1dsconf(8) System Manager's Manual dsconf(8)
2
6 dsconf
7
9 dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10 [-Z] [-j] instance {backend,backup,chaining,config,directory_man‐
11 ager,healthcheck,monitor,plugin,pwpolicy,localpwp,replication,repl-
12 agmt,repl-winsync-agmt,repl-tasks,sasl,schema} ...
13
15 instance
16 The instance name OR the LDAP url to connect to, IE localhost,
17 ldap://mai.example.com:389
18 Sub-commands
21 dsconf backend
22 Manage database suffixes and backends
23 dsconf backup
25 Manage online backups
26 dsconf chaining
28 Manage database chaining/database links
29 dsconf config
31 Manage server configuration
32 dsconf directory_manager
34 Manage the directory manager account
35 dsconf healthcheck
37 Run a healthcheck report on your Directory Server instance. This
38 is a safe, read only operation.
39 dsconf monitor
41 Monitor the state of the instance
42 dsconf plugin
44 Manage plugins available on the server
45 dsconf pwpolicy
47 Get and set the global password policy settings
48 dsconf localpwp
50 Manage local (user/subtree) password policies
51 dsconf replication
53 Configure replication for a suffix
54 dsconf repl-agmt
56 Manage replication agreements
57 dsconf repl-winsync-agmt
59 Manage Winsync Agreements
60 dsconf repl-tasks
62 Manage replication tasks
63 dsconf sasl
65 Query and manipulate sasl mappings
66 dsconf schema
68 Query and manipulate schema
69
71 usage: dsconf instance backend [-h]
72 {suffix,index,vlv-index,attr-
73 encrypt,config,monitor,import,export,create,delete,get-tree}
74 ...
75 Sub-commands
78 dsconf backend suffix
79 Manage a backend suffix
80 dsconf backend index
82 Manage backend indexes
83 dsconf backend vlv-index
85 Manage VLV searches and indexes
86 dsconf backend attr-encrypt
88 Encrypted attribute options
89 dsconf backend config
91 Manage the global database configuration settings
92 dsconf backend monitor
94 Get the global database monitor information
95 dsconf backend import
97 Do an online import of the suffix
98 dsconf backend export
100 Do an online export of the suffix
101 dsconf backend create
103 Create a backend database
104 dsconf backend delete
106 Delete a backend database
107 dsconf backend get-tree
109 Get a representation of the suffix tree
110
112 usage: dsconf instance backend suffix [-h]
113 {list,get,get-dn,get-sub-suf‐
114 fixes,set}
115 ...
116 Sub-commands
119 dsconf backend suffix list
120 List current active backends and suffixes
121 dsconf backend suffix get
123 Get the suffix entry
124 dsconf backend suffix get-dn
126 get_dn
127 dsconf backend suffix get-sub-suffixes
129 Get the sub-suffixes of this backend
130 dsconf backend suffix set
132 Set configuration settings for a single backend
133
135 usage: dsconf instance backend suffix list [-h] [--suffix]
136 [--skip-subsuffixes]
137 --suffix
141 Just display the suffix, and not the backend name
142 --skip-subsuffixes
145 Skip over sub-suffixes
146
149 usage: dsconf instance backend suffix get [-h] [selector]
150 selector
153 The backend to search for
154
158 usage: dsconf instance backend suffix get-dn [-h] [dn]
159 dn The backend dn to get
162
166 usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix]
167 be_name
168 be_name
171 The backend name or suffix to search for sub-suffixes
172 --suffix
175 Just display the suffix, and not the backend name
176
179 usage: dsconf instance backend suffix set [-h] [--enable-readonly]
180 [--disable-readonly]
181 [--require-index] [--ignore-
182 index]
183 [--add-referral ADD_REFERRAL]
184 [--del-referral DEL_REFERRAL]
185 [--enable] [--disable]
186 [--cache-size CACHE_SIZE]
187 [--cache-memsize CACHE_MEM‐
188 SIZE]
189 [--dncache-memsize
190 DNCACHE_MEMSIZE]
191 be_name
192 be_name
195 The backend name or suffix to delete
196 --enable-readonly
199 Set backend database to be read-only
200 --disable-readonly
203 Disable read-only mode for backend database
204 --require-index
207 Only allow indexed searches
208 --ignore-index
211 Allow all searches even if they are unindexed
212 --add-referral ADD_REFERRAL
215 Add a LDAP referral to the backend
216 --del-referral DEL_REFERRAL
219 Remove a LDAP referral to the backend
220 --enable
223 Enable the backend database
224 --disable
227 Disable the backend database
228 --cache-size CACHE_SIZE
231 The maximum number of entries to keep in the entry cache
232 --cache-memsize CACHE_MEMSIZE
235 The maximum size in bytes that the entry cache can grow to
236 --dncache-memsize DNCACHE_MEMSIZE
239 The maximum size in bytes that the DN cache can grow to
240
244 usage: dsconf instance backend index [-h]
245 {add,set,get,list,delete,reindex}
246 ...
247 Sub-commands
250 dsconf backend index add
251 Set configuration settings for a single backend
252 dsconf backend index set
254 Edit an index entry
255 dsconf backend index get
257 Get an index entry
258 dsconf backend index list
260 Set configuration settings for a single backend
261 dsconf backend index delete
263 Set configuration settings for a single backend
264 dsconf backend index reindex
266 Reindex the database (for a single index or all indexes
267
269 usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
270 [--matching-rule MATCH‐
271 ING_RULE]
272 [--reindex] --attr ATTR
273 be_name
274 be_name
277 The backend name or suffix to delete
278 --index-type INDEX_TYPE
281 An indexing type: eq, sub, pres, or approximate
282 --matching-rule MATCHING_RULE
285 Matching rule for the index
286 --reindex
289 After adding new index, reindex the database
290 --attr ATTR
293 The index attribute's name
294
297 usage: dsconf instance backend index set [-h] --attr ATTR
298 [--add-type ADD_TYPE]
299 [--del-type DEL_TYPE]
300 [--add-mr ADD_MR] [--del-mr
301 DEL_MR]
302 [--reindex]
303 be_name
304 be_name
307 The backend name or suffix to edit an index from
308 --attr ATTR
311 The index name to edit
312 --add-type ADD_TYPE
315 An index type to add to the index: eq, sub, pres, or approx
316 --del-type DEL_TYPE
319 An index type to remove from the index: eq, sub, pres, or approx
320 --add-mr ADD_MR
323 A matching-rule to add to the index
324 --del-mr DEL_MR
327 A matching-rule to remove from the index
328 --reindex
331 After editing index, reindex the database
332
335 usage: dsconf instance backend index get [-h] --attr ATTR be_name
336 be_name
339 The backend name or suffix to get the index from
340 --attr ATTR
343 The index name to get
344
347 usage: dsconf instance backend index list [-h] [--just-names] be_name
348 be_name
351 The backend name or suffix to list indexes from
352 --just-names
355 Return a list of just the attribute names for a backend
356
359 usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
360 be_name
363 The backend name or suffix to delete
364 --attr ATTR
367 The index attribute's name
368
371 usage: dsconf instance backend index reindex [-h] [--attr ATTR]
372 [--wait]
373 be_name
374 be_name
377 The backend name or suffix to reindex
378 --attr ATTR
381 The index attribute's name to reindex. Skip this argument to
382 reindex all
383 attributes
384 --wait Wait for the index task to complete and report the status
387
391 usage: dsconf instance backend vlv-index [-h]
392 {list,get,add-search,edit-
393 search,del-search,add-index,del-index,reindex}
394 ...
395 Sub-commands
398 dsconf backend vlv-index list
399 List VLV search and index entries
400 dsconf backend vlv-index get
402 Get a VLV search & index
403 dsconf backend vlv-index add-search
405 Add a VLV search entry. The search entry is the parent entry of
406 the VLV index entries, and it specifies the search params that
407 are used to match entries for those indexes.
408 dsconf backend vlv-index edit-search
410 Edit a VLV search & index
411 dsconf backend vlv-index del-search
413 Delete VLV search & index
414 dsconf backend vlv-index add-index
416 Create a VLV index under a VLV search entry(parent entry). The
417 VLV index just specifies the attributes to sort
418 dsconf backend vlv-index del-index
420 Delete a VLV index under a VLV search entry(parent entry).
421 dsconf backend vlv-index reindex
423 Index/reindex the VLV database index
424
426 usage: dsconf instance backend vlv-index list [-h] [--just-names]
427 be_name
428 be_name
431 The backend name of the VLV index
432 --just-names
435 List just the names of the VLV search entries
436
439 usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
440 be_name
443 The backend name of the VLV index
444 --name NAME
447 Get the VLV search entry and its index entries
448
451 usage: dsconf instance backend vlv-index add-search [-h] --name NAME
452 --search-base
453 SEARCH_BASE
454 --search-scope
455 SEARCH_SCOPE
456 --search-filter
457 SEARCH_FILTER
458 be_name
459 be_name
462 The backend name of the VLV index
463 --name NAME
466 Name of the VLV search entry
467 --search-base SEARCH_BASE
470 The VLV search base
471 --search-scope SEARCH_SCOPE
474 The VLV search scope: 0 (base search), 1 (one-level search), or
475 2 (subtree
476 search)
477 --search-filter SEARCH_FILTER
480 The VLV search filter
481
484 usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
485 [--search-base
486 SEARCH_BASE]
487 [--search-scope
488 SEARCH_SCOPE]
489 [--search-filter
490 SEARCH_FILTER]
491 [--reindex]
492 be_name
493 be_name
496 The backend name of the VLV index
497 --name NAME
500 Name of the VLV index
501 --search-base SEARCH_BASE
504 The VLV search base
505 --search-scope SEARCH_SCOPE
508 The VLV search scope: 0 (base search), 1 (one-level search), or
509 2 (subtree
510 search)
511 --search-filter SEARCH_FILTER
514 The VLV search filter
515 --reindex
518 Reindex all the VLV database indexes
519
522 usage: dsconf instance backend vlv-index del-search [-h] --name NAME
523 be_name
524 be_name
527 The backend name of the VLV index
528 --name NAME
531 Name of the VLV search index
532
535 usage: dsconf instance backend vlv-index add-index [-h] --parent-name
536 PARENT_NAME --index-
537 name
538 INDEX_NAME --sort
539 SORT
540 [--index-it]
541 be_name
542 be_name
545 The backend name of the VLV index
546 --parent-name PARENT_NAME
549 Name, or "cn" attribute value, of the parent VLV search entry
550 --index-name INDEX_NAME
553 Name of the new VLV index
554 --sort SORT
557 A space separated list of attributes to sort for this VLV index
558 --index-it
561 Create the database index for this VLV index definition
562
565 usage: dsconf instance backend vlv-index del-index [-h] --parent-name
566 PARENT_NAME
567 [--index-name
568 INDEX_NAME]
569 [--sort SORT]
570 be_name
571 be_name
574 The backend name of the VLV index
575 --parent-name PARENT_NAME
578 Name, or "cn" attribute value, of the parent VLV search entry
579 --index-name INDEX_NAME
582 Name of the VLV index to delete
583 --sort SORT
586 Delete a VLV index that has this vlvsort value
587
590 usage: dsconf instance backend vlv-index reindex [-h]
591 [--index-name
592 INDEX_NAME]
593 --parent-name PAR‐
594 ENT_NAME
595 be_name
596 be_name
599 The backend name of the VLV index
600 --index-name INDEX_NAME
603 Name of the VLV Index entry to reindex. If not set, all indexes
604 are reindexed
605 --parent-name PARENT_NAME
608 Name, or "cn" attribute value, of the parent VLV search entry
609
613 usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-
614 names]
615 [--add-attr ADD_ATTR]
616 [--del-attr DEL_ATTR]
617 be_name
618 be_name
621 The backend name or suffix to to reindex
622 --list List all the encrypted attributes for this backend
625 --just-names
628 List just the names of the encrypted attributes (used with
629 --list)
630 --add-attr ADD_ATTR
633 Add an attribute to be encrypted
634 --del-attr DEL_ATTR
637 Remove an attribute from being encrypted
638
641 usage: dsconf instance backend config [-h] {get,set} ...
642 Sub-commands
645 dsconf backend config get
646 Get the global database configuration
647 dsconf backend config set
649 Set the global database configuration
650
652 usage: dsconf instance backend config get [-h]
653
658 usage: dsconf instance backend config set [-h]
659 [--lookthroughlimit LOOK‐
660 THROUGHLIMIT]
661 [--mode MODE]
662 [--idlistscanlimit
663 IDLISTSCANLIMIT]
664 [--directory DIRECTORY]
665 [--dbcachesize DBCACHESIZE]
666 [--logdirectory LOGDIRECTORY]
667 [--durable-txn DURABLE_TXN]
668 [--txn-wait TXN_WAIT]
669 [--checkpoint-interval CHECK‐
670 POINT_INTERVAL]
671 [--compactdb-interval COM‐
672 PACTDB_INTERVAL]
673 [--txn-batch-val
674 TXN_BATCH_VAL]
675 [--txn-batch-min
676 TXN_BATCH_MIN]
677 [--txn-batch-max
678 TXN_BATCH_MAX]
679 [--logbufsize LOGBUFSIZE]
680 [--locks LOCKS]
681 [--import-cache-autosize
682 IMPORT_CACHE_AUTOSIZE]
683 [--cache-autosize CACHE_AUTO‐
684 SIZE]
685 [--cache-autosize-split
686 CACHE_AUTOSIZE_SPLIT]
687 [--import-cachesize
688 IMPORT_CACHESIZE]
689 [--exclude-from-export
690 EXCLUDE_FROM_EXPORT]
691 [--pagedlookthroughlimit
692 PAGEDLOOKTHROUGHLIMIT]
693 [--pagedidlistscanlimit PAGE‐
694 DIDLISTSCANLIMIT]
695 [--rangelookthroughlimit
696 RANGELOOKTHROUGHLIMIT]
697 [--backend-opt-level BACK‐
698 END_OPT_LEVEL]
699 [--deadlock-policy DEAD‐
700 LOCK_POLICY]
701 [--db-home-directory
702 DB_HOME_DIRECTORY]
703 --lookthroughlimit LOOKTHROUGHLIMIT
707 specifies the maximum number of entries that the Directory
708 Server will check
709 when examining candidate entries in response to a search request
710 --mode MODE
713 Specifies the permissions used for newly created index files
714 --idlistscanlimit IDLISTSCANLIMIT
717 Specifies the number of entry IDs that are searched during a
718 search operation
719 --directory DIRECTORY
722 Specifies absolute path to database instance
723 --dbcachesize DBCACHESIZE
726 Specifies the database index cache size, in bytes.
727 --logdirectory LOGDIRECTORY
730 Specifies the path to the directory that contains the database
731 transaction
732 logs
733 --durable-txn DURABLE_TXN
736 Sets whether database transaction log entries are immediately
737 written to the
738 disk.
739 --txn-wait TXN_WAIT
742 Sets whether the server should should wait if there are no db
743 locks available
744 --checkpoint-interval CHECKPOINT_INTERVAL
747 Sets the amount of time in seconds after which the Directory
748 Server sends a
749 checkpoint entry to the database transaction log
750 --compactdb-interval COMPACTDB_INTERVAL
753 Sets the interval in seconds when the database is compacted
754 --txn-batch-val TXN_BATCH_VAL
757 Specifies how many transactions will be batched before being
758 committed
759 --txn-batch-min TXN_BATCH_MIN
762 Controls when transactions should be flushed earliest, indepen‐
763 dently of the
764 batch count (only works when txn-batch-val is set)
765 --txn-batch-max TXN_BATCH_MAX
768 Controls when transactions should be flushed latest, indepen‐
769 dently of the
770 batch count (only works when txn-batch-val is set)
771 --logbufsize LOGBUFSIZE
774 Specifies the transaction log information buffer size
775 --locks LOCKS
778 Sets the maximum number of database locks
779 --import-cache-autosize IMPORT_CACHE_AUTOSIZE
782 Set to "on" or "off" to automatically set the size of the import
783 cache to be
784 used during the the import process of LDIF files
785 --cache-autosize CACHE_AUTOSIZE
788 Sets the percentage of free memory that is used in total for the
789 database and
790 entry cache. Set to "0" to disable this feature.
791 --cache-autosize-split CACHE_AUTOSIZE_SPLIT
794 Sets the percentage of RAM that is used for the database cache.
795 The remaining
796 percentage is used for the entry cache
797 --import-cachesize IMPORT_CACHESIZE
800 Sets the size, in bytes, of the database cache used in the
801 import process.
802 --exclude-from-export EXCLUDE_FROM_EXPORT
805 List of attributes to not include during database export opera‐
806 tions
807 --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
810 Specifies the maximum number of entries that the Directory
811 Server will check
812 when examining candidate entries for a search which uses the
813 simple paged
814 results control
815 --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
818 Specifies the number of entry IDs that are searched, specifi‐
819 cally, for a
820 search operation using the simple paged results control.
821 --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
824 Specifies the maximum number of entries that the Directory
825 Server will check
826 when examining candidate entries in response to a range search
827 request.
828 --backend-opt-level BACKEND_OPT_LEVEL
831 WARNING this parameter can trigger experimental code to improve
832 write
833 performance. Valid values are: 0, 1, 2, or 4
834 --deadlock-policy DEADLOCK_POLICY
837 Adjusts the backend database deadlock policy (Advanced setting)
838 --db-home-directory DB_HOME_DIRECTORY
841 Sets the directory for the database mmapped files (Advanced set‐
842 ting)
843
847 usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
848 --suffix SUFFIX
852 Get just the suffix monitor entry
853
856 usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
857 [-g GEN_UNIQ_ID] [-O]
858 [-s INCLUDE_SUFFIXES
859 [INCLUDE_SUFFIXES ...]]
860 [-x EXCLUDE_SUFFIXES
861 [EXCLUDE_SUFFIXES ...]]
862 [be_name] [ldifs [ldifs ...]]
863 be_name
866 The backend name or the root suffix where to import
867 ldifs Specifies the filename of the input LDIF files.When multiple
870 files are
871 imported, they are imported in the orderthey are specified on
872 the command
873 line.
874 -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
877 The number of chunks to have during the import operation.
878 -E, --encrypted
881 Decrypts encrypted data during export. This option is used
882 onlyif database
883 encryption is enabled.
884 -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
887 Generate a unique id. Type none for no unique ID to be gener‐
888 atedand
889 deterministic for the generated unique ID to be name-based.By
890 default, a time-
891 based unique ID is generated.When using the deterministic gener‐
892 ation to have a
893 name-based unique ID,it is also possible to specify the names‐
894 pace for the
895 server to use.namespaceId is a string of charactersin the format
896 00-xxxxxxxx-
897 xxxxxxxx-xxxxxxxx-xxxxxxxx.
898 -O, --only-core
901 Requests that only the core database is created without
902 attribute indexes.
903 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes
906 INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
907 Specifies the suffixes or the subtrees to be included.
908 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes
911 EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
912 Specifies the suffixes to be excluded.
913
916 usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
917 [-N] [-r]
918 [-u] [-U]
919 [-s INCLUDE_SUFFIXES
920 [INCLUDE_SUFFIXES ...]]
921 [-x EXCLUDE_SUFFIXES
922 [EXCLUDE_SUFFIXES ...]]
923 be_names [be_names ...]
924 be_names
927 The backend names or the root suffixes from where to export.
928 -l LDIF, --ldif LDIF
931 Gives the filename of the output LDIF file.If more than one are
932 specified, use
933 a space as a separator
934 -C, --use-id2entry
937 Uses only the main database file.
938 -E, --encrypted
941 Decrypts encrypted data during export. This option is used only
942 if database
943 encryption is enabled.
944 -m, --min-base64
947 Sets minimal base-64 encoding.
948 -N, --no-seq-num
951 Enables you to suppress printing the sequence number.
952 -r, --replication
955 Exports the information required to initialize a replica when
956 the LDIF is
957 imported
958 -u, --no-dump-uniq-id
961 Requests that the unique ID is not exported.
962 -U, --not-folded
965 Requests that the output LDIF is not folded.
966 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes
969 INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
970 Specifies the suffixes or the subtrees to be included.
971 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes
974 EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
975 Specifies the suffixes to be excluded.
976
979 usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
980 FIX]
981 --suffix SUFFIX --be-name BE_NAME
982 [--create-entries]
983 --parent-suffix PARENT_SUFFIX
987 Sets the parent suffix only if this backend is a sub-suffix
988 --suffix SUFFIX
991 The database suffix DN, for example "dc=example,dc=com"
992 --be-name BE_NAME
995 The database backend name, for example "userroot"
996 --create-entries
999 Create sample entries in the database
1000
1003 usage: dsconf instance backend delete [-h] be_name
1004 be_name
1007 The backend name or suffix to delete
1008
1012 usage: dsconf instance backend get-tree [-h]
1013
1019 usage: dsconf instance backup [-h] {create,restore} ...
1020 Sub-commands
1023 dsconf backup create
1024 Creates a backup of the database
1025 dsconf backup restore
1027 Restores a database from a backup
1028
1030 usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]
1031 archive
1034 The directory where the backup files will be stored.The
1035 /var/lib/dirsrv/slapd-
1036 instance/bak directory is used by default.The backup file is
1037 named according
1038 to the year-month-day-hour format.
