpire PWDEXPIRE]
4819 [--pwdmaxage PWDMAXAGE]
4820 [--pwdminage PWDMINAGE]
4821 [--pwdgracelimit PWDGRACELIMIT]
4822 [--pwdsendexpiring PWDSENDEXPIRING]
4823 [--pwdlockout PWDLOCKOUT]
4824 [--pwdunlock PWDUNLOCK]
4825 [--pwdlockoutduration PWDLOCKOUTDU‐
4826 RATION]
4827 [--pwdmaxfailures PWDMAXFAILURES]
4828 [--pwdresetfailcount PWDRESETFAIL‐
4829 COUNT]
4830 [--pwdchecksyntax PWDCHECKSYNTAX]
4831 [--pwdminlen PWDMINLEN]
4832 [--pwdmindigits PWDMINDIGITS]
4833 [--pwdminalphas PWDMINALPHAS]
4834 [--pwdminuppers PWDMINUPPERS]
4835 [--pwdminlowers PWDMINLOWERS]
4836 [--pwdminspecials PWDMINSPECIALS]
4837 [--pwdmin8bits PWDMIN8BITS]
4838 [--pwdmaxrepeats PWDMAXREPEATS]
4839 [--pwdpalindrome PWDPALINDROME]
4840 [--pwdmaxseq PWDMAXSEQ]
4841 [--pwdmaxseqsets PWDMAXSEQSETS]
4842 [--pwdmaxclasschars PWDMAXCLASS‐
4843 CHARS]
4844 [--pwdmincatagories PWDMIN‐
4845 CATAGORIES]
4846 [--pwdmintokenlen PWDMINTOKENLEN]
4847 [--pwdbadwords PWDBADWORDS]
4848 [--pwduserattrs PWDUSERATTRS]
4849 [--pwddictcheck PWDDICTCHECK]
4850 [--pwddictpath PWDDICTPATH]
4851 DN
4852 DN Set the local policy for this entry DN
4855 --pwdscheme PWDSCHEME
4858 The password storage scheme
4859 --pwdchange PWDCHANGE
4862 Allow users to change their passwords
4863 --pwdmustchange PWDMUSTCHANGE
4866 User must change their passwrod after it is reset by an Adminis‐
4867 trator
4868 --pwdhistory PWDHISTORY
4871 To enable password history set this to "on", otherwise "off"
4872 --pwdhistorycount PWDHISTORYCOUNT
4875 The number of password to keep in history
4876 --pwdadmin PWDADMIN
4879 The DN of an entry or a group of account that can bypass pass‐
4880 word policy
4881 constraints
4882 --pwdtrack PWDTRACK
4885 Set to "on" to track the time the password was last changed
4886 --pwdwarning PWDWARNING
4889 Send an expiring warning if password expires within this time
4890 (in seconds)
4891 --pwdexpire PWDEXPIRE
4894 Set to "on" to enable password expiration
4895 --pwdmaxage PWDMAXAGE
4898 The password expiration time in seconds
4899 --pwdminage PWDMINAGE
4902 The number of seconds that must pass before a user can change
4903 their password
4904 --pwdgracelimit PWDGRACELIMIT
4907 The number of allowed logins after the password has expired
4908 --pwdsendexpiring PWDSENDEXPIRING
4911 Set to "on" to always send the expiring control regardless of
4912 the warning
4913 period
4914 --pwdlockout PWDLOCKOUT
4917 Set to "on" to enable account lockout
4918 --pwdunlock PWDUNLOCK
4921 Set to "on" to allow an account to become unlocked after the
4922 lockout duration
4923 --pwdlockoutduration PWDLOCKOUTDURATION
4926 The number of seconds an account stays locked out
4927 --pwdmaxfailures PWDMAXFAILURES
4930 The maximum number of allowed failed password attempts before
4931 the account gets
4932 locked
4933 --pwdresetfailcount PWDRESETFAILCOUNT
4936 The number of seconds to wait before reducing the failed login
4937 count on an
4938 account
4939 --pwdchecksyntax PWDCHECKSYNTAX
4942 Set to "on" to Enable password syntax checking
4943 --pwdminlen PWDMINLEN
4946 The minimum number of characters required in a password
4947 --pwdmindigits PWDMINDIGITS
4950 The minimum number of digit/number characters in a password
4951 --pwdminalphas PWDMINALPHAS
4954 The minimum number of alpha characters required in a password
4955 --pwdminuppers PWDMINUPPERS
4958 The minimum number of uppercase characters required in a pass‐
4959 word
4960 --pwdminlowers PWDMINLOWERS
4963 The minimum number of lowercase characters required in a pass‐
4964 word
4965 --pwdminspecials PWDMINSPECIALS
4968 The minimum number of special characters required in a password
4969 --pwdmin8bits PWDMIN8BITS
4972 The minimum number of 8-bit characters required in a password
4973 --pwdmaxrepeats PWDMAXREPEATS
4976 The maximum number of times the same character can appear
4977 sequentially in the
4978 password
4979 --pwdpalindrome PWDPALINDROME
4982 Set to "on" to reject passwords that are palindromes
4983 --pwdmaxseq PWDMAXSEQ
4986 The maximum number of allowed monotonic character sequences in a
4987 password
4988 --pwdmaxseqsets PWDMAXSEQSETS
4991 The maximum number of allowed monotonic character sequences that
4992 can be
4993 duplicated in a password
4994 --pwdmaxclasschars PWDMAXCLASSCHARS
4997 The maximum number of sequential characters from the same char‐
4998 acter class that
4999 is allowed in a password
5000 --pwdmincatagories PWDMINCATAGORIES
5003 The minimum number of syntax catagory checks
5004 --pwdmintokenlen PWDMINTOKENLEN
5007 Sets the smallest attribute value length that is used for triv‐
5008 ial/user words
5009 checking. This also impacts "--pwduserattrs"
5010 --pwdbadwords PWDBADWORDS
5013 A space-separated list of words that can not be in a password
5014 --pwduserattrs PWDUSERATTRS
5017 A space-separated list of attributes whose values can not appear
5018 in the
5019 password (See "--pwdmintokenlen")
5020 --pwddictcheck PWDDICTCHECK
5023 Set to "on" to enfore CrackLib dictionary checking
5024 --pwddictpath PWDDICTPATH
5027 Filesystem path to specific/custom CrackLib dictionary files
5028
5031 usage: dsconf instance localpwp remove [-h] DN
5032 DN Remove local policy for this entry DN
5035
5039 usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5040 [--pwdchange PWDCHANGE]
5041 [--pwdmustchange PWDMUSTCHANGE]
5042 [--pwdhistory PWDHISTORY]
5043 [--pwdhistorycount PWDHISTO‐
5044 RYCOUNT]
5045 [--pwdadmin PWDADMIN]
5046 [--pwdtrack PWDTRACK]
5047 [--pwdwarning PWDWARNING]
5048 [--pwdexpire PWDEXPIRE]
5049 [--pwdmaxage PWDMAXAGE]
5050 [--pwdminage PWDMINAGE]
5051 [--pwdgracelimit PWDGRACELIMIT]
5052 [--pwdsendexpiring PWDSENDEX‐
5053 PIRING]
5054 [--pwdlockout PWDLOCKOUT]
5055 [--pwdunlock PWDUNLOCK]
5056 [--pwdlockoutduration PWDLOCK‐
5057 OUTDURATION]
5058 [--pwdmaxfailures PWDMAXFAIL‐
5059 URES]
5060 [--pwdresetfailcount PWDRESET‐
5061 FAILCOUNT]
5062 [--pwdchecksyntax PWDCHECKSYN‐
5063 TAX]
5064 [--pwdminlen PWDMINLEN]
5065 [--pwdmindigits PWDMINDIGITS]
5066 [--pwdminalphas PWDMINALPHAS]
5067 [--pwdminuppers PWDMINUPPERS]
5068 [--pwdminlowers PWDMINLOWERS]
5069 [--pwdminspecials PWDMINSPE‐
5070 CIALS]
5071 [--pwdmin8bits PWDMIN8BITS]
5072 [--pwdmaxrepeats PWDMAXREPEATS]
5073 [--pwdpalindrome PWDPALINDROME]
5074 [--pwdmaxseq PWDMAXSEQ]
5075 [--pwdmaxseqsets PWDMAXSEQSETS]
5076 [--pwdmaxclasschars PWDMAX‐
5077 CLASSCHARS]
5078 [--pwdmincatagories PWDMIN‐
5079 CATAGORIES]
5080 [--pwdmintokenlen PWDMINTO‐
5081 KENLEN]
5082 [--pwdbadwords PWDBADWORDS]
