1dsconf(8) System Manager's Manual dsconf(8)
2
6 dsconf
7
9 dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10 [-Z] [-j] instance {backend,backup,chaining,config,directory_man‐
11 ager,monitor,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-win‐
12 sync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ...
13
15 instance
16 The instance name OR the LDAP url to connect to, IE localhost,
17 ldap://mai.example.com:389
18 Sub-commands
21 dsconf backend
22 Manage database suffixes and backends
23 dsconf backup
25 Manage online backups
26 dsconf chaining
28 Manage database chaining/database links
29 dsconf config
31 Manage server configuration
32 dsconf directory_manager
34 Manage the directory manager account
35 dsconf monitor
37 Monitor the state of the instance
38 dsconf plugin
40 Manage plugins available on the server
41 dsconf pwpolicy
43 Get and set the global password policy settings
44 dsconf localpwp
46 Manage local (user/subtree) password policies
47 dsconf replication
49 Configure replication for a suffix
50 dsconf repl-agmt
52 Manage replication agreements
53 dsconf repl-winsync-agmt
55 Manage Winsync Agreements
56 dsconf repl-tasks
58 Manage replication tasks
59 dsconf sasl
61 Query and manipulate sasl mappings
62 dsconf security
64 Query and manipulate security options
65 dsconf schema
67 Query and manipulate schema
68 dsconf repl-conflict
70 Manage replication conflicts
71
73 usage: dsconf instance backend [-h]
74 {suffix,index,vlv-index,attr-
75 encrypt,config,monitor,import,export,create,delete,get-tree}
76 ...
77 Sub-commands
80 dsconf backend suffix
81 Manage a backend suffix
82 dsconf backend index
84 Manage backend indexes
85 dsconf backend vlv-index
87 Manage VLV searches and indexes
88 dsconf backend attr-encrypt
90 Encrypted attribute options
91 dsconf backend config
93 Manage the global database configuration settings
94 dsconf backend monitor
96 Get the global database monitor information
97 dsconf backend import
99 Do an online import of the suffix
100 dsconf backend export
102 Do an online export of the suffix
103 dsconf backend create
105 Create a backend database
106 dsconf backend delete
108 Delete a backend database
109 dsconf backend get-tree
111 Get a representation of the suffix tree
112
114 usage: dsconf instance backend suffix [-h]
115 {list,get,get-dn,get-sub-suf‐
116 fixes,set}
117 ...
118 Sub-commands
121 dsconf backend suffix list
122 List current active backends and suffixes
123 dsconf backend suffix get
125 Get the suffix entry
126 dsconf backend suffix get-dn
128 get_dn
129 dsconf backend suffix get-sub-suffixes
131 Get the sub-suffixes of this backend
132 dsconf backend suffix set
134 Set configuration settings for a single backend
135
137 usage: dsconf instance backend suffix list [-h] [--suffix]
138 [--skip-subsuffixes]
139 --suffix
143 Just display the suffix, and not the backend name
144 --skip-subsuffixes
147 Skip over sub-suffixes
148
151 usage: dsconf instance backend suffix get [-h] [selector]
152 selector
155 The backend to search for
156
160 usage: dsconf instance backend suffix get-dn [-h] [dn]
161 dn The backend dn to get
164
168 usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix]
169 be_name
170 be_name
173 The backend name or suffix to search for sub-suffixes
174 --suffix
177 Just display the suffix, and not the backend name
178
181 usage: dsconf instance backend suffix set [-h] [--enable-readonly]
182 [--disable-readonly]
183 [--require-index] [--ignore-
184 index]
185 [--add-referral ADD_REFERRAL]
186 [--del-referral DEL_REFERRAL]
187 [--enable] [--disable]
188 [--cache-size CACHE_SIZE]
189 [--cache-memsize CACHE_MEM‐
190 SIZE]
191 [--dncache-memsize
192 DNCACHE_MEMSIZE]
193 be_name
194 be_name
197 The backend name or suffix to delete
198 --enable-readonly
201 Set backend database to be read-only
202 --disable-readonly
205 Disable read-only mode for backend database
206 --require-index
209 Only allow indexed searches
210 --ignore-index
213 Allow all searches even if they are unindexed
214 --add-referral ADD_REFERRAL
217 Add a LDAP referral to the backend
218 --del-referral DEL_REFERRAL
221 Remove a LDAP referral to the backend
222 --enable
225 Enable the backend database
226 --disable
229 Disable the backend database
230 --cache-size CACHE_SIZE
233 The maximum number of entries to keep in the entry cache
234 --cache-memsize CACHE_MEMSIZE
237 The maximum size in bytes that the entry cache can grow to
238 --dncache-memsize DNCACHE_MEMSIZE
241 The maximum size in bytes that the DN cache can grow to
242
246 usage: dsconf instance backend index [-h]
247 {add,set,get,list,delete,reindex}
248 ...
249 Sub-commands
252 dsconf backend index add
253 Set configuration settings for a single backend
254 dsconf backend index set
256 Edit an index entry
257 dsconf backend index get
259 Get an index entry
260 dsconf backend index list
262 Set configuration settings for a single backend
263 dsconf backend index delete
265 Set configuration settings for a single backend
266 dsconf backend index reindex
268 Reindex the database (for a single index or all indexes
269
271 usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
272 [--matching-rule MATCH‐
273 ING_RULE]
274 [--reindex] --attr ATTR
275 be_name
276 be_name
279 The backend name or suffix to delete
280 --index-type INDEX_TYPE
283 An indexing type: eq, sub, pres, or approximate
284 --matching-rule MATCHING_RULE
287 Matching rule for the index
288 --reindex
291 After adding new index, reindex the database
292 --attr ATTR
295 The index attribute's name
296
299 usage: dsconf instance backend index set [-h] --attr ATTR
300 [--add-type ADD_TYPE]
301 [--del-type DEL_TYPE]
302 [--add-mr ADD_MR] [--del-mr
303 DEL_MR]
304 [--reindex]
305 be_name
306 be_name
309 The backend name or suffix to edit an index from
310 --attr ATTR
313 The index name to edit
314 --add-type ADD_TYPE
317 An index type to add to the index: eq, sub, pres, or approx
318 --del-type DEL_TYPE
321 An index type to remove from the index: eq, sub, pres, or approx
322 --add-mr ADD_MR
325 A matching-rule to add to the index
326 --del-mr DEL_MR
329 A matching-rule to remove from the index
330 --reindex
333 After editing index, reindex the database
334
337 usage: dsconf instance backend index get [-h] --attr ATTR be_name
338 be_name
341 The backend name or suffix to get the index from
342 --attr ATTR
345 The index name to get
346
349 usage: dsconf instance backend index list [-h] [--just-names] be_name
350 be_name
353 The backend name or suffix to list indexes from
354 --just-names
357 Return a list of just the attribute names for a backend
358
361 usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
362 be_name
365 The backend name or suffix to delete
366 --attr ATTR
369 The index attribute's name
370
373 usage: dsconf instance backend index reindex [-h] [--attr ATTR]
374 [--wait]
375 be_name
376 be_name
379 The backend name or suffix to reindex
380 --attr ATTR
383 The index attribute's name to reindex. Skip this argument to
384 reindex all
385 attributes
386 --wait Wait for the index task to complete and report the status
389
393 usage: dsconf instance backend vlv-index [-h]
394 {list,get,add-search,edit-
395 search,del-search,add-index,del-index,reindex}
396 ...
397 Sub-commands
400 dsconf backend vlv-index list
401 List VLV search and index entries
402 dsconf backend vlv-index get
404 Get a VLV search & index
405 dsconf backend vlv-index add-search
407 Add a VLV search entry. The search entry is the parent entry of
408 the VLV index entries, and it specifies the search params that
409 are used to match entries for those indexes.
410 dsconf backend vlv-index edit-search
412 Edit a VLV search & index
413 dsconf backend vlv-index del-search
415 Delete VLV search & index
416 dsconf backend vlv-index add-index
418 Create a VLV index under a VLV search entry(parent entry). The
419 VLV index just specifies the attributes to sort
420 dsconf backend vlv-index del-index
422 Delete a VLV index under a VLV search entry(parent entry).
423 dsconf backend vlv-index reindex
425 Index/reindex the VLV database index
426
428 usage: dsconf instance backend vlv-index list [-h] [--just-names]
429 be_name
430 be_name
433 The backend name of the VLV index
434 --just-names
437 List just the names of the VLV search entries
438
441 usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
442 be_name
445 The backend name of the VLV index
446 --name NAME
449 Get the VLV search entry and its index entries
450
453 usage: dsconf instance backend vlv-index add-search [-h] --name NAME
454 --search-base
455 SEARCH_BASE
456 --search-scope
457 SEARCH_SCOPE
458 --search-filter
459 SEARCH_FILTER
460 be_name
461 be_name
464 The backend name of the VLV index
465 --name NAME
468 Name of the VLV search entry
469 --search-base SEARCH_BASE
472 The VLV search base
473 --search-scope SEARCH_SCOPE
476 The VLV search scope: 0 (base search), 1 (one-level search), or
477 2 (subtree
478 search)
479 --search-filter SEARCH_FILTER
482 The VLV search filter
483
486 usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
487 [--search-base
488 SEARCH_BASE]
489 [--search-scope
490 SEARCH_SCOPE]
491 [--search-filter
492 SEARCH_FILTER]
493 [--reindex]
494 be_name
495 be_name
498 The backend name of the VLV index
499 --name NAME
502 Name of the VLV index
503 --search-base SEARCH_BASE
506 The VLV search base
507 --search-scope SEARCH_SCOPE
510 The VLV search scope: 0 (base search), 1 (one-level search), or
511 2 (subtree
512 search)
513 --search-filter SEARCH_FILTER
516 The VLV search filter
517 --reindex
520 Reindex all the VLV database indexes
521
524 usage: dsconf instance backend vlv-index del-search [-h] --name NAME
525 be_name
526 be_name
529 The backend name of the VLV index
530 --name NAME
533 Name of the VLV search index
534
537 usage: dsconf instance backend vlv-index add-index [-h] --parent-name
538 PARENT_NAME --index-
539 name
540 INDEX_NAME --sort
541 SORT
542 [--index-it]
543 be_name
544 be_name
547 The backend name of the VLV index
548 --parent-name PARENT_NAME
551 Name, or "cn" attribute value, of the parent VLV search entry
552 --index-name INDEX_NAME
555 Name of the new VLV index
556 --sort SORT
559 A space separated list of attributes to sort for this VLV index
560 --index-it
563 Create the database index for this VLV index definition
564
567 usage: dsconf instance backend vlv-index del-index [-h] --parent-name
568 PARENT_NAME
569 [--index-name
570 INDEX_NAME]
571 [--sort SORT]
572 be_name
573 be_name
576 The backend name of the VLV index
577 --parent-name PARENT_NAME
580 Name, or "cn" attribute value, of the parent VLV search entry
581 --index-name INDEX_NAME
584 Name of the VLV index to delete
585 --sort SORT
588 Delete a VLV index that has this vlvsort value
589
592 usage: dsconf instance backend vlv-index reindex [-h]
593 [--index-name
594 INDEX_NAME]
595 --parent-name PAR‐
596 ENT_NAME
597 be_name
598 be_name
601 The backend name of the VLV index
602 --index-name INDEX_NAME
605 Name of the VLV Index entry to reindex. If not set, all indexes
606 are reindexed
607 --parent-name PARENT_NAME
610 Name, or "cn" attribute value, of the parent VLV search entry
611
615 usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-
616 names]
617 [--add-attr ADD_ATTR]
618 [--del-attr DEL_ATTR]
619 be_name
620 be_name
623 The backend name or suffix to to reindex
624 --list List all the encrypted attributes for this backend
627 --just-names
630 List just the names of the encrypted attributes (used with
631 --list)
632 --add-attr ADD_ATTR
635 Add an attribute to be encrypted
636 --del-attr DEL_ATTR
639 Remove an attribute from being encrypted
640
643 usage: dsconf instance backend config [-h] {get,set} ...
644 Sub-commands
647 dsconf backend config get
648 Get the global database configuration
649 dsconf backend config set
651 Set the global database configuration
652
654 usage: dsconf instance backend config get [-h]
655
660 usage: dsconf instance backend config set [-h]
661 [--lookthroughlimit LOOK‐
662 THROUGHLIMIT]
663 [--mode MODE]
664 [--idlistscanlimit
665 IDLISTSCANLIMIT]
666 [--directory DIRECTORY]
667 [--dbcachesize DBCACHESIZE]
668 [--logdirectory LOGDIRECTORY]
669 [--durable-txn DURABLE_TXN]
670 [--txn-wait TXN_WAIT]
671 [--checkpoint-interval CHECK‐
672 POINT_INTERVAL]
673 [--compactdb-interval COM‐
674 PACTDB_INTERVAL]
675 [--txn-batch-val
676 TXN_BATCH_VAL]
677 [--txn-batch-min
678 TXN_BATCH_MIN]
679 [--txn-batch-max
680 TXN_BATCH_MAX]
681 [--logbufsize LOGBUFSIZE]
682 [--locks LOCKS]
683 [--import-cache-autosize
684 IMPORT_CACHE_AUTOSIZE]
685 [--cache-autosize CACHE_AUTO‐
686 SIZE]
687 [--cache-autosize-split
688 CACHE_AUTOSIZE_SPLIT]
689 [--import-cachesize
690 IMPORT_CACHESIZE]
691 [--exclude-from-export
692 EXCLUDE_FROM_EXPORT]
693 [--pagedlookthroughlimit
694 PAGEDLOOKTHROUGHLIMIT]
695 [--pagedidlistscanlimit PAGE‐
696 DIDLISTSCANLIMIT]
697 [--rangelookthroughlimit
698 RANGELOOKTHROUGHLIMIT]
699 [--backend-opt-level BACK‐
700 END_OPT_LEVEL]
701 [--deadlock-policy DEAD‐
702 LOCK_POLICY]
703 [--db-home-directory
704 DB_HOME_DIRECTORY]
705 --lookthroughlimit LOOKTHROUGHLIMIT
709 specifies the maximum number of entries that the Directory
710 Server will check
711 when examining candidate entries in response to a search request
712 --mode MODE
715 Specifies the permissions used for newly created index files
716 --idlistscanlimit IDLISTSCANLIMIT
719 Specifies the number of entry IDs that are searched during a
720 search operation
721 --directory DIRECTORY
724 Specifies absolute path to database instance
725 --dbcachesize DBCACHESIZE
728 Specifies the database index cache size, in bytes.
729 --logdirectory LOGDIRECTORY
732 Specifies the path to the directory that contains the database
733 transaction
734 logs
735 --durable-txn DURABLE_TXN
738 Sets whether database transaction log entries are immediately
739 written to the
740 disk.
741 --txn-wait TXN_WAIT
744 Sets whether the server should should wait if there are no db
745 locks available
746 --checkpoint-interval CHECKPOINT_INTERVAL
749 Sets the amount of time in seconds after which the Directory
750 Server sends a
751 checkpoint entry to the database transaction log
752 --compactdb-interval COMPACTDB_INTERVAL
755 Sets the interval in seconds when the database is compacted
756 --txn-batch-val TXN_BATCH_VAL
759 Specifies how many transactions will be batched before being
760 committed
761 --txn-batch-min TXN_BATCH_MIN
764 Controls when transactions should be flushed earliest, indepen‐
765 dently of the
766 batch count (only works when txn-batch-val is set)
767 --txn-batch-max TXN_BATCH_MAX
770 Controls when transactions should be flushed latest, indepen‐
771 dently of the
772 batch count (only works when txn-batch-val is set)
773 --logbufsize LOGBUFSIZE
776 Specifies the transaction log information buffer size
777 --locks LOCKS
780 Sets the maximum number of database locks
781 --import-cache-autosize IMPORT_CACHE_AUTOSIZE
784 Set to "on" or "off" to automatically set the size of the import
785 cache to be
786 used during the the import process of LDIF files
787 --cache-autosize CACHE_AUTOSIZE
790 Sets the percentage of free memory that is used in total for the
791 database and
792 entry cache. Set to "0" to disable this feature.
793 --cache-autosize-split CACHE_AUTOSIZE_SPLIT
796 Sets the percentage of RAM that is used for the database cache.
797 The remaining
798 percentage is used for the entry cache
799 --import-cachesize IMPORT_CACHESIZE
802 Sets the size, in bytes, of the database cache used in the
803 import process.
804 --exclude-from-export EXCLUDE_FROM_EXPORT
807 List of attributes to not include during database export opera‐
808 tions
809 --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
812 Specifies the maximum number of entries that the Directory
813 Server will check
814 when examining candidate entries for a search which uses the
815 simple paged
816 results control
817 --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
820 Specifies the number of entry IDs that are searched, specifi‐
821 cally, for a
822 search operation using the simple paged results control.
823 --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
826 Specifies the maximum number of entries that the Directory
827 Server will check
828 when examining candidate entries in response to a range search
829 request.
830 --backend-opt-level BACKEND_OPT_LEVEL
833 WARNING this parameter can trigger experimental code to improve
834 write
835 performance. Valid values are: 0, 1, 2, or 4
836 --deadlock-policy DEADLOCK_POLICY
839 Adjusts the backend database deadlock policy (Advanced setting)
840 --db-home-directory DB_HOME_DIRECTORY
843 Sets the directory for the database mmapped files (Advanced set‐
844 ting)
845
849 usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
850 --suffix SUFFIX
854 Get just the suffix monitor entry
855
858 usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
859 [-g GEN_UNIQ_ID] [-O]
860 [-s INCLUDE_SUFFIXES
861 [INCLUDE_SUFFIXES ...]]
862 [-x EXCLUDE_SUFFIXES
863 [EXCLUDE_SUFFIXES ...]]
864 [be_name] [ldifs [ldifs ...]]
865 be_name
868 The backend name or the root suffix where to import
869 ldifs Specifies the filename of the input LDIF files.When multiple
872 files are
873 imported, they are imported in the orderthey are specified on
874 the command
875 line.
876 -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
879 The number of chunks to have during the import operation.
880 -E, --encrypted
883 Decrypts encrypted data during export. This option is used
884 onlyif database
885 encryption is enabled.
886 -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
889 Generate a unique id. Type none for no unique ID to be gener‐
890 atedand
891 deterministic for the generated unique ID to be name-based.By
892 default, a time-
893 based unique ID is generated.When using the deterministic gener‐
894 ation to have a
895 name-based unique ID,it is also possible to specify the names‐
896 pace for the
897 server to use.namespaceId is a string of charactersin the format
898 00-xxxxxxxx-
899 xxxxxxxx-xxxxxxxx-xxxxxxxx.
900 -O, --only-core
903 Requests that only the core database is created without
904 attribute indexes.
905 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes
908 INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
909 Specifies the suffixes or the subtrees to be included.
910 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes
913 EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
914 Specifies the suffixes to be excluded.
915
918 usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
919 [-N] [-r]
920 [-u] [-U]
921 [-s INCLUDE_SUFFIXES
922 [INCLUDE_SUFFIXES ...]]
923 [-x EXCLUDE_SUFFIXES
924 [EXCLUDE_SUFFIXES ...]]
925 be_names [be_names ...]
926 be_names
929 The backend names or the root suffixes from where to export.
930 -l LDIF, --ldif LDIF
933 Gives the filename of the output LDIF file.If more than one are
934 specified, use
935 a space as a separator
936 -C, --use-id2entry
939 Uses only the main database file.
940 -E, --encrypted
943 Decrypts encrypted data during export. This option is used only
944 if database
945 encryption is enabled.
946 -m, --min-base64
949 Sets minimal base-64 encoding.
950 -N, --no-seq-num
953 Enables you to suppress printing the sequence number.
954 -r, --replication
957 Exports the information required to initialize a replica when
958 the LDIF is
959 imported
960 -u, --no-dump-uniq-id
963 Requests that the unique ID is not exported.
964 -U, --not-folded
967 Requests that the output LDIF is not folded.
968 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes
971 INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
972 Specifies the suffixes or the subtrees to be included.
973 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes
976 EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
977 Specifies the suffixes to be excluded.
978
981 usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
982 FIX]
983 --suffix SUFFIX --be-name BE_NAME
984 [--create-entries] [--create-suf‐
985 fix]
986 --parent-suffix PARENT_SUFFIX
990 Sets the parent suffix only if this backend is a sub-suffix
991 --suffix SUFFIX
994 The database suffix DN, for example "dc=example,dc=com"
995 --be-name BE_NAME
998 The database backend name, for example "userroot"
999 --create-entries
1002 Create sample entries in the database
1003 --create-suffix
1006 Create the suffix object entry in the database. Only suffixes
1007 using the
1008 attributes 'dc', 'o', 'ou', or 'cn' are supported in this fea‐
1009 ture
1010
1013 usage: dsconf instance backend delete [-h] be_name
1014 be_name
1017 The backend name or suffix to delete
1018
1022 usage: dsconf instance backend get-tree [-h]
1023
1029 usage: dsconf instance backup [-h] {create,restore} ...
1030 Sub-commands
1033 dsconf backup create
1034 Creates a backup of the database
1035 dsconf backup restore
1037 Restores a database from a backup
1038
1040 usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]
1041 archive
1044 The directory where the backup files will be stored.The
1045 /var/lib/dirsrv/slapd-
1046 instance/bak directory is used by default.The backup file is
1047 named according
1048 to the year-month-day-hour format.
1049 -t DB_TYPE, --db-type DB_TYPE
1052 Database type (default: ldbm database).
1053
1056 usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive
1057 archive
1060 The directory of the backup files.
1061 -t DB_TYPE, --db-type DB_TYPE
1064 Database type (default: ldbm database).
1065
1069 usage: dsconf instance chaining [-h]
1070 {config-get,config-set,config-get-
1071 def,config-set-def,link-create,link-get,link-set,link-delete,moni‐
1072 tor,link-list}
1073 ...
1074 Sub-commands
1077 dsconf chaining config-get
1078 Get the chaining controls and server component lists
1079 dsconf chaining config-set
1081 Set the chaining controls and server component lists
1082 dsconf chaining config-get-def
1084 Get the default creation parameters for new database links
1085 dsconf chaining config-set-def
1087 Set the default creation parameters for new database links
1088 dsconf chaining link-create
1090 Create a database link to a remote server
1091 dsconf chaining link-get
1093 get chaining database link
1094 dsconf chaining link-set
1096 Edit a database link to a remote server
1097 dsconf chaining link-delete
1099 Delete a database link
1100 dsconf chaining monitor
1102 Get the monitor information for a database chaining link
1103 dsconf chaining link-list
1105 List database links
1106
1108 usage: dsconf instance chaining config-get [-h] [--avail-controls]
1109 [--avail-comps]
1110 --avail-controls
1114 List available controls for chaining
1115 --avail-comps
1118 List available plugin components for chaining
1119
1122 usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1123 TROL]
1124 [--del-control DEL_CONTROL]
1125 [--add-comp ADD_COMP]
1126 [--del-comp DEL_COMP]
1127 --add-control ADD_CONTROL
1131 Add a transmitted control OID
1132 --del-control DEL_CONTROL
1135 Delete a transmitted control OID
1136 --add-comp ADD_COMP
1139 Add a chaining component
1140 --del-comp DEL_COMP
1143 Delete a chaining component
1144
1147 usage: dsconf instance chaining config-get-def [-h]
1148
1153 usage: dsconf instance chaining config-set-def [-h]
1154 [--conn-bind-limit
1155 CONN_BIND_LIMIT]
1156 [--conn-op-limit
1157 CONN_OP_LIMIT]
1158 [--abandon-check-inter‐
1159 val ABANDON_CHECK_INTERVAL]
1160 [--bind-limit
1161 BIND_LIMIT]
1162 [--op-limit OP_LIMIT]
1163 [--proxied-auth PROX‐
1164 IED_AUTH]
1165 [--conn-lifetime
1166 CONN_LIFETIME]
1167 [--bind-timeout
1168 BIND_TIMEOUT]
1169 [--return-ref
1170 RETURN_REF]
1171 [--check-aci CHECK_ACI]
1172 [--bind-attempts
1173 BIND_ATTEMPTS]
1174 [--size-limit
1175 SIZE_LIMIT]
1176 [--time-limit
1177 TIME_LIMIT]
1178 [--hop-limit HOP_LIMIT]
1179 [--response-delay
1180 RESPONSE_DELAY]
1181 [--test-response-delay
1182 TEST_RESPONSE_DELAY]
1183 [--use-starttls
1184 USE_STARTTLS]
1185 --conn-bind-limit CONN_BIND_LIMIT
1189 The maximum number of BIND connections the database link estab‐
1190 lishes with the
1191 remote server.