1039 -t DB_TYPE, --db-type DB_TYPE
1042 Database type (default: ldbm database).
1043
1046 usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive
1047 archive
1050 The directory of the backup files.
1051 -t DB_TYPE, --db-type DB_TYPE
1054 Database type (default: ldbm database).
1055
1059 usage: dsconf instance chaining [-h]
1060 {config-get,config-set,config-get-
1061 def,config-set-def,link-create,link-get,link-set,link-delete,moni‐
1062 tor,link-list}
1063 ...
1064 Sub-commands
1067 dsconf chaining config-get
1068 Get the chaining controls and server component lists
1069 dsconf chaining config-set
1071 Set the chaining controls and server component lists
1072 dsconf chaining config-get-def
1074 Get the default creation parameters for new database links
1075 dsconf chaining config-set-def
1077 Set the default creation parameters for new database links
1078 dsconf chaining link-create
1080 Create a database link to a remote server
1081 dsconf chaining link-get
1083 get chaining database link
1084 dsconf chaining link-set
1086 Edit a database link to a remote server
1087 dsconf chaining link-delete
1089 Delete a database link
1090 dsconf chaining monitor
1092 Get the monitor information for a database chaining link
1093 dsconf chaining link-list
1095 List database links
1096
1098 usage: dsconf instance chaining config-get [-h] [--avail-controls]
1099 [--avail-comps]
1100 --avail-controls
1104 List available controls for chaining
1105 --avail-comps
1108 List available plugin components for chaining
1109
1112 usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1113 TROL]
1114 [--del-control DEL_CONTROL]
1115 [--add-comp ADD_COMP]
1116 [--del-comp DEL_COMP]
1117 --add-control ADD_CONTROL
1121 Add a transmitted control OID
1122 --del-control DEL_CONTROL
1125 Delete a transmitted control OID
1126 --add-comp ADD_COMP
1129 Add a chaining component
1130 --del-comp DEL_COMP
1133 Delete a chaining component
1134
1137 usage: dsconf instance chaining config-get-def [-h]
1138
1143 usage: dsconf instance chaining config-set-def [-h]
1144 [--conn-bind-limit
1145 CONN_BIND_LIMIT]
1146 [--conn-op-limit
1147 CONN_OP_LIMIT]
1148 [--abandon-check-inter‐
1149 val ABANDON_CHECK_INTERVAL]
1150 [--bind-limit
1151 BIND_LIMIT]
1152 [--op-limit OP_LIMIT]
1153 [--proxied-auth PROX‐
1154 IED_AUTH]
1155 [--conn-lifetime
1156 CONN_LIFETIME]
1157 [--bind-timeout
1158 BIND_TIMEOUT]
1159 [--return-ref
1160 RETURN_REF]
1161 [--check-aci CHECK_ACI]
1162 [--bind-attempts
1163 BIND_ATTEMPTS]
1164 [--size-limit
1165 SIZE_LIMIT]
1166 [--time-limit
1167 TIME_LIMIT]
1168 [--hop-limit HOP_LIMIT]
1169 [--response-delay
1170 RESPONSE_DELAY]
1171 [--test-response-delay
1172 TEST_RESPONSE_DELAY]
1173 [--use-starttls
1174 USE_STARTTLS]
1175 --conn-bind-limit CONN_BIND_LIMIT
1179 The maximum number of BIND connections the database link estab‐
1180 lishes with the
1181 remote server.
1182 --conn-op-limit CONN_OP_LIMIT
1185 The maximum number of LDAP connections the database link estab‐
1186 lishes with the
1187 remote server.
1188 --abandon-check-interval ABANDON_CHECK_INTERVAL
1191 The number of seconds that pass before the server checks for
1192 abandoned
1193 operations.
1194 --bind-limit BIND_LIMIT
1197 The maximum number of concurrent bind operations per TCP connec‐
1198 tion.
1199 --op-limit OP_LIMIT
1202 The maximum number of concurrent operations allowed.
1203 --proxied-auth PROXIED_AUTH
1206 Set to "off" to disable proxied authorization, then binds for
1207 chained
1208 operations are executed as the user set in the nsMultiplex‐
1209 orBindDn attribute
1210 (on/off).
1211 --conn-lifetime CONN_LIFETIME
1214 Specifies connection lifetime in seconds. 0 keeps connection
1215 open forever.
1216 --bind-timeout BIND_TIMEOUT
1219 The amount of time in seconds before a bind attempt times out.
1220 --return-ref RETURN_REF
1223 Sets whether referrals are returned by scoped searches (on/off).
1224 --check-aci CHECK_ACI
1227 Set whether ACIs are evaluated on the database link as well as
1228 the remote data
1229 server (on/off).
1230 --bind-attempts BIND_ATTEMPTS
1233 Sets the number of times the server tries to bind with the
1234 remote server.
1235 --size-limit SIZE_LIMIT
1238 Sets the maximum number of entries to return from a search oper‐
1239 ation.
1240 --time-limit TIME_LIMIT
1243 Sets the maximum number of seconds allowed for an operation.
1244 --hop-limit HOP_LIMIT
1247 Sets the maximum number of times a database is allowed to chain;
1248 that is, the
1249 number of times a request can be forwarded from one database
1250 link to another.
1251 --response-delay RESPONSE_DELAY
1254 The maximum amount of time it can take a remote server to
1255 respond to an LDAP
1256 operation request made by a database link before an error is
1257 suspected.
1258 --test-response-delay TEST_RESPONSE_DELAY
1261 Sets the duration of the test issued by the database link to
1262 check whether the
1263 remote server is responding.
1264 --use-starttls USE_STARTTLS
1267 Set to "on" specifies that the database links should use Start‐
1268 TLS for its
1269 secure connections.
1270
1273 usage: dsconf instance chaining link-create [-h]
1274 [--conn-bind-limit
1275 CONN_BIND_LIMIT]
1276 [--conn-op-limit
1277 CONN_OP_LIMIT]
1278 [--abandon-check-interval
1279 ABANDON_CHECK_INTERVAL]
1280 [--bind-limit BIND_LIMIT]
1281 [--op-limit OP_LIMIT]
1282 [--proxied-auth PROX‐
1283 IED_AUTH]
1284 [--conn-lifetime CONN_LIFE‐
1285 TIME]
1286 [--bind-timeout BIND_TIME‐
1287 OUT]
1288 [--return-ref RETURN_REF]
1289 [--check-aci CHECK_ACI]
1290 [--bind-attempts
1291 BIND_ATTEMPTS]
1292 [--size-limit SIZE_LIMIT]
1293 [--time-limit TIME_LIMIT]
1294 [--hop-limit HOP_LIMIT]
1295 [--response-delay
1296 RESPONSE_DELAY]
1297 [--test-response-delay
1298 TEST_RESPONSE_DELAY]
1299 [--use-starttls USE_START‐
1300 TLS]
1301 --suffix SUFFIX --server-
1302 url
1303 SERVER_URL --bind-mech
1304 BIND_MECH
1305 --bind-dn BIND_DN --bind-pw
1306 BIND_PW
1307 CHAIN_NAME
1308 CHAIN_NAME
1311 The name of the database link
1312 --conn-bind-limit CONN_BIND_LIMIT
1315 The maximum number of BIND connections the database link estab‐
1316 lishes with the
1317 remote server.
1318 --conn-op-limit CONN_OP_LIMIT
1321 The maximum number of LDAP connections the database link estab‐
1322 lishes with the
1323 remote server.
1324 --abandon-check-interval ABANDON_CHECK_INTERVAL
1327 The number of seconds that pass before the server checks for
1328 abandoned
1329 operations.
1330 --bind-limit BIND_LIMIT
1333 The maximum number of concurrent bind operations per TCP connec‐
1334 tion.
1335 --op-limit OP_LIMIT
1338 The maximum number of concurrent operations allowed.
1339 --proxied-auth PROXIED_AUTH
1342 Set to "off" to disable proxied authorization, then binds for
1343 chained
1344 operations are executed as the user set in the nsMultiplex‐
1345 orBindDn attribute
1346 (on/off).
1347 --conn-lifetime CONN_LIFETIME
1350 Specifies connection lifetime in seconds. 0 keeps connection
1351 open forever.
1352 --bind-timeout BIND_TIMEOUT
1355 The amount of time in seconds before a bind attempt times out.
1356 --return-ref RETURN_REF
1359 Sets whether referrals are returned by scoped searches (on/off).
1360 --check-aci CHECK_ACI
1363 Set whether ACIs are evaluated on the database link as well as
1364 the remote data
1365 server (on/off).
1366 --bind-attempts BIND_ATTEMPTS
1369 Sets the number of times the server tries to bind with the
1370 remote server.
1371 --size-limit SIZE_LIMIT
1374 Sets the maximum number of entries to return from a search oper‐
1375 ation.
1376 --time-limit TIME_LIMIT
1379 Sets the maximum number of seconds allowed for an operation.
1380 --hop-limit HOP_LIMIT
1383 Sets the maximum number of times a database is allowed to chain;
1384 that is, the
1385 number of times a request can be forwarded from one database
1386 link to another.
1387 --response-delay RESPONSE_DELAY
1390 The maximum amount of time it can take a remote server to
1391 respond to an LDAP
1392 operation request made by a database link before an error is
1393 suspected.
1394 --test-response-delay TEST_RESPONSE_DELAY
1397 Sets the duration of the test issued by the database link to
1398 check whether the
1399 remote server is responding.
1400 --use-starttls USE_STARTTLS
1403 Set to "on" specifies that the database links should use Start‐
1404 TLS for its
1405 secure connections.
1406 --suffix SUFFIX
1409 The suffix managed by the database link.
1410 --server-url SERVER_URL
1413 Gives the LDAP/LDAPS URL of the remote server.
1414 --bind-mech BIND_MECH
1417 Sets the authentication method to use to authenticate to the
1418 remote server:
1419 <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1420 --bind-dn BIND_DN
1423 DN of the administrative entry used to communicate with the
1424 remote server
1425 --bind-pw BIND_PW
1428 Password for the administrative user.
1429
1432 usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1433 CHAIN_NAME
1436 The chaining link name, or suffix, to retrieve
1437
1441 usage: dsconf instance chaining link-set [-h]
1442 [--conn-bind-limit
1443 CONN_BIND_LIMIT]
1444 [--conn-op-limit
1445 CONN_OP_LIMIT]
1446 [--abandon-check-interval
1447 ABANDON_CHECK_INTERVAL]
1448 [--bind-limit BIND_LIMIT]
1449 [--op-limit OP_LIMIT]
1450 [--proxied-auth PROXIED_AUTH]
1451 [--conn-lifetime CONN_LIFE‐
1452 TIME]
1453 [--bind-timeout BIND_TIMEOUT]
1454 [--return-ref RETURN_REF]
1455 [--check-aci CHECK_ACI]
1456 [--bind-attempts
1457 BIND_ATTEMPTS]
1458 [--size-limit SIZE_LIMIT]
1459 [--time-limit TIME_LIMIT]
1460 [--hop-limit HOP_LIMIT]
1461 [--response-delay
1462 RESPONSE_DELAY]
1463 [--test-response-delay
1464 TEST_RESPONSE_DELAY]
1465 [--use-starttls USE_STARTTLS]
1466 [--suffix SUFFIX]
1467 [--server-url SERVER_URL]
1468 [--bind-mech BIND_MECH]
1469 [--bind-dn BIND_DN]
1470 [--bind-pw BIND_PW]
1471 CHAIN_NAME
1472 CHAIN_NAME
1475 The name of the database link
1476 --conn-bind-limit CONN_BIND_LIMIT
1479 The maximum number of BIND connections the database link estab‐
1480 lishes with the
1481 remote server.
1482 --conn-op-limit CONN_OP_LIMIT
1485 The maximum number of LDAP connections the database link estab‐
1486 lishes with the
1487 remote server.
1488 --abandon-check-interval ABANDON_CHECK_INTERVAL
1491 The number of seconds that pass before the server checks for
1492 abandoned
1493 operations.
1494 --bind-limit BIND_LIMIT
1497 The maximum number of concurrent bind operations per TCP connec‐
1498 tion.
1499 --op-limit OP_LIMIT
1502 The maximum number of concurrent operations allowed.
1503 --proxied-auth PROXIED_AUTH
1506 Set to "off" to disable proxied authorization, then binds for
1507 chained
1508 operations are executed as the user set in the nsMultiplex‐
1509 orBindDn attribute
1510 (on/off).
1511 --conn-lifetime CONN_LIFETIME
1514 Specifies connection lifetime in seconds. 0 keeps connection
1515 open forever.
1516 --bind-timeout BIND_TIMEOUT
1519 The amount of time in seconds before a bind attempt times out.
1520 --return-ref RETURN_REF
1523 Sets whether referrals are returned by scoped searches (on/off).
1524 --check-aci CHECK_ACI
1527 Set whether ACIs are evaluated on the database link as well as
1528 the remote data
1529 server (on/off).
1530 --bind-attempts BIND_ATTEMPTS
1533 Sets the number of times the server tries to bind with the
1534 remote server.
1535 --size-limit SIZE_LIMIT
1538 Sets the maximum number of entries to return from a search oper‐
1539 ation.
1540 --time-limit TIME_LIMIT
1543 Sets the maximum number of seconds allowed for an operation.
1544 --hop-limit HOP_LIMIT
1547 Sets the maximum number of times a database is allowed to chain;
1548 that is, the
1549 number of times a request can be forwarded from one database
1550 link to another.
1551 --response-delay RESPONSE_DELAY
1554 The maximum amount of time it can take a remote server to
1555 respond to an LDAP
1556 operation request made by a database link before an error is
1557 suspected.
1558 --test-response-delay TEST_RESPONSE_DELAY
1561 Sets the duration of the test issued by the database link to
1562 check whether the
1563 remote server is responding.
1564 --use-starttls USE_STARTTLS
1567 Set to "on" specifies that the database links should use Start‐
1568 TLS for its
1569 secure connections.
1570 --suffix SUFFIX
1573 The suffix managed by the database link.
1574 --server-url SERVER_URL
1577 Gives the LDAP/LDAPS URL of the remote server.
1578 --bind-mech BIND_MECH
1581 Sets the authentication method to use to authenticate to the
1582 remote server:
1583 <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1584 --bind-dn BIND_DN
1587 DN of the administrative entry used to communicate with the
1588 remote server
1589 --bind-pw BIND_PW
1592 Password for the administrative user.
1593
1596 usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1597 CHAIN_NAME
1600 The name of the database link
1601
1605 usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1606 CHAIN_NAME
1609 The name of the database link
1610
1614 usage: dsconf instance chaining link-list [-h]
1615
1621 usage: dsconf instance config [-h] {get,add,replace,delete} ...
1622 Sub-commands
1625 dsconf config get
1626 get
1627 dsconf config add
1629 Add attribute value to configuration
1630 dsconf config replace
1632 Replace attribute value in configuration
1633 dsconf config delete
1635 Delete attribute value in configuration
1636
1638 usage: dsconf instance config get [-h] [attrs [attrs ...]]
1639 attrs Configuration attribute(s) to get
1642
1646 usage: dsconf instance config add [-h] [attr [attr ...]]
1647 attr Configuration attribute to add
1650
1654 usage: dsconf instance config replace [-h] [attr [attr ...]]
1655 attr Configuration attribute to replace
1658
1662 usage: dsconf instance config delete [-h] [attr [attr ...]]
1663 attr Configuration attribute to delete
1666
1671 usage: dsconf instance directory_manager [-h] {password_change} ...
1672 Sub-commands
1675 dsconf directory_manager password_change
1676 Change the directory manager password
1677
1679 usage: dsconf instance directory_manager password_change [-h]
1680
1686 usage: dsconf instance healthcheck [-h]
1687
1692 usage: dsconf instance monitor [-h] {server,ldbm,backend} ...
1693 Sub-commands
1696 dsconf monitor server
1697 Monitor the server statistics, connectinos and operations
1698 dsconf monitor ldbm
1700 Monitor the ldbm statistics, such as dbcache
1701 dsconf monitor backend
1703 Monitor the behaviour of a backend database
1704
1706 usage: dsconf instance monitor server [-h]
1707
1712 usage: dsconf instance monitor ldbm [-h]
1713
1718 usage: dsconf instance monitor backend [-h] [backend]
1719 backend
1722 Optional name of the backend to monitor
1723
1728 usage: dsconf instance plugin [-h]
1729 {memberof,automember,referential-
1730 integrity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-
1731 entries,pass-through-auth,retro-changelog,posix-winsync,list,show,set}
1732 ...
1733 Sub-commands
1736 dsconf plugin memberof
1737 Manage and configure MemberOf plugin
1738 dsconf plugin automember
1740 Manage and configure Automembership plugin
1741 dsconf plugin referential-integrity
1743 Manage and configure Referential Integrity Postoperation plugin
1744 dsconf plugin root-dn
1746 Manage and configure RootDN Access Control plugin
1747 dsconf plugin usn
1749 Manage and configure USN plugin
1750 dsconf plugin account-policy
1752 Manage and configure Account Policy plugin
1753 dsconf plugin attr-uniq
1755 Manage and configure Attribute Uniqueness plugin
1756 dsconf plugin dna
1758 Manage and configure DNA plugin
1759 dsconf plugin linked-attr
1761 Manage and configure Linked Attributes plugin
1762 dsconf plugin managed-entries
1764 Manage and configure Managed Entries Plugin
1765 dsconf plugin pass-through-auth
1767 Manage and configure Pass-Through Authentication plugins (URLs
1768 and PAM)
1769 dsconf plugin retro-changelog
1771 Manage and configure Retro Changelog plugin
1772 dsconf plugin posix-winsync
1774 Manage and configure The Posix Winsync API plugin
1775 dsconf plugin list
1777 List current configured (enabled and disabled) plugins
1778 dsconf plugin show
1780 Show the plugin data
1781 dsconf plugin set
1783 Edit the plugin
1784
1786 usage: dsconf instance plugin memberof [-h]
1787 {show,enable,disable,sta‐
1788 tus,set,config-entry,fixup}
1789 ...
1790 Sub-commands
1793 dsconf plugin memberof show
1794 display plugin configuration
1795 dsconf plugin memberof enable
1797 enable plugin
1798 dsconf plugin memberof disable
1800 disable plugin
1801 dsconf plugin memberof status
1803 display plugin status
1804 dsconf plugin memberof set
1806 Edit the plugin
1807 dsconf plugin memberof config-entry
1809 Manage the config entry
1810 dsconf plugin memberof fixup
1812 Run the fix-up task for memberOf plugin
1813
1815 usage: dsconf instance plugin memberof show [-h]
1816
1821 usage: dsconf instance plugin memberof enable [-h]
1822
1827 usage: dsconf instance plugin memberof disable [-h]
1828
1833 usage: dsconf instance plugin memberof status [-h]
1834
1839 usage: dsconf instance plugin memberof set [-h] [--attr ATTR [ATTR
1840 ...]]
1841 [--groupattr GROUPATTR
1842 [GROUPATTR ...]]
1843 [--allbackends {on,off}]
1844 [--skipnested {on,off}]
1845 [--scope SCOPE] [--exclude
1846 EXCLUDE]
1847 [--autoaddoc AUTOADDOC]
1848 [--config-entry CON‐
1849 FIG_ENTRY]
1850 --attr ATTR [ATTR ...]
1854 Specifies the attribute in the user entry for the Directory
1855 Server to manage
1856 to reflect group membership (memberOfAttr)
1857 --groupattr GROUPATTR [GROUPATTR ...]
1860 Specifies the attribute in the group entry to use to identify
1861 the DNs of group
1862 members (memberOfGroupAttr)
1863 --allbackends {on,off}
1866 Specifies whether to search the local suffix for user entries on
1867 all available
1868 suffixes (memberOfAllBackends)
1869 --skipnested {on,off}
1872 Specifies wherher to skip nested groups or not (memberOfSkip‐
1873 Nested)
1874 --scope SCOPE
1877 Specifies backends or multiple-nested suffixes for the MemberOf
1878 plug-in to
1879 work on (memberOfEntryScope)
1880 --exclude EXCLUDE
1883 Specifies backends or multiple-nested suffixes for the MemberOf
1884 plug-in to
1885 exclude (memberOfEntryScopeExcludeSubtree)
1886 --autoaddoc AUTOADDOC
1889 If an entry does not have an object class that allows the mem‐
1890 berOf attribute
1891 then the memberOf plugin will automatically add the object class
1892 listed in the
1893 memberOfAutoAddOC parameter
1894 --config-entry CONFIG_ENTRY
1897 The value to set as nsslapd-pluginConfigArea
1898
1901 usage: dsconf instance plugin memberof config-entry [-h]
1902 {add,set,show,delete}
1903 ...
1904 Sub-commands
1907 dsconf plugin memberof config-entry add
1908 Add the config entry
1909 dsconf plugin memberof config-entry set
1911 Edit the config entry
1912 dsconf plugin memberof config-entry show
1914 Display the config entry
1915 dsconf plugin memberof config-entry delete
1917 Delete the config entry
1918
1920 usage: dsconf instance plugin memberof config-entry add [-h]
1921 [--attr ATTR
1922 [ATTR ...]]
1923 [--groupattr
1924 GROUPATTR [GROUPATTR ...]]
1925 [--allbackends
1926 {on,off}]
1927 [--skipnested
1928 {on,off}]
1929 [--scope SCOPE]
1930 [--exclude
1931 EXCLUDE]
1932 [--autoaddoc
1933 AUTOADDOC]
1934 DN
1935 DN The config entry full DN
1938 --attr ATTR [ATTR ...]