5083 [--pwduserattrs PWDUSERATTRS]
5084 [--pwddictcheck PWDDICTCHECK]
5085 [--pwddictpath PWDDICTPATH]
5086 DN
5087 DN Add/replace the local password policy for this entry DN
5090 --pwdscheme PWDSCHEME
5093 The password storage scheme
5094 --pwdchange PWDCHANGE
5097 Allow users to change their passwords
5098 --pwdmustchange PWDMUSTCHANGE
5101 User must change their passwrod after it is reset by an Adminis‐
5102 trator
5103 --pwdhistory PWDHISTORY
5106 To enable password history set this to "on", otherwise "off"
5107 --pwdhistorycount PWDHISTORYCOUNT
5110 The number of password to keep in history
5111 --pwdadmin PWDADMIN
5114 The DN of an entry or a group of account that can bypass pass‐
5115 word policy
5116 constraints
5117 --pwdtrack PWDTRACK
5120 Set to "on" to track the time the password was last changed
5121 --pwdwarning PWDWARNING
5124 Send an expiring warning if password expires within this time
5125 (in seconds)
5126 --pwdexpire PWDEXPIRE
5129 Set to "on" to enable password expiration
5130 --pwdmaxage PWDMAXAGE
5133 The password expiration time in seconds
5134 --pwdminage PWDMINAGE
5137 The number of seconds that must pass before a user can change
5138 their password
5139 --pwdgracelimit PWDGRACELIMIT
5142 The number of allowed logins after the password has expired
5143 --pwdsendexpiring PWDSENDEXPIRING
5146 Set to "on" to always send the expiring control regardless of
5147 the warning
5148 period
5149 --pwdlockout PWDLOCKOUT
5152 Set to "on" to enable account lockout
5153 --pwdunlock PWDUNLOCK
5156 Set to "on" to allow an account to become unlocked after the
5157 lockout duration
5158 --pwdlockoutduration PWDLOCKOUTDURATION
5161 The number of seconds an account stays locked out
5162 --pwdmaxfailures PWDMAXFAILURES
5165 The maximum number of allowed failed password attempts before
5166 the account gets
5167 locked
5168 --pwdresetfailcount PWDRESETFAILCOUNT
5171 The number of seconds to wait before reducing the failed login
5172 count on an
5173 account
5174 --pwdchecksyntax PWDCHECKSYNTAX
5177 Set to "on" to Enable password syntax checking
5178 --pwdminlen PWDMINLEN
5181 The minimum number of characters required in a password
5182 --pwdmindigits PWDMINDIGITS
5185 The minimum number of digit/number characters in a password
5186 --pwdminalphas PWDMINALPHAS
5189 The minimum number of alpha characters required in a password
5190 --pwdminuppers PWDMINUPPERS
5193 The minimum number of uppercase characters required in a pass‐
5194 word
5195 --pwdminlowers PWDMINLOWERS
5198 The minimum number of lowercase characters required in a pass‐
5199 word
5200 --pwdminspecials PWDMINSPECIALS
5203 The minimum number of special characters required in a password
5204 --pwdmin8bits PWDMIN8BITS
5207 The minimum number of 8-bit characters required in a password
5208 --pwdmaxrepeats PWDMAXREPEATS
5211 The maximum number of times the same character can appear
5212 sequentially in the
5213 password
5214 --pwdpalindrome PWDPALINDROME
5217 Set to "on" to reject passwords that are palindromes
5218 --pwdmaxseq PWDMAXSEQ
5221 The maximum number of allowed monotonic character sequences in a
5222 password
5223 --pwdmaxseqsets PWDMAXSEQSETS
5226 The maximum number of allowed monotonic character sequences that
5227 can be
5228 duplicated in a password
5229 --pwdmaxclasschars PWDMAXCLASSCHARS
5232 The maximum number of sequential characters from the same char‐
5233 acter class that
5234 is allowed in a password
5235 --pwdmincatagories PWDMINCATAGORIES
5238 The minimum number of syntax catagory checks
5239 --pwdmintokenlen PWDMINTOKENLEN
5242 Sets the smallest attribute value length that is used for triv‐
5243 ial/user words
5244 checking. This also impacts "--pwduserattrs"
5245 --pwdbadwords PWDBADWORDS
5248 A space-separated list of words that can not be in a password
5249 --pwduserattrs PWDUSERATTRS
5252 A space-separated list of attributes whose values can not appear
5253 in the
5254 password (See "--pwdmintokenlen")
5255 --pwddictcheck PWDDICTCHECK
5258 Set to "on" to enfore CrackLib dictionary checking
5259 --pwddictpath PWDDICTPATH
5262 Filesystem path to specific/custom CrackLib dictionary files
5263
5266 usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5267 [--pwdchange PWDCHANGE]
5268 [--pwdmustchange PWD‐
5269 MUSTCHANGE]
5270 [--pwdhistory PWDHISTORY]
5271 [--pwdhistorycount PWDHISTO‐
5272 RYCOUNT]
5273 [--pwdadmin PWDADMIN]
5274 [--pwdtrack PWDTRACK]
5275 [--pwdwarning PWDWARNING]
5276 [--pwdexpire PWDEXPIRE]
5277 [--pwdmaxage PWDMAXAGE]
5278 [--pwdminage PWDMINAGE]
5279 [--pwdgracelimit PWDGRACE‐
5280 LIMIT]
5281 [--pwdsendexpiring PWDSEND‐
5282 EXPIRING]
5283 [--pwdlockout PWDLOCKOUT]
5284 [--pwdunlock PWDUNLOCK]
5285 [--pwdlockoutduration PWD‐
5286 LOCKOUTDURATION]
5287 [--pwdmaxfailures PWDMAX‐
5288 FAILURES]
5289 [--pwdresetfailcount
5290 PWDRESETFAILCOUNT]
5291 [--pwdchecksyntax PWD‐
5292 CHECKSYNTAX]
5293 [--pwdminlen PWDMINLEN]
5294 [--pwdmindigits PWDMINDIG‐
5295 ITS]
5296 [--pwdminalphas PWDMINAL‐
5297 PHAS]
5298 [--pwdminuppers PWDMINUP‐
5299 PERS]
5300 [--pwdminlowers PWDMINLOW‐
5301 ERS]
5302 [--pwdminspecials PWDMINSPE‐
5303 CIALS]
5304 [--pwdmin8bits PWDMIN8BITS]
5305 [--pwdmaxrepeats PWDMAXRE‐
5306 PEATS]
5307 [--pwdpalindrome PWDPALIN‐
5308 DROME]
5309 [--pwdmaxseq PWDMAXSEQ]
5310 [--pwdmaxseqsets PWDMAXSE‐
5311 QSETS]
5312 [--pwdmaxclasschars PWDMAX‐
5313 CLASSCHARS]
5314 [--pwdmincatagories PWDMIN‐
5315 CATAGORIES]
5316 [--pwdmintokenlen PWDMINTO‐
5317 KENLEN]
5318 [--pwdbadwords PWDBADWORDS]
5319 [--pwduserattrs PWDUSERAT‐
5320 TRS]
5321 [--pwddictcheck PWD‐
5322 DICTCHECK]
5323 [--pwddictpath PWDDICTPATH]
5324 DN
5325 DN Add/replace the subtree policy for this entry DN
5328 --pwdscheme PWDSCHEME
5331 The password storage scheme
5332 --pwdchange PWDCHANGE
5335 Allow users to change their passwords
5336 --pwdmustchange PWDMUSTCHANGE
5339 User must change their passwrod after it is reset by an Adminis‐
5340 trator
5341 --pwdhistory PWDHISTORY
5344 To enable password history set this to "on", otherwise "off"
5345 --pwdhistorycount PWDHISTORYCOUNT
5348 The number of password to keep in history
5349 --pwdadmin PWDADMIN
5352 The DN of an entry or a group of account that can bypass pass‐
5353 word policy
5354 constraints
5355 --pwdtrack PWDTRACK
5358 Set to "on" to track the time the password was last changed
5359 --pwdwarning PWDWARNING
5362 Send an expiring warning if password expires within this time
5363 (in seconds)
5364 --pwdexpire PWDEXPIRE