1192 --conn-op-limit CONN_OP_LIMIT
1195 The maximum number of LDAP connections the database link estab‐
1196 lishes with the
1197 remote server.
1198 --abandon-check-interval ABANDON_CHECK_INTERVAL
1201 The number of seconds that pass before the server checks for
1202 abandoned
1203 operations.
1204 --bind-limit BIND_LIMIT
1207 The maximum number of concurrent bind operations per TCP connec‐
1208 tion.
1209 --op-limit OP_LIMIT
1212 The maximum number of concurrent operations allowed.
1213 --proxied-auth PROXIED_AUTH
1216 Set to "off" to disable proxied authorization, then binds for
1217 chained
1218 operations are executed as the user set in the nsMultiplex‐
1219 orBindDn attribute
1220 (on/off).
1221 --conn-lifetime CONN_LIFETIME
1224 Specifies connection lifetime in seconds. 0 keeps connection
1225 open forever.
1226 --bind-timeout BIND_TIMEOUT
1229 The amount of time in seconds before a bind attempt times out.
1230 --return-ref RETURN_REF
1233 Sets whether referrals are returned by scoped searches (on/off).
1234 --check-aci CHECK_ACI
1237 Set whether ACIs are evaluated on the database link as well as
1238 the remote data
1239 server (on/off).
1240 --bind-attempts BIND_ATTEMPTS
1243 Sets the number of times the server tries to bind with the
1244 remote server.
1245 --size-limit SIZE_LIMIT
1248 Sets the maximum number of entries to return from a search oper‐
1249 ation.
1250 --time-limit TIME_LIMIT
1253 Sets the maximum number of seconds allowed for an operation.
1254 --hop-limit HOP_LIMIT
1257 Sets the maximum number of times a database is allowed to chain;
1258 that is, the
1259 number of times a request can be forwarded from one database
1260 link to another.
1261 --response-delay RESPONSE_DELAY
1264 The maximum amount of time it can take a remote server to
1265 respond to an LDAP
1266 operation request made by a database link before an error is
1267 suspected.
1268 --test-response-delay TEST_RESPONSE_DELAY
1271 Sets the duration of the test issued by the database link to
1272 check whether the
1273 remote server is responding.
1274 --use-starttls USE_STARTTLS
1277 Set to "on" specifies that the database links should use Start‐
1278 TLS for its
1279 secure connections.
1280
1283 usage: dsconf instance chaining link-create [-h]
1284 [--conn-bind-limit
1285 CONN_BIND_LIMIT]
1286 [--conn-op-limit
1287 CONN_OP_LIMIT]
1288 [--abandon-check-interval
1289 ABANDON_CHECK_INTERVAL]
1290 [--bind-limit BIND_LIMIT]
1291 [--op-limit OP_LIMIT]
1292 [--proxied-auth PROX‐
1293 IED_AUTH]
1294 [--conn-lifetime CONN_LIFE‐
1295 TIME]
1296 [--bind-timeout BIND_TIME‐
1297 OUT]
1298 [--return-ref RETURN_REF]
1299 [--check-aci CHECK_ACI]
1300 [--bind-attempts
1301 BIND_ATTEMPTS]
1302 [--size-limit SIZE_LIMIT]
1303 [--time-limit TIME_LIMIT]
1304 [--hop-limit HOP_LIMIT]
1305 [--response-delay
1306 RESPONSE_DELAY]
1307 [--test-response-delay
1308 TEST_RESPONSE_DELAY]
1309 [--use-starttls USE_START‐
1310 TLS]
1311 --suffix SUFFIX --server-
1312 url
1313 SERVER_URL --bind-mech
1314 BIND_MECH
1315 --bind-dn BIND_DN --bind-pw
1316 BIND_PW
1317 CHAIN_NAME
1318 CHAIN_NAME
1321 The name of the database link
1322 --conn-bind-limit CONN_BIND_LIMIT
1325 The maximum number of BIND connections the database link estab‐
1326 lishes with the
1327 remote server.
1328 --conn-op-limit CONN_OP_LIMIT
1331 The maximum number of LDAP connections the database link estab‐
1332 lishes with the
1333 remote server.
1334 --abandon-check-interval ABANDON_CHECK_INTERVAL
1337 The number of seconds that pass before the server checks for
1338 abandoned
1339 operations.
1340 --bind-limit BIND_LIMIT
1343 The maximum number of concurrent bind operations per TCP connec‐
1344 tion.
1345 --op-limit OP_LIMIT
1348 The maximum number of concurrent operations allowed.
1349 --proxied-auth PROXIED_AUTH
1352 Set to "off" to disable proxied authorization, then binds for
1353 chained
1354 operations are executed as the user set in the nsMultiplex‐
1355 orBindDn attribute
1356 (on/off).
1357 --conn-lifetime CONN_LIFETIME
1360 Specifies connection lifetime in seconds. 0 keeps connection
1361 open forever.
1362 --bind-timeout BIND_TIMEOUT
1365 The amount of time in seconds before a bind attempt times out.
1366 --return-ref RETURN_REF
1369 Sets whether referrals are returned by scoped searches (on/off).
1370 --check-aci CHECK_ACI
1373 Set whether ACIs are evaluated on the database link as well as
1374 the remote data
1375 server (on/off).
1376 --bind-attempts BIND_ATTEMPTS
1379 Sets the number of times the server tries to bind with the
1380 remote server.
1381 --size-limit SIZE_LIMIT
1384 Sets the maximum number of entries to return from a search oper‐
1385 ation.
1386 --time-limit TIME_LIMIT
1389 Sets the maximum number of seconds allowed for an operation.
1390 --hop-limit HOP_LIMIT
1393 Sets the maximum number of times a database is allowed to chain;
1394 that is, the
1395 number of times a request can be forwarded from one database
1396 link to another.
1397 --response-delay RESPONSE_DELAY
1400 The maximum amount of time it can take a remote server to
1401 respond to an LDAP
1402 operation request made by a database link before an error is
1403 suspected.
1404 --test-response-delay TEST_RESPONSE_DELAY
1407 Sets the duration of the test issued by the database link to
1408 check whether the
1409 remote server is responding.
1410 --use-starttls USE_STARTTLS
1413 Set to "on" specifies that the database links should use Start‐
1414 TLS for its
1415 secure connections.
1416 --suffix SUFFIX
1419 The suffix managed by the database link.
1420 --server-url SERVER_URL
1423 Gives the LDAP/LDAPS URL of the remote server.
1424 --bind-mech BIND_MECH
1427 Sets the authentication method to use to authenticate to the
1428 remote server:
1429 <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1430 --bind-dn BIND_DN
1433 DN of the administrative entry used to communicate with the
1434 remote server
1435 --bind-pw BIND_PW
1438 Password for the administrative user.
1439
1442 usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1443 CHAIN_NAME
1446 The chaining link name, or suffix, to retrieve
1447
1451 usage: dsconf instance chaining link-set [-h]
1452 [--conn-bind-limit
1453 CONN_BIND_LIMIT]
1454 [--conn-op-limit
1455 CONN_OP_LIMIT]
1456 [--abandon-check-interval
1457 ABANDON_CHECK_INTERVAL]
1458 [--bind-limit BIND_LIMIT]
1459 [--op-limit OP_LIMIT]
1460 [--proxied-auth PROXIED_AUTH]
1461 [--conn-lifetime CONN_LIFE‐
1462 TIME]
1463 [--bind-timeout BIND_TIMEOUT]
1464 [--return-ref RETURN_REF]
1465 [--check-aci CHECK_ACI]
1466 [--bind-attempts
1467 BIND_ATTEMPTS]
1468 [--size-limit SIZE_LIMIT]
1469 [--time-limit TIME_LIMIT]
1470 [--hop-limit HOP_LIMIT]
1471 [--response-delay
1472 RESPONSE_DELAY]
1473 [--test-response-delay
1474 TEST_RESPONSE_DELAY]
1475 [--use-starttls USE_STARTTLS]
1476 [--suffix SUFFIX]
1477 [--server-url SERVER_URL]
1478 [--bind-mech BIND_MECH]
1479 [--bind-dn BIND_DN]
1480 [--bind-pw BIND_PW]
1481 CHAIN_NAME
1482 CHAIN_NAME
1485 The name of the database link
1486 --conn-bind-limit CONN_BIND_LIMIT
1489 The maximum number of BIND connections the database link estab‐
1490 lishes with the
1491 remote server.
1492 --conn-op-limit CONN_OP_LIMIT
1495 The maximum number of LDAP connections the database link estab‐
1496 lishes with the
1497 remote server.
1498 --abandon-check-interval ABANDON_CHECK_INTERVAL
1501 The number of seconds that pass before the server checks for
1502 abandoned
1503 operations.
1504 --bind-limit BIND_LIMIT
1507 The maximum number of concurrent bind operations per TCP connec‐
1508 tion.
1509 --op-limit OP_LIMIT
1512 The maximum number of concurrent operations allowed.
1513 --proxied-auth PROXIED_AUTH
1516 Set to "off" to disable proxied authorization, then binds for
1517 chained
1518 operations are executed as the user set in the nsMultiplex‐
1519 orBindDn attribute
1520 (on/off).
1521 --conn-lifetime CONN_LIFETIME
1524 Specifies connection lifetime in seconds. 0 keeps connection
1525 open forever.
1526 --bind-timeout BIND_TIMEOUT
1529 The amount of time in seconds before a bind attempt times out.
1530 --return-ref RETURN_REF
1533 Sets whether referrals are returned by scoped searches (on/off).
1534 --check-aci CHECK_ACI
1537 Set whether ACIs are evaluated on the database link as well as
1538 the remote data
1539 server (on/off).
1540 --bind-attempts BIND_ATTEMPTS
1543 Sets the number of times the server tries to bind with the
1544 remote server.
1545 --size-limit SIZE_LIMIT
1548 Sets the maximum number of entries to return from a search oper‐
1549 ation.
1550 --time-limit TIME_LIMIT
1553 Sets the maximum number of seconds allowed for an operation.
1554 --hop-limit HOP_LIMIT
1557 Sets the maximum number of times a database is allowed to chain;
1558 that is, the
1559 number of times a request can be forwarded from one database
1560 link to another.
1561 --response-delay RESPONSE_DELAY
1564 The maximum amount of time it can take a remote server to
1565 respond to an LDAP
1566 operation request made by a database link before an error is
1567 suspected.
1568 --test-response-delay TEST_RESPONSE_DELAY
1571 Sets the duration of the test issued by the database link to
1572 check whether the
1573 remote server is responding.
1574 --use-starttls USE_STARTTLS
1577 Set to "on" specifies that the database links should use Start‐
1578 TLS for its
1579 secure connections.
1580 --suffix SUFFIX
1583 The suffix managed by the database link.
1584 --server-url SERVER_URL
1587 Gives the LDAP/LDAPS URL of the remote server.
1588 --bind-mech BIND_MECH
1591 Sets the authentication method to use to authenticate to the
1592 remote server:
1593 <leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI
1594 --bind-dn BIND_DN
1597 DN of the administrative entry used to communicate with the
1598 remote server
1599 --bind-pw BIND_PW
1602 Password for the administrative user.
1603
1606 usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1607 CHAIN_NAME
1610 The name of the database link
1611
1615 usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1616 CHAIN_NAME
1619 The name of the database link
1620
1624 usage: dsconf instance chaining link-list [-h]
1625
1631 usage: dsconf instance config [-h] {get,add,replace,delete} ...
1632 Sub-commands
1635 dsconf config get
1636 get
1637 dsconf config add
1639 Add attribute value to configuration
1640 dsconf config replace
1642 Replace attribute value in configuration
1643 dsconf config delete
1645 Delete attribute value in configuration
1646
1648 usage: dsconf instance config get [-h] [attrs [attrs ...]]
1649 attrs Configuration attribute(s) to get
1652
1656 usage: dsconf instance config add [-h] [attr [attr ...]]
1657 attr Configuration attribute to add
1660
1664 usage: dsconf instance config replace [-h] [attr [attr ...]]
1665 attr Configuration attribute to replace
1668
1672 usage: dsconf instance config delete [-h] [attr [attr ...]]
1673 attr Configuration attribute to delete
1676
1681 usage: dsconf instance directory_manager [-h] {password_change} ...
1682 Sub-commands
1685 dsconf directory_manager password_change
1686 Change the directory manager password
1687
1689 usage: dsconf instance directory_manager password_change [-h]
1690
1696 usage: dsconf instance monitor [-h]
1697 {server,ldbm,backend,snmp,chaining,disk}
1698 ...
1699 Sub-commands
1702 dsconf monitor server
1703 Monitor the server statistics, connections and operations
1704 dsconf monitor ldbm
1706 Monitor the ldbm statistics, such as dbcache
1707 dsconf monitor backend
1709 Monitor the behaviour of a backend database
1710 dsconf monitor snmp
1712 Monitor the SNMP statistics
1713 dsconf monitor chaining
1715 Monitor database chaining statistics
1716 dsconf monitor disk
1718 Disk space statistics. All values are in bytes
1719
1721 usage: dsconf instance monitor server [-h]
1722
1727 usage: dsconf instance monitor ldbm [-h]
1728
1733 usage: dsconf instance monitor backend [-h] [backend]
1734 backend
1737 Optional name of the backend to monitor
1738
1742 usage: dsconf instance monitor snmp [-h]
1743
1748 usage: dsconf instance monitor chaining [-h] [backend]
1749 backend
1752 Optional name of the chaining backend to monitor
1753
1757 usage: dsconf instance monitor disk [-h]
1758
1764 usage: dsconf instance plugin [-h]
1765 {memberof,automember,referential-
1766 integrity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-
1767 entries,pass-through-auth,retro-changelog,posix-winsync,list,show,set}
1768 ...
1769 Sub-commands
1772 dsconf plugin memberof
1773 Manage and configure MemberOf plugin
1774 dsconf plugin automember
1776 Manage and configure Automembership plugin
1777 dsconf plugin referential-integrity
1779 Manage and configure Referential Integrity Postoperation plugin
1780 dsconf plugin root-dn
1782 Manage and configure RootDN Access Control plugin
1783 dsconf plugin usn
1785 Manage and configure USN plugin
1786 dsconf plugin account-policy
1788 Manage and configure Account Policy plugin
1789 dsconf plugin attr-uniq
1791 Manage and configure Attribute Uniqueness plugin
1792 dsconf plugin dna
1794 Manage and configure DNA plugin
1795 dsconf plugin linked-attr
1797 Manage and configure Linked Attributes plugin
1798 dsconf plugin managed-entries
1800 Manage and configure Managed Entries Plugin
1801 dsconf plugin pass-through-auth
1803 Manage and configure Pass-Through Authentication plugins (URLs
1804 and PAM)
1805 dsconf plugin retro-changelog
1807 Manage and configure Retro Changelog plugin
1808 dsconf plugin posix-winsync
1810 Manage and configure The Posix Winsync API plugin
1811 dsconf plugin list
1813 List current configured (enabled and disabled) plugins
1814 dsconf plugin show
1816 Show the plugin data
1817 dsconf plugin set
1819 Edit the plugin
1820
1822 usage: dsconf instance plugin memberof [-h]
1823 {show,enable,disable,sta‐
1824 tus,set,config-entry,fixup}
1825 ...
1826 Sub-commands
1829 dsconf plugin memberof show
1830 display plugin configuration
1831 dsconf plugin memberof enable
1833 enable plugin
1834 dsconf plugin memberof disable
1836 disable plugin
1837 dsconf plugin memberof status
1839 display plugin status
1840 dsconf plugin memberof set
1842 Edit the plugin
1843 dsconf plugin memberof config-entry
1845 Manage the config entry
1846 dsconf plugin memberof fixup
1848 Run the fix-up task for memberOf plugin
1849
1851 usage: dsconf instance plugin memberof show [-h]
1852
1857 usage: dsconf instance plugin memberof enable [-h]
1858
1863 usage: dsconf instance plugin memberof disable [-h]
1864
1869 usage: dsconf instance plugin memberof status [-h]
1870
1875 usage: dsconf instance plugin memberof set [-h] [--attr ATTR [ATTR
1876 ...]]
1877 [--groupattr GROUPATTR
1878 [GROUPATTR ...]]
1879 [--allbackends {on,off}]
1880 [--skipnested {on,off}]
1881 [--scope SCOPE] [--exclude
1882 EXCLUDE]
1883 [--autoaddoc AUTOADDOC]
1884 [--config-entry CON‐
1885 FIG_ENTRY]
1886 --attr ATTR [ATTR ...]
1890 Specifies the attribute in the user entry for the Directory
1891 Server to manage
1892 to reflect group membership (memberOfAttr)
1893 --groupattr GROUPATTR [GROUPATTR ...]
1896 Specifies the attribute in the group entry to use to identify
1897 the DNs of group
1898 members (memberOfGroupAttr)
1899 --allbackends {on,off}
1902 Specifies whether to search the local suffix for user entries on
1903 all available
1904 suffixes (memberOfAllBackends)
1905 --skipnested {on,off}
1908 Specifies wherher to skip nested groups or not (memberOfSkip‐
1909 Nested)
1910 --scope SCOPE
1913 Specifies backends or multiple-nested suffixes for the MemberOf
1914 plug-in to
1915 work on (memberOfEntryScope)
1916 --exclude EXCLUDE
1919 Specifies backends or multiple-nested suffixes for the MemberOf
1920 plug-in to
1921 exclude (memberOfEntryScopeExcludeSubtree)
1922 --autoaddoc AUTOADDOC
1925 If an entry does not have an object class that allows the mem‐
1926 berOf attribute
1927 then the memberOf plugin will automatically add the object class
1928 listed in the
1929 memberOfAutoAddOC parameter
1930 --config-entry CONFIG_ENTRY
1933 The value to set as nsslapd-pluginConfigArea
1934
1937 usage: dsconf instance plugin memberof config-entry [-h]
1938 {add,set,show,delete}
1939 ...
1940 Sub-commands
1943 dsconf plugin memberof config-entry add
1944 Add the config entry
1945 dsconf plugin memberof config-entry set
1947 Edit the config entry
1948 dsconf plugin memberof config-entry show
1950 Display the config entry
1951 dsconf plugin memberof config-entry delete
1953 Delete the config entry
1954
1956 usage: dsconf instance plugin memberof config-entry add [-h]
1957 [--attr ATTR
1958 [ATTR ...]]
1959 [--groupattr
1960 GROUPATTR [GROUPATTR ...]]
1961 [--allbackends
1962 {on,off}]
1963 [--skipnested
1964 {on,off}]
1965 [--scope SCOPE]
1966 [--exclude
1967 EXCLUDE]
1968 [--autoaddoc
1969 AUTOADDOC]
1970 DN
1971 DN The config entry full DN
1974 --attr ATTR [ATTR ...]
1977 Specifies the attribute in the user entry for the Directory
1978 Server to manage
1979 to reflect group membership (memberOfAttr)
1980 --groupattr GROUPATTR [GROUPATTR ...]
1983 Specifies the attribute in the group entry to use to identify
1984 the DNs of group
1985 members (memberOfGroupAttr)
1986 --allbackends {on,off}
1989 Specifies whether to search the local suffix for user entries on
1990 all available
1991 suffixes (memberOfAllBackends)
1992 --skipnested {on,off}
1995 Specifies wherher to skip nested groups or not (memberOfSkip‐
1996 Nested)
1997 --scope SCOPE
2000 Specifies backends or multiple-nested suffixes for the MemberOf
2001 plug-in to
2002 work on (memberOfEntryScope)
2003 --exclude EXCLUDE
2006 Specifies backends or multiple-nested suffixes for the MemberOf
2007 plug-in to
2008 exclude (memberOfEntryScopeExcludeSubtree)
2009 --autoaddoc AUTOADDOC
2012 If an entry does not have an object class that allows the mem‐
2013 berOf attribute
2014 then the memberOf plugin will automatically add the object class
2015 listed in the
2016 memberOfAutoAddOC parameter
2017
2020 usage: dsconf instance plugin memberof config-entry set [-h]
2021 [--attr ATTR
2022 [ATTR ...]]
2023 [--groupattr
2024 GROUPATTR [GROUPATTR ...]]
2025 [--allbackends
2026 {on,off}]
2027 [--skipnested
2028 {on,off}]
2029 [--scope SCOPE]
2030 [--exclude
2031 EXCLUDE]
2032 [--autoaddoc
2033 AUTOADDOC]
2034 DN
2035 DN The config entry full DN
2038 --attr ATTR [ATTR ...]
2041 Specifies the attribute in the user entry for the Directory
2042 Server to manage
2043 to reflect group membership (memberOfAttr)
2044 --groupattr GROUPATTR [GROUPATTR ...]
2047 Specifies the attribute in the group entry to use to identify
2048 the DNs of group
2049 members (memberOfGroupAttr)
2050 --allbackends {on,off}
2053 Specifies whether to search the local suffix for user entries on
2054 all available
2055 suffixes (memberOfAllBackends)
2056 --skipnested {on,off}
2059 Specifies wherher to skip nested groups or not (memberOfSkip‐
2060 Nested)
2061 --scope SCOPE
2064 Specifies backends or multiple-nested suffixes for the MemberOf
2065 plug-in to
2066 work on (memberOfEntryScope)
2067 --exclude EXCLUDE
2070 Specifies backends or multiple-nested suffixes for the MemberOf
2071 plug-in to
2072 exclude (memberOfEntryScopeExcludeSubtree)
2073 --autoaddoc AUTOADDOC
2076 If an entry does not have an object class that allows the mem‐
2077 berOf attribute
2078 then the memberOf plugin will automatically add the object class
2079 listed in the
2080 memberOfAutoAddOC parameter
2081
2084 usage: dsconf instance plugin memberof config-entry show [-h] DN
2085 DN The config entry full DN
2088
2092 usage: dsconf instance plugin memberof config-entry delete [-h] DN
2093 DN The config entry full DN
2096
2101 usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN
2102 DN Base DN that contains entries to fix up
2105 -f FILTER, --filter FILTER
2108 Filter for entries to fix up. If omitted, all entries with
2109 objectclass
2110 inetuser/inetadmin/nsmemberof under the specified base will have
2111 their
2112 memberOf attribute regenerated.
2113
2117 usage: dsconf instance plugin automember [-h]
2118 {show,enable,disable,sta‐
2119 tus,list,definition,fixup}
2120 ...
2121 Sub-commands
2124 dsconf plugin automember show
2125 display plugin configuration
2126 dsconf plugin automember enable
2128 enable plugin
2129 dsconf plugin automember disable
2131 disable plugin
2132 dsconf plugin automember status
2134 display plugin status
2135 dsconf plugin automember list
2137 List Automembership definitions or regex rules.
2138 dsconf plugin automember definition
2140 Manage Automembership definition.
2141 dsconf plugin automember fixup
2143 Run a rebuild membership task.
2144
2146 usage: dsconf instance plugin automember show [-h]
2147
2152 usage: dsconf instance plugin automember enable [-h]
2153
2158 usage: dsconf instance plugin automember disable [-h]
2159
2164 usage: dsconf instance plugin automember status [-h]
2165
2170 usage: dsconf instance plugin automember list [-h] {defini‐
2171 tions,regexes} ...