1941 Specifies the attribute in the user entry for the Directory
1942 Server to manage
1943 to reflect group membership (memberOfAttr)
1944 --groupattr GROUPATTR [GROUPATTR ...]
1947 Specifies the attribute in the group entry to use to identify
1948 the DNs of group
1949 members (memberOfGroupAttr)
1950 --allbackends {on,off}
1953 Specifies whether to search the local suffix for user entries on
1954 all available
1955 suffixes (memberOfAllBackends)
1956 --skipnested {on,off}
1959 Specifies wherher to skip nested groups or not (memberOfSkip‐
1960 Nested)
1961 --scope SCOPE
1964 Specifies backends or multiple-nested suffixes for the MemberOf
1965 plug-in to
1966 work on (memberOfEntryScope)
1967 --exclude EXCLUDE
1970 Specifies backends or multiple-nested suffixes for the MemberOf
1971 plug-in to
1972 exclude (memberOfEntryScopeExcludeSubtree)
1973 --autoaddoc AUTOADDOC
1976 If an entry does not have an object class that allows the mem‐
1977 berOf attribute
1978 then the memberOf plugin will automatically add the object class
1979 listed in the
1980 memberOfAutoAddOC parameter
1981
1984 usage: dsconf instance plugin memberof config-entry set [-h]
1985 [--attr ATTR
1986 [ATTR ...]]
1987 [--groupattr
1988 GROUPATTR [GROUPATTR ...]]
1989 [--allbackends
1990 {on,off}]
1991 [--skipnested
1992 {on,off}]
1993 [--scope SCOPE]
1994 [--exclude
1995 EXCLUDE]
1996 [--autoaddoc
1997 AUTOADDOC]
1998 DN
1999 DN The config entry full DN
2002 --attr ATTR [ATTR ...]
2005 Specifies the attribute in the user entry for the Directory
2006 Server to manage
2007 to reflect group membership (memberOfAttr)
2008 --groupattr GROUPATTR [GROUPATTR ...]
2011 Specifies the attribute in the group entry to use to identify
2012 the DNs of group
2013 members (memberOfGroupAttr)
2014 --allbackends {on,off}
2017 Specifies whether to search the local suffix for user entries on
2018 all available
2019 suffixes (memberOfAllBackends)
2020 --skipnested {on,off}
2023 Specifies wherher to skip nested groups or not (memberOfSkip‐
2024 Nested)
2025 --scope SCOPE
2028 Specifies backends or multiple-nested suffixes for the MemberOf
2029 plug-in to
2030 work on (memberOfEntryScope)
2031 --exclude EXCLUDE
2034 Specifies backends or multiple-nested suffixes for the MemberOf
2035 plug-in to
2036 exclude (memberOfEntryScopeExcludeSubtree)
2037 --autoaddoc AUTOADDOC
2040 If an entry does not have an object class that allows the mem‐
2041 berOf attribute
2042 then the memberOf plugin will automatically add the object class
2043 listed in the
2044 memberOfAutoAddOC parameter
2045
2048 usage: dsconf instance plugin memberof config-entry show [-h] DN
2049 DN The config entry full DN
2052
2056 usage: dsconf instance plugin memberof config-entry delete [-h] DN
2057 DN The config entry full DN
2060
2065 usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN
2066 DN Base DN that contains entries to fix up
2069 -f FILTER, --filter FILTER
2072 Filter for entries to fix up. If omitted, all entries with
2073 objectclass
2074 inetuser/inetadmin/nsmemberof under the specified base will have
2075 their
2076 memberOf attribute regenerated.
2077
2081 usage: dsconf instance plugin automember [-h]
2082 {show,enable,disable,sta‐
2083 tus,list,definition,fixup}
2084 ...
2085 Sub-commands
2088 dsconf plugin automember show
2089 display plugin configuration
2090 dsconf plugin automember enable
2092 enable plugin
2093 dsconf plugin automember disable
2095 disable plugin
2096 dsconf plugin automember status
2098 display plugin status
2099 dsconf plugin automember list
2101 List Automembership definitions or regex rules.
2102 dsconf plugin automember definition
2104 Manage Automembership definition.
2105 dsconf plugin automember fixup
2107 Run a rebuild membership task.
2108
2110 usage: dsconf instance plugin automember show [-h]
2111
2116 usage: dsconf instance plugin automember enable [-h]
2117
2122 usage: dsconf instance plugin automember disable [-h]
2123
2128 usage: dsconf instance plugin automember status [-h]
2129
2134 usage: dsconf instance plugin automember list [-h] {defini‐
2135 tions,regexes} ...
2136 Sub-commands
2139 dsconf plugin automember list definitions
2140 List Automembership definitions.
2141 dsconf plugin automember list regexes
2143 List Automembership regex rules.
2144
2146 usage: dsconf instance plugin automember list definitions [-h]
2147
2152 usage: dsconf instance plugin automember list regexes [-h] DEF-NAME
2153 DEF-NAME
2156 The definition entry CN.
2157
2162 usage: dsconf instance plugin automember definition [-h]
2163 DEF-NAME
2164 {add,set,delete,regex}
2165 ...
2166 DEF-NAME
2169 The definition entry CN.
2170 Sub-commands
2173 dsconf plugin automember definition add
2174 Create Automembership definition.
2175 dsconf plugin automember definition set
2177 Edit Automembership definition.
2178 dsconf plugin automember definition delete
2180 Remove Automembership definition.
2181 dsconf plugin automember definition regex
2183 Manage Automembership regex rules.
2184
2186 usage: dsconf instance plugin automember definition DEF-NAME add
2187 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2188 DEFAULT_GROUP
2189 --scope SCOPE [--filter FILTER]
2190 --grouping-attr GROUPING_ATTR
2194 Specifies the name of the member attribute in the group entry
2195 and the
2196 attribute in the object entry that supplies the member attribute
2197 value, in the
2198 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2199 --default-group DEFAULT_GROUP
2202 Sets default or fallback group to add the entry to as a member
2203 member
2204 attribute in group entry (autoMemberDefaultGroup)
2205 --scope SCOPE
2208 Sets the subtree DN to search for entries (autoMemberScope)
2209 --filter FILTER
2212 Sets a standard LDAP search filter to use to search for matching
2213 entries
2214 (autoMemberFilter)
2215
2218 usage: dsconf instance plugin automember definition DEF-NAME set
2219 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2220 DEFAULT_GROUP
2221 --scope SCOPE [--filter FILTER]
2222 --grouping-attr GROUPING_ATTR
2226 Specifies the name of the member attribute in the group entry
2227 and the
2228 attribute in the object entry that supplies the member attribute
2229 value, in the
2230 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2231 --default-group DEFAULT_GROUP
2234 Sets default or fallback group to add the entry to as a member
2235 member
2236 attribute in group entry (autoMemberDefaultGroup)
2237 --scope SCOPE
2240 Sets the subtree DN to search for entries (autoMemberScope)
2241 --filter FILTER
2244 Sets a standard LDAP search filter to use to search for matching
2245 entries
2246 (autoMemberFilter)
2247
2250 usage: dsconf instance plugin automember definition DEF-NAME delete
2251 [-h]
2252
2257 usage: dsconf instance plugin automember definition DEF-NAME regex
2258 [-h] REGEX-NAME {add,set,delete} ...
2259 REGEX-NAME
2262 The regex entry CN.
2263 Sub-commands
2266 dsconf plugin automember definition regex add
2267 Create Automembership regex.
2268 dsconf plugin automember definition regex set
2270 Edit Automembership regex.
2271 dsconf plugin automember definition regex delete
2273 Remove Automembership regex.
2274
2276 usage: dsconf instance plugin automember definition DEF-NAME regex
2277 REGEX-NAME add
2278 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2279 DEFAULT_GROUP
2280 --scope SCOPE [--filter FILTER]
2281 --grouping-attr GROUPING_ATTR
2285 Specifies the name of the member attribute in the group entry
2286 and the
2287 attribute in the object entry that supplies the member attribute
2288 value, in the
2289 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2290 --default-group DEFAULT_GROUP
2293 Sets default or fallback group to add the entry to as a member
2294 member
2295 attribute in group entry (autoMemberDefaultGroup)
2296 --scope SCOPE
2299 Sets the subtree DN to search for entries (autoMemberScope)
2300 --filter FILTER
2303 Sets a standard LDAP search filter to use to search for matching
2304 entries
2305 (autoMemberFilter)
2306
2309 usage: dsconf instance plugin automember definition DEF-NAME regex
2310 REGEX-NAME set
2311 [-h] [--grouping-attr GROUPING_ATTR] --default-group
2312 DEFAULT_GROUP
2313 --scope SCOPE [--filter FILTER]
2314 --grouping-attr GROUPING_ATTR
2318 Specifies the name of the member attribute in the group entry
2319 and the
2320 attribute in the object entry that supplies the member attribute
2321 value, in the
2322 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2323 --default-group DEFAULT_GROUP
2326 Sets default or fallback group to add the entry to as a member
2327 member
2328 attribute in group entry (autoMemberDefaultGroup)
2329 --scope SCOPE
2332 Sets the subtree DN to search for entries (autoMemberScope)
2333 --filter FILTER
2336 Sets a standard LDAP search filter to use to search for matching
2337 entries
2338 (autoMemberFilter)
2339
2342 usage: dsconf instance plugin automember definition DEF-NAME regex
2343 REGEX-NAME delete
2344 [-h]
2345
2352 usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2353 {sub,base,one}
2354 DN
2355 DN Base DN that contains entries to fix up
2358 -f FILTER, --filter FILTER
2361 LDAP filter for entries to fix up.
2362 -s {sub,base,one}, --scope {sub,base,one}
2365 LDAP search scope for entries to fix up
2366
2370 usage: dsconf instance plugin referential-integrity [-h]
2371 {show,enable,dis‐
2372 able,status,set}
2373 ...
2374 Sub-commands
2377 dsconf plugin referential-integrity show
2378 display plugin configuration
2379 dsconf plugin referential-integrity enable
2381 enable plugin
2382 dsconf plugin referential-integrity disable
2384 disable plugin
2385 dsconf plugin referential-integrity status
2387 display plugin status
2388 dsconf plugin referential-integrity set
2390 Edit the plugin
2391
2393 usage: dsconf instance plugin referential-integrity show [-h]
2394
2399 usage: dsconf instance plugin referential-integrity enable [-h]
2400
2405 usage: dsconf instance plugin referential-integrity disable [-h]
2406
2411 usage: dsconf instance plugin referential-integrity status [-h]
2412
2417 usage: dsconf instance plugin referential-integrity set [-h]
2418 [--update-delay
2419 UPDATE_DELAY]
2420 [--membership-
2421 attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2422 [--entry-scope
2423 ENTRY_SCOPE]
2424 [--exclude-
2425 entry-scope EXCLUDE_ENTRY_SCOPE]
2426 [--con‐
2427 tainer_scope CONTAINER_SCOPE]
2428 --update-delay UPDATE_DELAY
2432 Sets the update interval. Special values: 0 - The check is per‐
2433 formed
2434 immediately, -1 - No check is performed (referint-update-delay)
2435 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2438 Specifies attributes to check for and update (referint-member‐
2439 ship-attr)
2440 --entry-scope ENTRY_SCOPE
2443 Defines the subtree in which the plug-in looks for the delete or
2444 rename
2445 operations of a user entry (nsslapd-pluginEntryScope)
2446 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2449 Defines the subtree in which the plug-in ignores any operations
2450 for deleting
2451 or renaming a user (nsslapd-pluginExcludeEntryScope)
2452 --container_scope CONTAINER_SCOPE
2455 Specifies which branch the plug-in searches for the groups to
2456 which the user
2457 belongs. It only updates groups that are under the specified
2458 container branch,
2459 and leaves all other groups not updated (nsslapd-pluginContain‐
2460 erScope)
2461
2465 usage: dsconf instance plugin root-dn [-h]
2466 {show,enable,disable,status,set}
2467 ...
2468 Sub-commands
2471 dsconf plugin root-dn show
2472 display plugin configuration
2473 dsconf plugin root-dn enable
2475 enable plugin
2476 dsconf plugin root-dn disable
2478 disable plugin
2479 dsconf plugin root-dn status
2481 display plugin status
2482 dsconf plugin root-dn set
2484 Edit the plugin
2485
2487 usage: dsconf instance plugin root-dn show [-h]
2488
2493 usage: dsconf instance plugin root-dn enable [-h]
2494
2499 usage: dsconf instance plugin root-dn disable [-h]
2500
2505 usage: dsconf instance plugin root-dn status [-h]
2506
2511 usage: dsconf instance plugin root-dn set [-h]
2512 [--allow-host ALLOW_HOST
2513 [ALLOW_HOST ...]]
2514 [--deny-host DENY_HOST
2515 [DENY_HOST ...]]
2516 [--allow-ip ALLOW_IP
2517 [ALLOW_IP ...]]
2518 [--deny-ip DENY_IP [DENY_IP
2519 ...]]
2520 [--open-time OPEN_TIME]
2521 [--close-time CLOSE_TIME]
2522 [--days-allowed DAYS_ALLOWED]
2523 --allow-host ALLOW_HOST [ALLOW_HOST ...]
2527 Sets what hosts, by fully-qualified domain name, the root user
2528 is allowed to
2529 use to access the Directory Server. Any hosts not listed are
2530 implicitly denied
2531 (rootdn-allow-host)
2532 --deny-host DENY_HOST [DENY_HOST ...]
2535 Sets what hosts, by fully-qualified domain name, the root user
2536 is not allowed
2537 to use to access the Directory Server Any hosts not listed are
2538 implicitly
2539 allowed (rootdn-deny-host). If an host address is listed in both
2540 the rootdn-
2541 allow-host and rootdn-deny-host attributes, it is denied access.
2542 --allow-ip ALLOW_IP [ALLOW_IP ...]
2545 Sets what IP addresses, either IPv4 or IPv6, for machines the
2546 root user is
2547 allowed to use to access the Directory Server Any IP addresses
2548 not listed are
2549 implicitly denied (rootdn-allow-ip)
2550 --deny-ip DENY_IP [DENY_IP ...]
2553 Sets what IP addresses, either IPv4 or IPv6, for machines the
2554 root user is not
2555 allowed to use to access the Directory Server. Any IP addresses
2556 not listed are
2557 implicitly allowed (rootdn-deny-ip) If an IP address is listed
2558 in both the
2559 rootdn-allow-ip and rootdn-deny-ip attributes, it is denied
2560 access.
2561 --open-time OPEN_TIME
2564 Sets part of a time period or range when the root user is
2565 allowed to access
2566 the Directory Server. This sets when the time-based access
2567 begins (rootdn-
2568 open-time)
2569 --close-time CLOSE_TIME
2572 Sets part of a time period or range when the root user is
2573 allowed to access
2574 the Directory Server. This sets when the time-based access ends
2575 (rootdn-close-
2576 time)
2577 --days-allowed DAYS_ALLOWED
2580 Gives a comma-separated list of what days the root user is
2581 allowed to use to
2582 access the Directory Server. Any days listed are implicitly
2583 denied (rootdn-
2584 days-allowed)
2585
2589 usage: dsconf instance plugin usn [-h]
2590 {show,enable,disable,sta‐
2591 tus,global,cleanup}
2592 ...
2593 Sub-commands
2596 dsconf plugin usn show
2597 display plugin configuration
2598 dsconf plugin usn enable
2600 enable plugin
2601 dsconf plugin usn disable
2603 disable plugin
2604 dsconf plugin usn status
2606 display plugin status
2607 dsconf plugin usn global
2609 Get or manage global usn mode (nsslapd-entryusn-global)
2610 dsconf plugin usn cleanup
2612 Run the USN tombstone cleanup task
2613
2615 usage: dsconf instance plugin usn show [-h]
2616
2621 usage: dsconf instance plugin usn enable [-h]
2622
2627 usage: dsconf instance plugin usn disable [-h]
2628
2633 usage: dsconf instance plugin usn status [-h]
2634
2639 usage: dsconf instance plugin usn global [-h] {on,off} ...
2640 Sub-commands
2643 dsconf plugin usn global on
2644 Enable usn global mode
2645 dsconf plugin usn global off
2647 Disable usn global mode
2648
2650 usage: dsconf instance plugin usn global on [-h]
2651
2656 usage: dsconf instance plugin usn global off [-h]
2657
2663 usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2664 [-m MAXUSN]
2665 -s SUFFIX, --suffix SUFFIX
2669 Gives the suffix or subtree in the Directory Server to run the
2670 cleanup
2671 operation against. If the suffix is not specified, then the back
2672 end must be
2673 given (suffix)
2674 -n BACKEND, --backend BACKEND
2677 Gives the Directory Server instance back end, or database, to
2678 run the cleanup
2679 operation against. If the back end is not specified, then the
2680 suffix must be
2681 specified.Backend instance in which USN tombstone entries (back‐
2682 end)
2683 -m MAXUSN, --maxusn MAXUSN
2686 Gives the highest USN value to delete when removing tombstone
2687 entries
2688 (max_usn_to_delete)
2689
2693 usage: dsconf instance plugin account-policy [-h]
2694 {show,enable,disable,sta‐
2695 tus,set,config-entry}
2696 ...
2697 Sub-commands
2700 dsconf plugin account-policy show
2701 display plugin configuration
2702 dsconf plugin account-policy enable
2704 enable plugin
2705 dsconf plugin account-policy disable
2707 disable plugin
2708 dsconf plugin account-policy status
2710 display plugin status
2711 dsconf plugin account-policy set
2713 Edit the plugin
2714 dsconf plugin account-policy config-entry
2716 Manage the config entry
2717
2719 usage: dsconf instance plugin account-policy show [-h]
2720
2725 usage: dsconf instance plugin account-policy enable [-h]
2726
2731 usage: dsconf instance plugin account-policy disable [-h]
2732
2737 usage: dsconf instance plugin account-policy status [-h]
2738
2743 usage: dsconf instance plugin account-policy set [-h]
2744 [--config-entry CON‐
2745 FIG_ENTRY]
2746 --config-entry CONFIG_ENTRY
2750 The value to set as nsslapd-pluginConfigArea
2751
2754 usage: dsconf instance plugin account-policy config-entry [-h]
2755 {add,set,show,delete}
2756 ...
2757 Sub-commands
2760 dsconf plugin account-policy config-entry add
2761 Add the config entry
2762 dsconf plugin account-policy config-entry set
2764 Edit the config entry
2765 dsconf plugin account-policy config-entry show
2767 Display the config entry
2768 dsconf plugin account-policy config-entry delete
2770 Delete the config entry
2771
2773 usage: dsconf instance plugin account-policy config-entry add
2774 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2775 ALT_STATE_ATTR]
2776 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2777 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2778 [--state-attr STATE_ATTR]
2779 DN
2780 DN The config entry full DN
2783 --always-record-login {yes,no}
2786 Sets that every entry records its last login time (alwaysRecord‐
2787 Login)
2788 --alt-state-attr ALT_STATE_ATTR
2791 Provides a backup attribute for the server to reference to eval‐
2792 uate the
2793 expiration time (altStateAttrName)
2794 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2797 Specifies the attribute to store the time of the last successful
2798 login in this
2799 attribute in the users directory entry (alwaysRecordLoginAttr)
2800 --limit-attr LIMIT_ATTR
2803 Specifies the attribute within the policy to use for the account
2804 inactivation
2805 limit (limitAttrName)
2806 --spec-attr SPEC_ATTR
2809 Specifies the attribute to identify which entries are account
2810 policy
2811 configuration entries (specAttrName)
2812 --state-attr STATE_ATTR
2815 Specifies the primary time attribute used to evaluate an account
2816 policy
2817 (stateAttrName)
2818
2821 usage: dsconf instance plugin account-policy config-entry set
2822 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2823 ALT_STATE_ATTR]
2824 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2825 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2826 [--state-attr STATE_ATTR]
2827 DN
2828 DN The config entry full DN
2831 --always-record-login {yes,no}
2834 Sets that every entry records its last login time (alwaysRecord‐
2835 Login)
2836 --alt-state-attr ALT_STATE_ATTR
2839 Provides a backup attribute for the server to reference to eval‐
2840 uate the
2841 expiration time (altStateAttrName)
2842 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2845 Specifies the attribute to store the time of the last successful
2846 login in this
2847 attribute in the users directory entry (alwaysRecordLoginAttr)
2848 --limit-attr LIMIT_ATTR
2851 Specifies the attribute within the policy to use for the account
2852 inactivation
2853 limit (limitAttrName)
2854 --spec-attr SPEC_ATTR
2857 Specifies the attribute to identify which entries are account
2858 policy
2859 configuration entries (specAttrName)
2860 --state-attr STATE_ATTR
2863 Specifies the primary time attribute used to evaluate an account
2864 policy
2865 (stateAttrName)
2866
2869 usage: dsconf instance plugin account-policy config-entry show [-h] DN
2870 DN The config entry full DN
2873
2877 usage: dsconf instance plugin account-policy config-entry delete [-h]
2878 DN
2879 DN The config entry full DN
2882
2888 usage: dsconf instance plugin attr-uniq [-h]
2889 {show,enable,disable,sta‐
2890 tus,list,add,set,delete}
2891 ...