5367 Set to "on" to enable password expiration
5368 --pwdmaxage PWDMAXAGE
5371 The password expiration time in seconds
5372 --pwdminage PWDMINAGE
5375 The number of seconds that must pass before a user can change
5376 their password
5377 --pwdgracelimit PWDGRACELIMIT
5380 The number of allowed logins after the password has expired
5381 --pwdsendexpiring PWDSENDEXPIRING
5384 Set to "on" to always send the expiring control regardless of
5385 the warning
5386 period
5387 --pwdlockout PWDLOCKOUT
5390 Set to "on" to enable account lockout
5391 --pwdunlock PWDUNLOCK
5394 Set to "on" to allow an account to become unlocked after the
5395 lockout duration
5396 --pwdlockoutduration PWDLOCKOUTDURATION
5399 The number of seconds an account stays locked out
5400 --pwdmaxfailures PWDMAXFAILURES
5403 The maximum number of allowed failed password attempts before
5404 the account gets
5405 locked
5406 --pwdresetfailcount PWDRESETFAILCOUNT
5409 The number of seconds to wait before reducing the failed login
5410 count on an
5411 account
5412 --pwdchecksyntax PWDCHECKSYNTAX
5415 Set to "on" to Enable password syntax checking
5416 --pwdminlen PWDMINLEN
5419 The minimum number of characters required in a password
5420 --pwdmindigits PWDMINDIGITS
5423 The minimum number of digit/number characters in a password
5424 --pwdminalphas PWDMINALPHAS
5427 The minimum number of alpha characters required in a password
5428 --pwdminuppers PWDMINUPPERS
5431 The minimum number of uppercase characters required in a pass‐
5432 word
5433 --pwdminlowers PWDMINLOWERS
5436 The minimum number of lowercase characters required in a pass‐
5437 word
5438 --pwdminspecials PWDMINSPECIALS
5441 The minimum number of special characters required in a password
5442 --pwdmin8bits PWDMIN8BITS
5445 The minimum number of 8-bit characters required in a password
5446 --pwdmaxrepeats PWDMAXREPEATS
5449 The maximum number of times the same character can appear
5450 sequentially in the
5451 password
5452 --pwdpalindrome PWDPALINDROME
5455 Set to "on" to reject passwords that are palindromes
5456 --pwdmaxseq PWDMAXSEQ
5459 The maximum number of allowed monotonic character sequences in a
5460 password
5461 --pwdmaxseqsets PWDMAXSEQSETS
5464 The maximum number of allowed monotonic character sequences that
5465 can be
5466 duplicated in a password
5467 --pwdmaxclasschars PWDMAXCLASSCHARS
5470 The maximum number of sequential characters from the same char‐
5471 acter class that
5472 is allowed in a password
5473 --pwdmincatagories PWDMINCATAGORIES
5476 The minimum number of syntax catagory checks
5477 --pwdmintokenlen PWDMINTOKENLEN
5480 Sets the smallest attribute value length that is used for triv‐
5481 ial/user words
5482 checking. This also impacts "--pwduserattrs"
5483 --pwdbadwords PWDBADWORDS
5486 A space-separated list of words that can not be in a password
5487 --pwduserattrs PWDUSERATTRS
5490 A space-separated list of attributes whose values can not appear
5491 in the
5492 password (See "--pwdmintokenlen")
5493 --pwddictcheck PWDDICTCHECK
5496 Set to "on" to enfore CrackLib dictionary checking
5497 --pwddictpath PWDDICTPATH
5500 Filesystem path to specific/custom CrackLib dictionary files
5501
5505 usage: dsconf instance replication [-h]
5506 {enable,disable,list,promote,create-
5507 manager,delete-manager,demote,get,create-changelog,delete-
5508 changelog,set-changelog,get-changelog,set}
5509 ...
5510 Sub-commands
5513 dsconf replication enable
5514 Enable replication for a suffix
5515 dsconf replication disable
5517 Disable replication for a suffix
5518 dsconf replication list
5520 List all the replicated suffixes
5521 dsconf replication promote
5523 Promte replica to a Hub or Master
5524 dsconf replication create-manager
5526 Create a replication manager entry
5527 dsconf replication delete-manager
5529 Delete a replication manager entry
5530 dsconf replication demote
5532 Demote replica to a Hub or Consumer
5533 dsconf replication get
5535 Get replication configuration
5536 dsconf replication create-changelog
5538 Create the replication changelog
5539 dsconf replication delete-changelog
5541 Delete the replication changelog. This will invalidate any
5542 existing replication agreements
5543 dsconf replication set-changelog
5545 Set replication changelog attributes.
5546 dsconf replication get-changelog
5548 Display replication changelog attributes.
5549 dsconf replication set
5551 Set an attribute in the replication configuration
5552
5554 usage: dsconf instance replication enable [-h] --suffix SUFFIX --role
5555 ROLE
5556 [--replica-id REPLICA_ID]
5557 [--bind-group-dn
5558 BIND_GROUP_DN]
5559 [--bind-dn BIND_DN]
5560 [--bind-passwd BIND_PASSWD]
5561 --suffix SUFFIX
5565 The DN of the suffix to be enabled for replication
5566 --role ROLE
5569 The Replication role: "master", "hub", or "consumer"
5570 --replica-id REPLICA_ID
5573 The replication identifier for a "master". Values range from 1 -
5574 65534
5575 --bind-group-dn BIND_GROUP_DN
5578 A group entry DN containing members that are "bind/supplier" DNs
5579 --bind-dn BIND_DN
5582 The Bind or Supplier DN that can make replication updates
5583 --bind-passwd BIND_PASSWD
5586 Password for replication manager(--bind-dn). This will create
5587 the manager
5588 entry if a value is set
5589
5592 usage: dsconf instance replication disable [-h] --suffix SUFFIX
5593 --suffix SUFFIX
5597 The DN of the suffix to have replication disabled
5598
5601 usage: dsconf instance replication list [-h]
5602
5607 usage: dsconf instance replication promote [-h] --suffix SUFFIX --new‐
5608 role
5609 NEWROLE [--replica-id
5610 REPLICA_ID]
5611 [--bind-group-dn
5612 BIND_GROUP_DN]
5613 [--bind-dn BIND_DN]
5614 --suffix SUFFIX
5618 The DN of the replication suffix to promote
5619 --newrole NEWROLE
5622 Promote this replica to a "hub" or "master"
5623 --replica-id REPLICA_ID
5626 The replication identifier for a "master". Values range from 1 -
5627 65534
5628 --bind-group-dn BIND_GROUP_DN
5631 A group entry DN containing members that are "bind/supplier" DNs
5632 --bind-dn BIND_DN
5635 The Bind or Supplier DN that can make replication updates
5636
5639 usage: dsconf instance replication create-manager [-h] [--name NAME]
5640 [--passwd PASSWD]
5641 [--suffix SUFFIX]
5642 --name NAME
5646 The NAME of the new replication manager entry. For example, if
5647 the NAME is
5648 "replication manager" then the new manager entry's DN would be
5649 "cn=replication
5650 manager,cn=config".