2172 Sub-commands
2175 dsconf plugin automember list definitions
2176 List Automembership definitions.
2177 dsconf plugin automember list regexes
2179 List Automembership regex rules.
2180
2182 usage: dsconf instance plugin automember list definitions [-h]
2183
2188 usage: dsconf instance plugin automember list regexes [-h] DEFNAME
2189 DEFNAME
2192 The definition entry CN.
2193
2198 usage: dsconf instance plugin automember definition [-h]
2199 DEFNAME
2200 {add,set,delete,show,regex}
2201 ...
2202 DEFNAME
2205 The definition entry CN.
2206 Sub-commands
2209 dsconf plugin automember definition add
2210 Create Automembership definition.
2211 dsconf plugin automember definition set
2213 Edit Automembership definition.
2214 dsconf plugin automember definition delete
2216 Remove Automembership definition.
2217 dsconf plugin automember definition show
2219 Display Automembership definition.
2220 dsconf plugin automember definition regex
2222 Manage Automembership regex rules.
2223
2225 usage: dsconf instance plugin automember definition DEFNAME add
2226 [-h] --grouping-attr GROUPING_ATTR [--default-group
2227 DEFAULT_GROUP]
2228 --scope SCOPE --filter FILTER
2229 --grouping-attr GROUPING_ATTR
2233 Specifies the name of the member attribute in the group entry
2234 and the
2235 attribute in the object entry that supplies the member attribute
2236 value, in the
2237 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2238 --default-group DEFAULT_GROUP
2241 Sets default or fallback group to add the entry to as a member
2242 attribute in
2243 group entry (autoMemberDefaultGroup)
2244 --scope SCOPE
2247 Sets the subtree DN to search for entries (autoMemberScope)
2248 --filter FILTER
2251 Sets a standard LDAP search filter to use to search for matching
2252 entries
2253 (autoMemberFilter)
2254
2257 usage: dsconf instance plugin automember definition DEFNAME set
2258 [-h] --grouping-attr GROUPING_ATTR [--default-group
2259 DEFAULT_GROUP]
2260 --scope SCOPE --filter FILTER
2261 --grouping-attr GROUPING_ATTR
2265 Specifies the name of the member attribute in the group entry
2266 and the
2267 attribute in the object entry that supplies the member attribute
2268 value, in the
2269 format group_member_attr:entry_attr (autoMemberGroupingAttr)
2270 --default-group DEFAULT_GROUP
2273 Sets default or fallback group to add the entry to as a member
2274 attribute in
2275 group entry (autoMemberDefaultGroup)
2276 --scope SCOPE
2279 Sets the subtree DN to search for entries (autoMemberScope)
2280 --filter FILTER
2283 Sets a standard LDAP search filter to use to search for matching
2284 entries
2285 (autoMemberFilter)
2286
2289 usage: dsconf instance plugin automember definition DEFNAME delete [-h]
2290
2295 usage: dsconf instance plugin automember definition DEFNAME show [-h]
2296
2301 usage: dsconf instance plugin automember definition DEFNAME regex
2302 [-h] REGEXNAME {add,set,delete,show} ...
2303 REGEXNAME
2306 The regex entry CN.
2307 Sub-commands
2310 dsconf plugin automember definition regex add
2311 Create Automembership regex.
2312 dsconf plugin automember definition regex set
2314 Edit Automembership regex.
2315 dsconf plugin automember definition regex delete
2317 Remove Automembership regex.
2318 dsconf plugin automember definition regex show
2320 Display Automembership regex.
2321
2323 usage: dsconf instance plugin automember definition DEFNAME regex
2324 REGEXNAME add
2325 [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2326 [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TAR‐
2327 GET_GROUP
2328 --exclusive EXCLUSIVE [EXCLUSIVE ...]
2332 Sets a single regular expression to use to identify entries to
2333 exclude
2334 (autoMemberExclusiveRegex)
2335 --inclusive INCLUSIVE [INCLUSIVE ...]
2338 Sets a single regular expression to use to identify entries to
2339 include
2340 (autoMemberInclusiveRegex)
2341 --target-group TARGET_GROUP
2344 Sets which group to add the entry to as a member, if it meets
2345 the regular
2346 expression conditions (autoMemberTargetGroup)
2347
2350 usage: dsconf instance plugin automember definition DEFNAME regex
2351 REGEXNAME set
2352 [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2353 [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TAR‐
2354 GET_GROUP
2355 --exclusive EXCLUSIVE [EXCLUSIVE ...]
2359 Sets a single regular expression to use to identify entries to
2360 exclude
2361 (autoMemberExclusiveRegex)
2362 --inclusive INCLUSIVE [INCLUSIVE ...]
2365 Sets a single regular expression to use to identify entries to
2366 include
2367 (autoMemberInclusiveRegex)
2368 --target-group TARGET_GROUP
2371 Sets which group to add the entry to as a member, if it meets
2372 the regular
2373 expression conditions (autoMemberTargetGroup)
2374
2377 usage: dsconf instance plugin automember definition DEFNAME regex
2378 REGEXNAME delete
2379 [-h]
2380
2385 usage: dsconf instance plugin automember definition DEFNAME regex
2386 REGEXNAME show
2387 [-h]
2388
2395 usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2396 {sub,base,one}
2397 DN
2398 DN Base DN that contains entries to fix up
2401 -f FILTER, --filter FILTER
2404 LDAP filter for entries to fix up.
2405 -s {sub,base,one}, --scope {sub,base,one}
2408 LDAP search scope for entries to fix up
2409
2413 usage: dsconf instance plugin referential-integrity [-h]
2414 {show,enable,dis‐
2415 able,status,set,config-entry}
2416 ...
2417 Sub-commands
2420 dsconf plugin referential-integrity show
2421 display plugin configuration
2422 dsconf plugin referential-integrity enable
2424 enable plugin
2425 dsconf plugin referential-integrity disable
2427 disable plugin
2428 dsconf plugin referential-integrity status
2430 display plugin status
2431 dsconf plugin referential-integrity set
2433 Edit the plugin
2434 dsconf plugin referential-integrity config-entry
2436 Manage the config entry
2437
2439 usage: dsconf instance plugin referential-integrity show [-h]
2440
2445 usage: dsconf instance plugin referential-integrity enable [-h]
2446
2451 usage: dsconf instance plugin referential-integrity disable [-h]
2452
2457 usage: dsconf instance plugin referential-integrity status [-h]
2458
2463 usage: dsconf instance plugin referential-integrity set [-h]
2464 [--update-delay
2465 UPDATE_DELAY]
2466 [--membership-
2467 attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2468 [--entry-scope
2469 ENTRY_SCOPE]
2470 [--exclude-
2471 entry-scope EXCLUDE_ENTRY_SCOPE]
2472 [--container-
2473 scope CONTAINER_SCOPE]
2474 [--log-file
2475 LOG_FILE]
2476 [--config-entry
2477 CONFIG_ENTRY]
2478 --update-delay UPDATE_DELAY
2482 Sets the update interval. Special values: 0 - The check is per‐
2483 formed
2484 immediately, -1 - No check is performed (referint-update-delay)
2485 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2488 Specifies attributes to check for and update (referint-member‐
2489 ship-attr)
2490 --entry-scope ENTRY_SCOPE
2493 Defines the subtree in which the plug-in looks for the delete or
2494 rename
2495 operations of a user entry (nsslapd-pluginEntryScope)
2496 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2499 Defines the subtree in which the plug-in ignores any operations
2500 for deleting
2501 or renaming a user (nsslapd-pluginExcludeEntryScope)
2502 --container-scope CONTAINER_SCOPE
2505 Specifies which branch the plug-in searches for the groups to
2506 which the user
2507 belongs. It only updates groups that are under the specified
2508 container branch,
2509 and leaves all other groups not updated (nsslapd-pluginContain‐
2510 erScope)
2511 --log-file LOG_FILE
2514 Specifies a path to the Referential integrity logfile.For exam‐
2515 ple:
2516 /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2517 --config-entry CONFIG_ENTRY
2520 The value to set as nsslapd-pluginConfigArea
2521
2524 usage: dsconf instance plugin referential-integrity config-entry
2525 [-h] {add,set,show,delete} ...
2526 Sub-commands
2529 dsconf plugin referential-integrity config-entry add
2530 Add the config entry
2531 dsconf plugin referential-integrity config-entry set
2533 Edit the config entry
2534 dsconf plugin referential-integrity config-entry show
2536 Display the config entry
2537 dsconf plugin referential-integrity config-entry delete
2539 Delete the config entry
2540
2542 usage: dsconf instance plugin referential-integrity config-entry add
2543 [-h] [--update-delay UPDATE_DELAY]
2544 [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2545 [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope
2546 EXCLUDE_ENTRY_SCOPE]
2547 [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2548 DN
2549 DN The config entry full DN
2552 --update-delay UPDATE_DELAY
2555 Sets the update interval. Special values: 0 - The check is per‐
2556 formed
2557 immediately, -1 - No check is performed (referint-update-delay)
2558 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2561 Specifies attributes to check for and update (referint-member‐
2562 ship-attr)
2563 --entry-scope ENTRY_SCOPE
2566 Defines the subtree in which the plug-in looks for the delete or
2567 rename
2568 operations of a user entry (nsslapd-pluginEntryScope)
2569 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2572 Defines the subtree in which the plug-in ignores any operations
2573 for deleting
2574 or renaming a user (nsslapd-pluginExcludeEntryScope)
2575 --container-scope CONTAINER_SCOPE
2578 Specifies which branch the plug-in searches for the groups to
2579 which the user
2580 belongs. It only updates groups that are under the specified
2581 container branch,
2582 and leaves all other groups not updated (nsslapd-pluginContain‐
2583 erScope)
2584 --log-file LOG_FILE
2587 Specifies a path to the Referential integrity logfile.For exam‐
2588 ple:
2589 /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2590
2593 usage: dsconf instance plugin referential-integrity config-entry set
2594 [-h] [--update-delay UPDATE_DELAY]
2595 [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2596 [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope
2597 EXCLUDE_ENTRY_SCOPE]
2598 [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2599 DN
2600 DN The config entry full DN
2603 --update-delay UPDATE_DELAY
2606 Sets the update interval. Special values: 0 - The check is per‐
2607 formed
2608 immediately, -1 - No check is performed (referint-update-delay)
2609 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2612 Specifies attributes to check for and update (referint-member‐
2613 ship-attr)
2614 --entry-scope ENTRY_SCOPE
2617 Defines the subtree in which the plug-in looks for the delete or
2618 rename
2619 operations of a user entry (nsslapd-pluginEntryScope)
2620 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2623 Defines the subtree in which the plug-in ignores any operations
2624 for deleting
2625 or renaming a user (nsslapd-pluginExcludeEntryScope)
2626 --container-scope CONTAINER_SCOPE
2629 Specifies which branch the plug-in searches for the groups to
2630 which the user
2631 belongs. It only updates groups that are under the specified
2632 container branch,
2633 and leaves all other groups not updated (nsslapd-pluginContain‐
2634 erScope)
2635 --log-file LOG_FILE
2638 Specifies a path to the Referential integrity logfile.For exam‐
2639 ple:
2640 /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2641
2644 usage: dsconf instance plugin referential-integrity config-entry show
2645 [-h] DN
2646 DN The config entry full DN
2649
2653 usage: dsconf instance plugin referential-integrity config-entry delete
2654 [-h] DN
2655 DN The config entry full DN
2658
2664 usage: dsconf instance plugin root-dn [-h]
2665 {show,enable,disable,status,set}
2666 ...
2667 Sub-commands
2670 dsconf plugin root-dn show
2671 display plugin configuration
2672 dsconf plugin root-dn enable
2674 enable plugin
2675 dsconf plugin root-dn disable
2677 disable plugin
2678 dsconf plugin root-dn status
2680 display plugin status
2681 dsconf plugin root-dn set
2683 Edit the plugin
2684
2686 usage: dsconf instance plugin root-dn show [-h]
2687
2692 usage: dsconf instance plugin root-dn enable [-h]
2693
2698 usage: dsconf instance plugin root-dn disable [-h]
2699
2704 usage: dsconf instance plugin root-dn status [-h]
2705
2710 usage: dsconf instance plugin root-dn set [-h]
2711 [--allow-host ALLOW_HOST
2712 [ALLOW_HOST ...]]
2713 [--deny-host DENY_HOST
2714 [DENY_HOST ...]]
2715 [--allow-ip ALLOW_IP
2716 [ALLOW_IP ...]]
2717 [--deny-ip DENY_IP [DENY_IP
2718 ...]]
2719 [--open-time OPEN_TIME]
2720 [--close-time CLOSE_TIME]
2721 [--days-allowed DAYS_ALLOWED]
2722 --allow-host ALLOW_HOST [ALLOW_HOST ...]
2726 Sets what hosts, by fully-qualified domain name, the root user
2727 is allowed to
2728 use to access the Directory Server. Any hosts not listed are
2729 implicitly denied
2730 (rootdn-allow-host)
2731 --deny-host DENY_HOST [DENY_HOST ...]
2734 Sets what hosts, by fully-qualified domain name, the root user
2735 is not allowed
2736 to use to access the Directory Server Any hosts not listed are
2737 implicitly
2738 allowed (rootdn-deny-host). If an host address is listed in both
2739 the rootdn-
2740 allow-host and rootdn-deny-host attributes, it is denied access.
2741 --allow-ip ALLOW_IP [ALLOW_IP ...]
2744 Sets what IP addresses, either IPv4 or IPv6, for machines the
2745 root user is
2746 allowed to use to access the Directory Server Any IP addresses
2747 not listed are
2748 implicitly denied (rootdn-allow-ip)
2749 --deny-ip DENY_IP [DENY_IP ...]
2752 Sets what IP addresses, either IPv4 or IPv6, for machines the
2753 root user is not
2754 allowed to use to access the Directory Server. Any IP addresses
2755 not listed are
2756 implicitly allowed (rootdn-deny-ip) If an IP address is listed
2757 in both the
2758 rootdn-allow-ip and rootdn-deny-ip attributes, it is denied
2759 access.
2760 --open-time OPEN_TIME
2763 Sets part of a time period or range when the root user is
2764 allowed to access
2765 the Directory Server. This sets when the time-based access
2766 begins (rootdn-
2767 open-time)
2768 --close-time CLOSE_TIME
2771 Sets part of a time period or range when the root user is
2772 allowed to access
2773 the Directory Server. This sets when the time-based access ends
2774 (rootdn-close-
2775 time)
2776 --days-allowed DAYS_ALLOWED
2779 Gives a comma-separated list of what days the root user is
2780 allowed to use to
2781 access the Directory Server. Any days listed are implicitly
2782 denied (rootdn-
2783 days-allowed)
2784
2788 usage: dsconf instance plugin usn [-h]
2789 {show,enable,disable,sta‐
2790 tus,global,cleanup}
2791 ...
2792 Sub-commands
2795 dsconf plugin usn show
2796 display plugin configuration
2797 dsconf plugin usn enable
2799 enable plugin
2800 dsconf plugin usn disable
2802 disable plugin
2803 dsconf plugin usn status
2805 display plugin status
2806 dsconf plugin usn global
2808 Get or manage global usn mode (nsslapd-entryusn-global)
2809 dsconf plugin usn cleanup
2811 Run the USN tombstone cleanup task
2812
2814 usage: dsconf instance plugin usn show [-h]
2815
2820 usage: dsconf instance plugin usn enable [-h]
2821
2826 usage: dsconf instance plugin usn disable [-h]
2827
2832 usage: dsconf instance plugin usn status [-h]
2833
2838 usage: dsconf instance plugin usn global [-h] {on,off} ...
2839 Sub-commands
2842 dsconf plugin usn global on
2843 Enable usn global mode
2844 dsconf plugin usn global off
2846 Disable usn global mode
2847
2849 usage: dsconf instance plugin usn global on [-h]
2850
2855 usage: dsconf instance plugin usn global off [-h]
2856
2862 usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2863 [-m MAXUSN]
2864 -s SUFFIX, --suffix SUFFIX
2868 Gives the suffix or subtree in the Directory Server to run the
2869 cleanup
2870 operation against. If the suffix is not specified, then the back
2871 end must be
2872 given (suffix)
2873 -n BACKEND, --backend BACKEND
2876 Gives the Directory Server instance back end, or database, to
2877 run the cleanup
2878 operation against. If the back end is not specified, then the
2879 suffix must be
2880 specified.Backend instance in which USN tombstone entries (back‐
2881 end)
2882 -m MAXUSN, --maxusn MAXUSN
2885 Gives the highest USN value to delete when removing tombstone
2886 entries
2887 (max_usn_to_delete)
2888
2892 usage: dsconf instance plugin account-policy [-h]
2893 {show,enable,disable,sta‐
2894 tus,set,config-entry}
2895 ...
2896 Sub-commands
2899 dsconf plugin account-policy show
2900 display plugin configuration
2901 dsconf plugin account-policy enable
2903 enable plugin
2904 dsconf plugin account-policy disable
2906 disable plugin
2907 dsconf plugin account-policy status
2909 display plugin status
2910 dsconf plugin account-policy set
2912 Edit the plugin
2913 dsconf plugin account-policy config-entry
2915 Manage the config entry
2916
2918 usage: dsconf instance plugin account-policy show [-h]
2919
2924 usage: dsconf instance plugin account-policy enable [-h]
2925
2930 usage: dsconf instance plugin account-policy disable [-h]
2931
2936 usage: dsconf instance plugin account-policy status [-h]
2937
2942 usage: dsconf instance plugin account-policy set [-h]
2943 [--config-entry CON‐
2944 FIG_ENTRY]
2945 --config-entry CONFIG_ENTRY
2949 The value to set as nsslapd-pluginConfigArea
2950
2953 usage: dsconf instance plugin account-policy config-entry [-h]
2954 {add,set,show,delete}
2955 ...
2956 Sub-commands
2959 dsconf plugin account-policy config-entry add
2960 Add the config entry
2961 dsconf plugin account-policy config-entry set
2963 Edit the config entry
2964 dsconf plugin account-policy config-entry show
2966 Display the config entry
2967 dsconf plugin account-policy config-entry delete
2969 Delete the config entry
2970
2972 usage: dsconf instance plugin account-policy config-entry add
2973 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2974 ALT_STATE_ATTR]
2975 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2976 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2977 [--state-attr STATE_ATTR]
2978 DN
2979 DN The config entry full DN
2982 --always-record-login {yes,no}
2985 Sets that every entry records its last login time (alwaysRecord‐
2986 Login)
2987 --alt-state-attr ALT_STATE_ATTR
2990 Provides a backup attribute for the server to reference to eval‐
2991 uate the
2992 expiration time (altStateAttrName)
2993 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2996 Specifies the attribute to store the time of the last successful
2997 login in this
2998 attribute in the users directory entry (alwaysRecordLoginAttr)
2999 --limit-attr LIMIT_ATTR
3002 Specifies the attribute within the policy to use for the account
3003 inactivation
3004 limit (limitAttrName)
3005 --spec-attr SPEC_ATTR
3008 Specifies the attribute to identify which entries are account
3009 policy
3010 configuration entries (specAttrName)
3011 --state-attr STATE_ATTR
3014 Specifies the primary time attribute used to evaluate an account
3015 policy
3016 (stateAttrName)
3017
3020 usage: dsconf instance plugin account-policy config-entry set
3021 [-h] [--always-record-login {yes,no}] [--alt-state-attr
3022 ALT_STATE_ATTR]
3023 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
3024 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
3025 [--state-attr STATE_ATTR]
3026 DN
3027 DN The config entry full DN
3030 --always-record-login {yes,no}
3033 Sets that every entry records its last login time (alwaysRecord‐
3034 Login)
3035 --alt-state-attr ALT_STATE_ATTR
3038 Provides a backup attribute for the server to reference to eval‐
3039 uate the
3040 expiration time (altStateAttrName)
3041 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
3044 Specifies the attribute to store the time of the last successful
3045 login in this
3046 attribute in the users directory entry (alwaysRecordLoginAttr)
3047 --limit-attr LIMIT_ATTR
3050 Specifies the attribute within the policy to use for the account
3051 inactivation
3052 limit (limitAttrName)
3053 --spec-attr SPEC_ATTR
3056 Specifies the attribute to identify which entries are account
3057 policy
3058 configuration entries (specAttrName)
3059 --state-attr STATE_ATTR
3062 Specifies the primary time attribute used to evaluate an account
3063 policy
3064 (stateAttrName)
3065
3068 usage: dsconf instance plugin account-policy config-entry show [-h] DN
3069 DN The config entry full DN
3072
3076 usage: dsconf instance plugin account-policy config-entry delete [-h]
3077 DN
3078 DN The config entry full DN
3081
3087 usage: dsconf instance plugin attr-uniq [-h]
3088 {show,enable,disable,sta‐
3089 tus,list,add,set,delete}
3090 ...
3091 Sub-commands
3094 dsconf plugin attr-uniq show
3095 display plugin configuration
3096 dsconf plugin attr-uniq enable
3098 enable plugin
3099 dsconf plugin attr-uniq disable
3101 disable plugin
3102 dsconf plugin attr-uniq status
3104 display plugin status
3105 dsconf plugin attr-uniq list
3107 List available plugin configs
3108 dsconf plugin attr-uniq add
3110 Add the config entry
3111 dsconf plugin attr-uniq set
3113 Edit the config entry
3114 dsconf plugin attr-uniq show
3116 Display the config entry
3117 dsconf plugin attr-uniq delete
3119 Delete the config entry
3120 dsconf plugin attr-uniq enable
3122 enable plugin
3123 dsconf plugin attr-uniq disable
3125 disable plugin
3126 dsconf plugin attr-uniq status
3128 display plugin status
3129
3131 usage: dsconf instance plugin attr-uniq show [-h] NAME
3132 NAME The name of the plug-in configuration record
3135
3139 usage: dsconf instance plugin attr-uniq enable [-h] NAME
3140 NAME Sets the name of the plug-in configuration record
3143
3147 usage: dsconf instance plugin attr-uniq disable [-h] NAME
3148 NAME Sets the name of the plug-in configuration record
3151
3155 usage: dsconf instance plugin attr-uniq status [-h] NAME
3156 NAME Sets the name of the plug-in configuration record
3159
3163 usage: dsconf instance plugin attr-uniq list [-h]
3164
3169 usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}]
3170 [--attr-name ATTR_NAME
3171 [ATTR_NAME ...]]
3172 [--subtree SUBTREE [SUBTREE
3173 ...]]
3174 [--across-all-subtrees
3175 {on,off}]
3176 [--top-entry-oc
3177 TOP_ENTRY_OC]
3178 [--subtree-entries-oc SUB‐
3179 TREE_ENTRIES_OC]
3180 NAME
3181 NAME Sets the name of the plug-in configuration record. (cn) You can
3184 use any
3185 string, but "attribute_name Attribute Uniqueness" is recom‐
3186 mended.
3187 --enabled {on,off}
3190 Identifies whether or not the config is enabled.
3191 --attr-name ATTR_NAME [ATTR_NAME ...]
3194 Sets the name of the attribute whose values must be unique. This
3195 attribute is
3196 multi-valued. (uniqueness-attribute-name)
3197 --subtree SUBTREE [SUBTREE ...]
3200 Sets the DN under which the plug-in checks for uniqueness of the
3201 attributes
3202 value. This attribute is multi-valued (uniqueness-subtrees)
3203 --across-all-subtrees {on,off}
3206 If enabled (on), the plug-in checks that the attribute is unique
3207 across all
3208 subtrees set. If you set the attribute to off, uniqueness is
3209 only enforced
3210 within the subtree of the updated entry (unique‐
3211 ness-across-all-subtrees)
3212 --top-entry-oc TOP_ENTRY_OC
3215 Verifies that the value of the attribute set in unique‐
3216 ness-attribute-name is
3217 unique in this subtree (uniqueness-top-entry-oc)
3218 --subtree-entries-oc SUBTREE_ENTRIES_OC
3221 Verifies if an attribute is unique, if the entry contains the
3222 object class set
3223 in this parameter (uniqueness-subtree-entries-oc)
3224
3227 usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}]
3228 [--attr-name ATTR_NAME
3229 [ATTR_NAME ...]]