2892 Sub-commands
2895 dsconf plugin attr-uniq show
2896 display plugin configuration
2897 dsconf plugin attr-uniq enable
2899 enable plugin
2900 dsconf plugin attr-uniq disable
2902 disable plugin
2903 dsconf plugin attr-uniq status
2905 display plugin status
2906 dsconf plugin attr-uniq list
2908 List available plugin configs
2909 dsconf plugin attr-uniq add
2911 Add the config entry
2912 dsconf plugin attr-uniq set
2914 Edit the config entry
2915 dsconf plugin attr-uniq show
2917 Display the config entry
2918 dsconf plugin attr-uniq delete
2920 Delete the config entry
2921 dsconf plugin attr-uniq enable
2923 enable plugin
2924 dsconf plugin attr-uniq disable
2926 disable plugin
2927 dsconf plugin attr-uniq status
2929 display plugin status
2930
2932 usage: dsconf instance plugin attr-uniq show [-h] NAME
2933 NAME The name of the plug-in configuration record
2936
2940 usage: dsconf instance plugin attr-uniq enable [-h] NAME
2941 NAME Sets the name of the plug-in configuration record
2944
2948 usage: dsconf instance plugin attr-uniq disable [-h] NAME
2949 NAME Sets the name of the plug-in configuration record
2952
2956 usage: dsconf instance plugin attr-uniq status [-h] NAME
2957 NAME Sets the name of the plug-in configuration record
2960
2964 usage: dsconf instance plugin attr-uniq list [-h]
2965
2970 usage: dsconf instance plugin attr-uniq add [-h]
2971 [--attr-name ATTR_NAME
2972 [ATTR_NAME ...]]
2973 [--subtree SUBTREE [SUBTREE
2974 ...]]
2975 [--across-all-subtrees
2976 {on,off}]
2977 [--top-entry-oc
2978 TOP_ENTRY_OC]
2979 [--subtree-entries-oc SUB‐
2980 TREE_ENTRIES_OC]
2981 NAME
2982 NAME Sets the name of the plug-in configuration record. (cn) You can
2985 use any
2986 string, but "attribute_name Attribute Uniqueness" is recom‐
2987 mended.
2988 --attr-name ATTR_NAME [ATTR_NAME ...]
2991 Sets the name of the attribute whose values must be unique. This
2992 attribute is
2993 multi-valued. (uniqueness-attribute-name)
2994 --subtree SUBTREE [SUBTREE ...]
2997 Sets the DN under which the plug-in checks for uniqueness of the
2998 attributes
2999 value. This attribute is multi-valued (uniqueness-subtrees)
3000 --across-all-subtrees {on,off}
3003 If enabled (on), the plug-in checks that the attribute is unique
3004 across all
3005 subtrees set. If you set the attribute to off, uniqueness is
3006 only enforced
3007 within the subtree of the updated entry (unique‐
3008 ness-across-all-subtrees)
3009 --top-entry-oc TOP_ENTRY_OC
3012 Verifies that the value of the attribute set in unique‐
3013 ness-attribute-name is
3014 unique in this subtree (uniqueness-top-entry-oc)
3015 --subtree-entries-oc SUBTREE_ENTRIES_OC
3018 Verifies if an attribute is unique, if the entry contains the
3019 object class set
3020 in this parameter (uniqueness-subtree-entries-oc)
3021
3024 usage: dsconf instance plugin attr-uniq set [-h]
3025 [--attr-name ATTR_NAME
3026 [ATTR_NAME ...]]
3027 [--subtree SUBTREE [SUBTREE
3028 ...]]
3029 [--across-all-subtrees
3030 {on,off}]
3031 [--top-entry-oc
3032 TOP_ENTRY_OC]
3033 [--subtree-entries-oc SUB‐
3034 TREE_ENTRIES_OC]
3035 NAME
3036 NAME Sets the name of the plug-in configuration record. (cn) You can
3039 use any
3040 string, but "attribute_name Attribute Uniqueness" is recom‐
3041 mended.
3042 --attr-name ATTR_NAME [ATTR_NAME ...]
3045 Sets the name of the attribute whose values must be unique. This
3046 attribute is
3047 multi-valued. (uniqueness-attribute-name)
3048 --subtree SUBTREE [SUBTREE ...]
3051 Sets the DN under which the plug-in checks for uniqueness of the
3052 attributes
3053 value. This attribute is multi-valued (uniqueness-subtrees)
3054 --across-all-subtrees {on,off}
3057 If enabled (on), the plug-in checks that the attribute is unique
3058 across all
3059 subtrees set. If you set the attribute to off, uniqueness is
3060 only enforced
3061 within the subtree of the updated entry (unique‐
3062 ness-across-all-subtrees)
3063 --top-entry-oc TOP_ENTRY_OC
3066 Verifies that the value of the attribute set in unique‐
3067 ness-attribute-name is
3068 unique in this subtree (uniqueness-top-entry-oc)
3069 --subtree-entries-oc SUBTREE_ENTRIES_OC
3072 Verifies if an attribute is unique, if the entry contains the
3073 object class set
3074 in this parameter (uniqueness-subtree-entries-oc)
3075
3078 usage: dsconf instance plugin attr-uniq delete [-h] NAME
3079 NAME Sets the name of the plug-in configuration record
3082
3087 usage: dsconf instance plugin dna [-h]
3088 {show,enable,disable,status,list,con‐
3089 fig} ...
3090 Sub-commands
3093 dsconf plugin dna show
3094 display plugin configuration
3095 dsconf plugin dna enable
3097 enable plugin
3098 dsconf plugin dna disable
3100 disable plugin
3101 dsconf plugin dna status
3103 display plugin status
3104 dsconf plugin dna list
3106 List available plugin configs
3107 dsconf plugin dna config
3109 Manage plugin configs
3110
3112 usage: dsconf instance plugin dna show [-h]
3113
3118 usage: dsconf instance plugin dna enable [-h]
3119
3124 usage: dsconf instance plugin dna disable [-h]
3125
3130 usage: dsconf instance plugin dna status [-h]
3131
3136 usage: dsconf instance plugin dna list [-h] {configs,shared-configs}
3137 ...
3138 Sub-commands
3141 dsconf plugin dna list configs
3142 List main DNA plugin config entries
3143 dsconf plugin dna list shared-configs
3145 List DNA plugin shared config entries
3146
3148 usage: dsconf instance plugin dna list configs [-h]
3149
3154 usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3155 BASEDN The search DN
3158
3163 usage: dsconf instance plugin dna config [-h]
3164 NAME
3165 {add,set,show,delete,shared-
3166 config-entry}
3167 ...
3168 NAME The DNA configuration name
3171 Sub-commands
3174 dsconf plugin dna config add
3175 Add the config entry
3176 dsconf plugin dna config set
3178 Edit the config entry
3179 dsconf plugin dna config show
3181 Display the config entry
3182 dsconf plugin dna config delete
3184 Delete the config entry
3185 dsconf plugin dna config shared-config-entry
3187 Manage the shared config entry
3188
3190 usage: dsconf instance plugin dna config NAME add [-h]
3191 [--type TYPE [TYPE
3192 ...]]
3193 [--prefix PREFIX]
3194 [--next-value
3195 NEXT_VALUE]
3196 [--max-value
3197 MAX_VALUE]
3198 [--interval INTERVAL]
3199 [--magic-regen
3200 MAGIC_REGEN]
3201 [--filter FILTER]
3202 [--scope SCOPE]
3203 [--remote-bind-dn
3204 REMOTE_BIND_DN]
3205 [--remote-bind-cred
3206 REMOTE_BIND_CRED]
3207 [--shared-config-
3208 entry SHARED_CONFIG_ENTRY]
3209 [--threshold THRESH‐
3210 OLD]
3211 [--next-range
3212 NEXT_RANGE]
3213 [--range-request-
3214 timeout RANGE_REQUEST_TIMEOUT]
3215 --type TYPE [TYPE ...]
3219 Sets which attributes have unique numbers being generated for
3220 them (dnaType)
3221 --prefix PREFIX
3224 Defines a prefix that can be prepended to the generated number
3225 values for the
3226 attribute (dnaPrefix)
3227 --next-value NEXT_VALUE
3230 Gives the next available number which can be assigned
3231 (dnaNextValue)
3232 --max-value MAX_VALUE
3235 Sets the maximum value that can be assigned for the range (dna‐
3236 MaxValue)
3237 --interval INTERVAL
3240 Sets an interval to use to increment through numbers in a range
3241 (dnaInterval)
3242 --magic-regen MAGIC_REGEN
3245 Sets a user-defined value that instructs the plug-in to assign a
3246 new value for
3247 the entry (dnaMagicRegen)
3248 --filter FILTER
3251 Sets an LDAP filter to use to search for and identify the
3252 entries to which to
3253 apply the distributed numeric assignment range (dnaFilter)
3254 --scope SCOPE
3257 Sets the base DN to search for entries to which to apply the
3258 distributed
3259 numeric assignment (dnaScope)
3260 --remote-bind-dn REMOTE_BIND_DN
3263 Specifies the Replication Manager DN (dnaRemoteBindDN)
3264 --remote-bind-cred REMOTE_BIND_CRED
3267 Specifies the Replication Manager's password (dnaRemoteBindCred)
3268 --shared-config-entry SHARED_CONFIG_ENTRY
3271 Defines a shared identity that the servers can use to transfer
3272 ranges to one
3273 another (dnaSharedCfgDN)
3274 --threshold THRESHOLD
3277 Sets a threshold of remaining available numbers in the range.
3278 When the server
3279 hits the threshold, it sends a request for a new range
3280 (dnaThreshold)
3281 --next-range NEXT_RANGE
3284 Defines the next range to use when the current range is
3285 exhausted
3286 (dnaNextRange)
3287 --range-request-timeout RANGE_REQUEST_TIMEOUT
3290 sets a timeout period, in seconds, for range requests so that
3291 the server does
3292 not stall waiting on a new range from one server and can request
3293 a range from
3294 a new server (dnaRangeRequestTimeout)
3295
3298 usage: dsconf instance plugin dna config NAME set [-h]
3299 [--type TYPE [TYPE
3300 ...]]
3301 [--prefix PREFIX]
3302 [--next-value
3303 NEXT_VALUE]
3304 [--max-value
3305 MAX_VALUE]
3306 [--interval INTERVAL]
3307 [--magic-regen
3308 MAGIC_REGEN]
3309 [--filter FILTER]
3310 [--scope SCOPE]
3311 [--remote-bind-dn
3312 REMOTE_BIND_DN]
3313 [--remote-bind-cred
3314 REMOTE_BIND_CRED]
3315 [--shared-config-
3316 entry SHARED_CONFIG_ENTRY]
3317 [--threshold THRESH‐
3318 OLD]
3319 [--next-range
3320 NEXT_RANGE]
3321 [--range-request-
3322 timeout RANGE_REQUEST_TIMEOUT]
3323 --type TYPE [TYPE ...]
3327 Sets which attributes have unique numbers being generated for
3328 them (dnaType)
3329 --prefix PREFIX
3332 Defines a prefix that can be prepended to the generated number
3333 values for the
3334 attribute (dnaPrefix)
3335 --next-value NEXT_VALUE
3338 Gives the next available number which can be assigned
3339 (dnaNextValue)
3340 --max-value MAX_VALUE
3343 Sets the maximum value that can be assigned for the range (dna‐
3344 MaxValue)
3345 --interval INTERVAL
3348 Sets an interval to use to increment through numbers in a range
3349 (dnaInterval)
3350 --magic-regen MAGIC_REGEN
3353 Sets a user-defined value that instructs the plug-in to assign a
3354 new value for
3355 the entry (dnaMagicRegen)
3356 --filter FILTER
3359 Sets an LDAP filter to use to search for and identify the
3360 entries to which to
3361 apply the distributed numeric assignment range (dnaFilter)
3362 --scope SCOPE
3365 Sets the base DN to search for entries to which to apply the
3366 distributed
3367 numeric assignment (dnaScope)
3368 --remote-bind-dn REMOTE_BIND_DN
3371 Specifies the Replication Manager DN (dnaRemoteBindDN)
3372 --remote-bind-cred REMOTE_BIND_CRED
3375 Specifies the Replication Manager's password (dnaRemoteBindCred)
3376 --shared-config-entry SHARED_CONFIG_ENTRY
3379 Defines a shared identity that the servers can use to transfer
3380 ranges to one
3381 another (dnaSharedCfgDN)
3382 --threshold THRESHOLD
3385 Sets a threshold of remaining available numbers in the range.
3386 When the server
3387 hits the threshold, it sends a request for a new range
3388 (dnaThreshold)
3389 --next-range NEXT_RANGE
3392 Defines the next range to use when the current range is
3393 exhausted
3394 (dnaNextRange)
3395 --range-request-timeout RANGE_REQUEST_TIMEOUT
3398 sets a timeout period, in seconds, for range requests so that
3399 the server does
3400 not stall waiting on a new range from one server and can request
3401 a range from
3402 a new server (dnaRangeRequestTimeout)
3403
3406 usage: dsconf instance plugin dna config NAME show [-h]
3407
3412 usage: dsconf instance plugin dna config NAME delete [-h]
3413
3418 usage: dsconf instance plugin dna config NAME shared-config-entry
3419 [-h] {add,edit,show,delete} ...
3420 Sub-commands
3423 dsconf plugin dna config shared-config-entry add
3424 Add the shared config entry
3425 dsconf plugin dna config shared-config-entry edit
3427 Edit the shared config entry
3428 dsconf plugin dna config shared-config-entry show
3430 Display the shared config entry
3431 dsconf plugin dna config shared-config-entry delete
3433 Delete the shared config entry
3434
3436 usage: dsconf instance plugin dna config NAME shared-config-entry add
3437 [-h] [--hostname HOSTNAME] [--port PORT] [--secure-port
3438 SECURE_PORT]
3439 [--remote-bind-method REMOTE_BIND_METHOD]
3440 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3441 [--remaining-values REMAINING_VALUES]
3442 BASEDN
3443 BASEDN The shared config entry BASE DN. The new DN will be constructed
3446 with
3447 dnaHostname and dnaPortNum
3448 --hostname HOSTNAME
3451 Identifies the host name of a server in a shared range, as part
3452 of the DNA
3453 range configuration for that specific host in multi-master
3454 replication
3455 (dnaHostname)
3456 --port PORT
3459 Gives the standard port number to use to connect to the host
3460 identified in
3461 dnaHostname (dnaPortNum)
3462 --secure-port SECURE_PORT
3465 Gives the secure (TLS) port number to use to connect to the host
3466 identified in
3467 dnaHostname (dnaSecurePortNum)
3468 --remote-bind-method REMOTE_BIND_METHOD
3471 Specifies the remote bind method (dnaRemoteBindMethod)
3472 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3475 Specifies the remote connection protocol (dnaRemoteConnProtocol)
3476 --remaining-values REMAINING_VALUES
3479 Contains the number of values that are remaining and available
3480 to a server to
3481 assign to entries (dnaRemainingValues)
3482
3485 usage: dsconf instance plugin dna config NAME shared-config-entry edit
3486 [-h] [--hostname HOSTNAME] [--port PORT] [--secure-port
3487 SECURE_PORT]
3488 [--remote-bind-method REMOTE_BIND_METHOD]
3489 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3490 [--remaining-values REMAINING_VALUES]
3491 DN
3492 DN The shared config entry DN
3495 --hostname HOSTNAME
3498 Identifies the host name of a server in a shared range, as part
3499 of the DNA
3500 range configuration for that specific host in multi-master
3501 replication
3502 (dnaHostname)
3503 --port PORT
3506 Gives the standard port number to use to connect to the host
3507 identified in
3508 dnaHostname (dnaPortNum)
3509 --secure-port SECURE_PORT
3512 Gives the secure (TLS) port number to use to connect to the host
3513 identified in
3514 dnaHostname (dnaSecurePortNum)
3515 --remote-bind-method REMOTE_BIND_METHOD
3518 Specifies the remote bind method (dnaRemoteBindMethod)
3519 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3522 Specifies the remote connection protocol (dnaRemoteConnProtocol)
3523 --remaining-values REMAINING_VALUES
3526 Contains the number of values that are remaining and available
3527 to a server to
3528 assign to entries (dnaRemainingValues)
3529
3532 usage: dsconf instance plugin dna config NAME shared-config-entry show
3533 [-h] DN
3534 DN The shared config entry DN
3537
3541 usage: dsconf instance plugin dna config NAME shared-config-entry
3542 delete
3543 [-h] DN
3544 DN The shared config entry DN
3547
3554 usage: dsconf instance plugin linked-attr [-h]
3555 {show,enable,disable,sta‐
3556 tus,fixup,list,config}
3557 ...
3558 Sub-commands
3561 dsconf plugin linked-attr show
3562 display plugin configuration
3563 dsconf plugin linked-attr enable
3565 enable plugin
3566 dsconf plugin linked-attr disable
3568 disable plugin
3569 dsconf plugin linked-attr status
3571 display plugin status
3572 dsconf plugin linked-attr fixup
3574 Run the fix-up task for linked attributes plugin
3575 dsconf plugin linked-attr list
3577 List available plugin configs
3578 dsconf plugin linked-attr config
3580 Manage plugin configs
3581
3583 usage: dsconf instance plugin linked-attr show [-h]
3584
3589 usage: dsconf instance plugin linked-attr enable [-h]
3590
3595 usage: dsconf instance plugin linked-attr disable [-h]
3596
3601 usage: dsconf instance plugin linked-attr status [-h]
3602
3607 usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3608 -l LINKDN, --linkdn LINKDN
3612 Base DN that contains entries to fix up
3613
3616 usage: dsconf instance plugin linked-attr list [-h]
3617
3622 usage: dsconf instance plugin linked-attr config [-h]
3623 NAME
3624 {add,set,show,delete}
3625 ...
3626 NAME The Linked Attributes configuration name
3629 Sub-commands
3632 dsconf plugin linked-attr config add
3633 Add the config entry
3634 dsconf plugin linked-attr config set
3636 Edit the config entry
3637 dsconf plugin linked-attr config show
3639 Display the config entry
3640 dsconf plugin linked-attr config delete
3642 Delete the config entry
3643
3645 usage: dsconf instance plugin linked-attr config NAME add [-h]
3646 [--link-type
3647 LINK_TYPE]
3648 [--managed-
3649 type MANAGED_TYPE]
3650 [--link-scope
3651 LINK_SCOPE]
3652 --link-type LINK_TYPE
3656 Sets the attribute that is managed manually by administrators
3657 (linkType)
3658 --managed-type MANAGED_TYPE
3661 Sets the attribute that is created dynamically by the plugin
3662 (managedType)
3663 --link-scope LINK_SCOPE
3666 Sets the scope that restricts the plugin to a specific part of
3667 the directory
3668 tree (linkScope)
3669
3672 usage: dsconf instance plugin linked-attr config NAME set [-h]
3673 [--link-type
3674 LINK_TYPE]
3675 [--managed-
3676 type MANAGED_TYPE]
3677 [--link-scope
3678 LINK_SCOPE]
3679 --link-type LINK_TYPE
3683 Sets the attribute that is managed manually by administrators
3684 (linkType)
3685 --managed-type MANAGED_TYPE
3688 Sets the attribute that is created dynamically by the plugin
3689 (managedType)
3690 --link-scope LINK_SCOPE
3693 Sets the scope that restricts the plugin to a specific part of
3694 the directory
3695 tree (linkScope)
3696
3699 usage: dsconf instance plugin linked-attr config NAME show [-h]
3700
3705 usage: dsconf instance plugin linked-attr config NAME delete [-h]
3706
3713 usage: dsconf instance plugin managed-entries [-h]
3714 {show,enable,disable,sta‐
3715 tus,set,list,config,template}
3716 ...
3717 Sub-commands
3720 dsconf plugin managed-entries show
3721 display plugin configuration
3722 dsconf plugin managed-entries enable
3724 enable plugin
3725 dsconf plugin managed-entries disable
3727 disable plugin
3728 dsconf plugin managed-entries status
3730 display plugin status
3731 dsconf plugin managed-entries set
3733 Edit the plugin
3734 dsconf plugin managed-entries list
3736 List Managed Entries Plugin configs and templates
3737 dsconf plugin managed-entries config
3739 Handle Managed Entries Plugin configs
3740 dsconf plugin managed-entries template
3742 Handle Managed Entries Plugin templates
3743
3745 usage: dsconf instance plugin managed-entries show [-h]
3746
3751 usage: dsconf instance plugin managed-entries enable [-h]
3752
3757 usage: dsconf instance plugin managed-entries disable [-h]
3758
3763 usage: dsconf instance plugin managed-entries status [-h]
3764
3769 usage: dsconf instance plugin managed-entries set [-h]
3770 [--config-area CON‐
3771 FIG_AREA]
3772 --config-area CONFIG_AREA
3776 The value to set as nsslapd-pluginConfigArea
3777
3780 usage: dsconf instance plugin managed-entries list [-h]
3781 {configs,templates}
3782 ...
3783 Sub-commands
3786 dsconf plugin managed-entries list configs
3787 List Managed Entries Plugin configs (list config-area if speci‐
3788 fied in the main plugin entry)
3789 dsconf plugin managed-entries list templates
3791 List Managed Entries Plugin templates in the directory
3792
3794 usage: dsconf instance plugin managed-entries list configs [-h]
3795
3800 usage: dsconf instance plugin managed-entries list templates [-h]
3801 BASEDN
3802 BASEDN The base DN where to search the templates.
3805
3810 usage: dsconf instance plugin managed-entries config [-h]
3811 NAME
3812 {add,set,show,delete}
3813 ...