5651 --passwd PASSWD
5654 Password for replication manager. If not provided, you will be
5655 prompted for
5656 the password
5657 --suffix SUFFIX
5660 The DN of the replication suffix whose replication configuration
5661 you want to
5662 add this new manager to (OPTIONAL)
5663
5666 usage: dsconf instance replication delete-manager [-h] [--name NAME]
5667 [--suffix SUFFIX]
5668 --name NAME
5672 The NAME of the replication manager entry under cn=config:
5673 "cn=NAME,cn=config"
5674 --suffix SUFFIX
5677 The DN of the replication suffix whose replication configuration
5678 you want to
5679 remove this manager from (OPTIONAL)
5680
5683 usage: dsconf instance replication demote [-h] --suffix SUFFIX --new‐
5684 role
5685 NEWROLE
5686 --suffix SUFFIX
5690 Promte this replica to a "hub" or "consumer"
5691 --newrole NEWROLE
5694 The Replication role: "hub", or "consumer"
5695
5698 usage: dsconf instance replication get [-h] --suffix SUFFIX
5699 --suffix SUFFIX
5703 Get the replication configuration for this suffix DN
5704
5707 usage: dsconf instance replication create-changelog [-h]
5708
5713 usage: dsconf instance replication delete-changelog [-h]
5714
5719 usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR]
5720 [--max-entries
5721 MAX_ENTRIES]
5722 [--max-age MAX_AGE]
5723 [--compact-interval
5724 COMPACT_INTERVAL]
5725 [--trim-interval
5726 TRIM_INTERVAL]
5727 --cl-dir CL_DIR
5731 The replication changelog location on the filesystem
5732 --max-entries MAX_ENTRIES
5735 The maximum number of entries to get in the replication
5736 changelog
5737 --max-age MAX_AGE
5740 The maximum age of a replication changelog entry
5741 --compact-interval COMPACT_INTERVAL
5744 The replication changelog compaction interval
5745 --trim-interval TRIM_INTERVAL
5748 The interval to check if the replication changelog can be
5749 trimmed
5750
5753 usage: dsconf instance replication get-changelog [-h]
5754
5759 usage: dsconf instance replication set [-h] --suffix SUFFIX
5760 [--replica-id REPLICA_ID]
5761 [--replica-role REPLICA_ROLE]
5762 [--repl-add-bind-dn
5763 REPL_ADD_BIND_DN]
5764 [--repl-del-bind-dn
5765 REPL_DEL_BIND_DN]
5766 [--repl-add-ref REPL_ADD_REF]
5767 [--repl-del-ref REPL_DEL_REF]
5768 [--repl-purge-delay
5769 REPL_PURGE_DELAY]
5770 [--repl-tombstone-purge-interval
5771 REPL_TOMBSTONE_PURGE_INTERVAL]
5772 [--repl-fast-tombstone-purging
5773 REPL_FAST_TOMBSTONE_PURGING]
5774 [--repl-bind-group
5775 REPL_BIND_GROUP]
5776 [--repl-bind-group-interval
5777 REPL_BIND_GROUP_INTERVAL]
5778 [--repl-protocol-timeout
5779 REPL_PROTOCOL_TIMEOUT]
5780 [--repl-backoff-max REPL_BACK‐
5781 OFF_MAX]
5782 [--repl-backoff-min REPL_BACK‐
5783 OFF_MIN]
5784 [--repl-release-timeout
5785 REPL_RELEASE_TIMEOUT]
5786 --suffix SUFFIX
5790 The DN of the replication suffix
5791 --replica-id REPLICA_ID
5794 The Replication Identifier number
5795 --replica-role REPLICA_ROLE
5798 The Replication role: master, hub, or consumer
5799 --repl-add-bind-dn REPL_ADD_BIND_DN
5802 Add a bind (supplier) DN
5803 --repl-del-bind-dn REPL_DEL_BIND_DN
5806 Remove a bind (supplier) DN
5807 --repl-add-ref REPL_ADD_REF
5810 Add a replication referral (for consumers only)
5811 --repl-del-ref REPL_DEL_REF
5814 Remove a replication referral (for conusmers only)
5815 --repl-purge-delay REPL_PURGE_DELAY
5818 The replication purge delay
5819 --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
5822 The interval in seconds to check for tombstones that can be
5823 purged
5824 --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
5827 Set to "on" to improve tombstone purging performance
5828 --repl-bind-group REPL_BIND_GROUP
5831 A group entry DN containing members that are "bind/supplier" DNs
5832 --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
5835 An interval in seconds to check if the bind group has been
5836 updated
5837 --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
5840 A timeout in seconds on how long to wait before stopping repli‐
5841 cation when the
5842 server is under load
5843 --repl-backoff-max REPL_BACKOFF_MAX
5846 The maximum time in seconds a replication agreement should stay
5847 in a backoff
5848 state while waiting to acquire the consumer. Default is 300 sec‐
5849 onds
5850 --repl-backoff-min REPL_BACKOFF_MIN
5853 The starting time in seconds a replication agreement should stay
5854 in a backoff
5855 state while waiting to acquire the consumer. Default is 3 sec‐
5856 onds
5857 --repl-release-timeout REPL_RELEASE_TIMEOUT
5860 A timeout in seconds a replication master should send updates
5861 before it yields
5862 its replication session
5863
5867 usage: dsconf instance repl-agmt [-h]
5868 {list,enable,disable,init,init-sta‐
5869 tus,poke,status,delete,create,set,get}
5870 ...