3230 [--subtree SUBTREE [SUBTREE
3231 ...]]
3232 [--across-all-subtrees
3233 {on,off}]
3234 [--top-entry-oc
3235 TOP_ENTRY_OC]
3236 [--subtree-entries-oc SUB‐
3237 TREE_ENTRIES_OC]
3238 NAME
3239 NAME Sets the name of the plug-in configuration record. (cn) You can
3242 use any
3243 string, but "attribute_name Attribute Uniqueness" is recom‐
3244 mended.
3245 --enabled {on,off}
3248 Identifies whether or not the config is enabled.
3249 --attr-name ATTR_NAME [ATTR_NAME ...]
3252 Sets the name of the attribute whose values must be unique. This
3253 attribute is
3254 multi-valued. (uniqueness-attribute-name)
3255 --subtree SUBTREE [SUBTREE ...]
3258 Sets the DN under which the plug-in checks for uniqueness of the
3259 attributes
3260 value. This attribute is multi-valued (uniqueness-subtrees)
3261 --across-all-subtrees {on,off}
3264 If enabled (on), the plug-in checks that the attribute is unique
3265 across all
3266 subtrees set. If you set the attribute to off, uniqueness is
3267 only enforced
3268 within the subtree of the updated entry (unique‐
3269 ness-across-all-subtrees)
3270 --top-entry-oc TOP_ENTRY_OC
3273 Verifies that the value of the attribute set in unique‐
3274 ness-attribute-name is
3275 unique in this subtree (uniqueness-top-entry-oc)
3276 --subtree-entries-oc SUBTREE_ENTRIES_OC
3279 Verifies if an attribute is unique, if the entry contains the
3280 object class set
3281 in this parameter (uniqueness-subtree-entries-oc)
3282
3285 usage: dsconf instance plugin attr-uniq delete [-h] NAME
3286 NAME Sets the name of the plug-in configuration record
3289
3294 usage: dsconf instance plugin dna [-h]
3295 {show,enable,disable,status,list,con‐
3296 fig} ...
3297 Sub-commands
3300 dsconf plugin dna show
3301 display plugin configuration
3302 dsconf plugin dna enable
3304 enable plugin
3305 dsconf plugin dna disable
3307 disable plugin
3308 dsconf plugin dna status
3310 display plugin status
3311 dsconf plugin dna list
3313 List available plugin configs
3314 dsconf plugin dna config
3316 Manage plugin configs
3317
3319 usage: dsconf instance plugin dna show [-h]
3320
3325 usage: dsconf instance plugin dna enable [-h]
3326
3331 usage: dsconf instance plugin dna disable [-h]
3332
3337 usage: dsconf instance plugin dna status [-h]
3338
3343 usage: dsconf instance plugin dna list [-h] {configs,shared-configs}
3344 ...
3345 Sub-commands
3348 dsconf plugin dna list configs
3349 List main DNA plugin config entries
3350 dsconf plugin dna list shared-configs
3352 List DNA plugin shared config entries
3353
3355 usage: dsconf instance plugin dna list configs [-h]
3356
3361 usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3362 BASEDN The search DN
3365
3370 usage: dsconf instance plugin dna config [-h]
3371 NAME
3372 {add,set,show,delete,shared-
3373 config-entry}
3374 ...
3375 NAME The DNA configuration name
3378 Sub-commands
3381 dsconf plugin dna config add
3382 Add the config entry
3383 dsconf plugin dna config set
3385 Edit the config entry
3386 dsconf plugin dna config show
3388 Display the config entry
3389 dsconf plugin dna config delete
3391 Delete the config entry
3392 dsconf plugin dna config shared-config-entry
3394 Manage the shared config entry
3395
3397 usage: dsconf instance plugin dna config NAME add [-h]
3398 [--type TYPE [TYPE
3399 ...]]
3400 [--prefix PREFIX]
3401 [--next-value
3402 NEXT_VALUE]
3403 [--max-value
3404 MAX_VALUE]
3405 [--interval INTERVAL]
3406 [--magic-regen
3407 MAGIC_REGEN]
3408 [--filter FILTER]
3409 [--scope SCOPE]
3410 [--remote-bind-dn
3411 REMOTE_BIND_DN]
3412 [--remote-bind-cred
3413 REMOTE_BIND_CRED]
3414 [--shared-config-
3415 entry SHARED_CONFIG_ENTRY]
3416 [--threshold THRESH‐
3417 OLD]
3418 [--next-range
3419 NEXT_RANGE]
3420 [--range-request-
3421 timeout RANGE_REQUEST_TIMEOUT]
3422 --type TYPE [TYPE ...]
3426 Sets which attributes have unique numbers being generated for
3427 them (dnaType)
3428 --prefix PREFIX
3431 Defines a prefix that can be prepended to the generated number
3432 values for the
3433 attribute (dnaPrefix)
3434 --next-value NEXT_VALUE
3437 Gives the next available number which can be assigned
3438 (dnaNextValue)
3439 --max-value MAX_VALUE
3442 Sets the maximum value that can be assigned for the range (dna‐
3443 MaxValue)
3444 --interval INTERVAL
3447 Sets an interval to use to increment through numbers in a range
3448 (dnaInterval)
3449 --magic-regen MAGIC_REGEN
3452 Sets a user-defined value that instructs the plug-in to assign a
3453 new value for
3454 the entry (dnaMagicRegen)
3455 --filter FILTER
3458 Sets an LDAP filter to use to search for and identify the
3459 entries to which to
3460 apply the distributed numeric assignment range (dnaFilter)
3461 --scope SCOPE
3464 Sets the base DN to search for entries to which to apply the
3465 distributed
3466 numeric assignment (dnaScope)
3467 --remote-bind-dn REMOTE_BIND_DN
3470 Specifies the Replication Manager DN (dnaRemoteBindDN)
3471 --remote-bind-cred REMOTE_BIND_CRED
3474 Specifies the Replication Manager's password (dnaRemoteBindCred)
3475 --shared-config-entry SHARED_CONFIG_ENTRY
3478 Defines a shared identity that the servers can use to transfer
3479 ranges to one
3480 another (dnaSharedCfgDN)
3481 --threshold THRESHOLD
3484 Sets a threshold of remaining available numbers in the range.
3485 When the server
3486 hits the threshold, it sends a request for a new range
3487 (dnaThreshold)
3488 --next-range NEXT_RANGE
3491 Defines the next range to use when the current range is
3492 exhausted
3493 (dnaNextRange)
3494 --range-request-timeout RANGE_REQUEST_TIMEOUT
3497 sets a timeout period, in seconds, for range requests so that
3498 the server does
3499 not stall waiting on a new range from one server and can request
3500 a range from
3501 a new server (dnaRangeRequestTimeout)
3502
3505 usage: dsconf instance plugin dna config NAME set [-h]
3506 [--type TYPE [TYPE
3507 ...]]
3508 [--prefix PREFIX]
3509 [--next-value
3510 NEXT_VALUE]
3511 [--max-value
3512 MAX_VALUE]
3513 [--interval INTERVAL]
3514 [--magic-regen
3515 MAGIC_REGEN]
3516 [--filter FILTER]
3517 [--scope SCOPE]
3518 [--remote-bind-dn
3519 REMOTE_BIND_DN]
3520 [--remote-bind-cred
3521 REMOTE_BIND_CRED]
3522 [--shared-config-
3523 entry SHARED_CONFIG_ENTRY]
3524 [--threshold THRESH‐
3525 OLD]
3526 [--next-range
3527 NEXT_RANGE]
3528 [--range-request-
3529 timeout RANGE_REQUEST_TIMEOUT]
3530 --type TYPE [TYPE ...]
3534 Sets which attributes have unique numbers being generated for
3535 them (dnaType)
3536 --prefix PREFIX
3539 Defines a prefix that can be prepended to the generated number
3540 values for the
3541 attribute (dnaPrefix)
3542 --next-value NEXT_VALUE
3545 Gives the next available number which can be assigned
3546 (dnaNextValue)
3547 --max-value MAX_VALUE
3550 Sets the maximum value that can be assigned for the range (dna‐
3551 MaxValue)
3552 --interval INTERVAL
3555 Sets an interval to use to increment through numbers in a range
3556 (dnaInterval)
3557 --magic-regen MAGIC_REGEN
3560 Sets a user-defined value that instructs the plug-in to assign a
3561 new value for
3562 the entry (dnaMagicRegen)
3563 --filter FILTER
3566 Sets an LDAP filter to use to search for and identify the
3567 entries to which to
3568 apply the distributed numeric assignment range (dnaFilter)
3569 --scope SCOPE
3572 Sets the base DN to search for entries to which to apply the
3573 distributed
3574 numeric assignment (dnaScope)
3575 --remote-bind-dn REMOTE_BIND_DN
3578 Specifies the Replication Manager DN (dnaRemoteBindDN)
3579 --remote-bind-cred REMOTE_BIND_CRED
3582 Specifies the Replication Manager's password (dnaRemoteBindCred)
3583 --shared-config-entry SHARED_CONFIG_ENTRY
3586 Defines a shared identity that the servers can use to transfer
3587 ranges to one
3588 another (dnaSharedCfgDN)
3589 --threshold THRESHOLD
3592 Sets a threshold of remaining available numbers in the range.
3593 When the server
3594 hits the threshold, it sends a request for a new range
3595 (dnaThreshold)
3596 --next-range NEXT_RANGE
3599 Defines the next range to use when the current range is
3600 exhausted
3601 (dnaNextRange)
3602 --range-request-timeout RANGE_REQUEST_TIMEOUT
3605 sets a timeout period, in seconds, for range requests so that
3606 the server does
3607 not stall waiting on a new range from one server and can request
3608 a range from
3609 a new server (dnaRangeRequestTimeout)
3610
3613 usage: dsconf instance plugin dna config NAME show [-h]
3614
3619 usage: dsconf instance plugin dna config NAME delete [-h]
3620
3625 usage: dsconf instance plugin dna config NAME shared-config-entry
3626 [-h] HOSTNAME PORT {add,set,show,delete} ...
3627 HOSTNAME
3630 Identifies the host name of a server in a shared range, as part
3631 of the DNA
3632 range configuration for that specific host in multi-master
3633 replication
3634 (dnaHostname)
3635 PORT Gives the standard port number to use to connect to the host
3638 identified in
3639 dnaHostname (dnaPortNum)
3640 Sub-commands
3643 dsconf plugin dna config shared-config-entry add
3644 Add the shared config entry
3645 dsconf plugin dna config shared-config-entry set
3647 Edit the shared config entry
3648 dsconf plugin dna config shared-config-entry show
3650 Display the shared config entry
3651 dsconf plugin dna config shared-config-entry delete
3653 Delete the shared config entry
3654
3656 usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3657 NAME PORT add
3658 [-h] [--secure-port SECURE_PORT]
3659 [--remote-bind-method REMOTE_BIND_METHOD]
3660 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3661 [--remaining-values REMAINING_VALUES]
3662 --secure-port SECURE_PORT
3666 Gives the secure (TLS) port number to use to connect to the host
3667 identified in
3668 dnaHostname (dnaSecurePortNum)
3669 --remote-bind-method REMOTE_BIND_METHOD
3672 Specifies the remote bind method (dnaRemoteBindMethod)
3673 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3676 Specifies the remote connection protocol (dnaRemoteConnProtocol)
3677 --remaining-values REMAINING_VALUES
3680 Contains the number of values that are remaining and available
3681 to a server to
3682 assign to entries (dnaRemainingValues)
3683
3686 usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3687 NAME PORT set
3688 [-h] [--secure-port SECURE_PORT]
3689 [--remote-bind-method REMOTE_BIND_METHOD]
3690 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3691 [--remaining-values REMAINING_VALUES]
3692 --secure-port SECURE_PORT
3696 Gives the secure (TLS) port number to use to connect to the host
3697 identified in
3698 dnaHostname (dnaSecurePortNum)
3699 --remote-bind-method REMOTE_BIND_METHOD
3702 Specifies the remote bind method (dnaRemoteBindMethod)
3703 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3706 Specifies the remote connection protocol (dnaRemoteConnProtocol)
3707 --remaining-values REMAINING_VALUES
3710 Contains the number of values that are remaining and available
3711 to a server to
3712 assign to entries (dnaRemainingValues)
3713
3716 usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3717 NAME PORT show
3718 [-h]
3719
3724 usage: dsconf instance plugin dna config NAME shared-config-entry HOST‐
3725 NAME PORT delete
3726 [-h]
3727
3735 usage: dsconf instance plugin linked-attr [-h]
3736 {show,enable,disable,sta‐
3737 tus,fixup,list,config}
3738 ...
3739 Sub-commands
3742 dsconf plugin linked-attr show
3743 display plugin configuration
3744 dsconf plugin linked-attr enable
3746 enable plugin
3747 dsconf plugin linked-attr disable
3749 disable plugin
3750 dsconf plugin linked-attr status
3752 display plugin status
3753 dsconf plugin linked-attr fixup
3755 Run the fix-up task for linked attributes plugin
3756 dsconf plugin linked-attr list
3758 List available plugin configs
3759 dsconf plugin linked-attr config
3761 Manage plugin configs
3762
3764 usage: dsconf instance plugin linked-attr show [-h]
3765
3770 usage: dsconf instance plugin linked-attr enable [-h]
3771
3776 usage: dsconf instance plugin linked-attr disable [-h]
3777
3782 usage: dsconf instance plugin linked-attr status [-h]
3783
3788 usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3789 -l LINKDN, --linkdn LINKDN
3793 Base DN that contains entries to fix up
3794
3797 usage: dsconf instance plugin linked-attr list [-h]
3798
3803 usage: dsconf instance plugin linked-attr config [-h]
3804 NAME
3805 {add,set,show,delete}
3806 ...
3807 NAME The Linked Attributes configuration name
3810 Sub-commands
3813 dsconf plugin linked-attr config add
3814 Add the config entry
3815 dsconf plugin linked-attr config set
3817 Edit the config entry
3818 dsconf plugin linked-attr config show
3820 Display the config entry
3821 dsconf plugin linked-attr config delete
3823 Delete the config entry
3824
3826 usage: dsconf instance plugin linked-attr config NAME add [-h]
3827 [--link-type
3828 LINK_TYPE]
3829 [--managed-
3830 type MANAGED_TYPE]
3831 [--link-scope
3832 LINK_SCOPE]
3833 --link-type LINK_TYPE
3837 Sets the attribute that is managed manually by administrators
3838 (linkType)
3839 --managed-type MANAGED_TYPE
3842 Sets the attribute that is created dynamically by the plugin
3843 (managedType)
3844 --link-scope LINK_SCOPE
3847 Sets the scope that restricts the plugin to a specific part of
3848 the directory
3849 tree (linkScope)
3850
3853 usage: dsconf instance plugin linked-attr config NAME set [-h]
3854 [--link-type
3855 LINK_TYPE]
3856 [--managed-
3857 type MANAGED_TYPE]
3858 [--link-scope
3859 LINK_SCOPE]
3860 --link-type LINK_TYPE
3864 Sets the attribute that is managed manually by administrators
3865 (linkType)
3866 --managed-type MANAGED_TYPE
3869 Sets the attribute that is created dynamically by the plugin
3870 (managedType)
3871 --link-scope LINK_SCOPE
3874 Sets the scope that restricts the plugin to a specific part of
3875 the directory
3876 tree (linkScope)
3877
3880 usage: dsconf instance plugin linked-attr config NAME show [-h]
3881
3886 usage: dsconf instance plugin linked-attr config NAME delete [-h]
3887
3894 usage: dsconf instance plugin managed-entries [-h]
3895 {show,enable,disable,sta‐
3896 tus,set,list,config,template}
3897 ...
3898 Sub-commands
3901 dsconf plugin managed-entries show
3902 display plugin configuration
3903 dsconf plugin managed-entries enable
3905 enable plugin
3906 dsconf plugin managed-entries disable
3908 disable plugin
3909 dsconf plugin managed-entries status
3911 display plugin status
3912 dsconf plugin managed-entries set
3914 Edit the plugin
3915 dsconf plugin managed-entries list
3917 List Managed Entries Plugin configs and templates
3918 dsconf plugin managed-entries config
3920 Handle Managed Entries Plugin configs
3921 dsconf plugin managed-entries template
3923 Handle Managed Entries Plugin templates
3924
3926 usage: dsconf instance plugin managed-entries show [-h]
3927
3932 usage: dsconf instance plugin managed-entries enable [-h]
3933
3938 usage: dsconf instance plugin managed-entries disable [-h]
3939
3944 usage: dsconf instance plugin managed-entries status [-h]
3945
3950 usage: dsconf instance plugin managed-entries set [-h]
3951 [--config-area CON‐
3952 FIG_AREA]
3953 --config-area CONFIG_AREA
3957 The value to set as nsslapd-pluginConfigArea
3958
3961 usage: dsconf instance plugin managed-entries list [-h]
3962 {configs,templates}
3963 ...
3964 Sub-commands
3967 dsconf plugin managed-entries list configs
3968 List Managed Entries Plugin configs (list config-area if speci‐
3969 fied in the main plugin entry)
3970 dsconf plugin managed-entries list templates
3972 List Managed Entries Plugin templates in the directory
3973
3975 usage: dsconf instance plugin managed-entries list configs [-h]
3976
3981 usage: dsconf instance plugin managed-entries list templates [-h]
3982 BASEDN
3983 BASEDN The base DN where to search the templates.
3986
3991 usage: dsconf instance plugin managed-entries config [-h]
3992 NAME
3993 {add,set,show,delete}
3994 ...
3995 NAME The config entry CN.
3998 Sub-commands
4001 dsconf plugin managed-entries config add
4002 Add the config entry
4003 dsconf plugin managed-entries config set
4005 Edit the config entry
4006 dsconf plugin managed-entries config show
4008 Display the config entry
4009 dsconf plugin managed-entries config delete
4011 Delete the config entry
4012
4014 usage: dsconf instance plugin managed-entries config NAME add
4015 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
4016 AGED_BASE]
4017 [--managed-template MANAGED_TEMPLATE]
4018 --scope SCOPE
4022 Sets the scope of the search to use to see which entries the
4023 plug-in monitors
4024 (originScope)
4025 --filter FILTER
4028 Sets the search filter to use to search for and identify the
4029 entries within
4030 the subtree which require a managed entry (originFilter)
4031 --managed-base MANAGED_BASE
4034 Sets the subtree under which to create the managed entries (man‐
4035 agedBase)
4036 --managed-template MANAGED_TEMPLATE
4039 Identifies the template entry to use to create the managed entry
4040 (managedTemplate)
4041
4044 usage: dsconf instance plugin managed-entries config NAME set
4045 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
4046 AGED_BASE]
4047 [--managed-template MANAGED_TEMPLATE]
4048 --scope SCOPE
4052 Sets the scope of the search to use to see which entries the
4053 plug-in monitors
4054 (originScope)
4055 --filter FILTER
4058 Sets the search filter to use to search for and identify the
4059 entries within
4060 the subtree which require a managed entry (originFilter)
4061 --managed-base MANAGED_BASE
4064 Sets the subtree under which to create the managed entries (man‐
4065 agedBase)
4066 --managed-template MANAGED_TEMPLATE
4069 Identifies the template entry to use to create the managed entry
4070 (managedTemplate)
4071
4074 usage: dsconf instance plugin managed-entries config NAME show [-h]
4075
4080 usage: dsconf instance plugin managed-entries config NAME delete [-h]
4081
4087 usage: dsconf instance plugin managed-entries template [-h]
4088 DN
4089 {add,set,show,delete}
4090 ...
4091 DN The template entry DN.
4094 Sub-commands
4097 dsconf plugin managed-entries template add
4098 Add the template entry
4099 dsconf plugin managed-entries template set
4101 Edit the template entry
4102 dsconf plugin managed-entries template show
4104 Display the template entry
4105 dsconf plugin managed-entries template delete
4107 Delete the template entry
4108
4110 usage: dsconf instance plugin managed-entries template DN add
4111 [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
4112 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
4113 --rdn-attr RDN_ATTR
4117 Sets which attribute to use as the naming attribute in the auto‐
4118 matically-
4119 generated entry (mepRDNAttr)
4120 --static-attr STATIC_ATTR
4123 Sets an attribute with a defined value that must be added to the
4124 automatically-generated entry (mepStaticAttr)
4125 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
4128 Sets attributes in the Managed Entries template entry which must
4129 exist in the
4130 generated entry (mepMappedAttr)
4131
4134 usage: dsconf instance plugin managed-entries template DN set
4135 [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
4136 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
4137 --rdn-attr RDN_ATTR
4141 Sets which attribute to use as the naming attribute in the auto‐
4142 matically-
4143 generated entry (mepRDNAttr)
4144 --static-attr STATIC_ATTR
4147 Sets an attribute with a defined value that must be added to the
4148 automatically-generated entry (mepStaticAttr)
4149 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
4152 Sets attributes in the Managed Entries template entry which must
4153 exist in the
4154 generated entry (mepMappedAttr)
4155
4158 usage: dsconf instance plugin managed-entries template DN show [-h]
4159
4164 usage: dsconf instance plugin managed-entries template DN delete [-h]
4165
4172 usage: dsconf instance plugin pass-through-auth [-h]
4173 {show,enable,dis‐
4174 able,status,list,url,pam-config}
4175 ...
4176 Sub-commands
4179 dsconf plugin pass-through-auth show
4180 display plugin configuration
4181 dsconf plugin pass-through-auth enable
4183 enable plugin
4184 dsconf plugin pass-through-auth disable
4186 disable plugin
4187 dsconf plugin pass-through-auth status
4189 display plugin status
4190 dsconf plugin pass-through-auth list
4192 List pass-though plugin URLs or PAM configurations.
4193 dsconf plugin pass-through-auth url
4195 Manage PTA URL configurations.
4196 dsconf plugin pass-through-auth pam-config
4198 Manage PAM PTA configurations.
4199
4201 usage: dsconf instance plugin pass-through-auth show [-h]
4202
4207 usage: dsconf instance plugin pass-through-auth enable [-h]
4208
4213 usage: dsconf instance plugin pass-through-auth disable [-h]
4214
4219 usage: dsconf instance plugin pass-through-auth status [-h]
4220
4225 usage: dsconf instance plugin pass-through-auth list [-h]
4226 {urls,pam-configs}
4227 ...
4228 Sub-commands
4231 dsconf plugin pass-through-auth list urls
4232 List URLs.
4233 dsconf plugin pass-through-auth list pam-configs
4235 List PAM configurations.
4236
4238 usage: dsconf instance plugin pass-through-auth list urls [-h]
4239
4244 usage: dsconf instance plugin pass-through-auth list pam-configs [-h]
4245
4251 usage: dsconf instance plugin pass-through-auth url [-h]
4252 {add,modify,delete}
4253 ...
4254 Sub-commands
4257 dsconf plugin pass-through-auth url add
4258 Add the config entry
4259 dsconf plugin pass-through-auth url modify
4261 Edit the config entry
4262 dsconf plugin pass-through-auth url delete
4264 Delete the config entry
4265
4267 usage: dsconf instance plugin pass-through-auth url add [-h] URL
4268 URL The full LDAP URL in format "ldap|ldaps://authDS/subtree
4271 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one
4272 optional
4273 parameter is specified the rest should be specified too
4274
4278 usage: dsconf instance plugin pass-through-auth url modify [-h]
4279 OLD_URL
4280 NEW_URL
4281 OLD_URL
4284 The full LDAP URL you get from the "list" command
4285 NEW_URL
4288 The full LDAP URL in format "ldap|ldaps://authDS/subtree
4289 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one
4290 optional
4291 parameter is specified the rest should be specified too
4292
4296 usage: dsconf instance plugin pass-through-auth url delete [-h] URL
4297 URL The full LDAP URL you get from the "list" command
4300
4305 usage: dsconf instance plugin pass-through-auth pam-config [-h]
4306 NAME
4307 {add,set,show,delete}
4308 ...