3814 NAME The config entry CN.
3817 Sub-commands
3820 dsconf plugin managed-entries config add
3821 Add the config entry
3822 dsconf plugin managed-entries config set
3824 Edit the config entry
3825 dsconf plugin managed-entries config show
3827 Display the config entry
3828 dsconf plugin managed-entries config delete
3830 Delete the config entry
3831
3833 usage: dsconf instance plugin managed-entries config NAME add
3834 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
3835 AGED_BASE]
3836 [--managed-template MANAGED_TEMPLATE]
3837 --scope SCOPE
3841 Sets the scope of the search to use to see which entries the
3842 plug-in monitors
3843 (originScope)
3844 --filter FILTER
3847 Sets the search filter to use to search for and identify the
3848 entries within
3849 the subtree which require a managed entry (originFilter)
3850 --managed-base MANAGED_BASE
3853 Sets the subtree under which to create the managed entries (man‐
3854 agedBase)
3855 --managed-template MANAGED_TEMPLATE
3858 Identifies the template entry to use to create the managed entry
3859 (managedTemplate)
3860
3863 usage: dsconf instance plugin managed-entries config NAME set
3864 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
3865 AGED_BASE]
3866 [--managed-template MANAGED_TEMPLATE]
3867 --scope SCOPE
3871 Sets the scope of the search to use to see which entries the
3872 plug-in monitors
3873 (originScope)
3874 --filter FILTER
3877 Sets the search filter to use to search for and identify the
3878 entries within
3879 the subtree which require a managed entry (originFilter)
3880 --managed-base MANAGED_BASE
3883 Sets the subtree under which to create the managed entries (man‐
3884 agedBase)
3885 --managed-template MANAGED_TEMPLATE
3888 Identifies the template entry to use to create the managed entry
3889 (managedTemplate)
3890
3893 usage: dsconf instance plugin managed-entries config NAME show [-h]
3894
3899 usage: dsconf instance plugin managed-entries config NAME delete [-h]
3900
3906 usage: dsconf instance plugin managed-entries template [-h]
3907 DN
3908 {add,set,show,delete}
3909 ...
3910 DN The template entry DN.
3913 Sub-commands
3916 dsconf plugin managed-entries template add
3917 Add the template entry
3918 dsconf plugin managed-entries template set
3920 Edit the template entry
3921 dsconf plugin managed-entries template show
3923 Display the template entry
3924 dsconf plugin managed-entries template delete
3926 Delete the template entry
3927
3929 usage: dsconf instance plugin managed-entries template DN add
3930 [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
3931 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3932 --rdn-attr RDN_ATTR
3936 Sets which attribute to use as the naming attribute in the auto‐
3937 matically-
3938 generated entry (mepRDNAttr)
3939 --static-attr STATIC_ATTR
3942 Sets an attribute with a defined value that must be added to the
3943 automatically-generated entry (mepStaticAttr)
3944 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3947 Sets an attribute in the Managed Entries template entry which
3948 must exist in
3949 the generated entry (mepMappedAttr)
3950
3953 usage: dsconf instance plugin managed-entries template DN set
3954 [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
3955 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3956 --rdn-attr RDN_ATTR
3960 Sets which attribute to use as the naming attribute in the auto‐
3961 matically-
3962 generated entry (mepRDNAttr)
3963 --static-attr STATIC_ATTR
3966 Sets an attribute with a defined value that must be added to the
3967 automatically-generated entry (mepStaticAttr)
3968 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3971 Sets an attribute in the Managed Entries template entry which
3972 must exist in
3973 the generated entry (mepMappedAttr)
3974
3977 usage: dsconf instance plugin managed-entries template DN show [-h]
3978
3983 usage: dsconf instance plugin managed-entries template DN delete [-h]
3984
3991 usage: dsconf instance plugin pass-through-auth [-h]
3992 {show,enable,dis‐
3993 able,status,list,url,pam-config}
3994 ...
3995 Sub-commands
3998 dsconf plugin pass-through-auth show
3999 display plugin configuration
4000 dsconf plugin pass-through-auth enable
4002 enable plugin
4003 dsconf plugin pass-through-auth disable
4005 disable plugin
4006 dsconf plugin pass-through-auth status
4008 display plugin status
4009 dsconf plugin pass-through-auth list
4011 List pass-though plugin URLs or PAM configurations.
4012 dsconf plugin pass-through-auth url
4014 Manage PTA URL configurations.
4015 dsconf plugin pass-through-auth pam-config
4017 Manage PAM PTA configurations.
4018
4020 usage: dsconf instance plugin pass-through-auth show [-h]
4021
4026 usage: dsconf instance plugin pass-through-auth enable [-h]
4027
4032 usage: dsconf instance plugin pass-through-auth disable [-h]
4033
4038 usage: dsconf instance plugin pass-through-auth status [-h]
4039
4044 usage: dsconf instance plugin pass-through-auth list [-h]
4045 {urls,pam-configs}
4046 ...
4047 Sub-commands
4050 dsconf plugin pass-through-auth list urls
4051 List URLs.
4052 dsconf plugin pass-through-auth list pam-configs
4054 List PAM configurations.
4055
4057 usage: dsconf instance plugin pass-through-auth list urls [-h]
4058
4063 usage: dsconf instance plugin pass-through-auth list pam-configs [-h]
4064
4070 usage: dsconf instance plugin pass-through-auth url [-h]
4071 {add,modify,delete}
4072 ...
4073 Sub-commands
4076 dsconf plugin pass-through-auth url add
4077 Add the config entry
4078 dsconf plugin pass-through-auth url modify
4080 Edit the config entry
4081 dsconf plugin pass-through-auth url delete
4083 Delete the config entry
4084
4086 usage: dsconf instance plugin pass-through-auth url add [-h] URL
4087 URL The full LDAP URL in format "ldap|ldaps://authDS/subtree
4090 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one
4091 optional
4092 parameter is specified the rest should be specified too
4093
4097 usage: dsconf instance plugin pass-through-auth url modify [-h]
4098 OLD_URL
4099 NEW_URL
4100 OLD_URL
4103 The full LDAP URL you get from the "list" command
4104 NEW_URL
4107 The full LDAP URL in format "ldap|ldaps://authDS/subtree
4108 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one
4109 optional
4110 parameter is specified the rest should be specified too
4111
4115 usage: dsconf instance plugin pass-through-auth url delete [-h] URL
4116 URL The full LDAP URL you get from the "list" command
4119
4124 usage: dsconf instance plugin pass-through-auth pam-config [-h]
4125 NAME
4126 {add,set,show,delete}
4127 ...
4128 NAME The PAM PTA configuration name
4131 Sub-commands
4134 dsconf plugin pass-through-auth pam-config add
4135 Add the config entry
4136 dsconf plugin pass-through-auth pam-config set
4138 Edit the config entry
4139 dsconf plugin pass-through-auth pam-config show
4141 Display the config entry
4142 dsconf plugin pass-through-auth pam-config delete
4144 Delete the config entry
4145
4147 usage: dsconf instance plugin pass-through-auth pam-config NAME add
4148 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4149 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4150 [--missing-suffix {ERROR,ALLOW,IGNORE}] [--filter FILTER]
4151 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4152 ID_MAP_METHOD]
4153 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4154 SERVICE]
4155 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4159 Specifies a suffix to exclude from PAM authentication (pamEx‐
4160 cludeSuffix)
4161 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4164 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4165 fix)
4166 --missing-suffix {ERROR,ALLOW,IGNORE}
4169 Identifies how to handle missing include or exclude suffixes
4170 (pamMissingSuffix)
4171 --filter FILTER
4174 Sets an LDAP filter to use to identify specific entries within
4175 the included
4176 suffixes for which to use PAM pass-through authentication (pam‐
4177 Filter)
4178 --id-attr ID_ATTR [ID_ATTR ...]
4181 Contains the attribute name which is used to hold the PAM user
4182 ID (pamIDAttr)
4183 --id_map_method ID_MAP_METHOD
4186 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4187 tity
4188 (pamIDMapMethod)
4189 --fallback {TRUE,FALSE}
4192 Sets whether to fallback to regular LDAP authentication if PAM
4193 authentication
4194 fails (pamFallback)
4195 --secure {TRUE,FALSE}
4198 Requires secure TLS connection for PAM authentication (pamSe‐
4199 cure)
4200 --service SERVICE
4203 Contains the service name to pass to PAM (pamService)
4204
4207 usage: dsconf instance plugin pass-through-auth pam-config NAME set
4208 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4209 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4210 [--missing-suffix {ERROR,ALLOW,IGNORE}] [--filter FILTER]
4211 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4212 ID_MAP_METHOD]
4213 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4214 SERVICE]
4215 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4219 Specifies a suffix to exclude from PAM authentication (pamEx‐
4220 cludeSuffix)
4221 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4224 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4225 fix)
4226 --missing-suffix {ERROR,ALLOW,IGNORE}
4229 Identifies how to handle missing include or exclude suffixes
4230 (pamMissingSuffix)
4231 --filter FILTER
4234 Sets an LDAP filter to use to identify specific entries within
4235 the included
4236 suffixes for which to use PAM pass-through authentication (pam‐
4237 Filter)
4238 --id-attr ID_ATTR [ID_ATTR ...]
4241 Contains the attribute name which is used to hold the PAM user
4242 ID (pamIDAttr)
4243 --id_map_method ID_MAP_METHOD
4246 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4247 tity
4248 (pamIDMapMethod)
4249 --fallback {TRUE,FALSE}
4252 Sets whether to fallback to regular LDAP authentication if PAM
4253 authentication
4254 fails (pamFallback)
4255 --secure {TRUE,FALSE}
4258 Requires secure TLS connection for PAM authentication (pamSe‐
4259 cure)
4260 --service SERVICE
4263 Contains the service name to pass to PAM (pamService)
4264
4267 usage: dsconf instance plugin pass-through-auth pam-config NAME show
4268 [-h]
4269
4274 usage: dsconf instance plugin pass-through-auth pam-config NAME delete
4275 [-h]
4276
4283 usage: dsconf instance plugin retro-changelog [-h]
4284 {show,enable,disable,sta‐
4285 tus,set}
4286 ...
4287 Sub-commands
4290 dsconf plugin retro-changelog show
4291 display plugin configuration
4292 dsconf plugin retro-changelog enable
4294 enable plugin
4295 dsconf plugin retro-changelog disable
4297 disable plugin
4298 dsconf plugin retro-changelog status
4300 display plugin status
4301 dsconf plugin retro-changelog set
4303 Edit the plugin
4304
4306 usage: dsconf instance plugin retro-changelog show [-h]
4307
4312 usage: dsconf instance plugin retro-changelog enable [-h]
4313
4318 usage: dsconf instance plugin retro-changelog disable [-h]
4319
4324 usage: dsconf instance plugin retro-changelog status [-h]
4325
4330 usage: dsconf instance plugin retro-changelog set [-h]
4331 [--is-replicated
4332 {true,false}]
4333 [--attribute
4334 ATTRIBUTE]
4335 [--directory DIREC‐
4336 TORY]
4337 [--max-age MAX_AGE]
4338 [--exclude-suffix
4339 EXCLUDE_SUFFIX]
4340 --is-replicated {true,false}
4344 Sets a flag to indicate on a change in the changelog whether the
4345 change is
4346 newly made on that server or whether it was replicated over from
4347 another
4348 server (isReplicated)
4349 --attribute ATTRIBUTE
4352 Specifies another Directory Server attribute which must be
4353 included in the
4354 retro changelog entries (nsslapd-attribute)
4355 --directory DIRECTORY
4358 Specifies the name of the directory in which the changelog data‐
4359 base is created
4360 the first time the plug-in is run
4361 --max-age MAX_AGE
4364 This attribute specifies the maximum age of any entry in the
4365 changelog
4366 (nsslapd-changelogmaxage)
4367 --exclude-suffix EXCLUDE_SUFFIX
4370 This attribute specifies the suffix which will be excluded from
4371 the scope of
4372 the plugin (nsslapd-exclude-suffix)
4373
4377 usage: dsconf instance plugin posix-winsync [-h]
4378 {show,enable,disable,sta‐
4379 tus,set}
4380 ...
4381 Sub-commands
4384 dsconf plugin posix-winsync show
4385 display plugin configuration
4386 dsconf plugin posix-winsync enable
4388 enable plugin
4389 dsconf plugin posix-winsync disable
4391 disable plugin
4392 dsconf plugin posix-winsync status
4394 display plugin status
4395 dsconf plugin posix-winsync set
4397 Edit the plugin
4398
4400 usage: dsconf instance plugin posix-winsync show [-h]
4401
4406 usage: dsconf instance plugin posix-winsync enable [-h]
4407
4412 usage: dsconf instance plugin posix-winsync disable [-h]
4413
4418 usage: dsconf instance plugin posix-winsync status [-h]
4419
4424 usage: dsconf instance plugin posix-winsync set [-h]
4425 [--create-memberof-task
4426 {true,false}]
4427 [--lower-case-uid
4428 {true,false}]
4429 [--map-member-uid
4430 {true,false}]
4431 [--map-nested-grouping
4432 {true,false}]
4433 [--ms-sfu-schema
4434 {true,false}]
4435 --create-memberof-task {true,false}
4439 sets whether to run the memberOf fix-up task immediately after a
4440 sync run in
4441 order to update group memberships for synced users
4442 (posixWinsyncCreateMemberOfTask)
4443 --lower-case-uid {true,false}
4446 Sets whether to store (and, if necessary, convert) the UID value
4447 in the
4448 memberUID attribute in lower case.(posixWinsyncLowerCaseUID)
4449 --map-member-uid {true,false}
4452 Sets whether to map the memberUID attribute in an Active Direc‐
4453 tory group to
4454 the uniqueMember attribute in a Directory Server group
4455 (posixWinsyncMapMemberUID)
4456 --map-nested-grouping {true,false}
4459 Manages if nested groups are updated when memberUID attributes
4460 in an Active
4461 Directory POSIX group change (posixWinsyncMapNestedGrouping)
4462 --ms-sfu-schema {true,false}
4465 Sets whether to the older Microsoft System Services for Unix 3.0
4466 (msSFU30)
4467 schema when syncing Posix attributes from Active Directory
4468 (posixWinsyncMsSFUSchema)
4469
4473 usage: dsconf instance plugin list [-h]
4474
4479 usage: dsconf instance plugin show [-h] [selector]
4480 selector
4483 The plugin to search for
4484
4488 usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled
4489 {on,off}]
4490 [--path PATH] [--initfunc INITFUNC]
4491 [--id ID] [--vendor VENDOR]
4492 [--version VERSION]
4493 [--description DESCRIPTION]
4494 [--depends-on-type DEPENDS_ON_TYPE]
4495 [--depends-on-named DEPENDS_ON_NAMED]
4496 [--precedence PRECEDENCE]
4497 [selector]
4498 selector
4501 The plugin to edit
4502 --type TYPE
4505 The type of plugin.
4506 --enabled {on,off}
4509 Identifies whether or not the plugin is enabled.
4510 --path PATH
4513 The plugin library name (without the library suffix).
4514 --initfunc INITFUNC
4517 An initialization function of the plugin.
4518 --id ID
4521 The plugin ID.
4522 --vendor VENDOR
4525 The vendor of plugin.
4526 --version VERSION
4529 The version of plugin.
4530 --description DESCRIPTION
4533 The description of the plugin.
4534 --depends-on-type DEPENDS_ON_TYPE
4537 All plug-ins with a type value which matches one of the values
4538 in the
4539 following valid range will be started by the server prior to
4540 this plug-in.
4541 --depends-on-named DEPENDS_ON_NAMED
4544 The plug-in name matching one of the following values will be
4545 started by the
4546 server prior to this plug-in
4547 --precedence PRECEDENCE
4550 The priority it has in the execution order of plug-ins
4551
4555 usage: dsconf instance pwpolicy [-h] {get,set} ...
4556 Sub-commands
4559 dsconf pwpolicy get
4560 Get the global password policy entry
4561 dsconf pwpolicy set
4563 Set an attribute in a global password policy
4564
4566 usage: dsconf instance pwpolicy get [-h]
4567
4572 usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4573 [--pwdchange PWDCHANGE]
4574 [--pwdmustchange PWDMUSTCHANGE]
4575 [--pwdhistory PWDHISTORY]
4576 [--pwdhistorycount PWDHISTORYCOUNT]
4577 [--pwdadmin PWDADMIN]
4578 [--pwdtrack PWDTRACK]
4579 [--pwdwarning PWDWARNING]
4580 [--pwdexpire PWDEXPIRE]
4581 [--pwdmaxage PWDMAXAGE]
4582 [--pwdminage PWDMINAGE]
4583 [--pwdgracelimit PWDGRACELIMIT]
4584 [--pwdsendexpiring PWDSENDEXPIRING]
4585 [--pwdlockout PWDLOCKOUT]
4586 [--pwdunlock PWDUNLOCK]
4587 [--pwdlockoutduration PWDLOCKOUTDU‐
4588 RATION]
4589 [--pwdmaxfailures PWDMAXFAILURES]
4590 [--pwdresetfailcount PWDRESETFAIL‐
4591 COUNT]
4592 [--pwdchecksyntax PWDCHECKSYNTAX]
4593 [--pwdminlen PWDMINLEN]
4594 [--pwdmindigits PWDMINDIGITS]
4595 [--pwdminalphas PWDMINALPHAS]
4596 [--pwdminuppers PWDMINUPPERS]
4597 [--pwdminlowers PWDMINLOWERS]
4598 [--pwdminspecials PWDMINSPECIALS]
4599 [--pwdmin8bits PWDMIN8BITS]
4600 [--pwdmaxrepeats PWDMAXREPEATS]
4601 [--pwdpalindrome PWDPALINDROME]
4602 [--pwdmaxseq PWDMAXSEQ]
4603 [--pwdmaxseqsets PWDMAXSEQSETS]
4604 [--pwdmaxclasschars PWDMAXCLASS‐
4605 CHARS]
4606 [--pwdmincatagories PWDMIN‐
4607 CATAGORIES]
4608 [--pwdmintokenlen PWDMINTOKENLEN]
4609 [--pwdbadwords PWDBADWORDS]
4610 [--pwduserattrs PWDUSERATTRS]
4611 [--pwddictcheck PWDDICTCHECK]
4612 [--pwddictpath PWDDICTPATH]
4613 [--pwdlocal PWDLOCAL]
4614 [--pwdisglobal PWDISGLOBAL]
4615 [--pwdallowhash PWDALLOWHASH]
4616 --pwdscheme PWDSCHEME
4620 The password storage scheme
4621 --pwdchange PWDCHANGE
4624 Allow users to change their passwords
4625 --pwdmustchange PWDMUSTCHANGE
4628 User must change their passwrod after it is reset by an Adminis‐
4629 trator
4630 --pwdhistory PWDHISTORY
4633 To enable password history set this to "on", otherwise "off"
4634 --pwdhistorycount PWDHISTORYCOUNT
4637 The number of password to keep in history
4638 --pwdadmin PWDADMIN
4641 The DN of an entry or a group of account that can bypass pass‐
4642 word policy
4643 constraints
4644 --pwdtrack PWDTRACK
4647 Set to "on" to track the time the password was last changed
4648 --pwdwarning PWDWARNING
4651 Send an expiring warning if password expires within this time
4652 (in seconds)
4653 --pwdexpire PWDEXPIRE
4656 Set to "on" to enable password expiration
4657 --pwdmaxage PWDMAXAGE
4660 The password expiration time in seconds
4661 --pwdminage PWDMINAGE
4664 The number of seconds that must pass before a user can change
4665 their password
4666 --pwdgracelimit PWDGRACELIMIT
4669 The number of allowed logins after the password has expired
4670 --pwdsendexpiring PWDSENDEXPIRING
4673 Set to "on" to always send the expiring control regardless of
4674 the warning
4675 period
4676 --pwdlockout PWDLOCKOUT
4679 Set to "on" to enable account lockout
4680 --pwdunlock PWDUNLOCK
4683 Set to "on" to allow an account to become unlocked after the
4684 lockout duration
4685 --pwdlockoutduration PWDLOCKOUTDURATION
4688 The number of seconds an account stays locked out
4689 --pwdmaxfailures PWDMAXFAILURES
4692 The maximum number of allowed failed password attempts before
4693 the account gets
4694 locked
4695 --pwdresetfailcount PWDRESETFAILCOUNT
4698 The number of seconds to wait before reducing the failed login
4699 count on an
4700 account
4701 --pwdchecksyntax PWDCHECKSYNTAX
4704 Set to "on" to Enable password syntax checking
4705 --pwdminlen PWDMINLEN
4708 The minimum number of characters required in a password
4709 --pwdmindigits PWDMINDIGITS
4712 The minimum number of digit/number characters in a password
4713 --pwdminalphas PWDMINALPHAS
4716 The minimum number of alpha characters required in a password
4717 --pwdminuppers PWDMINUPPERS
4720 The minimum number of uppercase characters required in a pass‐
4721 word
4722 --pwdminlowers PWDMINLOWERS
4725 The minimum number of lowercase characters required in a pass‐
4726 word
4727 --pwdminspecials PWDMINSPECIALS
4730 The minimum number of special characters required in a password
4731 --pwdmin8bits PWDMIN8BITS
4734 The minimum number of 8-bit characters required in a password
4735 --pwdmaxrepeats PWDMAXREPEATS
4738 The maximum number of times the same character can appear
4739 sequentially in the
4740 password
4741 --pwdpalindrome PWDPALINDROME
4744 Set to "on" to reject passwords that are palindromes
4745 --pwdmaxseq PWDMAXSEQ
4748 The maximum number of allowed monotonic character sequences in a
4749 password
4750 --pwdmaxseqsets PWDMAXSEQSETS
4753 The maximum number of allowed monotonic character sequences that
4754 can be
4755 duplicated in a password
4756 --pwdmaxclasschars PWDMAXCLASSCHARS
4759 The maximum number of sequential characters from the same char‐
4760 acter class that
4761 is allowed in a password
4762 --pwdmincatagories PWDMINCATAGORIES
4765 The minimum number of syntax catagory checks
4766 --pwdmintokenlen PWDMINTOKENLEN
4769 Sets the smallest attribute value length that is used for triv‐
4770 ial/user words
4771 checking. This also impacts "--pwduserattrs"
4772 --pwdbadwords PWDBADWORDS
4775 A space-separated list of words that can not be in a password
4776 --pwduserattrs PWDUSERATTRS
4779 A space-separated list of attributes whose values can not appear
4780 in the
4781 password (See "--pwdmintokenlen")
4782 --pwddictcheck PWDDICTCHECK
4785 Set to "on" to enfore CrackLib dictionary checking
4786 --pwddictpath PWDDICTPATH
4789 Filesystem path to specific/custom CrackLib dictionary files
4790 --pwdlocal PWDLOCAL
4793 Set to "on" to enable fine-grained (subtree/user-level) password
4794 policies
4795 --pwdisglobal PWDISGLOBAL
4798 Set to "on" to enable password policy state attributesto be
4799 replicated
4800 --pwdallowhash PWDALLOWHASH
4803 Set to "on" to allow adding prehashed passwords
4804
4808 usage: dsconf instance localpwp [-h]
4809 {list,get,set,remove,adduser,addsub‐
4810 tree} ...