5871 Sub-commands
5874 dsconf repl-agmt list
5875 List all the replication agreements
5876 dsconf repl-agmt enable
5878 Enable replication agreement
5879 dsconf repl-agmt disable
5881 Disable replication agreement
5882 dsconf repl-agmt init
5884 Initialize replication agreement
5885 dsconf repl-agmt init-status
5887 Check the agreement initialization status
5888 dsconf repl-agmt poke
5890 Trigger replication to send updates now
5891 dsconf repl-agmt status
5893 Get the current status of the replication agreement
5894 dsconf repl-agmt delete
5896 Delete replication agreement
5897 dsconf repl-agmt create
5899 Initialize replication agreement
5900 dsconf repl-agmt set
5902 Set an attribute in the replication agreement
5903 dsconf repl-agmt get
5905 Get replication configuration
5906
5908 usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry
5909 ENTRY]
5910 --suffix SUFFIX
5914 The DN of the suffix to look up replication agreements
5915 --entry ENTRY
5918 Return the entire entry for each agreement
5919
5922 usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
5923 AGMT_NAME
5926 The name of the replication agreement
5927 --suffix SUFFIX
5930 The DN of the replication suffix
5931
5934 usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
5935 AGMT_NAME
5938 The name of the replication agreement
5939 --suffix SUFFIX
5942 The DN of the replication suffix
5943
5946 usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
5947 AGMT_NAME
5950 The name of the replication agreement
5951 --suffix SUFFIX
5954 The DN of the replication suffix
5955
5958 usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX
5959 AGMT_NAME
5960 AGMT_NAME
5963 The name of the replication agreement
5964 --suffix SUFFIX
5967 The DN of the replication suffix
5968
5971 usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
5972 AGMT_NAME
5975 The name of the replication agreement
5976 --suffix SUFFIX
5979 The DN of the replication suffix
5980
5983 usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
5984 [--bind-dn BIND_DN]
5985 [--bind-passwd BIND_PASSWD]
5986 AGMT_NAME
5987 AGMT_NAME
5990 The name of the replication agreement
5991 --suffix SUFFIX
5994 The DN of the replication suffix
5995 --bind-dn BIND_DN
5998 Set the DN to bind to the consumer
5999 --bind-passwd BIND_PASSWD
6002 The password for the bind DN
6003
6006 usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6007 AGMT_NAME
6010 The name of the replication agreement
6011 --suffix SUFFIX
6014 The DN of the replication suffix
6015
6018 usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host
6019 HOST
6020 --port PORT --conn-protocol
6021 CONN_PROTOCOL [--bind-dn
6022 BIND_DN]
6023 [--bind-passwd BIND_PASSWD]
6024 --bind-method BIND_METHOD
6025 [--frac-list FRAC_LIST]
6026 [--frac-list-total
6027 FRAC_LIST_TOTAL]
6028 [--strip-list STRIP_LIST]
6029 [--schedule SCHEDULE]
6030 [--conn-timeout CONN_TIMEOUT]
6031 [--protocol-timeout PROTO‐
6032 COL_TIMEOUT]
6033 [--wait-async-results
6034 WAIT_ASYNC_RESULTS]
6035 [--busy-wait-time
6036 BUSY_WAIT_TIME]
6037 [--session-pause-time SES‐
6038 SION_PAUSE_TIME]
6039 [--flow-control-window
6040 FLOW_CONTROL_WINDOW]
6041 [--flow-control-pause FLOW_CON‐
6042 TROL_PAUSE]
6043 [--init]
6044 AGMT_NAME
6045 AGMT_NAME
6048 The name of the replication agreement
6049 --suffix SUFFIX
6052 The DN of the replication suffix
6053 --host HOST
6056 The hostname of the remote replica
6057 --port PORT
6060 The port number of the remote replica
6061 --conn-protocol CONN_PROTOCOL
6064 The replication connection protocol: LDAP, LDAPS, or StartTLS
6065 --bind-dn BIND_DN
6068 The Bind DN the agreement uses to authenticate to the replica
6069 --bind-passwd BIND_PASSWD
6072 The credentials for the Bind DN
6073 --bind-method BIND_METHOD
6076 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6077 "SASL/GSSAPI"
6078 --frac-list FRAC_LIST
6081 List of attributes to NOT replicate to the consumer during
6082 incremental updates
6083 --frac-list-total FRAC_LIST_TOTAL
6086 List of attributes to NOT replicate during a total initializa‐
6087 tion
6088 --strip-list STRIP_LIST
6091 A list of attributes that are removed from updates only if the
6092 event would
6093 otherwise be empty. Typically this is set to "modifiersname" and
6094 "modifytimestmap"
6095 --schedule SCHEDULE
6098 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6099 0-6 (Sunday -
6100 Saturday).
6101 --conn-timeout CONN_TIMEOUT
6104 The timeout used for replicaton connections
6105 --protocol-timeout PROTOCOL_TIMEOUT
6108 A timeout in seconds on how long to wait before stopping repli‐
6109 cation when the
6110 server is under load
6111 --wait-async-results WAIT_ASYNC_RESULTS
6114 The amount of time in milliseconds the server waits if the con‐
6115 sumer is not
6116 ready before resending data
6117 --busy-wait-time BUSY_WAIT_TIME
6120 The amount of time in seconds a supplier should wait after a
6121 consumer sends
6122 back a busy response before making another attempt to acquire
6123 access.
6124 --session-pause-time SESSION_PAUSE_TIME
6127 The amount of time in seconds a supplier should wait between
6128 update sessions.
6129 --flow-control-window FLOW_CONTROL_WINDOW
6132 Sets the maximum number of entries and updates sent by a sup‐
6133 plier, which are
6134 not acknowledged by the consumer.
6135 --flow-control-pause FLOW_CONTROL_PAUSE
6138 The time in milliseconds to pause after reaching the number of
6139 entries and
6140 updates set in "--flow-control-window"
6141 --init Initialize the agreement after creating it.
6144
6147 usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6148 [--port PORT]
6149 [--conn-protocol CONN_PROTOCOL]
6150 [--bind-dn BIND_DN]
6151 [--bind-passwd BIND_PASSWD]
6152 [--bind-method BIND_METHOD]
6153 [--frac-list FRAC_LIST]
6154 [--frac-list-total
6155 FRAC_LIST_TOTAL]
6156 [--strip-list STRIP_LIST]
6157 [--schedule SCHEDULE]
6158 [--conn-timeout CONN_TIMEOUT]
6159 [--protocol-timeout PROTOCOL_TIME‐
6160 OUT]
6161 [--wait-async-results
6162 WAIT_ASYNC_RESULTS]
6163 [--busy-wait-time BUSY_WAIT_TIME]
6164 [--session-pause-time SES‐
6165 SION_PAUSE_TIME]
6166 [--flow-control-window FLOW_CON‐
6167 TROL_WINDOW]
6168 [--flow-control-pause FLOW_CON‐
6169 TROL_PAUSE]
6170 AGMT_NAME
6171 AGMT_NAME
6174 The name of the replication agreement
6175 --suffix SUFFIX
6178 The DN of the replication suffix
6179 --host HOST
6182 The hostname of the remote replica
6183 --port PORT
6186 The port number of the remote replica
6187 --conn-protocol CONN_PROTOCOL
6190 The replication connection protocol: LDAP, LDAPS, or StartTLS
6191 --bind-dn BIND_DN
6194 The Bind DN the agreement uses to authenticate to the replica
6195 --bind-passwd BIND_PASSWD
6198 The credentials for the Bind DN
6199 --bind-method BIND_METHOD
6202 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6203 "SASL/GSSAPI"
6204 --frac-list FRAC_LIST
6207 List of attributes to NOT replicate to the consumer during
6208 incremental updates
6209 --frac-list-total FRAC_LIST_TOTAL
6212 List of attributes to NOT replicate during a total initializa‐
6213 tion
6214 --strip-list STRIP_LIST
6217 A list of attributes that are removed from updates only if the
6218 event would
6219 otherwise be empty. Typically this is set to "modifiersname" and
6220 "modifytimestmap"
6221 --schedule SCHEDULE
6224 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6225 0-6 (Sunday -
6226 Saturday).
6227 --conn-timeout CONN_TIMEOUT
6230 The timeout used for replicaton connections
6231 --protocol-timeout PROTOCOL_TIMEOUT
6234 A timeout in seconds on how long to wait before stopping repli‐
6235 cation when the
6236 server is under load
6237 --wait-async-results WAIT_ASYNC_RESULTS
6240 The amount of time in milliseconds the server waits if the con‐
6241 sumer is not
6242 ready before resending data
6243 --busy-wait-time BUSY_WAIT_TIME
6246 The amount of time in seconds a supplier should wait after a
6247 consumer sends
6248 back a busy response before making another attempt to acquire
6249 access.
6250 --session-pause-time SESSION_PAUSE_TIME
6253 The amount of time in seconds a supplier should wait between
6254 update sessions.
6255 --flow-control-window FLOW_CONTROL_WINDOW
6258 Sets the maximum number of entries and updates sent by a sup‐
6259 plier, which are
6260 not acknowledged by the consumer.