4309 NAME The PAM PTA configuration name
4312 Sub-commands
4315 dsconf plugin pass-through-auth pam-config add
4316 Add the config entry
4317 dsconf plugin pass-through-auth pam-config set
4319 Edit the config entry
4320 dsconf plugin pass-through-auth pam-config show
4322 Display the config entry
4323 dsconf plugin pass-through-auth pam-config delete
4325 Delete the config entry
4326
4328 usage: dsconf instance plugin pass-through-auth pam-config NAME add
4329 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4330 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4331 [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FIL‐
4332 TER]
4333 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4334 ID_MAP_METHOD]
4335 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4336 SERVICE]
4337 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4341 Specifies a suffix to exclude from PAM authentication (pamEx‐
4342 cludeSuffix)
4343 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4346 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4347 fix)
4348 --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4351 Identifies how to handle missing include or exclude suffixes
4352 (pamMissingSuffix)
4353 --filter FILTER
4356 Sets an LDAP filter to use to identify specific entries within
4357 the included
4358 suffixes for which to use PAM pass-through authentication (pam‐
4359 Filter)
4360 --id-attr ID_ATTR [ID_ATTR ...]
4363 Contains the attribute name which is used to hold the PAM user
4364 ID (pamIDAttr)
4365 --id_map_method ID_MAP_METHOD
4368 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4369 tity
4370 (pamIDMapMethod)
4371 --fallback {TRUE,FALSE}
4374 Sets whether to fallback to regular LDAP authentication if PAM
4375 authentication
4376 fails (pamFallback)
4377 --secure {TRUE,FALSE}
4380 Requires secure TLS connection for PAM authentication (pamSe‐
4381 cure)
4382 --service SERVICE
4385 Contains the service name to pass to PAM (pamService)
4386
4389 usage: dsconf instance plugin pass-through-auth pam-config NAME set
4390 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4391 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4392 [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FIL‐
4393 TER]
4394 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4395 ID_MAP_METHOD]
4396 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4397 SERVICE]
4398 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4402 Specifies a suffix to exclude from PAM authentication (pamEx‐
4403 cludeSuffix)
4404 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4407 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4408 fix)
4409 --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4412 Identifies how to handle missing include or exclude suffixes
4413 (pamMissingSuffix)
4414 --filter FILTER
4417 Sets an LDAP filter to use to identify specific entries within
4418 the included
4419 suffixes for which to use PAM pass-through authentication (pam‐
4420 Filter)
4421 --id-attr ID_ATTR [ID_ATTR ...]
4424 Contains the attribute name which is used to hold the PAM user
4425 ID (pamIDAttr)
4426 --id_map_method ID_MAP_METHOD
4429 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4430 tity
4431 (pamIDMapMethod)
4432 --fallback {TRUE,FALSE}
4435 Sets whether to fallback to regular LDAP authentication if PAM
4436 authentication
4437 fails (pamFallback)
4438 --secure {TRUE,FALSE}
4441 Requires secure TLS connection for PAM authentication (pamSe‐
4442 cure)
4443 --service SERVICE
4446 Contains the service name to pass to PAM (pamService)
4447
4450 usage: dsconf instance plugin pass-through-auth pam-config NAME show
4451 [-h]
4452
4457 usage: dsconf instance plugin pass-through-auth pam-config NAME delete
4458 [-h]
4459
4466 usage: dsconf instance plugin retro-changelog [-h]
4467 {show,enable,disable,sta‐
4468 tus,set}
4469 ...
4470 Sub-commands
4473 dsconf plugin retro-changelog show
4474 display plugin configuration
4475 dsconf plugin retro-changelog enable
4477 enable plugin
4478 dsconf plugin retro-changelog disable
4480 disable plugin
4481 dsconf plugin retro-changelog status
4483 display plugin status
4484 dsconf plugin retro-changelog set
4486 Edit the plugin
4487
4489 usage: dsconf instance plugin retro-changelog show [-h]
4490
4495 usage: dsconf instance plugin retro-changelog enable [-h]
4496
4501 usage: dsconf instance plugin retro-changelog disable [-h]
4502
4507 usage: dsconf instance plugin retro-changelog status [-h]
4508
4513 usage: dsconf instance plugin retro-changelog set [-h]
4514 [--is-replicated
4515 {TRUE,FALSE}]
4516 [--attribute
4517 ATTRIBUTE]
4518 [--directory DIREC‐
4519 TORY]
4520 [--max-age MAX_AGE]
4521 [--exclude-suffix
4522 EXCLUDE_SUFFIX]
4523 --is-replicated {TRUE,FALSE}
4527 Sets a flag to indicate on a change in the changelog whether the
4528 change is
4529 newly made on that server or whether it was replicated over from
4530 another
4531 server (isReplicated)
4532 --attribute ATTRIBUTE
4535 Specifies another Directory Server attribute which must be
4536 included in the
4537 retro changelog entries (nsslapd-attribute)
4538 --directory DIRECTORY
4541 Specifies the name of the directory in which the changelog data‐
4542 base is created
4543 the first time the plug-in is run
4544 --max-age MAX_AGE
4547 This attribute specifies the maximum age of any entry in the
4548 changelog
4549 (nsslapd-changelogmaxage)
4550 --exclude-suffix EXCLUDE_SUFFIX
4553 This attribute specifies the suffix which will be excluded from
4554 the scope of
4555 the plugin (nsslapd-exclude-suffix)
4556
4560 usage: dsconf instance plugin posix-winsync [-h]
4561 {show,enable,disable,sta‐
4562 tus,set,fixup}
4563 ...
4564 Sub-commands
4567 dsconf plugin posix-winsync show
4568 display plugin configuration
4569 dsconf plugin posix-winsync enable
4571 enable plugin
4572 dsconf plugin posix-winsync disable
4574 disable plugin
4575 dsconf plugin posix-winsync status
4577 display plugin status
4578 dsconf plugin posix-winsync set
4580 Edit the plugin
4581 dsconf plugin posix-winsync fixup
4583 Run the memberOf fix-up task to correct mismatched member and
4584 uniquemember values for synced users
4585
4587 usage: dsconf instance plugin posix-winsync show [-h]
4588
4593 usage: dsconf instance plugin posix-winsync enable [-h]
4594
4599 usage: dsconf instance plugin posix-winsync disable [-h]
4600
4605 usage: dsconf instance plugin posix-winsync status [-h]
4606
4611 usage: dsconf instance plugin posix-winsync set [-h]
4612 [--create-memberof-task
4613 {true,false}]
4614 [--lower-case-uid
4615 {true,false}]
4616 [--map-member-uid
4617 {true,false}]
4618 [--map-nested-grouping
4619 {true,false}]
4620 [--ms-sfu-schema
4621 {true,false}]
4622 --create-memberof-task {true,false}
4626 Sets whether to run the memberOf fix-up task immediately after a
4627 sync run in
4628 order to update group memberships for synced users
4629 (posixWinsyncCreateMemberOfTask)
4630 --lower-case-uid {true,false}
4633 Sets whether to store (and, if necessary, convert) the UID value
4634 in the
4635 memberUID attribute in lower case.(posixWinsyncLowerCaseUID)
4636 --map-member-uid {true,false}
4639 Sets whether to map the memberUID attribute in an Active Direc‐
4640 tory group to
4641 the uniqueMember attribute in a Directory Server group
4642 (posixWinsyncMapMemberUID)
4643 --map-nested-grouping {true,false}
4646 Manages if nested groups are updated when memberUID attributes
4647 in an Active
4648 Directory POSIX group change (posixWinsyncMapNestedGrouping)
4649 --ms-sfu-schema {true,false}
4652 Sets whether to the older Microsoft System Services for Unix 3.0
4653 (msSFU30)
4654 schema when syncing Posix attributes from Active Directory
4655 (posixWinsyncMsSFUSchema)
4656
4659 usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER] DN
4660 DN Base DN that contains entries to fix up
4663 -f FILTER, --filter FILTER
4666 Filter for entries to fix up. If omitted, all entries with
4667 objectclass
4668 inetuser/inetadmin/nsmemberof under the specified base will have
4669 their
4670 memberOf attribute regenerated.
4671
4675 usage: dsconf instance plugin list [-h]
4676
4681 usage: dsconf instance plugin show [-h] [selector]
4682 selector
4685 The plugin to search for
4686
4690 usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled
4691 {on,off}]
4692 [--path PATH] [--initfunc INITFUNC]
4693 [--id ID] [--vendor VENDOR]
4694 [--version VERSION]
4695 [--description DESCRIPTION]
4696 [--depends-on-type DEPENDS_ON_TYPE]
4697 [--depends-on-named DEPENDS_ON_NAMED]
4698 [--precedence PRECEDENCE]
4699 [selector]
4700 selector
4703 The plugin to edit
4704 --type TYPE
4707 The type of plugin.
4708 --enabled {on,off}
4711 Identifies whether or not the plugin is enabled.
4712 --path PATH
4715 The plugin library name (without the library suffix).
4716 --initfunc INITFUNC
4719 An initialization function of the plugin.
4720 --id ID
4723 The plugin ID.
4724 --vendor VENDOR
4727 The vendor of plugin.
4728 --version VERSION
4731 The version of plugin.
4732 --description DESCRIPTION
4735 The description of the plugin.
4736 --depends-on-type DEPENDS_ON_TYPE
4739 All plug-ins with a type value which matches one of the values
4740 in the
4741 following valid range will be started by the server prior to
4742 this plug-in.
4743 --depends-on-named DEPENDS_ON_NAMED
4746 The plug-in name matching one of the following values will be
4747 started by the
4748 server prior to this plug-in
4749 --precedence PRECEDENCE
4752 The priority it has in the execution order of plug-ins
4753
4757 usage: dsconf instance pwpolicy [-h] {get,set} ...
4758 Sub-commands
4761 dsconf pwpolicy get
4762 Get the global password policy entry
4763 dsconf pwpolicy set
4765 Set an attribute in a global password policy
4766
4768 usage: dsconf instance pwpolicy get [-h]
4769
4774 usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4775 [--pwdchange PWDCHANGE]
4776 [--pwdmustchange PWDMUSTCHANGE]
4777 [--pwdhistory PWDHISTORY]
4778 [--pwdhistorycount PWDHISTORYCOUNT]
4779 [--pwdadmin PWDADMIN]
4780 [--pwdtrack PWDTRACK]
4781 [--pwdwarning PWDWARNING]
4782 [--pwdexpire PWDEXPIRE]
4783 [--pwdmaxage PWDMAXAGE]
4784 [--pwdminage PWDMINAGE]
4785 [--pwdgracelimit PWDGRACELIMIT]
4786 [--pwdsendexpiring PWDSENDEXPIRING]
4787 [--pwdlockout PWDLOCKOUT]
4788 [--pwdunlock PWDUNLOCK]
4789 [--pwdlockoutduration PWDLOCKOUTDU‐
4790 RATION]
4791 [--pwdmaxfailures PWDMAXFAILURES]
4792 [--pwdresetfailcount PWDRESETFAIL‐
4793 COUNT]
4794 [--pwdchecksyntax PWDCHECKSYNTAX]
4795 [--pwdminlen PWDMINLEN]
4796 [--pwdmindigits PWDMINDIGITS]
4797 [--pwdminalphas PWDMINALPHAS]
4798 [--pwdminuppers PWDMINUPPERS]
4799 [--pwdminlowers PWDMINLOWERS]
4800 [--pwdminspecials PWDMINSPECIALS]
4801 [--pwdmin8bits PWDMIN8BITS]
4802 [--pwdmaxrepeats PWDMAXREPEATS]
4803 [--pwdpalindrome PWDPALINDROME]
4804 [--pwdmaxseq PWDMAXSEQ]
4805 [--pwdmaxseqsets PWDMAXSEQSETS]
4806 [--pwdmaxclasschars PWDMAXCLASS‐
4807 CHARS]
4808 [--pwdmincatagories PWDMIN‐
4809 CATAGORIES]
4810 [--pwdmintokenlen PWDMINTOKENLEN]
4811 [--pwdbadwords PWDBADWORDS]
4812 [--pwduserattrs PWDUSERATTRS]
4813 [--pwddictcheck PWDDICTCHECK]
4814 [--pwddictpath PWDDICTPATH]
4815 [--pwdlocal PWDLOCAL]
4816 [--pwdisglobal PWDISGLOBAL]
4817 [--pwdallowhash PWDALLOWHASH]
4818 --pwdscheme PWDSCHEME
4822 The password storage scheme
4823 --pwdchange PWDCHANGE
4826 Allow users to change their passwords
4827 --pwdmustchange PWDMUSTCHANGE
4830 User must change their passwrod after it is reset by an Adminis‐
4831 trator
4832 --pwdhistory PWDHISTORY
4835 To enable password history set this to "on", otherwise "off"
4836 --pwdhistorycount PWDHISTORYCOUNT
4839 The number of password to keep in history
4840 --pwdadmin PWDADMIN
4843 The DN of an entry or a group of account that can bypass pass‐
4844 word policy
4845 constraints
4846 --pwdtrack PWDTRACK
4849 Set to "on" to track the time the password was last changed
4850 --pwdwarning PWDWARNING
4853 Send an expiring warning if password expires within this time
4854 (in seconds)
4855 --pwdexpire PWDEXPIRE
4858 Set to "on" to enable password expiration
4859 --pwdmaxage PWDMAXAGE
4862 The password expiration time in seconds
4863 --pwdminage PWDMINAGE
4866 The number of seconds that must pass before a user can change
4867 their password
4868 --pwdgracelimit PWDGRACELIMIT
4871 The number of allowed logins after the password has expired
4872 --pwdsendexpiring PWDSENDEXPIRING
4875 Set to "on" to always send the expiring control regardless of
4876 the warning
4877 period
4878 --pwdlockout PWDLOCKOUT
4881 Set to "on" to enable account lockout
4882 --pwdunlock PWDUNLOCK
4885 Set to "on" to allow an account to become unlocked after the
4886 lockout duration
4887 --pwdlockoutduration PWDLOCKOUTDURATION
4890 The number of seconds an account stays locked out
4891 --pwdmaxfailures PWDMAXFAILURES
4894 The maximum number of allowed failed password attempts before
4895 the account gets
4896 locked
4897 --pwdresetfailcount PWDRESETFAILCOUNT
4900 The number of seconds to wait before reducing the failed login
4901 count on an
4902 account
4903 --pwdchecksyntax PWDCHECKSYNTAX
4906 Set to "on" to Enable password syntax checking
4907 --pwdminlen PWDMINLEN
4910 The minimum number of characters required in a password
4911 --pwdmindigits PWDMINDIGITS
4914 The minimum number of digit/number characters in a password
4915 --pwdminalphas PWDMINALPHAS
4918 The minimum number of alpha characters required in a password
4919 --pwdminuppers PWDMINUPPERS
4922 The minimum number of uppercase characters required in a pass‐
4923 word
4924 --pwdminlowers PWDMINLOWERS
4927 The minimum number of lowercase characters required in a pass‐
4928 word
4929 --pwdminspecials PWDMINSPECIALS
4932 The minimum number of special characters required in a password
4933 --pwdmin8bits PWDMIN8BITS
4936 The minimum number of 8-bit characters required in a password
4937 --pwdmaxrepeats PWDMAXREPEATS
4940 The maximum number of times the same character can appear
4941 sequentially in the
4942 password
4943 --pwdpalindrome PWDPALINDROME
4946 Set to "on" to reject passwords that are palindromes
4947 --pwdmaxseq PWDMAXSEQ
4950 The maximum number of allowed monotonic character sequences in a
4951 password
4952 --pwdmaxseqsets PWDMAXSEQSETS
4955 The maximum number of allowed monotonic character sequences that
4956 can be
4957 duplicated in a password
4958 --pwdmaxclasschars PWDMAXCLASSCHARS
4961 The maximum number of sequential characters from the same char‐
4962 acter class that
4963 is allowed in a password
4964 --pwdmincatagories PWDMINCATAGORIES
4967 The minimum number of syntax catagory checks
4968 --pwdmintokenlen PWDMINTOKENLEN
4971 Sets the smallest attribute value length that is used for triv‐
4972 ial/user words
4973 checking. This also impacts "--pwduserattrs"
4974 --pwdbadwords PWDBADWORDS
4977 A space-separated list of words that can not be in a password
4978 --pwduserattrs PWDUSERATTRS
4981 A space-separated list of attributes whose values can not appear
4982 in the
4983 password (See "--pwdmintokenlen")
4984 --pwddictcheck PWDDICTCHECK
4987 Set to "on" to enfore CrackLib dictionary checking
4988 --pwddictpath PWDDICTPATH
4991 Filesystem path to specific/custom CrackLib dictionary files
4992 --pwdlocal PWDLOCAL
4995 Set to "on" to enable fine-grained (subtree/user-level) password
4996 policies
4997 --pwdisglobal PWDISGLOBAL
5000 Set to "on" to enable password policy state attributesto be
5001 replicated
5002 --pwdallowhash PWDALLOWHASH
5005 Set to "on" to allow adding prehashed passwords
5006
5010 usage: dsconf instance localpwp [-h]
5011 {list,get,set,remove,adduser,addsub‐
5012 tree} ...