4811 Sub-commands
4814 dsconf localpwp list
4815 List all the local password policies
4816 dsconf localpwp get
4818 Get local password policy entry
4819 dsconf localpwp set
4821 Set an attribute in a local password policy
4822 dsconf localpwp remove
4824 Remove a local password policy
4825 dsconf localpwp adduser
4827 Add new user password policy
4828 dsconf localpwp addsubtree
4830 Add new subtree password policy
4831
4833 usage: dsconf instance localpwp list [-h] DN
4834 DN Suffix to search for local password policies
4837
4841 usage: dsconf instance localpwp get [-h] DN
4842 DN Get the local policy for this entry DN
4845
4849 usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
4850 [--pwdchange PWDCHANGE]
4851 [--pwdmustchange PWDMUSTCHANGE]
4852 [--pwdhistory PWDHISTORY]
4853 [--pwdhistorycount PWDHISTORYCOUNT]
4854 [--pwdadmin PWDADMIN]
4855 [--pwdtrack PWDTRACK]
4856 [--pwdwarning PWDWARNING]
4857 [--pwdexpire PWDEXPIRE]
4858 [--pwdmaxage PWDMAXAGE]
4859 [--pwdminage PWDMINAGE]
4860 [--pwdgracelimit PWDGRACELIMIT]
4861 [--pwdsendexpiring PWDSENDEXPIRING]
4862 [--pwdlockout PWDLOCKOUT]
4863 [--pwdunlock PWDUNLOCK]
4864 [--pwdlockoutduration PWDLOCKOUTDU‐
4865 RATION]
4866 [--pwdmaxfailures PWDMAXFAILURES]
4867 [--pwdresetfailcount PWDRESETFAIL‐
4868 COUNT]
4869 [--pwdchecksyntax PWDCHECKSYNTAX]
4870 [--pwdminlen PWDMINLEN]
4871 [--pwdmindigits PWDMINDIGITS]
4872 [--pwdminalphas PWDMINALPHAS]
4873 [--pwdminuppers PWDMINUPPERS]
4874 [--pwdminlowers PWDMINLOWERS]
4875 [--pwdminspecials PWDMINSPECIALS]
4876 [--pwdmin8bits PWDMIN8BITS]
4877 [--pwdmaxrepeats PWDMAXREPEATS]
4878 [--pwdpalindrome PWDPALINDROME]
4879 [--pwdmaxseq PWDMAXSEQ]
4880 [--pwdmaxseqsets PWDMAXSEQSETS]
4881 [--pwdmaxclasschars PWDMAXCLASS‐
4882 CHARS]
4883 [--pwdmincatagories PWDMIN‐
4884 CATAGORIES]
4885 [--pwdmintokenlen PWDMINTOKENLEN]
4886 [--pwdbadwords PWDBADWORDS]
4887 [--pwduserattrs PWDUSERATTRS]
4888 [--pwddictcheck PWDDICTCHECK]
4889 [--pwddictpath PWDDICTPATH]
4890 DN
4891 DN Set the local policy for this entry DN
4894 --pwdscheme PWDSCHEME
4897 The password storage scheme
4898 --pwdchange PWDCHANGE
4901 Allow users to change their passwords
4902 --pwdmustchange PWDMUSTCHANGE
4905 User must change their passwrod after it is reset by an Adminis‐
4906 trator
4907 --pwdhistory PWDHISTORY
4910 To enable password history set this to "on", otherwise "off"
4911 --pwdhistorycount PWDHISTORYCOUNT
4914 The number of password to keep in history
4915 --pwdadmin PWDADMIN
4918 The DN of an entry or a group of account that can bypass pass‐
4919 word policy
4920 constraints
4921 --pwdtrack PWDTRACK
4924 Set to "on" to track the time the password was last changed
4925 --pwdwarning PWDWARNING
4928 Send an expiring warning if password expires within this time
4929 (in seconds)
4930 --pwdexpire PWDEXPIRE
4933 Set to "on" to enable password expiration
4934 --pwdmaxage PWDMAXAGE
4937 The password expiration time in seconds
4938 --pwdminage PWDMINAGE
4941 The number of seconds that must pass before a user can change
4942 their password
4943 --pwdgracelimit PWDGRACELIMIT
4946 The number of allowed logins after the password has expired
4947 --pwdsendexpiring PWDSENDEXPIRING
4950 Set to "on" to always send the expiring control regardless of
4951 the warning
4952 period
4953 --pwdlockout PWDLOCKOUT
4956 Set to "on" to enable account lockout
4957 --pwdunlock PWDUNLOCK
4960 Set to "on" to allow an account to become unlocked after the
4961 lockout duration
4962 --pwdlockoutduration PWDLOCKOUTDURATION
4965 The number of seconds an account stays locked out
4966 --pwdmaxfailures PWDMAXFAILURES
4969 The maximum number of allowed failed password attempts before
4970 the account gets
4971 locked
4972 --pwdresetfailcount PWDRESETFAILCOUNT
4975 The number of seconds to wait before reducing the failed login
4976 count on an
4977 account
4978 --pwdchecksyntax PWDCHECKSYNTAX
4981 Set to "on" to Enable password syntax checking
4982 --pwdminlen PWDMINLEN
4985 The minimum number of characters required in a password
4986 --pwdmindigits PWDMINDIGITS
4989 The minimum number of digit/number characters in a password
4990 --pwdminalphas PWDMINALPHAS
4993 The minimum number of alpha characters required in a password
4994 --pwdminuppers PWDMINUPPERS
4997 The minimum number of uppercase characters required in a pass‐
4998 word
4999 --pwdminlowers PWDMINLOWERS
5002 The minimum number of lowercase characters required in a pass‐
5003 word
5004 --pwdminspecials PWDMINSPECIALS
5007 The minimum number of special characters required in a password
5008 --pwdmin8bits PWDMIN8BITS
5011 The minimum number of 8-bit characters required in a password
5012 --pwdmaxrepeats PWDMAXREPEATS
5015 The maximum number of times the same character can appear
5016 sequentially in the
5017 password
5018 --pwdpalindrome PWDPALINDROME
5021 Set to "on" to reject passwords that are palindromes
5022 --pwdmaxseq PWDMAXSEQ
5025 The maximum number of allowed monotonic character sequences in a
5026 password
5027 --pwdmaxseqsets PWDMAXSEQSETS
5030 The maximum number of allowed monotonic character sequences that
5031 can be
5032 duplicated in a password
5033 --pwdmaxclasschars PWDMAXCLASSCHARS
5036 The maximum number of sequential characters from the same char‐
5037 acter class that
5038 is allowed in a password
5039 --pwdmincatagories PWDMINCATAGORIES
5042 The minimum number of syntax catagory checks
5043 --pwdmintokenlen PWDMINTOKENLEN
5046 Sets the smallest attribute value length that is used for triv‐
5047 ial/user words
5048 checking. This also impacts "--pwduserattrs"
5049 --pwdbadwords PWDBADWORDS
5052 A space-separated list of words that can not be in a password
5053 --pwduserattrs PWDUSERATTRS
5056 A space-separated list of attributes whose values can not appear
5057 in the
5058 password (See "--pwdmintokenlen")
5059 --pwddictcheck PWDDICTCHECK
5062 Set to "on" to enfore CrackLib dictionary checking
5063 --pwddictpath PWDDICTPATH
5066 Filesystem path to specific/custom CrackLib dictionary files
5067
5070 usage: dsconf instance localpwp remove [-h] DN
5071 DN Remove local policy for this entry DN
5074
5078 usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5079 [--pwdchange PWDCHANGE]
5080 [--pwdmustchange PWDMUSTCHANGE]
5081 [--pwdhistory PWDHISTORY]
5082 [--pwdhistorycount PWDHISTO‐
5083 RYCOUNT]
5084 [--pwdadmin PWDADMIN]
5085 [--pwdtrack PWDTRACK]
5086 [--pwdwarning PWDWARNING]
5087 [--pwdexpire PWDEXPIRE]
5088 [--pwdmaxage PWDMAXAGE]
5089 [--pwdminage PWDMINAGE]
5090 [--pwdgracelimit PWDGRACELIMIT]
5091 [--pwdsendexpiring PWDSENDEX‐
5092 PIRING]
5093 [--pwdlockout PWDLOCKOUT]
5094 [--pwdunlock PWDUNLOCK]
5095 [--pwdlockoutduration PWDLOCK‐
5096 OUTDURATION]
5097 [--pwdmaxfailures PWDMAXFAIL‐
5098 URES]
5099 [--pwdresetfailcount PWDRESET‐
5100 FAILCOUNT]
5101 [--pwdchecksyntax PWDCHECKSYN‐
5102 TAX]
5103 [--pwdminlen PWDMINLEN]
5104 [--pwdmindigits PWDMINDIGITS]
5105 [--pwdminalphas PWDMINALPHAS]
5106 [--pwdminuppers PWDMINUPPERS]
5107 [--pwdminlowers PWDMINLOWERS]
5108 [--pwdminspecials PWDMINSPE‐
5109 CIALS]
5110 [--pwdmin8bits PWDMIN8BITS]
5111 [--pwdmaxrepeats PWDMAXREPEATS]
5112 [--pwdpalindrome PWDPALINDROME]
5113 [--pwdmaxseq PWDMAXSEQ]
5114 [--pwdmaxseqsets PWDMAXSEQSETS]
5115 [--pwdmaxclasschars PWDMAX‐
5116 CLASSCHARS]
5117 [--pwdmincatagories PWDMIN‐
5118 CATAGORIES]
5119 [--pwdmintokenlen PWDMINTO‐
5120 KENLEN]
5121 [--pwdbadwords PWDBADWORDS]
5122 [--pwduserattrs PWDUSERATTRS]
5123 [--pwddictcheck PWDDICTCHECK]
5124 [--pwddictpath PWDDICTPATH]
5125 DN
5126 DN Add/replace the local password policy for this entry DN
5129 --pwdscheme PWDSCHEME
5132 The password storage scheme
5133 --pwdchange PWDCHANGE
5136 Allow users to change their passwords
5137 --pwdmustchange PWDMUSTCHANGE
5140 User must change their passwrod after it is reset by an Adminis‐
5141 trator
5142 --pwdhistory PWDHISTORY
5145 To enable password history set this to "on", otherwise "off"
5146 --pwdhistorycount PWDHISTORYCOUNT
5149 The number of password to keep in history
5150 --pwdadmin PWDADMIN
5153 The DN of an entry or a group of account that can bypass pass‐
5154 word policy
5155 constraints
5156 --pwdtrack PWDTRACK
5159 Set to "on" to track the time the password was last changed
5160 --pwdwarning PWDWARNING
5163 Send an expiring warning if password expires within this time
5164 (in seconds)
5165 --pwdexpire PWDEXPIRE
5168 Set to "on" to enable password expiration
5169 --pwdmaxage PWDMAXAGE
5172 The password expiration time in seconds
5173 --pwdminage PWDMINAGE
5176 The number of seconds that must pass before a user can change
5177 their password
5178 --pwdgracelimit PWDGRACELIMIT
5181 The number of allowed logins after the password has expired
5182 --pwdsendexpiring PWDSENDEXPIRING
5185 Set to "on" to always send the expiring control regardless of
5186 the warning
5187 period
5188 --pwdlockout PWDLOCKOUT
5191 Set to "on" to enable account lockout
5192 --pwdunlock PWDUNLOCK
5195 Set to "on" to allow an account to become unlocked after the
5196 lockout duration
5197 --pwdlockoutduration PWDLOCKOUTDURATION
5200 The number of seconds an account stays locked out
5201 --pwdmaxfailures PWDMAXFAILURES
5204 The maximum number of allowed failed password attempts before
5205 the account gets
5206 locked
5207 --pwdresetfailcount PWDRESETFAILCOUNT
5210 The number of seconds to wait before reducing the failed login
5211 count on an
5212 account
5213 --pwdchecksyntax PWDCHECKSYNTAX
5216 Set to "on" to Enable password syntax checking
5217 --pwdminlen PWDMINLEN
5220 The minimum number of characters required in a password
5221 --pwdmindigits PWDMINDIGITS
5224 The minimum number of digit/number characters in a password
5225 --pwdminalphas PWDMINALPHAS
5228 The minimum number of alpha characters required in a password
5229 --pwdminuppers PWDMINUPPERS
5232 The minimum number of uppercase characters required in a pass‐
5233 word
5234 --pwdminlowers PWDMINLOWERS
5237 The minimum number of lowercase characters required in a pass‐
5238 word
5239 --pwdminspecials PWDMINSPECIALS
5242 The minimum number of special characters required in a password
5243 --pwdmin8bits PWDMIN8BITS
5246 The minimum number of 8-bit characters required in a password
5247 --pwdmaxrepeats PWDMAXREPEATS
5250 The maximum number of times the same character can appear
5251 sequentially in the
5252 password
5253 --pwdpalindrome PWDPALINDROME
5256 Set to "on" to reject passwords that are palindromes
5257 --pwdmaxseq PWDMAXSEQ
5260 The maximum number of allowed monotonic character sequences in a
5261 password
5262 --pwdmaxseqsets PWDMAXSEQSETS
5265 The maximum number of allowed monotonic character sequences that
5266 can be
5267 duplicated in a password
5268 --pwdmaxclasschars PWDMAXCLASSCHARS
5271 The maximum number of sequential characters from the same char‐
5272 acter class that
5273 is allowed in a password
5274 --pwdmincatagories PWDMINCATAGORIES
5277 The minimum number of syntax catagory checks
5278 --pwdmintokenlen PWDMINTOKENLEN
5281 Sets the smallest attribute value length that is used for triv‐
5282 ial/user words
5283 checking. This also impacts "--pwduserattrs"
5284 --pwdbadwords PWDBADWORDS
5287 A space-separated list of words that can not be in a password
5288 --pwduserattrs PWDUSERATTRS
5291 A space-separated list of attributes whose values can not appear
5292 in the
5293 password (See "--pwdmintokenlen")
5294 --pwddictcheck PWDDICTCHECK
5297 Set to "on" to enfore CrackLib dictionary checking
5298 --pwddictpath PWDDICTPATH
5301 Filesystem path to specific/custom CrackLib dictionary files
5302
5305 usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5306 [--pwdchange PWDCHANGE]
5307 [--pwdmustchange PWD‐
5308 MUSTCHANGE]
5309 [--pwdhistory PWDHISTORY]
5310 [--pwdhistorycount PWDHISTO‐
5311 RYCOUNT]
5312 [--pwdadmin PWDADMIN]
5313 [--pwdtrack PWDTRACK]
5314 [--pwdwarning PWDWARNING]
5315 [--pwdexpire PWDEXPIRE]
5316 [--pwdmaxage PWDMAXAGE]
5317 [--pwdminage PWDMINAGE]
5318 [--pwdgracelimit PWDGRACE‐
5319 LIMIT]
5320 [--pwdsendexpiring PWDSEND‐
5321 EXPIRING]
5322 [--pwdlockout PWDLOCKOUT]
5323 [--pwdunlock PWDUNLOCK]
5324 [--pwdlockoutduration PWD‐
5325 LOCKOUTDURATION]
5326 [--pwdmaxfailures PWDMAX‐
5327 FAILURES]
5328 [--pwdresetfailcount
5329 PWDRESETFAILCOUNT]
5330 [--pwdchecksyntax PWD‐
5331 CHECKSYNTAX]
5332 [--pwdminlen PWDMINLEN]
5333 [--pwdmindigits PWDMINDIG‐
5334 ITS]
5335 [--pwdminalphas PWDMINAL‐
5336 PHAS]
5337 [--pwdminuppers PWDMINUP‐
5338 PERS]
5339 [--pwdminlowers PWDMINLOW‐
5340 ERS]
5341 [--pwdminspecials PWDMINSPE‐
5342 CIALS]
5343 [--pwdmin8bits PWDMIN8BITS]
5344 [--pwdmaxrepeats PWDMAXRE‐
5345 PEATS]
5346 [--pwdpalindrome PWDPALIN‐
5347 DROME]
5348 [--pwdmaxseq PWDMAXSEQ]
5349 [--pwdmaxseqsets PWDMAXSE‐
5350 QSETS]
5351 [--pwdmaxclasschars PWDMAX‐
5352 CLASSCHARS]
5353 [--pwdmincatagories PWDMIN‐
5354 CATAGORIES]
5355 [--pwdmintokenlen PWDMINTO‐
5356 KENLEN]
5357 [--pwdbadwords PWDBADWORDS]
5358 [--pwduserattrs PWDUSERAT‐
5359 TRS]
5360 [--pwddictcheck PWD‐
5361 DICTCHECK]
5362 [--pwddictpath PWDDICTPATH]
5363 DN
5364 DN Add/replace the subtree policy for this entry DN
5367 --pwdscheme PWDSCHEME
5370 The password storage scheme
5371 --pwdchange PWDCHANGE
5374 Allow users to change their passwords
5375 --pwdmustchange PWDMUSTCHANGE
5378 User must change their passwrod after it is reset by an Adminis‐
5379 trator
5380 --pwdhistory PWDHISTORY
5383 To enable password history set this to "on", otherwise "off"
5384 --pwdhistorycount PWDHISTORYCOUNT
5387 The number of password to keep in history
5388 --pwdadmin PWDADMIN
5391 The DN of an entry or a group of account that can bypass pass‐
5392 word policy
5393 constraints
5394 --pwdtrack PWDTRACK
5397 Set to "on" to track the time the password was last changed
5398 --pwdwarning PWDWARNING
5401 Send an expiring warning if password expires within this time
5402 (in seconds)
5403 --pwdexpire PWDEXPIRE
5406 Set to "on" to enable password expiration
5407 --pwdmaxage PWDMAXAGE
5410 The password expiration time in seconds
5411 --pwdminage PWDMINAGE
5414 The number of seconds that must pass before a user can change
5415 their password
5416 --pwdgracelimit PWDGRACELIMIT
5419 The number of allowed logins after the password has expired
5420 --pwdsendexpiring PWDSENDEXPIRING
5423 Set to "on" to always send the expiring control regardless of
5424 the warning
5425 period
5426 --pwdlockout PWDLOCKOUT
5429 Set to "on" to enable account lockout
5430 --pwdunlock PWDUNLOCK
5433 Set to "on" to allow an account to become unlocked after the
5434 lockout duration
5435 --pwdlockoutduration PWDLOCKOUTDURATION
5438 The number of seconds an account stays locked out
5439 --pwdmaxfailures PWDMAXFAILURES
5442 The maximum number of allowed failed password attempts before
5443 the account gets
5444 locked
5445 --pwdresetfailcount PWDRESETFAILCOUNT
5448 The number of seconds to wait before reducing the failed login
5449 count on an
5450 account
5451 --pwdchecksyntax PWDCHECKSYNTAX
5454 Set to "on" to Enable password syntax checking
5455 --pwdminlen PWDMINLEN
5458 The minimum number of characters required in a password
5459 --pwdmindigits PWDMINDIGITS
5462 The minimum number of digit/number characters in a password
5463 --pwdminalphas PWDMINALPHAS
5466 The minimum number of alpha characters required in a password
5467 --pwdminuppers PWDMINUPPERS
5470 The minimum number of uppercase characters required in a pass‐
5471 word
5472 --pwdminlowers PWDMINLOWERS
5475 The minimum number of lowercase characters required in a pass‐
5476 word
5477 --pwdminspecials PWDMINSPECIALS
5480 The minimum number of special characters required in a password
5481 --pwdmin8bits PWDMIN8BITS
5484 The minimum number of 8-bit characters required in a password
5485 --pwdmaxrepeats PWDMAXREPEATS
5488 The maximum number of times the same character can appear
5489 sequentially in the
5490 password
5491 --pwdpalindrome PWDPALINDROME
5494 Set to "on" to reject passwords that are palindromes
5495 --pwdmaxseq PWDMAXSEQ
5498 The maximum number of allowed monotonic character sequences in a
5499 password
5500 --pwdmaxseqsets PWDMAXSEQSETS
5503 The maximum number of allowed monotonic character sequences that
5504 can be
5505 duplicated in a password
5506 --pwdmaxclasschars PWDMAXCLASSCHARS
5509 The maximum number of sequential characters from the same char‐
5510 acter class that
5511 is allowed in a password
5512 --pwdmincatagories PWDMINCATAGORIES
5515 The minimum number of syntax catagory checks
5516 --pwdmintokenlen PWDMINTOKENLEN
5519 Sets the smallest attribute value length that is used for triv‐
5520 ial/user words
5521 checking. This also impacts "--pwduserattrs"
5522 --pwdbadwords PWDBADWORDS
5525 A space-separated list of words that can not be in a password
5526 --pwduserattrs PWDUSERATTRS
5529 A space-separated list of attributes whose values can not appear
5530 in the
5531 password (See "--pwdmintokenlen")
5532 --pwddictcheck PWDDICTCHECK
5535 Set to "on" to enfore CrackLib dictionary checking
5536 --pwddictpath PWDDICTPATH
5539 Filesystem path to specific/custom CrackLib dictionary files
5540
5544 usage: dsconf instance replication [-h]
5545 {enable,disable,list,promote,create-
5546 manager,delete-manager,demote,get,create-changelog,delete-
5547 changelog,set-changelog,get-changelog,set}
5548 ...