6261 --flow-control-pause FLOW_CONTROL_PAUSE
6264 The time in milliseconds to pause after reaching the number of
6265 entries and
6266 updates set in "--flow-control-window"
6267
6270 usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
6271 AGMT_NAME
6274 Get the replication configuration for this suffix DN
6275 --suffix SUFFIX
6278 The DN of the replication suffix
6279
6283 usage: dsconf instance repl-winsync-agmt [-h]
6284 {list,enable,dis‐
6285 able,init,init-status,poke,status,delete,create,set,get}
6286 ...
6287 Sub-commands
6290 dsconf repl-winsync-agmt list
6291 List all the replication winsync agreements
6292 dsconf repl-winsync-agmt enable
6294 Enable replication winsync agreement
6295 dsconf repl-winsync-agmt disable
6297 Disable replication winsync agreement
6298 dsconf repl-winsync-agmt init
6300 Initialize replication winsync agreement
6301 dsconf repl-winsync-agmt init-status
6303 Check the agreement initialization status
6304 dsconf repl-winsync-agmt poke
6306 Trigger replication to send updates now
6307 dsconf repl-winsync-agmt status
6309 Get the current status of the replication agreement
6310 dsconf repl-winsync-agmt delete
6312 Delete replication winsync agreement
6313 dsconf repl-winsync-agmt create
6315 Initialize replication winsync agreement
6316 dsconf repl-winsync-agmt set
6318 Set an attribute in the replication winsync agreement
6319 dsconf repl-winsync-agmt get
6321 Get replication configuration
6322
6324 usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
6325 --suffix SUFFIX
6329 The DN of the suffix to look up replication winsync agreements
6330
6333 usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX
6334 AGMT_NAME
6335 AGMT_NAME
6338 The name of the replication winsync agreement
6339 --suffix SUFFIX
6342 The DN of the replication winsync suffix
6343
6346 usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
6347 AGMT_NAME
6348 AGMT_NAME
6351 The name of the replication winsync agreement
6352 --suffix SUFFIX
6355 The DN of the replication winsync suffix
6356
6359 usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX
6360 AGMT_NAME
6361 AGMT_NAME
6364 The name of the replication winsync agreement
6365 --suffix SUFFIX
6368 The DN of the replication winsync suffix
6369
6372 usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
6373 FIX
6374 AGMT_NAME
6375 AGMT_NAME
6378 The name of the replication agreement
6379 --suffix SUFFIX
6382 The DN of the replication suffix
6383
6386 usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX
6387 AGMT_NAME
6388 AGMT_NAME
6391 The name of the replication winsync agreement
6392 --suffix SUFFIX
6395 The DN of the replication winsync suffix
6396
6399 usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX
6400 AGMT_NAME
6401 AGMT_NAME
6404 The name of the replication agreement
6405 --suffix SUFFIX
6408 The DN of the replication suffix
6409
6412 usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX
6413 AGMT_NAME
6414 AGMT_NAME
6417 The name of the replication winsync agreement
6418 --suffix SUFFIX
6421 The DN of the replication winsync suffix
6422
6425 usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX
6426 --host
6427 HOST --port PORT
6428 --conn-protocol
6429 CONN_PROTOCOL
6430 --bind-dn BIND_DN
6431 --bind-passwd
6432 BIND_PASSWD
6433 [--frac-list FRAC_LIST]
6434 [--schedule SCHEDULE]
6435 --win-subtree WIN_SUB‐
6436 TREE
6437 --ds-subtree DS_SUBTREE
6438 --win-domain WIN_DOMAIN
6439 [--sync-users
6440 SYNC_USERS]
6441 [--sync-groups
6442 SYNC_GROUPS]
6443 [--sync-interval
6444 SYNC_INTERVAL]
6445 [--one-way-sync
6446 ONE_WAY_SYNC]
6447 [--move-action
6448 MOVE_ACTION]
6449 [--win-filter WIN_FIL‐
6450 TER]
6451 [--ds-filter DS_FILTER]
6452 [--subtree-pair SUB‐
6453 TREE_PAIR]
6454 [--conn-timeout
6455 CONN_TIMEOUT]
6456 [--busy-wait-time
6457 BUSY_WAIT_TIME]
6458 [--session-pause-time
6459 SESSION_PAUSE_TIME]
6460 [--init]
6461 AGMT_NAME
6462 AGMT_NAME
6465 The name of the replication winsync agreement
6466 --suffix SUFFIX
6469 The DN of the replication winsync suffix
6470 --host HOST
6473 The hostname of the AD server
6474 --port PORT
6477 The port number of the AD server
6478 --conn-protocol CONN_PROTOCOL
6481 The replication winsync connection protocol: LDAP, LDAPS, or
6482 StartTLS
6483 --bind-dn BIND_DN
6486 The Bind DN the agreement uses to authenticate to the AD Server
6487 --bind-passwd BIND_PASSWD
6490 The credentials for the Bind DN
6491 --frac-list FRAC_LIST
6494 List of attributes to NOT replicate to the consumer during
6495 incremental updates
6496 --schedule SCHEDULE
6499 Sets the replication update schedule
6500 --win-subtree WIN_SUBTREE
6503 The suffix of the AD Server
6504 --ds-subtree DS_SUBTREE
6507 The Directory Server suffix
6508 --win-domain WIN_DOMAIN
6511 The AD Domain
6512 --sync-users SYNC_USERS
6515 Synchronize Users between AD and DS
6516 --sync-groups SYNC_GROUPS
6519 Synchronize Groups between AD and DS
6520 --sync-interval SYNC_INTERVAL
6523 The interval that DS checks AD for changes in entries
6524 --one-way-sync ONE_WAY_SYNC
6527 Sets which direction to perform synchronization: "toWindows",
6528 "fromWindows",
6529 "both"
6530 --move-action MOVE_ACTION
6533 Sets instructions on how to handle moved or deleted entries:
6534 "none", "unsync",
6535 or "delete"
6536 --win-filter WIN_FILTER
6539 Custom filter for finding users in AD Server
6540 --ds-filter DS_FILTER
6543 Custom filter for finding AD users in DS Server
6544 --subtree-pair SUBTREE_PAIR
6547 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6548 --conn-timeout CONN_TIMEOUT
6551 The timeout used for replicaton connections
6552 --busy-wait-time BUSY_WAIT_TIME
6555 The amount of time in seconds a supplier should wait after a
6556 consumer sends
6557 back a busy response before making another attempt to acquire
6558 access.
6559 --session-pause-time SESSION_PAUSE_TIME
6562 The amount of time in seconds a supplier should wait between
6563 update sessions.
6564 --init Initialize the agreement after creating it.