5013 Sub-commands
5016 dsconf localpwp list
5017 List all the local password policies
5018 dsconf localpwp get
5020 Get local password policy entry
5021 dsconf localpwp set
5023 Set an attribute in a local password policy
5024 dsconf localpwp remove
5026 Remove a local password policy
5027 dsconf localpwp adduser
5029 Add new user password policy
5030 dsconf localpwp addsubtree
5032 Add new subtree password policy
5033
5035 usage: dsconf instance localpwp list [-h] DN
5036 DN Suffix to search for local password policies
5039
5043 usage: dsconf instance localpwp get [-h] DN
5044 DN Get the local policy for this entry DN
5047
5051 usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
5052 [--pwdchange PWDCHANGE]
5053 [--pwdmustchange PWDMUSTCHANGE]
5054 [--pwdhistory PWDHISTORY]
5055 [--pwdhistorycount PWDHISTORYCOUNT]
5056 [--pwdadmin PWDADMIN]
5057 [--pwdtrack PWDTRACK]
5058 [--pwdwarning PWDWARNING]
5059 [--pwdexpire PWDEXPIRE]
5060 [--pwdmaxage PWDMAXAGE]
5061 [--pwdminage PWDMINAGE]
5062 [--pwdgracelimit PWDGRACELIMIT]
5063 [--pwdsendexpiring PWDSENDEXPIRING]
5064 [--pwdlockout PWDLOCKOUT]
5065 [--pwdunlock PWDUNLOCK]
5066 [--pwdlockoutduration PWDLOCKOUTDU‐
5067 RATION]
5068 [--pwdmaxfailures PWDMAXFAILURES]
5069 [--pwdresetfailcount PWDRESETFAIL‐
5070 COUNT]
5071 [--pwdchecksyntax PWDCHECKSYNTAX]
5072 [--pwdminlen PWDMINLEN]
5073 [--pwdmindigits PWDMINDIGITS]
5074 [--pwdminalphas PWDMINALPHAS]
5075 [--pwdminuppers PWDMINUPPERS]
5076 [--pwdminlowers PWDMINLOWERS]
5077 [--pwdminspecials PWDMINSPECIALS]
5078 [--pwdmin8bits PWDMIN8BITS]
5079 [--pwdmaxrepeats PWDMAXREPEATS]
5080 [--pwdpalindrome PWDPALINDROME]
5081 [--pwdmaxseq PWDMAXSEQ]
5082 [--pwdmaxseqsets PWDMAXSEQSETS]
5083 [--pwdmaxclasschars PWDMAXCLASS‐
5084 CHARS]
5085 [--pwdmincatagories PWDMIN‐
5086 CATAGORIES]
5087 [--pwdmintokenlen PWDMINTOKENLEN]
5088 [--pwdbadwords PWDBADWORDS]
5089 [--pwduserattrs PWDUSERATTRS]
5090 [--pwddictcheck PWDDICTCHECK]
5091 [--pwddictpath PWDDICTPATH]
5092 DN
5093 DN Set the local policy for this entry DN
5096 --pwdscheme PWDSCHEME
5099 The password storage scheme
5100 --pwdchange PWDCHANGE
5103 Allow users to change their passwords
5104 --pwdmustchange PWDMUSTCHANGE
5107 User must change their passwrod after it is reset by an Adminis‐
5108 trator
5109 --pwdhistory PWDHISTORY
5112 To enable password history set this to "on", otherwise "off"
5113 --pwdhistorycount PWDHISTORYCOUNT
5116 The number of password to keep in history
5117 --pwdadmin PWDADMIN
5120 The DN of an entry or a group of account that can bypass pass‐
5121 word policy
5122 constraints
5123 --pwdtrack PWDTRACK
5126 Set to "on" to track the time the password was last changed
5127 --pwdwarning PWDWARNING
5130 Send an expiring warning if password expires within this time
5131 (in seconds)
5132 --pwdexpire PWDEXPIRE
5135 Set to "on" to enable password expiration
5136 --pwdmaxage PWDMAXAGE
5139 The password expiration time in seconds
5140 --pwdminage PWDMINAGE
5143 The number of seconds that must pass before a user can change
5144 their password
5145 --pwdgracelimit PWDGRACELIMIT
5148 The number of allowed logins after the password has expired
5149 --pwdsendexpiring PWDSENDEXPIRING
5152 Set to "on" to always send the expiring control regardless of
5153 the warning
5154 period
5155 --pwdlockout PWDLOCKOUT
5158 Set to "on" to enable account lockout
5159 --pwdunlock PWDUNLOCK
5162 Set to "on" to allow an account to become unlocked after the
5163 lockout duration
5164 --pwdlockoutduration PWDLOCKOUTDURATION
5167 The number of seconds an account stays locked out
5168 --pwdmaxfailures PWDMAXFAILURES
5171 The maximum number of allowed failed password attempts before
5172 the account gets
5173 locked
5174 --pwdresetfailcount PWDRESETFAILCOUNT
5177 The number of seconds to wait before reducing the failed login
5178 count on an
5179 account
5180 --pwdchecksyntax PWDCHECKSYNTAX
5183 Set to "on" to Enable password syntax checking
5184 --pwdminlen PWDMINLEN
5187 The minimum number of characters required in a password
5188 --pwdmindigits PWDMINDIGITS
5191 The minimum number of digit/number characters in a password
5192 --pwdminalphas PWDMINALPHAS
5195 The minimum number of alpha characters required in a password
5196 --pwdminuppers PWDMINUPPERS
5199 The minimum number of uppercase characters required in a pass‐
5200 word
5201 --pwdminlowers PWDMINLOWERS
5204 The minimum number of lowercase characters required in a pass‐
5205 word
5206 --pwdminspecials PWDMINSPECIALS
5209 The minimum number of special characters required in a password
5210 --pwdmin8bits PWDMIN8BITS
5213 The minimum number of 8-bit characters required in a password
5214 --pwdmaxrepeats PWDMAXREPEATS
5217 The maximum number of times the same character can appear
5218 sequentially in the
5219 password
5220 --pwdpalindrome PWDPALINDROME
5223 Set to "on" to reject passwords that are palindromes
5224 --pwdmaxseq PWDMAXSEQ
5227 The maximum number of allowed monotonic character sequences in a
5228 password
5229 --pwdmaxseqsets PWDMAXSEQSETS
5232 The maximum number of allowed monotonic character sequences that
5233 can be
5234 duplicated in a password
5235 --pwdmaxclasschars PWDMAXCLASSCHARS
5238 The maximum number of sequential characters from the same char‐
5239 acter class that
5240 is allowed in a password
5241 --pwdmincatagories PWDMINCATAGORIES
5244 The minimum number of syntax catagory checks
5245 --pwdmintokenlen PWDMINTOKENLEN
5248 Sets the smallest attribute value length that is used for triv‐
5249 ial/user words
5250 checking. This also impacts "--pwduserattrs"
5251 --pwdbadwords PWDBADWORDS
5254 A space-separated list of words that can not be in a password
5255 --pwduserattrs PWDUSERATTRS
5258 A space-separated list of attributes whose values can not appear
5259 in the
5260 password (See "--pwdmintokenlen")
5261 --pwddictcheck PWDDICTCHECK
5264 Set to "on" to enfore CrackLib dictionary checking
5265 --pwddictpath PWDDICTPATH
5268 Filesystem path to specific/custom CrackLib dictionary files
5269
5272 usage: dsconf instance localpwp remove [-h] DN
5273 DN Remove local policy for this entry DN
5276
5280 usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5281 [--pwdchange PWDCHANGE]
5282 [--pwdmustchange PWDMUSTCHANGE]
5283 [--pwdhistory PWDHISTORY]
5284 [--pwdhistorycount PWDHISTO‐
5285 RYCOUNT]
5286 [--pwdadmin PWDADMIN]
5287 [--pwdtrack PWDTRACK]
5288 [--pwdwarning PWDWARNING]
5289 [--pwdexpire PWDEXPIRE]
5290 [--pwdmaxage PWDMAXAGE]
5291 [--pwdminage PWDMINAGE]
5292 [--pwdgracelimit PWDGRACELIMIT]
5293 [--pwdsendexpiring PWDSENDEX‐
5294 PIRING]
5295 [--pwdlockout PWDLOCKOUT]
5296 [--pwdunlock PWDUNLOCK]
5297 [--pwdlockoutduration PWDLOCK‐
5298 OUTDURATION]
5299 [--pwdmaxfailures PWDMAXFAIL‐
5300 URES]
5301 [--pwdresetfailcount PWDRESET‐
5302 FAILCOUNT]
5303 [--pwdchecksyntax PWDCHECKSYN‐
5304 TAX]
5305 [--pwdminlen PWDMINLEN]
5306 [--pwdmindigits PWDMINDIGITS]
5307 [--pwdminalphas PWDMINALPHAS]
5308 [--pwdminuppers PWDMINUPPERS]
5309 [--pwdminlowers PWDMINLOWERS]
5310 [--pwdminspecials PWDMINSPE‐
5311 CIALS]
5312 [--pwdmin8bits PWDMIN8BITS]
5313 [--pwdmaxrepeats PWDMAXREPEATS]
5314 [--pwdpalindrome PWDPALINDROME]
5315 [--pwdmaxseq PWDMAXSEQ]
5316 [--pwdmaxseqsets PWDMAXSEQSETS]
5317 [--pwdmaxclasschars PWDMAX‐
5318 CLASSCHARS]
5319 [--pwdmincatagories PWDMIN‐
5320 CATAGORIES]
5321 [--pwdmintokenlen PWDMINTO‐
5322 KENLEN]
5323 [--pwdbadwords PWDBADWORDS]
5324 [--pwduserattrs PWDUSERATTRS]
5325 [--pwddictcheck PWDDICTCHECK]
5326 [--pwddictpath PWDDICTPATH]
5327 DN
5328 DN Add/replace the local password policy for this entry DN
5331 --pwdscheme PWDSCHEME
5334 The password storage scheme
5335 --pwdchange PWDCHANGE
5338 Allow users to change their passwords
5339 --pwdmustchange PWDMUSTCHANGE
5342 User must change their passwrod after it is reset by an Adminis‐
5343 trator
5344 --pwdhistory PWDHISTORY
5347 To enable password history set this to "on", otherwise "off"
5348 --pwdhistorycount PWDHISTORYCOUNT
5351 The number of password to keep in history
5352 --pwdadmin PWDADMIN
5355 The DN of an entry or a group of account that can bypass pass‐
5356 word policy
5357 constraints
5358 --pwdtrack PWDTRACK
5361 Set to "on" to track the time the password was last changed
5362 --pwdwarning PWDWARNING
5365 Send an expiring warning if password expires within this time
5366 (in seconds)
5367 --pwdexpire PWDEXPIRE
5370 Set to "on" to enable password expiration
5371 --pwdmaxage PWDMAXAGE
5374 The password expiration time in seconds
5375 --pwdminage PWDMINAGE
5378 The number of seconds that must pass before a user can change
5379 their password
5380 --pwdgracelimit PWDGRACELIMIT
5383 The number of allowed logins after the password has expired
5384 --pwdsendexpiring PWDSENDEXPIRING
5387 Set to "on" to always send the expiring control regardless of
5388 the warning
5389 period
5390 --pwdlockout PWDLOCKOUT
5393 Set to "on" to enable account lockout
5394 --pwdunlock PWDUNLOCK
5397 Set to "on" to allow an account to become unlocked after the
5398 lockout duration
5399 --pwdlockoutduration PWDLOCKOUTDURATION
5402 The number of seconds an account stays locked out
5403 --pwdmaxfailures PWDMAXFAILURES
5406 The maximum number of allowed failed password attempts before
5407 the account gets
5408 locked
5409 --pwdresetfailcount PWDRESETFAILCOUNT
5412 The number of seconds to wait before reducing the failed login
5413 count on an
5414 account
5415 --pwdchecksyntax PWDCHECKSYNTAX
5418 Set to "on" to Enable password syntax checking
5419 --pwdminlen PWDMINLEN
5422 The minimum number of characters required in a password
5423 --pwdmindigits PWDMINDIGITS
5426 The minimum number of digit/number characters in a password
5427 --pwdminalphas PWDMINALPHAS
5430 The minimum number of alpha characters required in a password
5431 --pwdminuppers PWDMINUPPERS
5434 The minimum number of uppercase characters required in a pass‐
5435 word
5436 --pwdminlowers PWDMINLOWERS
5439 The minimum number of lowercase characters required in a pass‐
5440 word
5441 --pwdminspecials PWDMINSPECIALS
5444 The minimum number of special characters required in a password
5445 --pwdmin8bits PWDMIN8BITS
5448 The minimum number of 8-bit characters required in a password
5449 --pwdmaxrepeats PWDMAXREPEATS
5452 The maximum number of times the same character can appear
5453 sequentially in the
5454 password
5455 --pwdpalindrome PWDPALINDROME
5458 Set to "on" to reject passwords that are palindromes
5459 --pwdmaxseq PWDMAXSEQ
5462 The maximum number of allowed monotonic character sequences in a
5463 password
5464 --pwdmaxseqsets PWDMAXSEQSETS
5467 The maximum number of allowed monotonic character sequences that
5468 can be
5469 duplicated in a password
5470 --pwdmaxclasschars PWDMAXCLASSCHARS
5473 The maximum number of sequential characters from the same char‐
5474 acter class that
5475 is allowed in a password
5476 --pwdmincatagories PWDMINCATAGORIES
5479 The minimum number of syntax catagory checks
5480 --pwdmintokenlen PWDMINTOKENLEN
5483 Sets the smallest attribute value length that is used for triv‐
5484 ial/user words
5485 checking. This also impacts "--pwduserattrs"
5486 --pwdbadwords PWDBADWORDS
5489 A space-separated list of words that can not be in a password
5490 --pwduserattrs PWDUSERATTRS
5493 A space-separated list of attributes whose values can not appear
5494 in the
5495 password (See "--pwdmintokenlen")
5496 --pwddictcheck PWDDICTCHECK
5499 Set to "on" to enfore CrackLib dictionary checking
5500 --pwddictpath PWDDICTPATH
5503 Filesystem path to specific/custom CrackLib dictionary files
5504
5507 usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5508 [--pwdchange PWDCHANGE]
5509 [--pwdmustchange PWD‐
5510 MUSTCHANGE]
5511 [--pwdhistory PWDHISTORY]
5512 [--pwdhistorycount PWDHISTO‐
5513 RYCOUNT]
5514 [--pwdadmin PWDADMIN]
5515 [--pwdtrack PWDTRACK]
5516 [--pwdwarning PWDWARNING]
5517 [--pwdexpire PWDEXPIRE]
5518 [--pwdmaxage PWDMAXAGE]
5519 [--pwdminage PWDMINAGE]
5520 [--pwdgracelimit PWDGRACE‐
5521 LIMIT]
5522 [--pwdsendexpiring PWDSEND‐
5523 EXPIRING]
5524 [--pwdlockout PWDLOCKOUT]
5525 [--pwdunlock PWDUNLOCK]
5526 [--pwdlockoutduration PWD‐
5527 LOCKOUTDURATION]
5528 [--pwdmaxfailures PWDMAX‐
5529 FAILURES]
5530 [--pwdresetfailcount
5531 PWDRESETFAILCOUNT]
5532 [--pwdchecksyntax PWD‐
5533 CHECKSYNTAX]
5534 [--pwdminlen PWDMINLEN]
5535 [--pwdmindigits PWDMINDIG‐
5536 ITS]
5537 [--pwdminalphas PWDMINAL‐
5538 PHAS]
5539 [--pwdminuppers PWDMINUP‐
5540 PERS]
5541 [--pwdminlowers PWDMINLOW‐
5542 ERS]
5543 [--pwdminspecials PWDMINSPE‐
5544 CIALS]
5545 [--pwdmin8bits PWDMIN8BITS]
5546 [--pwdmaxrepeats PWDMAXRE‐
5547 PEATS]
5548 [--pwdpalindrome PWDPALIN‐
5549 DROME]
5550 [--pwdmaxseq PWDMAXSEQ]
5551 [--pwdmaxseqsets PWDMAXSE‐
5552 QSETS]
5553 [--pwdmaxclasschars PWDMAX‐
5554 CLASSCHARS]
5555 [--pwdmincatagories PWDMIN‐
5556 CATAGORIES]
5557 [--pwdmintokenlen PWDMINTO‐
5558 KENLEN]
5559 [--pwdbadwords PWDBADWORDS]
5560 [--pwduserattrs PWDUSERAT‐
5561 TRS]
5562 [--pwddictcheck PWD‐
5563 DICTCHECK]
5564 [--pwddictpath PWDDICTPATH]
5565 DN
5566 DN Add/replace the subtree policy for this entry DN
5569 --pwdscheme PWDSCHEME
5572 The password storage scheme
5573 --pwdchange PWDCHANGE
5576 Allow users to change their passwords
5577 --pwdmustchange PWDMUSTCHANGE
5580 User must change their passwrod after it is reset by an Adminis‐
5581 trator
5582 --pwdhistory PWDHISTORY
5585 To enable password history set this to "on", otherwise "off"
5586 --pwdhistorycount PWDHISTORYCOUNT
5589 The number of password to keep in history
5590 --pwdadmin PWDADMIN
5593 The DN of an entry or a group of account that can bypass pass‐
5594 word policy
5595 constraints
5596 --pwdtrack PWDTRACK
5599 Set to "on" to track the time the password was last changed
5600 --pwdwarning PWDWARNING
5603 Send an expiring warning if password expires within this time
5604 (in seconds)
5605 --pwdexpire PWDEXPIRE
5608 Set to "on" to enable password expiration
5609 --pwdmaxage PWDMAXAGE
5612 The password expiration time in seconds
5613 --pwdminage PWDMINAGE
5616 The number of seconds that must pass before a user can change
5617 their password
5618 --pwdgracelimit PWDGRACELIMIT
5621 The number of allowed logins after the password has expired
5622 --pwdsendexpiring PWDSENDEXPIRING
5625 Set to "on" to always send the expiring control regardless of
5626 the warning
5627 period
5628 --pwdlockout PWDLOCKOUT
5631 Set to "on" to enable account lockout
5632 --pwdunlock PWDUNLOCK
5635 Set to "on" to allow an account to become unlocked after the
5636 lockout duration
5637 --pwdlockoutduration PWDLOCKOUTDURATION
5640 The number of seconds an account stays locked out
5641 --pwdmaxfailures PWDMAXFAILURES
5644 The maximum number of allowed failed password attempts before
5645 the account gets
5646 locked
5647 --pwdresetfailcount PWDRESETFAILCOUNT
5650 The number of seconds to wait before reducing the failed login
5651 count on an
5652 account
5653 --pwdchecksyntax PWDCHECKSYNTAX
5656 Set to "on" to Enable password syntax checking
5657 --pwdminlen PWDMINLEN
5660 The minimum number of characters required in a password
5661 --pwdmindigits PWDMINDIGITS
5664 The minimum number of digit/number characters in a password
5665 --pwdminalphas PWDMINALPHAS
5668 The minimum number of alpha characters required in a password
5669 --pwdminuppers PWDMINUPPERS
5672 The minimum number of uppercase characters required in a pass‐
5673 word
5674 --pwdminlowers PWDMINLOWERS
5677 The minimum number of lowercase characters required in a pass‐
5678 word
5679 --pwdminspecials PWDMINSPECIALS
5682 The minimum number of special characters required in a password
5683 --pwdmin8bits PWDMIN8BITS
5686 The minimum number of 8-bit characters required in a password
5687 --pwdmaxrepeats PWDMAXREPEATS
5690 The maximum number of times the same character can appear
5691 sequentially in the
5692 password
5693 --pwdpalindrome PWDPALINDROME
5696 Set to "on" to reject passwords that are palindromes
5697 --pwdmaxseq PWDMAXSEQ
5700 The maximum number of allowed monotonic character sequences in a
5701 password
5702 --pwdmaxseqsets PWDMAXSEQSETS
5705 The maximum number of allowed monotonic character sequences that
5706 can be
5707 duplicated in a password
5708 --pwdmaxclasschars PWDMAXCLASSCHARS
5711 The maximum number of sequential characters from the same char‐
5712 acter class that
5713 is allowed in a password
5714 --pwdmincatagories PWDMINCATAGORIES
5717 The minimum number of syntax catagory checks
5718 --pwdmintokenlen PWDMINTOKENLEN
5721 Sets the smallest attribute value length that is used for triv‐
5722 ial/user words
5723 checking. This also impacts "--pwduserattrs"
5724 --pwdbadwords PWDBADWORDS
5727 A space-separated list of words that can not be in a password
5728 --pwduserattrs PWDUSERATTRS
5731 A space-separated list of attributes whose values can not appear
5732 in the
5733 password (See "--pwdmintokenlen")
5734 --pwddictcheck PWDDICTCHECK
5737 Set to "on" to enfore CrackLib dictionary checking
5738 --pwddictpath PWDDICTPATH
5741 Filesystem path to specific/custom CrackLib dictionary files
5742
5746 usage: dsconf instance replication [-h]
5747 {enable,disable,get-ruv,list,sta‐
5748 tus,winsync-status,promote,create-manager,delete-man‐
5749 ager,demote,get,create-changelog,delete-changelog,set-changelog,get-
5750 changelog,dump-changelog,set,monitor}
5751 ...
5752 Sub-commands
5755 dsconf replication enable
5756 Enable replication for a suffix
5757 dsconf replication disable
5759 Disable replication for a suffix
5760 dsconf replication get-ruv
5762 Get the database RUV entry for his suffix
5763 dsconf replication list
5765 List all the replicated suffixes
5766 dsconf replication status
5768 Get the current status of all the replication agreements
5769 dsconf replication winsync-status
5771 Get the current status of all the replication agreements
5772 dsconf replication promote
5774 Promte replica to a Hub or Master
5775 dsconf replication create-manager
5777 Create a replication manager entry
5778 dsconf replication delete-manager
5780 Delete a replication manager entry
5781 dsconf replication demote
5783 Demote replica to a Hub or Consumer
5784 dsconf replication get
5786 Get replication configuration
5787 dsconf replication create-changelog
5789 Create the replication changelog
5790 dsconf replication delete-changelog
5792 Delete the replication changelog. This will invalidate any
5793 existing replication agreements
5794 dsconf replication set-changelog
5796 Set replication changelog attributes.
5797 dsconf replication get-changelog
5799 Display replication changelog attributes.
5800 dsconf replication dump-changelog
5802 Decode Directory Server replication change log and dump it to an
5803 LDIF
5804 dsconf replication set
5806 Set an attribute in the replication configuration
5807 dsconf replication monitor
5809 Get the full replication topology report
5810
5812 usage: dsconf instance replication enable [-h] --suffix SUFFIX --role
5813 ROLE
5814 [--replica-id REPLICA_ID]
5815 [--bind-group-dn
5816 BIND_GROUP_DN]
5817 [--bind-dn BIND_DN]
5818 [--bind-passwd BIND_PASSWD]
5819 --suffix SUFFIX
5823 The DN of the suffix to be enabled for replication
5824 --role ROLE
5827 The Replication role: "master", "hub", or "consumer"
5828 --replica-id REPLICA_ID
5831 The replication identifier for a "master". Values range from 1 -
5832 65534
5833 --bind-group-dn BIND_GROUP_DN
5836 A group entry DN containing members that are "bind/supplier" DNs
5837 --bind-dn BIND_DN
5840 The Bind or Supplier DN that can make replication updates
5841 --bind-passwd BIND_PASSWD
5844 Password for replication manager(--bind-dn). This will create
5845 the manager
5846 entry if a value is set
5847
5850 usage: dsconf instance replication disable [-h] --suffix SUFFIX
5851 --suffix SUFFIX
5855 The DN of the suffix to have replication disabled
5856
5859 usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX
5860 --suffix SUFFIX
5864 The DN of the replicated suffix
5865
5868 usage: dsconf instance replication list [-h]
5869
5874 usage: dsconf instance replication status [-h] --suffix SUFFIX
5875 [--bind-dn BIND_DN]
5876 [--bind-passwd BIND_PASSWD]
5877 --suffix SUFFIX
5881 The DN of the replication suffix
5882 --bind-dn BIND_DN
5885 The DN to use to authenticate to the consumer
5886 --bind-passwd BIND_PASSWD
5889 The password for the bind DN
5890
5893 usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX
5894 [--bind-dn BIND_DN]
5895 [--bind-passwd
5896 BIND_PASSWD]
5897 --suffix SUFFIX
5901 The DN of the replication suffix
5902 --bind-dn BIND_DN
5905 The DN to use to authenticate to the consumer
5906 --bind-passwd BIND_PASSWD
5909 The password for the bind DN
5910
5913 usage: dsconf instance replication promote [-h] --suffix SUFFIX --new‐
5914 role
5915 NEWROLE [--replica-id
5916 REPLICA_ID]
5917 [--bind-group-dn
5918 BIND_GROUP_DN]
5919 [--bind-dn BIND_DN]
5920 --suffix SUFFIX
5924 The DN of the replication suffix to promote
5925 --newrole NEWROLE
5928 Promote this replica to a "hub" or "master"
5929 --replica-id REPLICA_ID
5932 The replication identifier for a "master". Values range from 1 -
5933 65534
5934 --bind-group-dn BIND_GROUP_DN
5937 A group entry DN containing members that are "bind/supplier" DNs
5938 --bind-dn BIND_DN
5941 The Bind or Supplier DN that can make replication updates
5942
5945 usage: dsconf instance replication create-manager [-h] [--name NAME]
5946 [--passwd PASSWD]
5947 [--suffix SUFFIX]
5948 --name NAME
5952 The NAME of the new replication manager entry. For example, if
5953 the NAME is
5954 "replication manager" then the new manager entry's DN would be
5955 "cn=replication
5956 manager,cn=config".
5957 --passwd PASSWD
5960 Password for replication manager. If not provided, you will be
5961 prompted for
5962 the password
5963 --suffix SUFFIX
5966 The DN of the replication suffix whose replication configuration
5967 you want to
5968 add this new manager to (OPTIONAL)
5969
5972 usage: dsconf instance replication delete-manager [-h] [--name NAME]
5973 [--suffix SUFFIX]
5974 --name NAME
5978 The NAME of the replication manager entry under cn=config:
5979 "cn=NAME,cn=config"
5980 --suffix SUFFIX
5983 The DN of the replication suffix whose replication configuration
5984 you want to
5985 remove this manager from (OPTIONAL)
5986
5989 usage: dsconf instance replication demote [-h] --suffix SUFFIX --new‐
5990 role
5991 NEWROLE
5992 --suffix SUFFIX
5996 Promte this replica to a "hub" or "consumer"
5997 --newrole NEWROLE
6000 The Replication role: "hub", or "consumer"
6001
6004 usage: dsconf instance replication get [-h] --suffix SUFFIX
6005 --suffix SUFFIX
6009 Get the replication configuration for this suffix DN
6010
6013 usage: dsconf instance replication create-changelog [-h]
6014
6019 usage: dsconf instance replication delete-changelog [-h]
6020
6025 usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR]
6026 [--max-entries
6027 MAX_ENTRIES]
6028 [--max-age MAX_AGE]
6029 [--compact-interval
6030 COMPACT_INTERVAL]
6031 [--trim-interval
6032 TRIM_INTERVAL]
6033 --cl-dir CL_DIR
6037 The replication changelog location on the filesystem
6038 --max-entries MAX_ENTRIES
6041 The maximum number of entries to get in the replication
6042 changelog
6043 --max-age MAX_AGE
6046 The maximum age of a replication changelog entry
6047 --compact-interval COMPACT_INTERVAL
6050 The replication changelog compaction interval
6051 --trim-interval TRIM_INTERVAL
6054 The interval to check if the replication changelog can be
6055 trimmed
6056
6059 usage: dsconf instance replication get-changelog [-h]
6060
6065 usage: dsconf instance replication dump-changelog [-h] [-c] [-l]
6066 [-i CHANGELOG_LDIF]
6067 [-o OUTPUT_FILE]
6068 [-r REPLICA_ROOTS
6069 [REPLICA_ROOTS ...]]
6070 -c, --csn-only
6074 Dump and interpret CSN only. This option can be used with or
6075 without -i
6076 option.
6077 -l, --preserve-ldif-done
6080 Preserve generated ldif.done files from changelogdir.
6081 -i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF
6084 If you already have a ldif-like changelog, but the changes in
6085 that file are
6086 encoded, you may use this option to decode that ldif-like
6087 changelog. It should
6088 be base64 encoded.
6089 -o OUTPUT_FILE, --output-file OUTPUT_FILE
6092 Path name for the final result. Default to STDOUT if omitted.
6093 -r REPLICA_ROOTS [REPLICA_ROOTS ...], --replica-roots REPLICA_ROOTS
6096 [REPLICA_ROOTS ...]
6097 Specify replica roots whose changelog you want to dump. The
6098 replica roots may
6099 be seperated by comma. All the replica roots would be dumped if
6100 the option is
6101 omitted.
6102
6105 usage: dsconf instance replication set [-h] --suffix SUFFIX
6106 [--replica-id REPLICA_ID]
6107 [--replica-role REPLICA_ROLE]
6108 [--repl-add-bind-dn
6109 REPL_ADD_BIND_DN]
6110 [--repl-del-bind-dn
6111 REPL_DEL_BIND_DN]
6112 [--repl-add-ref REPL_ADD_REF]
6113 [--repl-del-ref REPL_DEL_REF]
6114 [--repl-purge-delay
6115 REPL_PURGE_DELAY]
6116 [--repl-tombstone-purge-interval
6117 REPL_TOMBSTONE_PURGE_INTERVAL]
6118 [--repl-fast-tombstone-purging
6119 REPL_FAST_TOMBSTONE_PURGING]
6120 [--repl-bind-group
6121 REPL_BIND_GROUP]
6122 [--repl-bind-group-interval
6123 REPL_BIND_GROUP_INTERVAL]
6124 [--repl-protocol-timeout
6125 REPL_PROTOCOL_TIMEOUT]
6126 [--repl-backoff-max REPL_BACK‐
6127 OFF_MAX]
6128 [--repl-backoff-min REPL_BACK‐
6129 OFF_MIN]
6130 [--repl-release-timeout
6131 REPL_RELEASE_TIMEOUT]
6132 --suffix SUFFIX
6136 The DN of the replication suffix
6137 --replica-id REPLICA_ID
6140 The Replication Identifier number
6141 --replica-role REPLICA_ROLE
6144 The Replication role: master, hub, or consumer
6145 --repl-add-bind-dn REPL_ADD_BIND_DN
6148 Add a bind (supplier) DN
6149 --repl-del-bind-dn REPL_DEL_BIND_DN
6152 Remove a bind (supplier) DN
6153 --repl-add-ref REPL_ADD_REF
6156 Add a replication referral (for consumers only)
6157 --repl-del-ref REPL_DEL_REF
6160 Remove a replication referral (for conusmers only)
6161 --repl-purge-delay REPL_PURGE_DELAY
6164 The replication purge delay
6165 --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
6168 The interval in seconds to check for tombstones that can be
6169 purged
6170 --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
6173 Set to "on" to improve tombstone purging performance
6174 --repl-bind-group REPL_BIND_GROUP
6177 A group entry DN containing members that are "bind/supplier" DNs
6178 --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
6181 An interval in seconds to check if the bind group has been
6182 updated
6183 --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
6186 A timeout in seconds on how long to wait before stopping repli‐
6187 cation when the
6188 server is under load
6189 --repl-backoff-max REPL_BACKOFF_MAX
6192 The maximum time in seconds a replication agreement should stay
6193 in a backoff
6194 state while waiting to acquire the consumer. Default is 300 sec‐
6195 onds
6196 --repl-backoff-min REPL_BACKOFF_MIN
6199 The starting time in seconds a replication agreement should stay
6200 in a backoff
6201 state while waiting to acquire the consumer. Default is 3 sec‐
6202 onds
6203 --repl-release-timeout REPL_RELEASE_TIMEOUT
6206 A timeout in seconds a replication master should send updates
6207 before it yields
6208 its replication session
6209
6212 usage: dsconf instance replication monitor [-h]
6213 [-c [CONNECTIONS [CONNEC‐
6214 TIONS ...]]]
6215 [-a [ALIASES [ALIASES ...]]]