5549 Sub-commands
5552 dsconf replication enable
5553 Enable replication for a suffix
5554 dsconf replication disable
5556 Disable replication for a suffix
5557 dsconf replication list
5559 List all the replicated suffixes
5560 dsconf replication promote
5562 Promte replica to a Hub or Master
5563 dsconf replication create-manager
5565 Create a replication manager entry
5566 dsconf replication delete-manager
5568 Delete a replication manager entry
5569 dsconf replication demote
5571 Demote replica to a Hub or Consumer
5572 dsconf replication get
5574 Get replication configuration
5575 dsconf replication create-changelog
5577 Create the replication changelog
5578 dsconf replication delete-changelog
5580 Delete the replication changelog. This will invalidate any
5581 existing replication agreements
5582 dsconf replication set-changelog
5584 Set replication changelog attributes.
5585 dsconf replication get-changelog
5587 Display replication changelog attributes.
5588 dsconf replication set
5590 Set an attribute in the replication configuration
5591
5593 usage: dsconf instance replication enable [-h] --suffix SUFFIX --role
5594 ROLE
5595 [--replica-id REPLICA_ID]
5596 [--bind-group-dn
5597 BIND_GROUP_DN]
5598 [--bind-dn BIND_DN]
5599 [--bind-passwd BIND_PASSWD]
5600 --suffix SUFFIX
5604 The DN of the suffix to be enabled for replication
5605 --role ROLE
5608 The Replication role: "master", "hub", or "consumer"
5609 --replica-id REPLICA_ID
5612 The replication identifier for a "master". Values range from 1 -
5613 65534
5614 --bind-group-dn BIND_GROUP_DN
5617 A group entry DN containing members that are "bind/supplier" DNs
5618 --bind-dn BIND_DN
5621 The Bind or Supplier DN that can make replication updates
5622 --bind-passwd BIND_PASSWD
5625 Password for replication manager(--bind-dn). This will create
5626 the manager
5627 entry if a value is set
5628
5631 usage: dsconf instance replication disable [-h] --suffix SUFFIX
5632 --suffix SUFFIX
5636 The DN of the suffix to have replication disabled
5637
5640 usage: dsconf instance replication list [-h]
5641
5646 usage: dsconf instance replication promote [-h] --suffix SUFFIX --new‐
5647 role
5648 NEWROLE [--replica-id
5649 REPLICA_ID]
5650 [--bind-group-dn
5651 BIND_GROUP_DN]
5652 [--bind-dn BIND_DN]
5653 --suffix SUFFIX
5657 The DN of the replication suffix to promote
5658 --newrole NEWROLE
5661 Promote this replica to a "hub" or "master"
5662 --replica-id REPLICA_ID
5665 The replication identifier for a "master". Values range from 1 -
5666 65534
5667 --bind-group-dn BIND_GROUP_DN
5670 A group entry DN containing members that are "bind/supplier" DNs
5671 --bind-dn BIND_DN
5674 The Bind or Supplier DN that can make replication updates
5675
5678 usage: dsconf instance replication create-manager [-h] [--name NAME]
5679 [--passwd PASSWD]
5680 [--suffix SUFFIX]
5681 --name NAME
5685 The NAME of the new replication manager entry. For example, if
5686 the NAME is
5687 "replication manager" then the new manager entry's DN would be
5688 "cn=replication
5689 manager,cn=config".
5690 --passwd PASSWD
5693 Password for replication manager. If not provided, you will be
5694 prompted for
5695 the password
5696 --suffix SUFFIX
5699 The DN of the replication suffix whose replication configuration
5700 you want to
5701 add this new manager to (OPTIONAL)
5702
5705 usage: dsconf instance replication delete-manager [-h] [--name NAME]
5706 [--suffix SUFFIX]
5707 --name NAME
5711 The NAME of the replication manager entry under cn=config:
5712 "cn=NAME,cn=config"
5713 --suffix SUFFIX
5716 The DN of the replication suffix whose replication configuration
5717 you want to
5718 remove this manager from (OPTIONAL)
5719
5722 usage: dsconf instance replication demote [-h] --suffix SUFFIX --new‐
5723 role
5724 NEWROLE
5725 --suffix SUFFIX
5729 Promte this replica to a "hub" or "consumer"
5730 --newrole NEWROLE
5733 The Replication role: "hub", or "consumer"
5734
5737 usage: dsconf instance replication get [-h] --suffix SUFFIX
5738 --suffix SUFFIX
5742 Get the replication configuration for this suffix DN
5743
5746 usage: dsconf instance replication create-changelog [-h]
5747
5752 usage: dsconf instance replication delete-changelog [-h]
5753
5758 usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR]
5759 [--max-entries
5760 MAX_ENTRIES]
5761 [--max-age MAX_AGE]
5762 [--compact-interval
5763 COMPACT_INTERVAL]
5764 [--trim-interval
5765 TRIM_INTERVAL]
5766 --cl-dir CL_DIR
5770 The replication changelog location on the filesystem
5771 --max-entries MAX_ENTRIES
5774 The maximum number of entries to get in the replication
5775 changelog
5776 --max-age MAX_AGE
5779 The maximum age of a replication changelog entry
5780 --compact-interval COMPACT_INTERVAL
5783 The replication changelog compaction interval
5784 --trim-interval TRIM_INTERVAL
5787 The interval to check if the replication changelog can be
5788 trimmed
5789
5792 usage: dsconf instance replication get-changelog [-h]
5793
5798 usage: dsconf instance replication set [-h] --suffix SUFFIX
5799 [--replica-id REPLICA_ID]
5800 [--replica-role REPLICA_ROLE]
5801 [--repl-add-bind-dn
5802 REPL_ADD_BIND_DN]
5803 [--repl-del-bind-dn
5804 REPL_DEL_BIND_DN]
5805 [--repl-add-ref REPL_ADD_REF]
5806 [--repl-del-ref REPL_DEL_REF]
5807 [--repl-purge-delay
5808 REPL_PURGE_DELAY]
5809 [--repl-tombstone-purge-interval
5810 REPL_TOMBSTONE_PURGE_INTERVAL]
5811 [--repl-fast-tombstone-purging
5812 REPL_FAST_TOMBSTONE_PURGING]
5813 [--repl-bind-group
5814 REPL_BIND_GROUP]
5815 [--repl-bind-group-interval
5816 REPL_BIND_GROUP_INTERVAL]
5817 [--repl-protocol-timeout
5818 REPL_PROTOCOL_TIMEOUT]
5819 [--repl-backoff-max REPL_BACK‐
5820 OFF_MAX]
5821 [--repl-backoff-min REPL_BACK‐
5822 OFF_MIN]
5823 [--repl-release-timeout
5824 REPL_RELEASE_TIMEOUT]
5825 --suffix SUFFIX
5829 The DN of the replication suffix
5830 --replica-id REPLICA_ID
5833 The Replication Identifier number
5834 --replica-role REPLICA_ROLE
5837 The Replication role: master, hub, or consumer
5838 --repl-add-bind-dn REPL_ADD_BIND_DN
5841 Add a bind (supplier) DN
5842 --repl-del-bind-dn REPL_DEL_BIND_DN
5845 Remove a bind (supplier) DN
5846 --repl-add-ref REPL_ADD_REF
5849 Add a replication referral (for consumers only)
5850 --repl-del-ref REPL_DEL_REF
5853 Remove a replication referral (for conusmers only)
5854 --repl-purge-delay REPL_PURGE_DELAY
5857 The replication purge delay
5858 --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
5861 The interval in seconds to check for tombstones that can be
5862 purged
5863 --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
5866 Set to "on" to improve tombstone purging performance
5867 --repl-bind-group REPL_BIND_GROUP
5870 A group entry DN containing members that are "bind/supplier" DNs
5871 --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
5874 An interval in seconds to check if the bind group has been
5875 updated
5876 --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
5879 A timeout in seconds on how long to wait before stopping repli‐
5880 cation when the
5881 server is under load
5882 --repl-backoff-max REPL_BACKOFF_MAX
5885 The maximum time in seconds a replication agreement should stay
5886 in a backoff
5887 state while waiting to acquire the consumer. Default is 300 sec‐
5888 onds
5889 --repl-backoff-min REPL_BACKOFF_MIN
5892 The starting time in seconds a replication agreement should stay
5893 in a backoff
5894 state while waiting to acquire the consumer. Default is 3 sec‐
5895 onds
5896 --repl-release-timeout REPL_RELEASE_TIMEOUT
5899 A timeout in seconds a replication master should send updates
5900 before it yields
5901 its replication session
5902
5906 usage: dsconf instance repl-agmt [-h]
5907 {list,enable,disable,init,init-sta‐
5908 tus,poke,status,delete,create,set,get}
5909 ...
5910 Sub-commands
5913 dsconf repl-agmt list
5914 List all the replication agreements
5915 dsconf repl-agmt enable
5917 Enable replication agreement
5918 dsconf repl-agmt disable
5920 Disable replication agreement
5921 dsconf repl-agmt init
5923 Initialize replication agreement
5924 dsconf repl-agmt init-status
5926 Check the agreement initialization status
5927 dsconf repl-agmt poke
5929 Trigger replication to send updates now
5930 dsconf repl-agmt status
5932 Get the current status of the replication agreement
5933 dsconf repl-agmt delete
5935 Delete replication agreement
5936 dsconf repl-agmt create
5938 Initialize replication agreement
5939 dsconf repl-agmt set
5941 Set an attribute in the replication agreement
5942 dsconf repl-agmt get
5944 Get replication configuration
5945
5947 usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry
5948 ENTRY]
5949 --suffix SUFFIX
5953 The DN of the suffix to look up replication agreements
5954 --entry ENTRY
5957 Return the entire entry for each agreement
5958
5961 usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
5962 AGMT_NAME
5965 The name of the replication agreement
5966 --suffix SUFFIX
5969 The DN of the replication suffix
5970
5973 usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
5974 AGMT_NAME
5977 The name of the replication agreement
5978 --suffix SUFFIX
5981 The DN of the replication suffix
5982
5985 usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
5986 AGMT_NAME
5989 The name of the replication agreement
5990 --suffix SUFFIX
5993 The DN of the replication suffix
5994
5997 usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX
5998 AGMT_NAME
5999 AGMT_NAME
6002 The name of the replication agreement
6003 --suffix SUFFIX
6006 The DN of the replication suffix
6007
6010 usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
6011 AGMT_NAME
6014 The name of the replication agreement
6015 --suffix SUFFIX
6018 The DN of the replication suffix
6019
6022 usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
6023 [--bind-dn BIND_DN]
6024 [--bind-passwd BIND_PASSWD]
6025 AGMT_NAME
6026 AGMT_NAME
6029 The name of the replication agreement
6030 --suffix SUFFIX
6033 The DN of the replication suffix
6034 --bind-dn BIND_DN
6037 Set the DN to bind to the consumer
6038 --bind-passwd BIND_PASSWD
6041 The password for the bind DN
6042
6045 usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6046 AGMT_NAME
6049 The name of the replication agreement
6050 --suffix SUFFIX
6053 The DN of the replication suffix
6054
6057 usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host
6058 HOST
6059 --port PORT --conn-protocol
6060 CONN_PROTOCOL [--bind-dn
6061 BIND_DN]
6062 [--bind-passwd BIND_PASSWD]
6063 --bind-method BIND_METHOD
6064 [--frac-list FRAC_LIST]
6065 [--frac-list-total
6066 FRAC_LIST_TOTAL]
6067 [--strip-list STRIP_LIST]
6068 [--schedule SCHEDULE]
6069 [--conn-timeout CONN_TIMEOUT]
6070 [--protocol-timeout PROTO‐
6071 COL_TIMEOUT]
6072 [--wait-async-results
6073 WAIT_ASYNC_RESULTS]
6074 [--busy-wait-time
6075 BUSY_WAIT_TIME]
6076 [--session-pause-time SES‐
6077 SION_PAUSE_TIME]
6078 [--flow-control-window
6079 FLOW_CONTROL_WINDOW]
6080 [--flow-control-pause FLOW_CON‐
6081 TROL_PAUSE]
6082 [--init]
6083 AGMT_NAME
6084 AGMT_NAME
6087 The name of the replication agreement
6088 --suffix SUFFIX
6091 The DN of the replication suffix
6092 --host HOST
6095 The hostname of the remote replica
6096 --port PORT
6099 The port number of the remote replica
6100 --conn-protocol CONN_PROTOCOL
6103 The replication connection protocol: LDAP, LDAPS, or StartTLS
6104 --bind-dn BIND_DN
6107 The Bind DN the agreement uses to authenticate to the replica
6108 --bind-passwd BIND_PASSWD
6111 The credentials for the Bind DN
6112 --bind-method BIND_METHOD
6115 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6116 "SASL/GSSAPI"
6117 --frac-list FRAC_LIST
6120 List of attributes to NOT replicate to the consumer during
6121 incremental updates
6122 --frac-list-total FRAC_LIST_TOTAL
6125 List of attributes to NOT replicate during a total initializa‐
6126 tion
6127 --strip-list STRIP_LIST
6130 A list of attributes that are removed from updates only if the
6131 event would
6132 otherwise be empty. Typically this is set to "modifiersname" and
6133 "modifytimestmap"
6134 --schedule SCHEDULE
6137 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6138 0-6 (Sunday -
6139 Saturday).
6140 --conn-timeout CONN_TIMEOUT
6143 The timeout used for replicaton connections
6144 --protocol-timeout PROTOCOL_TIMEOUT
6147 A timeout in seconds on how long to wait before stopping repli‐
6148 cation when the
6149 server is under load
6150 --wait-async-results WAIT_ASYNC_RESULTS
6153 The amount of time in milliseconds the server waits if the con‐
6154 sumer is not
6155 ready before resending data
6156 --busy-wait-time BUSY_WAIT_TIME
6159 The amount of time in seconds a supplier should wait after a
6160 consumer sends
6161 back a busy response before making another attempt to acquire
6162 access.
6163 --session-pause-time SESSION_PAUSE_TIME
6166 The amount of time in seconds a supplier should wait between
6167 update sessions.
6168 --flow-control-window FLOW_CONTROL_WINDOW
6171 Sets the maximum number of entries and updates sent by a sup‐
6172 plier, which are
6173 not acknowledged by the consumer.
6174 --flow-control-pause FLOW_CONTROL_PAUSE
6177 The time in milliseconds to pause after reaching the number of
6178 entries and
6179 updates set in "--flow-control-window"
6180 --init Initialize the agreement after creating it.
6183
6186 usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6187 [--port PORT]
6188 [--conn-protocol CONN_PROTOCOL]
6189 [--bind-dn BIND_DN]
6190 [--bind-passwd BIND_PASSWD]
6191 [--bind-method BIND_METHOD]
6192 [--frac-list FRAC_LIST]
6193 [--frac-list-total
6194 FRAC_LIST_TOTAL]
6195 [--strip-list STRIP_LIST]
6196 [--schedule SCHEDULE]
6197 [--conn-timeout CONN_TIMEOUT]
6198 [--protocol-timeout PROTOCOL_TIME‐
6199 OUT]
6200 [--wait-async-results
6201 WAIT_ASYNC_RESULTS]
6202 [--busy-wait-time BUSY_WAIT_TIME]
6203 [--session-pause-time SES‐
6204 SION_PAUSE_TIME]
6205 [--flow-control-window FLOW_CON‐
6206 TROL_WINDOW]
6207 [--flow-control-pause FLOW_CON‐
6208 TROL_PAUSE]
6209 AGMT_NAME
6210 AGMT_NAME
6213 The name of the replication agreement
6214 --suffix SUFFIX
6217 The DN of the replication suffix
6218 --host HOST
6221 The hostname of the remote replica
6222 --port PORT
6225 The port number of the remote replica
6226 --conn-protocol CONN_PROTOCOL
6229 The replication connection protocol: LDAP, LDAPS, or StartTLS
6230 --bind-dn BIND_DN
6233 The Bind DN the agreement uses to authenticate to the replica
6234 --bind-passwd BIND_PASSWD
6237 The credentials for the Bind DN
6238 --bind-method BIND_METHOD
6241 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6242 "SASL/GSSAPI"
6243 --frac-list FRAC_LIST
6246 List of attributes to NOT replicate to the consumer during
6247 incremental updates
6248 --frac-list-total FRAC_LIST_TOTAL
6251 List of attributes to NOT replicate during a total initializa‐
6252 tion
6253 --strip-list STRIP_LIST
6256 A list of attributes that are removed from updates only if the
6257 event would
6258 otherwise be empty. Typically this is set to "modifiersname" and
6259 "modifytimestmap"
6260 --schedule SCHEDULE
6263 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6264 0-6 (Sunday -
6265 Saturday).
6266 --conn-timeout CONN_TIMEOUT
6269 The timeout used for replicaton connections
6270 --protocol-timeout PROTOCOL_TIMEOUT
6273 A timeout in seconds on how long to wait before stopping repli‐
6274 cation when the
6275 server is under load
6276 --wait-async-results WAIT_ASYNC_RESULTS
6279 The amount of time in milliseconds the server waits if the con‐
6280 sumer is not
6281 ready before resending data
6282 --busy-wait-time BUSY_WAIT_TIME
6285 The amount of time in seconds a supplier should wait after a
6286 consumer sends
6287 back a busy response before making another attempt to acquire
6288 access.
6289 --session-pause-time SESSION_PAUSE_TIME
6292 The amount of time in seconds a supplier should wait between
6293 update sessions.
6294 --flow-control-window FLOW_CONTROL_WINDOW
6297 Sets the maximum number of entries and updates sent by a sup‐
6298 plier, which are
6299 not acknowledged by the consumer.
6300 --flow-control-pause FLOW_CONTROL_PAUSE
6303 The time in milliseconds to pause after reaching the number of
6304 entries and
6305 updates set in "--flow-control-window"
6306
6309 usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
6310 AGMT_NAME
6313 Get the replication configuration for this suffix DN
6314 --suffix SUFFIX
6317 The DN of the replication suffix
6318
6322 usage: dsconf instance repl-winsync-agmt [-h]
6323 {list,enable,dis‐
6324 able,init,init-status,poke,status,delete,create,set,get}
6325 ...