6567
6570 usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
6571 [--host HOST] [--port
6572 PORT]
6573 [--conn-protocol CONN_PRO‐
6574 TOCOL]
6575 [--bind-dn BIND_DN]
6576 [--bind-passwd
6577 BIND_PASSWD]
6578 [--frac-list FRAC_LIST]
6579 [--schedule SCHEDULE]
6580 [--win-subtree WIN_SUB‐
6581 TREE]
6582 [--ds-subtree DS_SUBTREE]
6583 [--win-domain WIN_DOMAIN]
6584 [--sync-users SYNC_USERS]
6585 [--sync-groups
6586 SYNC_GROUPS]
6587 [--sync-interval
6588 SYNC_INTERVAL]
6589 [--one-way-sync
6590 ONE_WAY_SYNC]
6591 [--move-action
6592 MOVE_ACTION]
6593 [--win-filter WIN_FILTER]
6594 [--ds-filter DS_FILTER]
6595 [--subtree-pair SUB‐
6596 TREE_PAIR]
6597 [--conn-timeout CONN_TIME‐
6598 OUT]
6599 [--busy-wait-time
6600 BUSY_WAIT_TIME]
6601 [--session-pause-time SES‐
6602 SION_PAUSE_TIME]
6603 AGMT_NAME
6604 AGMT_NAME
6607 The name of the replication winsync agreement
6608 --suffix SUFFIX
6611 The DN of the replication winsync suffix
6612 --host HOST
6615 The hostname of the AD server
6616 --port PORT
6619 The port number of the AD server
6620 --conn-protocol CONN_PROTOCOL
6623 The replication winsync connection protocol: LDAP, LDAPS, or
6624 StartTLS
6625 --bind-dn BIND_DN
6628 The Bind DN the agreement uses to authenticate to the AD Server
6629 --bind-passwd BIND_PASSWD
6632 The credentials for the Bind DN
6633 --frac-list FRAC_LIST
6636 List of attributes to NOT replicate to the consumer during
6637 incremental updates
6638 --schedule SCHEDULE
6641 Sets the replication update schedule
6642 --win-subtree WIN_SUBTREE
6645 The suffix of the AD Server
6646 --ds-subtree DS_SUBTREE
6649 The Directory Server suffix
6650 --win-domain WIN_DOMAIN
6653 The AD Domain
6654 --sync-users SYNC_USERS
6657 Synchronize Users between AD and DS
6658 --sync-groups SYNC_GROUPS
6661 Synchronize Groups between AD and DS
6662 --sync-interval SYNC_INTERVAL
6665 The interval that DS checks AD for changes in entries
6666 --one-way-sync ONE_WAY_SYNC
6669 Sets which direction to perform synchronization: "toWindows",
6670 "fromWindows",
6671 "both"
6672 --move-action MOVE_ACTION
6675 Sets instructions on how to handle moved or deleted entries:
6676 "none", "unsync",
6677 or "delete"
6678 --win-filter WIN_FILTER
6681 Custom filter for finding users in AD Server
6682 --ds-filter DS_FILTER
6685 Custom filter for finding AD users in DS Server
6686 --subtree-pair SUBTREE_PAIR
6689 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6690 --conn-timeout CONN_TIMEOUT
6693 The timeout used for replicaton connections
6694 --busy-wait-time BUSY_WAIT_TIME
6697 The amount of time in seconds a supplier should wait after a
6698 consumer sends
6699 back a busy response before making another attempt to acquire
6700 access.
6701 --session-pause-time SESSION_PAUSE_TIME
6704 The amount of time in seconds a supplier should wait between
6705 update sessions.
6706
6709 usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX
6710 AGMT_NAME
6711 AGMT_NAME
6714 Get the replication configuration for this suffix DN
6715 --suffix SUFFIX
6718 The DN of the replication suffix
6719
6723 usage: dsconf instance repl-tasks [-h]
6724 {cleanallruv,list-cleanallruv,abort-
6725 cleanallruv}
6726 ...
6727 Sub-commands
6730 dsconf repl-tasks cleanallruv
6731 Cleanup old/removed replica IDs
6732 dsconf repl-tasks list-cleanallruv
6734 List all the running CleanAllRUV Tasks
6735 dsconf repl-tasks abort-cleanallruv
6737 Abort cleanallruv tasks
6738
6740 usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
6741 --replica-id REPLICA_ID
6742 [--force-cleaning]
6743 --suffix SUFFIX
6747 The Directory Server suffix
6748 --replica-id REPLICA_ID
6751 The replica ID to remove/clean
6752 --force-cleaning
6755 Ignore errors and do a best attempt to clean all the replicas
6756
6759 usage: dsconf instance repl-tasks list-cleanallruv [-h]
6760
6765 usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
6766 FIX
6767 --replica-id
6768 REPLICA_ID
6769 [--certify]
6770 --suffix SUFFIX
6774 The Directory Server suffix
6775 --replica-id REPLICA_ID
6778 The replica ID of the cleaning task to abort
6779 --certify
6782 Enforce that the abort task completed on all replicas
6783
6787 usage: dsconf instance sasl [-h] {list,get,create,delete} ...
6788 Sub-commands
6791 dsconf sasl list
6792 List avaliable SASL mappings
6793 dsconf sasl get
6795 get
6796 dsconf sasl create
6798 create
6799 dsconf sasl delete
6801 deletes the object
6802
6804 usage: dsconf instance sasl list [-h]
6805
6810 usage: dsconf instance sasl get [-h] [selector]
6811 selector
6814 SASL mapping name to get
6815
6819 usage: dsconf instance sasl create [-h] [--cn [CN]]
6820 [--nsSaslMapRegexString
6821 [NSSASLMAPREGEXSTRING]]
6822 [--nsSaslMapBaseDNTemplate
6823 [NSSASLMAPBASEDNTEMPLATE]]
6824 [--nsSaslMapFilterTemplate
6825 [NSSASLMAPFILTERTEMPLATE]]
6826 [--nsSaslMapPriority [NSSASLMAPPRI‐
6827 ORITY]]
6828 --cn [CN]
6832 Value of cn
6833 --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
6836 Value of nsSaslMapRegexString
6837 --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
6840 Value of nsSaslMapBaseDNTemplate
6841 --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
6844 Value of nsSaslMapFilterTemplate
6845 --nsSaslMapPriority [NSSASLMAPPRIORITY]
6848 Value of nsSaslMapPriority
6849
6852 usage: dsconf instance sasl delete [-h] map_name
6853 map_name
6856 The SASL Mapping name ("cn" value)
6857
6862 usage: dsconf instance schema [-h]
6863 {list,attributetypes,objectclasses,match‐
6864 ingrules,reload}
6865 ...
6866 Sub-commands
6869 dsconf schema list
6870 List all schema objects on this system
6871 dsconf schema attributetypes
6873 Work with attribute types on this system
6874 dsconf schema objectclasses
6876 Work with objectClasses on this system
6877 dsconf schema matchingrules
6879 Work with matching rules on this system
6880 dsconf schema reload
6882 Dynamically reload schema while server is running
6883
6885 usage: dsconf instance schema list [-h]
6886
6891 usage: dsconf instance schema attributetypes [-h]
6892 {get_syn‐
6893 taxes,list,query,add,edit,remove}
6894 ...
6895 Sub-commands
6898 dsconf schema attributetypes get_syntaxes
6899 List all available attribute type syntaxes
6900 dsconf schema attributetypes list
6902 List available attribute types on this system
6903 dsconf schema attributetypes query
6905 Query an attribute to determine object classes that may or must
6906 take it
6907 dsconf schema attributetypes add
6909 Add an attribute type to this system
6910 dsconf schema attributetypes edit
6912 Edit an attribute type on this system
6913 dsconf schema attributetypes remove
6915 Remove an attribute type on this system
6916
6918 usage: dsconf instance schema attributetypes get_syntaxes [-h]
6919
6924 usage: dsconf instance schema attributetypes list [-h]
6925
6930 usage: dsconf instance schema attributetypes query [-h] [name]
6931 name Attribute type to query
6934
6938 usage: dsconf instance schema attributetypes add [-h] [--oid OID]
6939 [--desc DESC]
6940 [--x-origin X_ORIGIN]
6941 [--aliases ALIASES
6942 [ALIASES ...]]
6943 [--single-value]
6944 [--multi-value]
6945 [--no-user-mod]
6946 [--user-mod]
6947 [--equality EQUALITY]
6948 [--substr SUBSTR]
6949 [--ordering ORDERING]
6950 [--usage USAGE]
6951 [--sup SUP [SUP ...]]
6952 --syntax SYNTAX
6953 name
6954 name NAME of the object
6957 --oid OID
6960 OID assigned to the object
6961 --desc DESC
6964 Description text(DESC) of the object
6965 --x-origin X_ORIGIN
6968 Provides information about where the attribute type is defined
6969 --aliases ALIASES [ALIASES ...]