6216 -c [CONNECTIONS [CONNECTIONS ...]], --connections [CONNECTIONS [CONNEC‐
6220 TIONS ...]]
6221 The connection values for monitoring other not connected topolo‐
6222 gies. The
6223 format: 'host:port:binddn:bindpwd'. You can use regex for host
6224 and port. You
6225 can set bindpwd to * and it will be requested at the runtime or
6226 you can
6227 include the path to the password file in square brackets -
6228 [~/pwd.txt]
6229 -a [ALIASES [ALIASES ...]], --aliases [ALIASES [ALIASES ...]]
6232 If a host:port is assigned an alias, then the alias instead of
6233 host:port will
6234 be displayed in the output. The format: alias=host:port
6235
6239 usage: dsconf instance repl-agmt [-h]
6240 {list,enable,disable,init,init-sta‐
6241 tus,poke,status,delete,create,set,get}
6242 ...
6243 Sub-commands
6246 dsconf repl-agmt list
6247 List all the replication agreements
6248 dsconf repl-agmt enable
6250 Enable replication agreement
6251 dsconf repl-agmt disable
6253 Disable replication agreement
6254 dsconf repl-agmt init
6256 Initialize replication agreement
6257 dsconf repl-agmt init-status
6259 Check the agreement initialization status
6260 dsconf repl-agmt poke
6262 Trigger replication to send updates now
6263 dsconf repl-agmt status
6265 Get the current status of the replication agreement
6266 dsconf repl-agmt delete
6268 Delete replication agreement
6269 dsconf repl-agmt create
6271 Initialize replication agreement
6272 dsconf repl-agmt set
6274 Set an attribute in the replication agreement
6275 dsconf repl-agmt get
6277 Get replication configuration
6278
6280 usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry
6281 ENTRY]
6282 --suffix SUFFIX
6286 The DN of the suffix to look up replication agreements
6287 --entry ENTRY
6290 Return the entire entry for each agreement
6291
6294 usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
6295 AGMT_NAME
6298 The name of the replication agreement
6299 --suffix SUFFIX
6302 The DN of the replication suffix
6303
6306 usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
6307 AGMT_NAME
6310 The name of the replication agreement
6311 --suffix SUFFIX
6314 The DN of the replication suffix
6315
6318 usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
6319 AGMT_NAME
6322 The name of the replication agreement
6323 --suffix SUFFIX
6326 The DN of the replication suffix
6327
6330 usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX
6331 AGMT_NAME
6332 AGMT_NAME
6335 The name of the replication agreement
6336 --suffix SUFFIX
6339 The DN of the replication suffix
6340
6343 usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
6344 AGMT_NAME
6347 The name of the replication agreement
6348 --suffix SUFFIX
6351 The DN of the replication suffix
6352
6355 usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
6356 [--bind-dn BIND_DN]
6357 [--bind-passwd BIND_PASSWD]
6358 AGMT_NAME
6359 AGMT_NAME
6362 The name of the replication agreement
6363 --suffix SUFFIX
6366 The DN of the replication suffix
6367 --bind-dn BIND_DN
6370 The DN to use to authenticate to the consumer
6371 --bind-passwd BIND_PASSWD
6374 The password for the bind DN
6375
6378 usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6379 AGMT_NAME
6382 The name of the replication agreement
6383 --suffix SUFFIX
6386 The DN of the replication suffix
6387
6390 usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host
6391 HOST
6392 --port PORT --conn-protocol
6393 CONN_PROTOCOL [--bind-dn
6394 BIND_DN]
6395 [--bind-passwd BIND_PASSWD]
6396 --bind-method BIND_METHOD
6397 [--frac-list FRAC_LIST]
6398 [--frac-list-total
6399 FRAC_LIST_TOTAL]
6400 [--strip-list STRIP_LIST]
6401 [--schedule SCHEDULE]
6402 [--conn-timeout CONN_TIMEOUT]
6403 [--protocol-timeout PROTO‐
6404 COL_TIMEOUT]
6405 [--wait-async-results
6406 WAIT_ASYNC_RESULTS]
6407 [--busy-wait-time
6408 BUSY_WAIT_TIME]
6409 [--session-pause-time SES‐
6410 SION_PAUSE_TIME]
6411 [--flow-control-window
6412 FLOW_CONTROL_WINDOW]
6413 [--flow-control-pause FLOW_CON‐
6414 TROL_PAUSE]
6415 [--init]
6416 AGMT_NAME
6417 AGMT_NAME
6420 The name of the replication agreement
6421 --suffix SUFFIX
6424 The DN of the replication suffix
6425 --host HOST
6428 The hostname of the remote replica
6429 --port PORT
6432 The port number of the remote replica
6433 --conn-protocol CONN_PROTOCOL
6436 The replication connection protocol: LDAP, LDAPS, or StartTLS
6437 --bind-dn BIND_DN
6440 The Bind DN the agreement uses to authenticate to the replica
6441 --bind-passwd BIND_PASSWD
6444 The credentials for the Bind DN
6445 --bind-method BIND_METHOD
6448 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6449 "SASL/GSSAPI"
6450 --frac-list FRAC_LIST
6453 List of attributes to NOT replicate to the consumer during
6454 incremental updates
6455 --frac-list-total FRAC_LIST_TOTAL
6458 List of attributes to NOT replicate during a total initializa‐
6459 tion
6460 --strip-list STRIP_LIST
6463 A list of attributes that are removed from updates only if the
6464 event would
6465 otherwise be empty. Typically this is set to "modifiersname" and
6466 "modifytimestmap"
6467 --schedule SCHEDULE
6470 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6471 0-6 (Sunday -
6472 Saturday).
6473 --conn-timeout CONN_TIMEOUT
6476 The timeout used for replicaton connections
6477 --protocol-timeout PROTOCOL_TIMEOUT
6480 A timeout in seconds on how long to wait before stopping repli‐
6481 cation when the
6482 server is under load
6483 --wait-async-results WAIT_ASYNC_RESULTS
6486 The amount of time in milliseconds the server waits if the con‐
6487 sumer is not
6488 ready before resending data
6489 --busy-wait-time BUSY_WAIT_TIME
6492 The amount of time in seconds a supplier should wait after a
6493 consumer sends
6494 back a busy response before making another attempt to acquire
6495 access.
6496 --session-pause-time SESSION_PAUSE_TIME
6499 The amount of time in seconds a supplier should wait between
6500 update sessions.
6501 --flow-control-window FLOW_CONTROL_WINDOW
6504 Sets the maximum number of entries and updates sent by a sup‐
6505 plier, which are
6506 not acknowledged by the consumer.
6507 --flow-control-pause FLOW_CONTROL_PAUSE
6510 The time in milliseconds to pause after reaching the number of
6511 entries and
6512 updates set in "--flow-control-window"
6513 --init Initialize the agreement after creating it.
6516
6519 usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6520 [--port PORT]
6521 [--conn-protocol CONN_PROTOCOL]
6522 [--bind-dn BIND_DN]
6523 [--bind-passwd BIND_PASSWD]
6524 [--bind-method BIND_METHOD]
6525 [--frac-list FRAC_LIST]
6526 [--frac-list-total
6527 FRAC_LIST_TOTAL]
6528 [--strip-list STRIP_LIST]
6529 [--schedule SCHEDULE]
6530 [--conn-timeout CONN_TIMEOUT]
6531 [--protocol-timeout PROTOCOL_TIME‐
6532 OUT]
6533 [--wait-async-results
6534 WAIT_ASYNC_RESULTS]
6535 [--busy-wait-time BUSY_WAIT_TIME]
6536 [--session-pause-time SES‐
6537 SION_PAUSE_TIME]
6538 [--flow-control-window FLOW_CON‐
6539 TROL_WINDOW]
6540 [--flow-control-pause FLOW_CON‐
6541 TROL_PAUSE]
6542 AGMT_NAME
6543 AGMT_NAME
6546 The name of the replication agreement
6547 --suffix SUFFIX
6550 The DN of the replication suffix
6551 --host HOST
6554 The hostname of the remote replica
6555 --port PORT
6558 The port number of the remote replica
6559 --conn-protocol CONN_PROTOCOL
6562 The replication connection protocol: LDAP, LDAPS, or StartTLS
6563 --bind-dn BIND_DN
6566 The Bind DN the agreement uses to authenticate to the replica
6567 --bind-passwd BIND_PASSWD
6570 The credentials for the Bind DN
6571 --bind-method BIND_METHOD
6574 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6575 "SASL/GSSAPI"
6576 --frac-list FRAC_LIST
6579 List of attributes to NOT replicate to the consumer during
6580 incremental updates
6581 --frac-list-total FRAC_LIST_TOTAL
6584 List of attributes to NOT replicate during a total initializa‐
6585 tion
6586 --strip-list STRIP_LIST
6589 A list of attributes that are removed from updates only if the
6590 event would
6591 otherwise be empty. Typically this is set to "modifiersname" and
6592 "modifytimestmap"
6593 --schedule SCHEDULE
6596 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6597 0-6 (Sunday -
6598 Saturday).
6599 --conn-timeout CONN_TIMEOUT
6602 The timeout used for replicaton connections
6603 --protocol-timeout PROTOCOL_TIMEOUT
6606 A timeout in seconds on how long to wait before stopping repli‐
6607 cation when the
6608 server is under load
6609 --wait-async-results WAIT_ASYNC_RESULTS
6612 The amount of time in milliseconds the server waits if the con‐
6613 sumer is not
6614 ready before resending data
6615 --busy-wait-time BUSY_WAIT_TIME
6618 The amount of time in seconds a supplier should wait after a
6619 consumer sends
6620 back a busy response before making another attempt to acquire
6621 access.
6622 --session-pause-time SESSION_PAUSE_TIME
6625 The amount of time in seconds a supplier should wait between
6626 update sessions.
6627 --flow-control-window FLOW_CONTROL_WINDOW
6630 Sets the maximum number of entries and updates sent by a sup‐
6631 plier, which are
6632 not acknowledged by the consumer.
6633 --flow-control-pause FLOW_CONTROL_PAUSE
6636 The time in milliseconds to pause after reaching the number of
6637 entries and
6638 updates set in "--flow-control-window"
6639
6642 usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
6643 AGMT_NAME
6646 Get the replication configuration for this suffix DN
6647 --suffix SUFFIX
6650 The DN of the replication suffix
6651
6655 usage: dsconf instance repl-winsync-agmt [-h]
6656 {list,enable,dis‐
6657 able,init,init-status,poke,status,delete,create,set,get}
6658 ...
6659 Sub-commands
6662 dsconf repl-winsync-agmt list
6663 List all the replication winsync agreements
6664 dsconf repl-winsync-agmt enable
6666 Enable replication winsync agreement
6667 dsconf repl-winsync-agmt disable
6669 Disable replication winsync agreement
6670 dsconf repl-winsync-agmt init
6672 Initialize replication winsync agreement
6673 dsconf repl-winsync-agmt init-status
6675 Check the agreement initialization status
6676 dsconf repl-winsync-agmt poke
6678 Trigger replication to send updates now
6679 dsconf repl-winsync-agmt status
6681 Get the current status of the replication agreement
6682 dsconf repl-winsync-agmt delete
6684 Delete replication winsync agreement
6685 dsconf repl-winsync-agmt create
6687 Initialize replication winsync agreement
6688 dsconf repl-winsync-agmt set
6690 Set an attribute in the replication winsync agreement
6691 dsconf repl-winsync-agmt get
6693 Get replication configuration
6694
6696 usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
6697 --suffix SUFFIX
6701 The DN of the suffix to look up replication winsync agreements
6702
6705 usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX
6706 AGMT_NAME
6707 AGMT_NAME
6710 The name of the replication winsync agreement
6711 --suffix SUFFIX
6714 The DN of the replication winsync suffix
6715
6718 usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
6719 AGMT_NAME
6720 AGMT_NAME
6723 The name of the replication winsync agreement
6724 --suffix SUFFIX
6727 The DN of the replication winsync suffix
6728
6731 usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX
6732 AGMT_NAME
6733 AGMT_NAME
6736 The name of the replication winsync agreement
6737 --suffix SUFFIX
6740 The DN of the replication winsync suffix
6741
6744 usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
6745 FIX
6746 AGMT_NAME
6747 AGMT_NAME
6750 The name of the replication agreement
6751 --suffix SUFFIX
6754 The DN of the replication suffix
6755
6758 usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX
6759 AGMT_NAME
6760 AGMT_NAME
6763 The name of the replication winsync agreement
6764 --suffix SUFFIX
6767 The DN of the replication winsync suffix
6768
6771 usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX
6772 AGMT_NAME
6773 AGMT_NAME
6776 The name of the replication agreement
6777 --suffix SUFFIX
6780 The DN of the replication suffix
6781
6784 usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX
6785 AGMT_NAME
6786 AGMT_NAME
6789 The name of the replication winsync agreement
6790 --suffix SUFFIX
6793 The DN of the replication winsync suffix
6794
6797 usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX
6798 --host
6799 HOST --port PORT
6800 --conn-protocol
6801 CONN_PROTOCOL
6802 --bind-dn BIND_DN
6803 --bind-passwd
6804 BIND_PASSWD
6805 [--frac-list FRAC_LIST]
6806 [--schedule SCHEDULE]
6807 --win-subtree WIN_SUB‐
6808 TREE
6809 --ds-subtree DS_SUBTREE
6810 --win-domain WIN_DOMAIN
6811 [--sync-users
6812 SYNC_USERS]
6813 [--sync-groups
6814 SYNC_GROUPS]
6815 [--sync-interval
6816 SYNC_INTERVAL]
6817 [--one-way-sync
6818 ONE_WAY_SYNC]
6819 [--move-action
6820 MOVE_ACTION]
6821 [--win-filter WIN_FIL‐
6822 TER]
6823 [--ds-filter DS_FILTER]
6824 [--subtree-pair SUB‐
6825 TREE_PAIR]
6826 [--conn-timeout
6827 CONN_TIMEOUT]
6828 [--busy-wait-time
6829 BUSY_WAIT_TIME]
6830 [--session-pause-time
6831 SESSION_PAUSE_TIME]
6832 [--init]
6833 AGMT_NAME
6834 AGMT_NAME
6837 The name of the replication winsync agreement
6838 --suffix SUFFIX
6841 The DN of the replication winsync suffix
6842 --host HOST
6845 The hostname of the AD server
6846 --port PORT
6849 The port number of the AD server
6850 --conn-protocol CONN_PROTOCOL
6853 The replication winsync connection protocol: LDAP, LDAPS, or
6854 StartTLS
6855 --bind-dn BIND_DN
6858 The Bind DN the agreement uses to authenticate to the AD Server
6859 --bind-passwd BIND_PASSWD
6862 The credentials for the Bind DN
6863 --frac-list FRAC_LIST
6866 List of attributes to NOT replicate to the consumer during
6867 incremental updates
6868 --schedule SCHEDULE
6871 Sets the replication update schedule
6872 --win-subtree WIN_SUBTREE
6875 The suffix of the AD Server
6876 --ds-subtree DS_SUBTREE
6879 The Directory Server suffix
6880 --win-domain WIN_DOMAIN
6883 The AD Domain
6884 --sync-users SYNC_USERS
6887 Synchronize Users between AD and DS
6888 --sync-groups SYNC_GROUPS
6891 Synchronize Groups between AD and DS
6892 --sync-interval SYNC_INTERVAL
6895 The interval that DS checks AD for changes in entries
6896 --one-way-sync ONE_WAY_SYNC
6899 Sets which direction to perform synchronization: "toWindows",
6900 "fromWindows",
6901 "both"
6902 --move-action MOVE_ACTION
6905 Sets instructions on how to handle moved or deleted entries:
6906 "none", "unsync",
6907 or "delete"
6908 --win-filter WIN_FILTER
6911 Custom filter for finding users in AD Server
6912 --ds-filter DS_FILTER
6915 Custom filter for finding AD users in DS Server
6916 --subtree-pair SUBTREE_PAIR
6919 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6920 --conn-timeout CONN_TIMEOUT
6923 The timeout used for replicaton connections
6924 --busy-wait-time BUSY_WAIT_TIME
6927 The amount of time in seconds a supplier should wait after a
6928 consumer sends
6929 back a busy response before making another attempt to acquire
6930 access.
6931 --session-pause-time SESSION_PAUSE_TIME
6934 The amount of time in seconds a supplier should wait between
6935 update sessions.
6936 --init Initialize the agreement after creating it.
6939
6942 usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
6943 [--host HOST] [--port
6944 PORT]
6945 [--conn-protocol CONN_PRO‐
6946 TOCOL]
6947 [--bind-dn BIND_DN]
6948 [--bind-passwd
6949 BIND_PASSWD]
6950 [--frac-list FRAC_LIST]
6951 [--schedule SCHEDULE]
6952 [--win-subtree WIN_SUB‐
6953 TREE]
6954 [--ds-subtree DS_SUBTREE]
6955 [--win-domain WIN_DOMAIN]
6956 [--sync-users SYNC_USERS]
6957 [--sync-groups
6958 SYNC_GROUPS]
6959 [--sync-interval
6960 SYNC_INTERVAL]
6961 [--one-way-sync
6962 ONE_WAY_SYNC]
6963 [--move-action
6964 MOVE_ACTION]
6965 [--win-filter WIN_FILTER]
6966 [--ds-filter DS_FILTER]
6967 [--subtree-pair SUB‐
6968 TREE_PAIR]
6969 [--conn-timeout CONN_TIME‐
6970 OUT]
6971 [--busy-wait-time
6972 BUSY_WAIT_TIME]
6973 [--session-pause-time SES‐
6974 SION_PAUSE_TIME]
6975 AGMT_NAME
6976 AGMT_NAME
6979 The name of the replication winsync agreement
6980 --suffix SUFFIX
6983 The DN of the replication winsync suffix
6984 --host HOST
6987 The hostname of the AD server
6988 --port PORT
6991 The port number of the AD server
6992 --conn-protocol CONN_PROTOCOL
6995 The replication winsync connection protocol: LDAP, LDAPS, or
6996 StartTLS
6997 --bind-dn BIND_DN
7000 The Bind DN the agreement uses to authenticate to the AD Server
7001 --bind-passwd BIND_PASSWD
7004 The credentials for the Bind DN
7005 --frac-list FRAC_LIST
7008 List of attributes to NOT replicate to the consumer during
7009 incremental updates
7010 --schedule SCHEDULE
7013 Sets the replication update schedule
7014 --win-subtree WIN_SUBTREE
7017 The suffix of the AD Server
7018 --ds-subtree DS_SUBTREE
7021 The Directory Server suffix
7022 --win-domain WIN_DOMAIN
7025 The AD Domain
7026 --sync-users SYNC_USERS
7029 Synchronize Users between AD and DS
7030 --sync-groups SYNC_GROUPS
7033 Synchronize Groups between AD and DS
7034 --sync-interval SYNC_INTERVAL
7037 The interval that DS checks AD for changes in entries
7038 --one-way-sync ONE_WAY_SYNC
7041 Sets which direction to perform synchronization: "toWindows",
7042 "fromWindows",
7043 "both"
7044 --move-action MOVE_ACTION
7047 Sets instructions on how to handle moved or deleted entries:
7048 "none", "unsync",
7049 or "delete"
7050 --win-filter WIN_FILTER
7053 Custom filter for finding users in AD Server
7054 --ds-filter DS_FILTER
7057 Custom filter for finding AD users in DS Server
7058 --subtree-pair SUBTREE_PAIR
7061 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
7062 --conn-timeout CONN_TIMEOUT
7065 The timeout used for replicaton connections
7066 --busy-wait-time BUSY_WAIT_TIME
7069 The amount of time in seconds a supplier should wait after a
7070 consumer sends
7071 back a busy response before making another attempt to acquire
7072 access.
7073 --session-pause-time SESSION_PAUSE_TIME
7076 The amount of time in seconds a supplier should wait between
7077 update sessions.
7078
7081 usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX
7082 AGMT_NAME
7083 AGMT_NAME
7086 Get the replication configuration for this suffix DN
7087 --suffix SUFFIX
7090 The DN of the replication suffix
7091
7095 usage: dsconf instance repl-tasks [-h]
7096 {cleanallruv,list-cleanruv-
7097 tasks,abort-cleanallruv,list-abortruv-tasks}
7098 ...
7099 Sub-commands
7102 dsconf repl-tasks cleanallruv
7103 Cleanup old/removed replica IDs
7104 dsconf repl-tasks list-cleanruv-tasks
7106 List all the running CleanAllRUV tasks
7107 dsconf repl-tasks abort-cleanallruv
7109 Abort cleanallruv tasks
7110 dsconf repl-tasks list-abortruv-tasks
7112 List all the running CleanAllRUV abort Tasks
7113
7115 usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
7116 --replica-id REPLICA_ID
7117 [--force-cleaning]
7118 --suffix SUFFIX
7122 The Directory Server suffix
7123 --replica-id REPLICA_ID
7126 The replica ID to remove/clean
7127 --force-cleaning
7130 Ignore errors and do a best attempt to clean all the replicas
7131
7134 usage: dsconf instance repl-tasks list-cleanruv-tasks [-h] [--suffix
7135 SUFFIX]
7136 --suffix SUFFIX
7140 List only tasks from for suffix
7141
7144 usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
7145 FIX
7146 --replica-id
7147 REPLICA_ID
7148 [--certify]
7149 --suffix SUFFIX
7153 The Directory Server suffix
7154 --replica-id REPLICA_ID
7157 The replica ID of the cleaning task to abort
7158 --certify
7161 Enforce that the abort task completed on all replicas
7162
7165 usage: dsconf instance repl-tasks list-abortruv-tasks [-h] [--suffix
7166 SUFFIX]
7167 --suffix SUFFIX
7171 List only tasks from for suffix
7172
7176 usage: dsconf instance sasl [-h] {list,get,create,delete} ...