6326 Sub-commands
6329 dsconf repl-winsync-agmt list
6330 List all the replication winsync agreements
6331 dsconf repl-winsync-agmt enable
6333 Enable replication winsync agreement
6334 dsconf repl-winsync-agmt disable
6336 Disable replication winsync agreement
6337 dsconf repl-winsync-agmt init
6339 Initialize replication winsync agreement
6340 dsconf repl-winsync-agmt init-status
6342 Check the agreement initialization status
6343 dsconf repl-winsync-agmt poke
6345 Trigger replication to send updates now
6346 dsconf repl-winsync-agmt status
6348 Get the current status of the replication agreement
6349 dsconf repl-winsync-agmt delete
6351 Delete replication winsync agreement
6352 dsconf repl-winsync-agmt create
6354 Initialize replication winsync agreement
6355 dsconf repl-winsync-agmt set
6357 Set an attribute in the replication winsync agreement
6358 dsconf repl-winsync-agmt get
6360 Get replication configuration
6361
6363 usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
6364 --suffix SUFFIX
6368 The DN of the suffix to look up replication winsync agreements
6369
6372 usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX
6373 AGMT_NAME
6374 AGMT_NAME
6377 The name of the replication winsync agreement
6378 --suffix SUFFIX
6381 The DN of the replication winsync suffix
6382
6385 usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
6386 AGMT_NAME
6387 AGMT_NAME
6390 The name of the replication winsync agreement
6391 --suffix SUFFIX
6394 The DN of the replication winsync suffix
6395
6398 usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX
6399 AGMT_NAME
6400 AGMT_NAME
6403 The name of the replication winsync agreement
6404 --suffix SUFFIX
6407 The DN of the replication winsync suffix
6408
6411 usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
6412 FIX
6413 AGMT_NAME
6414 AGMT_NAME
6417 The name of the replication agreement
6418 --suffix SUFFIX
6421 The DN of the replication suffix
6422
6425 usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX
6426 AGMT_NAME
6427 AGMT_NAME
6430 The name of the replication winsync agreement
6431 --suffix SUFFIX
6434 The DN of the replication winsync suffix
6435
6438 usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX
6439 AGMT_NAME
6440 AGMT_NAME
6443 The name of the replication agreement
6444 --suffix SUFFIX
6447 The DN of the replication suffix
6448
6451 usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX
6452 AGMT_NAME
6453 AGMT_NAME
6456 The name of the replication winsync agreement
6457 --suffix SUFFIX
6460 The DN of the replication winsync suffix
6461
6464 usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX
6465 --host
6466 HOST --port PORT
6467 --conn-protocol
6468 CONN_PROTOCOL
6469 --bind-dn BIND_DN
6470 --bind-passwd
6471 BIND_PASSWD
6472 [--frac-list FRAC_LIST]
6473 [--schedule SCHEDULE]
6474 --win-subtree WIN_SUB‐
6475 TREE
6476 --ds-subtree DS_SUBTREE
6477 --win-domain WIN_DOMAIN
6478 [--sync-users
6479 SYNC_USERS]
6480 [--sync-groups
6481 SYNC_GROUPS]
6482 [--sync-interval
6483 SYNC_INTERVAL]
6484 [--one-way-sync
6485 ONE_WAY_SYNC]
6486 [--move-action
6487 MOVE_ACTION]
6488 [--win-filter WIN_FIL‐
6489 TER]
6490 [--ds-filter DS_FILTER]
6491 [--subtree-pair SUB‐
6492 TREE_PAIR]
6493 [--conn-timeout
6494 CONN_TIMEOUT]
6495 [--busy-wait-time
6496 BUSY_WAIT_TIME]
6497 [--session-pause-time
6498 SESSION_PAUSE_TIME]
6499 [--init]
6500 AGMT_NAME
6501 AGMT_NAME
6504 The name of the replication winsync agreement
6505 --suffix SUFFIX
6508 The DN of the replication winsync suffix
6509 --host HOST
6512 The hostname of the AD server
6513 --port PORT
6516 The port number of the AD server
6517 --conn-protocol CONN_PROTOCOL
6520 The replication winsync connection protocol: LDAP, LDAPS, or
6521 StartTLS
6522 --bind-dn BIND_DN
6525 The Bind DN the agreement uses to authenticate to the AD Server
6526 --bind-passwd BIND_PASSWD
6529 The credentials for the Bind DN
6530 --frac-list FRAC_LIST
6533 List of attributes to NOT replicate to the consumer during
6534 incremental updates
6535 --schedule SCHEDULE
6538 Sets the replication update schedule
6539 --win-subtree WIN_SUBTREE
6542 The suffix of the AD Server
6543 --ds-subtree DS_SUBTREE
6546 The Directory Server suffix
6547 --win-domain WIN_DOMAIN
6550 The AD Domain
6551 --sync-users SYNC_USERS
6554 Synchronize Users between AD and DS
6555 --sync-groups SYNC_GROUPS
6558 Synchronize Groups between AD and DS
6559 --sync-interval SYNC_INTERVAL
6562 The interval that DS checks AD for changes in entries
6563 --one-way-sync ONE_WAY_SYNC
6566 Sets which direction to perform synchronization: "toWindows",
6567 "fromWindows",
6568 "both"
6569 --move-action MOVE_ACTION
6572 Sets instructions on how to handle moved or deleted entries:
6573 "none", "unsync",
6574 or "delete"
6575 --win-filter WIN_FILTER
6578 Custom filter for finding users in AD Server
6579 --ds-filter DS_FILTER
6582 Custom filter for finding AD users in DS Server
6583 --subtree-pair SUBTREE_PAIR
6586 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6587 --conn-timeout CONN_TIMEOUT
6590 The timeout used for replicaton connections
6591 --busy-wait-time BUSY_WAIT_TIME
6594 The amount of time in seconds a supplier should wait after a
6595 consumer sends
6596 back a busy response before making another attempt to acquire
6597 access.
6598 --session-pause-time SESSION_PAUSE_TIME
6601 The amount of time in seconds a supplier should wait between
6602 update sessions.
6603 --init Initialize the agreement after creating it.
6606
6609 usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
6610 [--host HOST] [--port
6611 PORT]
6612 [--conn-protocol CONN_PRO‐
6613 TOCOL]
6614 [--bind-dn BIND_DN]
6615 [--bind-passwd
6616 BIND_PASSWD]
6617 [--frac-list FRAC_LIST]
6618 [--schedule SCHEDULE]
6619 [--win-subtree WIN_SUB‐
6620 TREE]
6621 [--ds-subtree DS_SUBTREE]
6622 [--win-domain WIN_DOMAIN]
6623 [--sync-users SYNC_USERS]
6624 [--sync-groups
6625 SYNC_GROUPS]
6626 [--sync-interval
6627 SYNC_INTERVAL]
6628 [--one-way-sync
6629 ONE_WAY_SYNC]
6630 [--move-action
6631 MOVE_ACTION]
6632 [--win-filter WIN_FILTER]
6633 [--ds-filter DS_FILTER]
6634 [--subtree-pair SUB‐
6635 TREE_PAIR]
6636 [--conn-timeout CONN_TIME‐
6637 OUT]
6638 [--busy-wait-time
6639 BUSY_WAIT_TIME]
6640 [--session-pause-time SES‐
6641 SION_PAUSE_TIME]
6642 AGMT_NAME
6643 AGMT_NAME
6646 The name of the replication winsync agreement
6647 --suffix SUFFIX
6650 The DN of the replication winsync suffix
6651 --host HOST
6654 The hostname of the AD server
6655 --port PORT
6658 The port number of the AD server
6659 --conn-protocol CONN_PROTOCOL
6662 The replication winsync connection protocol: LDAP, LDAPS, or
6663 StartTLS
6664 --bind-dn BIND_DN
6667 The Bind DN the agreement uses to authenticate to the AD Server
6668 --bind-passwd BIND_PASSWD
6671 The credentials for the Bind DN
6672 --frac-list FRAC_LIST
6675 List of attributes to NOT replicate to the consumer during
6676 incremental updates
6677 --schedule SCHEDULE
6680 Sets the replication update schedule
6681 --win-subtree WIN_SUBTREE
6684 The suffix of the AD Server
6685 --ds-subtree DS_SUBTREE
6688 The Directory Server suffix
6689 --win-domain WIN_DOMAIN
6692 The AD Domain
6693 --sync-users SYNC_USERS
6696 Synchronize Users between AD and DS
6697 --sync-groups SYNC_GROUPS
6700 Synchronize Groups between AD and DS
6701 --sync-interval SYNC_INTERVAL
6704 The interval that DS checks AD for changes in entries
6705 --one-way-sync ONE_WAY_SYNC
6708 Sets which direction to perform synchronization: "toWindows",
6709 "fromWindows",
6710 "both"
6711 --move-action MOVE_ACTION
6714 Sets instructions on how to handle moved or deleted entries:
6715 "none", "unsync",
6716 or "delete"
6717 --win-filter WIN_FILTER
6720 Custom filter for finding users in AD Server
6721 --ds-filter DS_FILTER
6724 Custom filter for finding AD users in DS Server
6725 --subtree-pair SUBTREE_PAIR
6728 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6729 --conn-timeout CONN_TIMEOUT
6732 The timeout used for replicaton connections
6733 --busy-wait-time BUSY_WAIT_TIME
6736 The amount of time in seconds a supplier should wait after a
6737 consumer sends
6738 back a busy response before making another attempt to acquire
6739 access.
6740 --session-pause-time SESSION_PAUSE_TIME
6743 The amount of time in seconds a supplier should wait between
6744 update sessions.
6745
6748 usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX
6749 AGMT_NAME
6750 AGMT_NAME
6753 Get the replication configuration for this suffix DN
6754 --suffix SUFFIX
6757 The DN of the replication suffix
6758
6762 usage: dsconf instance repl-tasks [-h]
6763 {cleanallruv,list-cleanallruv,abort-
6764 cleanallruv}
6765 ...
6766 Sub-commands
6769 dsconf repl-tasks cleanallruv
6770 Cleanup old/removed replica IDs
6771 dsconf repl-tasks list-cleanallruv
6773 List all the running CleanAllRUV Tasks
6774 dsconf repl-tasks abort-cleanallruv
6776 Abort cleanallruv tasks
6777
6779 usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
6780 --replica-id REPLICA_ID
6781 [--force-cleaning]
6782 --suffix SUFFIX
6786 The Directory Server suffix
6787 --replica-id REPLICA_ID
6790 The replica ID to remove/clean
6791 --force-cleaning
6794 Ignore errors and do a best attempt to clean all the replicas
6795
6798 usage: dsconf instance repl-tasks list-cleanallruv [-h]
6799
6804 usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
6805 FIX
6806 --replica-id
6807 REPLICA_ID
6808 [--certify]
6809 --suffix SUFFIX
6813 The Directory Server suffix
6814 --replica-id REPLICA_ID
6817 The replica ID of the cleaning task to abort
6818 --certify
6821 Enforce that the abort task completed on all replicas
6822
6826 usage: dsconf instance sasl [-h] {list,get,create,delete} ...
6827 Sub-commands
6830 dsconf sasl list
6831 List avaliable SASL mappings
6832 dsconf sasl get
6834 get
6835 dsconf sasl create
6837 create
6838 dsconf sasl delete
6840 deletes the object
6841
6843 usage: dsconf instance sasl list [-h]
6844
6849 usage: dsconf instance sasl get [-h] [selector]
6850 selector
6853 SASL mapping name to get
6854
6858 usage: dsconf instance sasl create [-h] [--cn [CN]]
6859 [--nsSaslMapRegexString
6860 [NSSASLMAPREGEXSTRING]]
6861 [--nsSaslMapBaseDNTemplate
6862 [NSSASLMAPBASEDNTEMPLATE]]
6863 [--nsSaslMapFilterTemplate
6864 [NSSASLMAPFILTERTEMPLATE]]
6865 [--nsSaslMapPriority [NSSASLMAPPRI‐
6866 ORITY]]
6867 --cn [CN]
6871 Value of cn
6872 --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
6875 Value of nsSaslMapRegexString
6876 --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
6879 Value of nsSaslMapBaseDNTemplate
6880 --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
6883 Value of nsSaslMapFilterTemplate
6884 --nsSaslMapPriority [NSSASLMAPPRIORITY]
6887 Value of nsSaslMapPriority
6888
6891 usage: dsconf instance sasl delete [-h] map_name
6892 map_name
6895 The SASL Mapping name ("cn" value)
6896
6901 usage: dsconf instance schema [-h]
6902 {list,attributetypes,objectclasses,match‐
6903 ingrules,reload}
6904 ...
6905 Sub-commands
6908 dsconf schema list
6909 List all schema objects on this system
6910 dsconf schema attributetypes
6912 Work with attribute types on this system
6913 dsconf schema objectclasses
6915 Work with objectClasses on this system
6916 dsconf schema matchingrules
6918 Work with matching rules on this system
6919 dsconf schema reload
6921 Dynamically reload schema while server is running
6922
6924 usage: dsconf instance schema list [-h]
6925
6930 usage: dsconf instance schema attributetypes [-h]
6931 {get_syn‐
6932 taxes,list,query,add,edit,remove}
6933 ...
6934 Sub-commands
6937 dsconf schema attributetypes get_syntaxes
6938 List all available attribute type syntaxes
6939 dsconf schema attributetypes list
6941 List available attribute types on this system
6942 dsconf schema attributetypes query
6944 Query an attribute to determine object classes that may or must
6945 take it
6946 dsconf schema attributetypes add
6948 Add an attribute type to this system
6949 dsconf schema attributetypes edit
6951 Edit an attribute type on this system
6952 dsconf schema attributetypes remove
6954 Remove an attribute type on this system
6955
6957 usage: dsconf instance schema attributetypes get_syntaxes [-h]
6958
6963 usage: dsconf instance schema attributetypes list [-h]
6964
6969 usage: dsconf instance schema attributetypes query [-h] [name]
6970 name Attribute type to query
6973
6977 usage: dsconf instance schema attributetypes add [-h] [--oid OID]
6978 [--desc DESC]
6979 [--x-origin X_ORIGIN]
6980 [--aliases ALIASES
6981 [ALIASES ...]]
6982 [--single-value]
6983 [--multi-value]
6984 [--no-user-mod]
6985 [--user-mod]
6986 [--equality EQUALITY]
6987 [--substr SUBSTR]
6988 [--ordering ORDERING]
6989 [--usage USAGE]
6990 [--sup SUP [SUP ...]]
6991 --syntax SYNTAX
6992 name
6993 name NAME of the object
6996 --oid OID
6999 OID assigned to the object
7000 --desc DESC
7003 Description text(DESC) of the object
7004 --x-origin X_ORIGIN
7007 Provides information about where the attribute type is defined
7008 --aliases ALIASES [ALIASES ...]
7011 Additional NAMEs of the object.
7012 --single-value
7015 True if the matching rule must have only one valueOnly one of
7016 the flags this
7017 or --multi-value should be specified
7018 --multi-value
7021 True if the matching rule may have multiple values (default)Only
7022 one of the
7023 flags this or --single-value should be specified
7024 --no-user-mod
7027 True if the attribute is not modifiable by a client applica‐
7028 tionOnly one of the
7029 flags this or --user-mod should be specified
7030 --user-mod
7033 True if the attribute is modifiable by a client application
7034 (default)Only one
7035 of the flags this or --no-user-mode should be specified
7036 --equality EQUALITY
7039 NAME or OID of the matching rule used for checkingwhether
7040 attribute values are
7041 equal
7042 --substr SUBSTR
7045 NAME or OID of the matching rule used for checkingwhether an
7046 attribute value
7047 contains another value
7048 --ordering ORDERING
7051 NAME or OID of the matching rule used for checkingwhether
7052 attribute values are
7053 lesser - equal than
7054 --usage USAGE
7057 The flag indicates how the attribute type is to be used. Choose
7058 from the list:
7059 userApplications (default), directoryOperation, distributedOper‐
7060 ation,
7061 dSAOperation
7062 --sup SUP [SUP ...]
7065 The list of NAMEs or OIDs of attribute typesthis attribute type
7066 is derived
7067 from
7068 --syntax SYNTAX
7071 OID of the LDAP syntax assigned to the attribute
7072
7075 usage: dsconf instance schema attributetypes edit [-h] [--oid OID]
7076 [--desc DESC]
7077 [--x-origin X_ORIGIN]
7078 [--aliases ALIASES
7079 [ALIASES ...]]
7080 [--single-value]
7081 [--multi-value]
7082 [--no-user-mod]
7083 [--user-mod]
7084 [--equality EQUALITY]
7085 [--substr SUBSTR]
7086 [--ordering ORDERING]
7087 [--usage USAGE]
7088 [--sup SUP [SUP ...]]
7089 [--syntax SYNTAX]
7090 name
7091 name NAME of the object
7094 --oid OID
7097 OID assigned to the object
7098 --desc DESC
7101 Description text(DESC) of the object
7102 --x-origin X_ORIGIN
7105 Provides information about where the attribute type is defined
7106 --aliases ALIASES [ALIASES ...]
7109 Additional NAMEs of the object.
7110 --single-value
7113 True if the matching rule must have only one valueOnly one of
7114 the flags this
7115 or --multi-value should be specified
7116 --multi-value
7119 True if the matching rule may have multiple values (default)Only
7120 one of the
7121 flags this or --single-value should be specified
7122 --no-user-mod
7125 True if the attribute is not modifiable by a client applica‐
7126 tionOnly one of the
7127 flags this or --user-mod should be specified
7128 --user-mod
7131 True if the attribute is modifiable by a client application
7132 (default)Only one
7133 of the flags this or --no-user-mode should be specified
7134 --equality EQUALITY
7137 NAME or OID of the matching rule used for checkingwhether
7138 attribute values are
7139 equal
7140 --substr SUBSTR
7143 NAME or OID of the matching rule used for checkingwhether an
7144 attribute value
7145 contains another value
7146 --ordering ORDERING
7149 NAME or OID of the matching rule used for checkingwhether
7150 attribute values are
7151 lesser - equal than
7152 --usage USAGE
7155 The flag indicates how the attribute type is to be used. Choose
7156 from the list:
7157 userApplications (default), directoryOperation, distributedOper‐
7158 ation,
7159 dSAOperation
7160 --sup SUP [SUP ...]
7163 The list of NAMEs or OIDs of attribute typesthis attribute type
7164 is derived
7165 from
7166 --syntax SYNTAX
7169 OID of the LDAP syntax assigned to the attribute
7170
7173 usage: dsconf instance schema attributetypes remove [-h] name
7174 name NAME of the object
7177
7182 usage: dsconf instance schema objectclasses [-h]
7183 {list,query,add,edit,remove}
7184 ...
7185 Sub-commands
7188 dsconf schema objectclasses list
7189 List available objectClasses on this system
7190 dsconf schema objectclasses query
7192 Query an objectClass
7193 dsconf schema objectclasses add
7195 Add an objectClass to this system
7196 dsconf schema objectclasses edit
7198 Edit an objectClass on this system
7199 dsconf schema objectclasses remove
7201 Remove an objectClass on this system
7202
7204 usage: dsconf instance schema objectclasses list [-h]
7205
7210 usage: dsconf instance schema objectclasses query [-h] [name]
7211 name ObjectClass to query
7214
7218 usage: dsconf instance schema objectclasses add [-h] [--oid OID]
7219 [--desc DESC]
7220 [--x-origin X_ORIGIN]
7221 [--must MUST [MUST
7222 ...]]
7223 [--may MAY [MAY ...]]
7224 [--kind KIND]
7225 [--sup SUP [SUP ...]]
7226 name
7227 name NAME of the object
7230 --oid OID
7233 OID assigned to the object
7234 --desc DESC
7237 Description text(DESC) of the object
7238 --x-origin X_ORIGIN
7241 Provides information about where the attribute type is defined
7242 --must MUST [MUST ...]
7245 NAMEs or OIDs of all attributes an entry of the object must have
7246 --may MAY [MAY ...]
7249 NAMEs or OIDs of additional attributes an entry of the object
7250 may have
7251 --kind KIND
7254 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
7255 --sup SUP [SUP ...]
7258 NAMEs or OIDs of object classes this object is derived from
7259
7262 usage: dsconf instance schema objectclasses edit [-h] [--oid OID]
7263 [--desc DESC]
7264 [--x-origin X_ORIGIN]
7265 [--must MUST [MUST
7266 ...]]
7267 [--may MAY [MAY ...]]
7268 [--kind KIND]
7269 [--sup SUP [SUP ...]]
7270 name
7271 name NAME of the object
7274 --oid OID
7277 OID assigned to the object
7278 --desc DESC
7281 Description text(DESC) of the object
7282 --x-origin X_ORIGIN
7285 Provides information about where the attribute type is defined
7286 --must MUST [MUST ...]
7289 NAMEs or OIDs of all attributes an entry of the object must have
7290 --may MAY [MAY ...]
7293 NAMEs or OIDs of additional attributes an entry of the object
7294 may have
7295 --kind KIND
7298 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
7299 --sup SUP [SUP ...]
7302 NAMEs or OIDs of object classes this object is derived from
7303
7306 usage: dsconf instance schema objectclasses remove [-h] name
7307 name NAME of the object
7310
7315 usage: dsconf instance schema matchingrules [-h] {list,query} ...
7316 Sub-commands
7319 dsconf schema matchingrules list
7320 List available matching rules on this system
7321 dsconf schema matchingrules query
7323 Query a matching rule
7324
7326 usage: dsconf instance schema matchingrules list [-h]
7327
7332 usage: dsconf instance schema matchingrules query [-h] [name]
7333 name Matching rule to query
7336
7341 usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
7342 -d SCHEMADIR, --schemadir SCHEMADIR
7346 directory where schema files are located
7347 --wait Wait for the reload task to complete
7350 -v, --verbose
7354 Display verbose operation tracing during command execution
7355 -D BINDDN, --binddn BINDDN
7358 The account to bind as for executing operations
7359 -w BINDPW, --bindpw BINDPW
7362 Password for binddn
7363 -W, --prompt
7366 Prompt for password for the bind DN
7367 -y PWDFILE, --pwdfile PWDFILE
7370 Specifies a file containing the password for the binddn
7371 -b BASEDN, --basedn BASEDN
7374 Basedn (root naming context) of the instance to manage
7375 -Z, --starttls
7378 Connect with StartTLS
7379 -j, --json
7382 Return result in JSON object
7383
7386 lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
7387
7389 The latest version of lib389 may be downloaded from
7390 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
7391 Manual dsconf(8)