6972 Additional NAMEs of the object.
6973 --single-value
6976 True if the matching rule must have only one valueOnly one of
6977 the flags this
6978 or --multi-value should be specified
6979 --multi-value
6982 True if the matching rule may have multiple values (default)Only
6983 one of the
6984 flags this or --single-value should be specified
6985 --no-user-mod
6988 True if the attribute is not modifiable by a client applica‐
6989 tionOnly one of the
6990 flags this or --user-mod should be specified
6991 --user-mod
6994 True if the attribute is modifiable by a client application
6995 (default)Only one
6996 of the flags this or --no-user-mode should be specified
6997 --equality EQUALITY
7000 NAME or OID of the matching rule used for checkingwhether
7001 attribute values are
7002 equal
7003 --substr SUBSTR
7006 NAME or OID of the matching rule used for checkingwhether an
7007 attribute value
7008 contains another value
7009 --ordering ORDERING
7012 NAME or OID of the matching rule used for checkingwhether
7013 attribute values are
7014 lesser - equal than
7015 --usage USAGE
7018 The flag indicates how the attribute type is to be used. Choose
7019 from the list:
7020 userApplications (default), directoryOperation, distributedOper‐
7021 ation,
7022 dSAOperation
7023 --sup SUP [SUP ...]
7026 The list of NAMEs or OIDs of attribute typesthis attribute type
7027 is derived
7028 from
7029 --syntax SYNTAX
7032 OID of the LDAP syntax assigned to the attribute
7033
7036 usage: dsconf instance schema attributetypes edit [-h] [--oid OID]
7037 [--desc DESC]
7038 [--x-origin X_ORIGIN]
7039 [--aliases ALIASES
7040 [ALIASES ...]]
7041 [--single-value]
7042 [--multi-value]
7043 [--no-user-mod]
7044 [--user-mod]
7045 [--equality EQUALITY]
7046 [--substr SUBSTR]
7047 [--ordering ORDERING]
7048 [--usage USAGE]
7049 [--sup SUP [SUP ...]]
7050 [--syntax SYNTAX]
7051 name
7052 name NAME of the object
7055 --oid OID
7058 OID assigned to the object
7059 --desc DESC
7062 Description text(DESC) of the object
7063 --x-origin X_ORIGIN
7066 Provides information about where the attribute type is defined
7067 --aliases ALIASES [ALIASES ...]
7070 Additional NAMEs of the object.
7071 --single-value
7074 True if the matching rule must have only one valueOnly one of
7075 the flags this
7076 or --multi-value should be specified
7077 --multi-value
7080 True if the matching rule may have multiple values (default)Only
7081 one of the
7082 flags this or --single-value should be specified
7083 --no-user-mod
7086 True if the attribute is not modifiable by a client applica‐
7087 tionOnly one of the
7088 flags this or --user-mod should be specified
7089 --user-mod
7092 True if the attribute is modifiable by a client application
7093 (default)Only one
7094 of the flags this or --no-user-mode should be specified
7095 --equality EQUALITY
7098 NAME or OID of the matching rule used for checkingwhether
7099 attribute values are
7100 equal
7101 --substr SUBSTR
7104 NAME or OID of the matching rule used for checkingwhether an
7105 attribute value
7106 contains another value
7107 --ordering ORDERING
7110 NAME or OID of the matching rule used for checkingwhether
7111 attribute values are
7112 lesser - equal than
7113 --usage USAGE
7116 The flag indicates how the attribute type is to be used. Choose
7117 from the list:
7118 userApplications (default), directoryOperation, distributedOper‐
7119 ation,
7120 dSAOperation
7121 --sup SUP [SUP ...]
7124 The list of NAMEs or OIDs of attribute typesthis attribute type
7125 is derived
7126 from
7127 --syntax SYNTAX
7130 OID of the LDAP syntax assigned to the attribute
7131
7134 usage: dsconf instance schema attributetypes remove [-h] name
7135 name NAME of the object
7138
7143 usage: dsconf instance schema objectclasses [-h]
7144 {list,query,add,edit,remove}
7145 ...
7146 Sub-commands
7149 dsconf schema objectclasses list
7150 List available objectClasses on this system
7151 dsconf schema objectclasses query
7153 Query an objectClass
7154 dsconf schema objectclasses add
7156 Add an objectClass to this system
7157 dsconf schema objectclasses edit
7159 Edit an objectClass on this system
7160 dsconf schema objectclasses remove
7162 Remove an objectClass on this system
7163
7165 usage: dsconf instance schema objectclasses list [-h]
7166
7171 usage: dsconf instance schema objectclasses query [-h] [name]
7172 name ObjectClass to query
7175
7179 usage: dsconf instance schema objectclasses add [-h] [--oid OID]
7180 [--desc DESC]
7181 [--x-origin X_ORIGIN]
7182 [--must MUST [MUST
7183 ...]]
7184 [--may MAY [MAY ...]]
7185 [--kind KIND]
7186 [--sup SUP [SUP ...]]
7187 name
7188 name NAME of the object
7191 --oid OID
7194 OID assigned to the object
7195 --desc DESC
7198 Description text(DESC) of the object
7199 --x-origin X_ORIGIN
7202 Provides information about where the attribute type is defined
7203 --must MUST [MUST ...]
7206 NAMEs or OIDs of all attributes an entry of the object must have
7207 --may MAY [MAY ...]
7210 NAMEs or OIDs of additional attributes an entry of the object
7211 may have
7212 --kind KIND
7215 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
7216 --sup SUP [SUP ...]
7219 NAMEs or OIDs of object classes this object is derived from
7220
7223 usage: dsconf instance schema objectclasses edit [-h] [--oid OID]
7224 [--desc DESC]
7225 [--x-origin X_ORIGIN]
7226 [--must MUST [MUST
7227 ...]]
7228 [--may MAY [MAY ...]]
7229 [--kind KIND]
7230 [--sup SUP [SUP ...]]
7231 name
7232 name NAME of the object
7235 --oid OID
7238 OID assigned to the object
7239 --desc DESC
7242 Description text(DESC) of the object
7243 --x-origin X_ORIGIN
7246 Provides information about where the attribute type is defined
7247 --must MUST [MUST ...]
7250 NAMEs or OIDs of all attributes an entry of the object must have
7251 --may MAY [MAY ...]
7254 NAMEs or OIDs of additional attributes an entry of the object
7255 may have
7256 --kind KIND
7259 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
7260 --sup SUP [SUP ...]
7263 NAMEs or OIDs of object classes this object is derived from
7264
7267 usage: dsconf instance schema objectclasses remove [-h] name
7268 name NAME of the object
7271
7276 usage: dsconf instance schema matchingrules [-h] {list,query} ...
7277 Sub-commands
7280 dsconf schema matchingrules list
7281 List available matching rules on this system
7282 dsconf schema matchingrules query
7284 Query a matching rule
7285
7287 usage: dsconf instance schema matchingrules list [-h]
7288
7293 usage: dsconf instance schema matchingrules query [-h] [name]
7294 name Matching rule to query
7297
7302 usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
7303 -d SCHEMADIR, --schemadir SCHEMADIR
7307 directory where schema files are located
7308 --wait Wait for the reload task to complete
7311 -v, --verbose
7315 Display verbose operation tracing during command execution
7316 -D BINDDN, --binddn BINDDN
7319 The account to bind as for executing operations
7320 -w BINDPW, --bindpw BINDPW
7323 Password for binddn
7324 -W, --prompt
7327 Prompt for password for the bind DN
7328 -y PWDFILE, --pwdfile PWDFILE
7331 Specifies a file containing the password for the binddn
7332 -b BASEDN, --basedn BASEDN
7335 Basedn (root naming context) of the instance to manage
7336 -Z, --starttls
7339 Connect with StartTLS
7340 -j, --json
7343 Return result in JSON object
7344
7347 lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
7348
7350 The latest version of lib389 may be downloaded from
7351 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
7352 Manual dsconf(8)