7177 Sub-commands
7180 dsconf sasl list
7181 List avaliable SASL mappings
7182 dsconf sasl get
7184 get
7185 dsconf sasl create
7187 create
7188 dsconf sasl delete
7190 deletes the object
7191
7193 usage: dsconf instance sasl list [-h]
7194
7199 usage: dsconf instance sasl get [-h] [selector]
7200 selector
7203 SASL mapping name to get
7204
7208 usage: dsconf instance sasl create [-h] [--cn [CN]]
7209 [--nsSaslMapRegexString
7210 [NSSASLMAPREGEXSTRING]]
7211 [--nsSaslMapBaseDNTemplate
7212 [NSSASLMAPBASEDNTEMPLATE]]
7213 [--nsSaslMapFilterTemplate
7214 [NSSASLMAPFILTERTEMPLATE]]
7215 [--nsSaslMapPriority [NSSASLMAPPRI‐
7216 ORITY]]
7217 --cn [CN]
7221 Value of cn
7222 --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
7225 Value of nsSaslMapRegexString
7226 --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
7229 Value of nsSaslMapBaseDNTemplate
7230 --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
7233 Value of nsSaslMapFilterTemplate
7234 --nsSaslMapPriority [NSSASLMAPPRIORITY]
7237 Value of nsSaslMapPriority
7238
7241 usage: dsconf instance sasl delete [-h] map_name
7242 map_name
7245 The SASL Mapping name ("cn" value)
7246
7251 usage: dsconf instance security [-h]
7252 {set,get,enable,disable,certificate,ca-
7253 certificate,rsa,ciphers}
7254 ...
7255 Sub-commands
7258 dsconf security set
7259 Set general security options
7260 dsconf security get
7262 Get general security options
7263 dsconf security enable
7265 Enable security
7266 dsconf security disable
7268 Disable security
7269 dsconf security certificate
7271 Manage TLS certificates
7272 dsconf security ca-certificate
7274 Manage TLS Certificate Authorities
7275 dsconf security rsa
7277 Query and manipulate RSA security options
7278 dsconf security ciphers
7280 Manage secure ciphers
7281
7283 usage: dsconf instance security set [-h] [--security SECURITY]
7284 [--listen-host LISTEN_HOST]
7285 [--secure-port SECURE_PORT]
7286 [--tls-client-auth TLS_CLIENT_AUTH]
7287 [--tls-client-renegotiation
7288 TLS_CLIENT_RENEGOTIATION]
7289 [--require-secure-authentication
7290 REQUIRE_SECURE_AUTHENTICATION]
7291 [--check-hostname CHECK_HOSTNAME]
7292 [--verify-cert-chain-on-startup
7293 VERIFY_CERT_CHAIN_ON_STARTUP]
7294 [--session-timeout SESSION_TIMEOUT]
7295 [--tls-protocol-min TLS_PROTO‐
7296 COL_MIN]
7297 [--tls-protocol-max TLS_PROTO‐
7298 COL_MAX]
7299 [--allow-insecure-ciphers
7300 ALLOW_INSECURE_CIPHERS]
7301 [--allow-weak-dh-param
7302 ALLOW_WEAK_DH_PARAM]
7303 [--cipher-pref CIPHER_PREF]
7304 Use this command for setting security related options located in
7306 cn=config and cn=encryption,cn=config.
7307 To enable/disable security you can use enable and disable commands
7309 instead.
7310 --security SECURITY
7314 Enable or disable security (nsslapd-security)
7315 --listen-host LISTEN_HOST
7318 Host/address to listen on for LDAPS (nsslapd-securelistenhost)
7319 --secure-port SECURE_PORT
7322 Port for LDAPS to listen on (nsslapd-securePort)
7323 --tls-client-auth TLS_CLIENT_AUTH
7326 Client authentication requirement (nsSSLClientAuth)
7327 --tls-client-renegotiation TLS_CLIENT_RENEGOTIATION
7330 Allow client TLS renegotiation (nsTLSAllowClientRenegotiation)
7331 --require-secure-authentication REQUIRE_SECURE_AUTHENTICATION
7334 Require binds over LDAPS, StartTLS, or SASL (nss‐
7335 lapd-require-secure-binds)
7336 --check-hostname CHECK_HOSTNAME
7339 Check Subject of remote certificate against the hostname (nss‐
7340 lapd-ssl-check-
7341 hostname)
7342 --verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP
7345 Validate server certificate during startup (nsslapd-vali‐
7346 date-cert)
7347 --session-timeout SESSION_TIMEOUT
7350 Secure session timeout (nsSSLSessionTimeout)
7351 --tls-protocol-min TLS_PROTOCOL_MIN
7354 Secure protocol minimal allowed version (sslVersionMin)
7355 --tls-protocol-max TLS_PROTOCOL_MAX
7358 Secure protocol maximal allowed version (sslVersionMax)
7359 --allow-insecure-ciphers ALLOW_INSECURE_CIPHERS
7362 Allow weak ciphers for legacy use (allowWeakCipher)
7363 --allow-weak-dh-param ALLOW_WEAK_DH_PARAM
7366 Allow short DH params for legacy use (allowWeakDHParam)
7367 --cipher-pref CIPHER_PREF
7370 Use this command to directly set nsSSL3Ciphers attribute. It is
7371 a comma
7372 separated list of cipher names (prefixed with + or -), option‐
7373 ally including
7374 +all or -all. The attribute may optionally be prefixed by key‐
7375 word default.
7376 Please refer to documentation of the attribute for a more
7377 detailed
7378 description. (nsSSL3Ciphers)
7379
7382 usage: dsconf instance security get [-h]
7383
7388 usage: dsconf instance security enable [-h] [--cert-name CERT_NAME]
7389 If missing, create security database, then turn on security functional‐
7391 ity. Please note this is usually not enough for TLS connections to work
7392 - proper setup of CA and server certificate is necessary.
7393 --cert-name CERT_NAME
7397 The name of the certificate the server should use
7398
7401 usage: dsconf instance security disable [-h]
7402 Turn off security functionality. The rest of the configuration will be
7404 left untouched.
7405
7410 usage: dsconf instance security certificate [-h]
7411 {add,set-trust-
7412 flags,del,get,list}
7413 ...
7414 Sub-commands
7417 dsconf security certificate add
7418 Add a server certificate
7419 dsconf security certificate set-trust-flags
7421 Set the Trust flags
7422 dsconf security certificate del
7424 Delete a certificate
7425 dsconf security certificate get
7427 Get a server certificate's information
7428 dsconf security certificate list
7430 List the server certificates
7431
7433 usage: dsconf instance security certificate add [-h] --file FILE --name
7434 NAME
7435 [--primary-cert]
7436 Add a server certificate to the NSS database
7438 --file FILE
7442 The file name of the certificate
7443 --name NAME
7446 The name/nickname of the certificate
7447 --primary-cert
7450 Set this certificate as the server's certificate
7451
7454 usage: dsconf instance security certificate set-trust-flags
7455 [-h] --flags FLAGS name
7456 Change the trust flags of a server certificate
7458 name The name/nickname of the certificate
7461 --flags FLAGS
7464 The trust flags for the server certificate
7465
7468 usage: dsconf instance security certificate del [-h] name
7469 Delete a certificate from the NSS database
7471 name The name/nickname of the certificate
7474
7478 usage: dsconf instance security certificate get [-h] name
7479 Get detailed information about a certificate, like trust attributes,
7481 expiration dates, Subject and Issuer DNs
7482 name The name/nickname of the certificate
7485
7489 usage: dsconf instance security certificate list [-h]
7490 List the server certificates in the NSS database
7492
7498 usage: dsconf instance security ca-certificate [-h]
7499 {add,set-trust-
7500 flags,del,get,list}
7501 ...
7502 Sub-commands
7505 dsconf security ca-certificate add
7506 Add a Certificate Authority
7507 dsconf security ca-certificate set-trust-flags
7509 Set the Trust flags
7510 dsconf security ca-certificate del
7512 Delete a certificate
7513 dsconf security ca-certificate get
7515 Get a Certificate Authority's information
7516 dsconf security ca-certificate list
7518 List the Certificate Authorities
7519
7521 usage: dsconf instance security ca-certificate add [-h] --file FILE
7522 --name
7523 NAME
7524 Add a Certificate Authority to the NSS database
7526 --file FILE
7530 The file name of the CA certificate
7531 --name NAME
7534 The name/nickname of the CA certificate
7535
7538 usage: dsconf instance security ca-certificate set-trust-flags
7539 [-h] --flags FLAGS name
7540 Change the trust attributes of a CA certificate. Certificate Authori‐
7542 ties typically use "CT,,"
7543 name The name/nickname of the CA certificate
7546 --flags FLAGS
7549 The trust flags for the CA certificate
7550
7553 usage: dsconf instance security ca-certificate del [-h] name
7554 Delete a CA certificate from the NSS database
7556 name The name/nickname of the CA certificate
7559
7563 usage: dsconf instance security ca-certificate get [-h] name
7564 Get detailed information about a CA certificate, like trust attributes,
7566 expiration dates, Subject and Issuer DN
7567 name The name/nickname of the CA certificate
7570
7574 usage: dsconf instance security ca-certificate list [-h]
7575 List the CA certificates in the NSS database
7577
7583 usage: dsconf instance security rsa [-h] {set,get,enable,disable} ...
7584 Sub-commands
7587 dsconf security rsa set
7588 Set RSA security options
7589 dsconf security rsa get
7591 Get RSA security options
7592 dsconf security rsa enable
7594 Enable RSA
7595 dsconf security rsa disable
7597 Disable RSA
7598
7600 usage: dsconf instance security rsa set [-h]
7601 [--tls-allow-rsa-certificates
7602 TLS_ALLOW_RSA_CERTIFICATES]
7603 [--nss-cert-name NSS_CERT_NAME]
7604 [--nss-token NSS_TOKEN]
7605 Use this command for setting RSA (private key) related options located
7607 in cn=RSA,cn=encryption,cn=config.
7608 To enable/disable RSA you can use enable and disable commands instead.
7610 --tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES
7614 Activate use of RSA certificates (nsSSLActivation)
7615 --nss-cert-name NSS_CERT_NAME
7618 Server certificate name in NSS DB (nsSSLPersonalitySSL)
7619 --nss-token NSS_TOKEN
7622 Security token name (module of NSS DB) (nsSSLToken)
7623
7626 usage: dsconf instance security rsa get [-h]
7627
7632 usage: dsconf instance security rsa enable [-h]
7633
7638 usage: dsconf instance security rsa disable [-h]
7639
7645 usage: dsconf instance security ciphers [-h] {enable,dis‐
7646 able,get,set,list} ...
7647 Sub-commands
7650 dsconf security ciphers enable
7651 Enable ciphers
7652 dsconf security ciphers disable
7654 Disable ciphers
7655 dsconf security ciphers get
7657 Get ciphers attribute
7658 dsconf security ciphers set
7660 Set ciphers attribute
7661 dsconf security ciphers list
7663 List ciphers
7664
7666 usage: dsconf instance security ciphers enable [-h] cipher [cipher ...]
7667 Use this command to enable specific ciphers.
7669 cipher
7672
7675 usage: dsconf instance security ciphers disable [-h] cipher [cipher
7676 ...]
7677 Use this command to disable specific ciphers.
7679 cipher
7682
7685 usage: dsconf instance security ciphers get [-h]
7686 Use this command to get contents of nsSSL3Ciphers attribute.
7688
7693 usage: dsconf instance security ciphers set [-h] cipher-string
7694 Use this command to directly set nsSSL3Ciphers attribute. It is a comma
7696 separated list of cipher names (prefixed with + or -), optionally
7697 including +all or -all. The attribute may optionally be prefixed by
7698 keyword default. Please refer to documentation of the attribute for a
7699 more detailed description.
7700 cipher-string
7703
7706 usage: dsconf instance security ciphers list [-h]
7707 [--enabled | --supported |
7708 --disabled]
7709 List secure ciphers. Without arguments, list ciphers as configured in
7711 nsSSL3Ciphers attribute.
7712 --enabled
7716 Only enabled ciphers
7717 --supported
7720 Only supported ciphers
7721 --disabled
7724 Only supported ciphers without enabled ciphers
7725
7730 usage: dsconf instance schema [-h]
7731 {list,attributetypes,objectclasses,match‐
7732 ingrules,reload,validate-syntax}
7733 ...
7734 Sub-commands
7737 dsconf schema list
7738 List all schema objects on this system
7739 dsconf schema attributetypes
7741 Work with attribute types on this system
7742 dsconf schema objectclasses
7744 Work with objectClasses on this system
7745 dsconf schema matchingrules
7747 Work with matching rules on this system
7748 dsconf schema reload
7750 Dynamically reload schema while server is running
7751 dsconf schema validate-syntax
7753 Run a task to check every modification to attributes to make
7754 sure that the new value has the required syntax for that
7755 attribute type
7756
7758 usage: dsconf instance schema list [-h]
7759
7764 usage: dsconf instance schema attributetypes [-h]
7765 {get_syn‐
7766 taxes,list,query,add,replace,remove}
7767 ...
7768 Sub-commands
7771 dsconf schema attributetypes get_syntaxes
7772 List all available attribute type syntaxes
7773 dsconf schema attributetypes list
7775 List available attribute types on this system
7776 dsconf schema attributetypes query
7778 Query an attribute to determine object classes that may or must
7779 take it
7780 dsconf schema attributetypes add
7782 Add an attribute type to this system
7783 dsconf schema attributetypes replace
7785 Replace an attribute type on this system
7786 dsconf schema attributetypes remove
7788 Remove an attribute type on this system
7789
7791 usage: dsconf instance schema attributetypes get_syntaxes [-h]
7792
7797 usage: dsconf instance schema attributetypes list [-h]
7798
7803 usage: dsconf instance schema attributetypes query [-h] [name]
7804 name Attribute type to query
7807
7811 usage: dsconf instance schema attributetypes add [-h] [--oid OID]
7812 [--desc DESC]
7813 [--x-origin X_ORIGIN]
7814 [--aliases ALIASES
7815 [ALIASES ...]]
7816 [--single-value]
7817 [--multi-value]
7818 [--no-user-mod]
7819 [--user-mod]
7820 [--equality EQUALITY]
7821 [--substr SUBSTR]
7822 [--ordering ORDERING]
7823 [--usage USAGE]
7824 [--sup SUP [SUP ...]]
7825 --syntax SYNTAX
7826 name
7827 name NAME of the object
7830 --oid OID
7833 OID assigned to the object
7834 --desc DESC
7837 Description text(DESC) of the object
7838 --x-origin X_ORIGIN
7841 Provides information about where the attribute type is defined
7842 --aliases ALIASES [ALIASES ...]
7845 Additional NAMEs of the object.
7846 --single-value
7849 True if the matching rule must have only one valueOnly one of
7850 the flags this
7851 or --multi-value should be specified
7852 --multi-value
7855 True if the matching rule may have multiple values (default)Only
7856 one of the
7857 flags this or --single-value should be specified
7858 --no-user-mod
7861 True if the attribute is not modifiable by a client applica‐
7862 tionOnly one of the
7863 flags this or --user-mod should be specified
7864 --user-mod
7867 True if the attribute is modifiable by a client application
7868 (default)Only one
7869 of the flags this or --no-user-mode should be specified
7870 --equality EQUALITY
7873 NAME or OID of the matching rule used for checkingwhether
7874 attribute values are
7875 equal
7876 --substr SUBSTR
7879 NAME or OID of the matching rule used for checkingwhether an
7880 attribute value
7881 contains another value
7882 --ordering ORDERING
7885 NAME or OID of the matching rule used for checkingwhether
7886 attribute values are
7887 lesser - equal than
7888 --usage USAGE
7891 The flag indicates how the attribute type is to be used. Choose
7892 from the list:
7893 userApplications (default), directoryOperation, distributedOper‐
7894 ation,
7895 dSAOperation
7896 --sup SUP [SUP ...]
7899 The list of NAMEs or OIDs of attribute typesthis attribute type
7900 is derived
7901 from
7902 --syntax SYNTAX
7905 OID of the LDAP syntax assigned to the attribute
7906
7909 usage: dsconf instance schema attributetypes replace [-h] [--oid OID]
7910 [--desc DESC]
7911 [--x-origin X_ORI‐
7912 GIN]
7913 [--aliases ALIASES
7914 [ALIASES ...]]
7915 [--single-value]
7916 [--multi-value]
7917 [--no-user-mod]
7918 [--user-mod]
7919 [--equality EQUAL‐
7920 ITY]
7921 [--substr SUBSTR]
7922 [--ordering ORDER‐
7923 ING]
7924 [--usage USAGE]
7925 [--sup SUP [SUP
7926 ...]]
7927 [--syntax SYNTAX]
7928 name
7929 name NAME of the object
7932 --oid OID
7935 OID assigned to the object
7936 --desc DESC
7939 Description text(DESC) of the object
7940 --x-origin X_ORIGIN
7943 Provides information about where the attribute type is defined
7944 --aliases ALIASES [ALIASES ...]
7947 Additional NAMEs of the object.
7948 --single-value
7951 True if the matching rule must have only one valueOnly one of
7952 the flags this
7953 or --multi-value should be specified
7954 --multi-value
7957 True if the matching rule may have multiple values (default)Only
7958 one of the
7959 flags this or --single-value should be specified
7960 --no-user-mod
7963 True if the attribute is not modifiable by a client applica‐
7964 tionOnly one of the
7965 flags this or --user-mod should be specified
7966 --user-mod
7969 True if the attribute is modifiable by a client application
7970 (default)Only one
7971 of the flags this or --no-user-mode should be specified
7972 --equality EQUALITY
7975 NAME or OID of the matching rule used for checkingwhether
7976 attribute values are
7977 equal
7978 --substr SUBSTR
7981 NAME or OID of the matching rule used for checkingwhether an
7982 attribute value
7983 contains another value
7984 --ordering ORDERING
7987 NAME or OID of the matching rule used for checkingwhether
7988 attribute values are
7989 lesser - equal than
7990 --usage USAGE
7993 The flag indicates how the attribute type is to be used. Choose
7994 from the list:
7995 userApplications (default), directoryOperation, distributedOper‐
7996 ation,
7997 dSAOperation
7998 --sup SUP [SUP ...]
8001 The list of NAMEs or OIDs of attribute typesthis attribute type
8002 is derived
8003 from
8004 --syntax SYNTAX
8007 OID of the LDAP syntax assigned to the attribute
8008
8011 usage: dsconf instance schema attributetypes remove [-h] name
8012 name NAME of the object
8015
8020 usage: dsconf instance schema objectclasses [-h]
8021 {list,query,add,replace,remove}
8022 ...
8023 Sub-commands
8026 dsconf schema objectclasses list
8027 List available objectClasses on this system
8028 dsconf schema objectclasses query
8030 Query an objectClass
8031 dsconf schema objectclasses add
8033 Add an objectClass to this system
8034 dsconf schema objectclasses replace
8036 Replace an objectClass on this system
8037 dsconf schema objectclasses remove
8039 Remove an objectClass on this system
8040
8042 usage: dsconf instance schema objectclasses list [-h]
8043
8048 usage: dsconf instance schema objectclasses query [-h] [name]
8049 name ObjectClass to query
8052
8056 usage: dsconf instance schema objectclasses add [-h] [--oid OID]
8057 [--desc DESC]
8058 [--x-origin X_ORIGIN]
8059 [--must MUST [MUST
8060 ...]]
8061 [--may MAY [MAY ...]]
8062 [--kind KIND]
8063 [--sup SUP [SUP ...]]
8064 name
8065 name NAME of the object
8068 --oid OID
8071 OID assigned to the object
8072 --desc DESC
8075 Description text(DESC) of the object
8076 --x-origin X_ORIGIN
8079 Provides information about where the attribute type is defined
8080 --must MUST [MUST ...]
8083 NAMEs or OIDs of all attributes an entry of the object must have
8084 --may MAY [MAY ...]
8087 NAMEs or OIDs of additional attributes an entry of the object
8088 may have
8089 --kind KIND
8092 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8093 --sup SUP [SUP ...]
8096 NAMEs or OIDs of object classes this object is derived from
8097
8100 usage: dsconf instance schema objectclasses replace [-h] [--oid OID]
8101 [--desc DESC]
8102 [--x-origin X_ORI‐
8103 GIN]
8104 [--must MUST [MUST
8105 ...]]
8106 [--may MAY [MAY
8107 ...]]
8108 [--kind KIND]
8109 [--sup SUP [SUP
8110 ...]]
8111 name
8112 name NAME of the object
8115 --oid OID
8118 OID assigned to the object
8119 --desc DESC
8122 Description text(DESC) of the object
8123 --x-origin X_ORIGIN
8126 Provides information about where the attribute type is defined
8127 --must MUST [MUST ...]
8130 NAMEs or OIDs of all attributes an entry of the object must have
8131 --may MAY [MAY ...]
8134 NAMEs or OIDs of additional attributes an entry of the object
8135 may have
8136 --kind KIND
8139 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8140 --sup SUP [SUP ...]
8143 NAMEs or OIDs of object classes this object is derived from
8144
8147 usage: dsconf instance schema objectclasses remove [-h] name
8148 name NAME of the object
8151
8156 usage: dsconf instance schema matchingrules [-h] {list,query} ...
8157 Sub-commands
8160 dsconf schema matchingrules list
8161 List available matching rules on this system
8162 dsconf schema matchingrules query
8164 Query a matching rule
8165
8167 usage: dsconf instance schema matchingrules list [-h]
8168
8173 usage: dsconf instance schema matchingrules query [-h] [name]
8174 name Matching rule to query
8177
8182 usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
8183 -d SCHEMADIR, --schemadir SCHEMADIR
8187 directory where schema files are located
8188 --wait Wait for the reload task to complete
8191
8194 usage: dsconf instance schema validate-syntax [-h] [-f FILTER] DN
8195 DN Base DN that contains entries to validate
8198 -f FILTER, --filter FILTER
8201 Filter for entries to validate. If omitted, all entries with
8202 filter
8203 "(objectclass=*)" are validated
8204
8208 usage: dsconf instance repl-conflict [-h]
8209 {list,compare,delete,swap,con‐
8210 vert,list-glue,delete-glue,convert-glue}
8211 ...
8212 Sub-commands
8215 dsconf repl-conflict list
8216 List conflict entries
8217 dsconf repl-conflict compare
8219 Compare the conflict entry with its valid counterpart
8220 dsconf repl-conflict delete
8222 Delete a conflict entry
8223 dsconf repl-conflict swap
8225 Replace the valid entry with the conflict entry
8226 dsconf repl-conflict convert
8228 Convert the conflict entry to a valid entry, while keeping the
8229 original valid entry counterpart. This requires that the con‐
8230 verted conflict entry have a new RDN value. For example:
8231 "cn=my_new_rdn_value".
8232 dsconf repl-conflict list-glue
8234 List replication glue entries
8235 dsconf repl-conflict delete-glue
8237 Delete the glue entry and its child entries
8238 dsconf repl-conflict convert-glue
8240 Convert the glue entry into a regular entry
8241
8243 usage: dsconf instance repl-conflict list [-h] suffix
8244 suffix The backend name, or suffix, to look for conflict entries
8247
8251 usage: dsconf instance repl-conflict compare [-h] DN
8252 DN The DN of the conflict entry
8255
8259 usage: dsconf instance repl-conflict delete [-h] DN
8260 DN The DN of the conflict entry
8263
8267 usage: dsconf instance repl-conflict swap [-h] DN
8268 DN The DN of the conflict entry
8271
8275 usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN
8276 DN The DN of the conflict entry
8279 --new-rdn NEW_RDN
8282 The new RDN for the converted conflict entry. For example:
8283 "cn=my_new_rdn_value"
8284
8287 usage: dsconf instance repl-conflict list-glue [-h] suffix
8288 suffix The backend name, or suffix, to look for glue entries
8291
8295 usage: dsconf instance repl-conflict delete-glue [-h] DN
8296 DN The DN of the glue entry
8299
8303 usage: dsconf instance repl-conflict convert-glue [-h] DN
8304 DN The DN of the glue entry
8307 -v, --verbose
8312 Display verbose operation tracing during command execution
8313 -D BINDDN, --binddn BINDDN
8316 The account to bind as for executing operations
8317 -w BINDPW, --bindpw BINDPW
8320 Password for binddn
8321 -W, --prompt
8324 Prompt for password for the bind DN
8325 -y PWDFILE, --pwdfile PWDFILE
8328 Specifies a file containing the password for the binddn
8329 -b BASEDN, --basedn BASEDN
8332 Basedn (root naming context) of the instance to manage
8333 -Z, --starttls
8336 Connect with StartTLS
8337 -j, --json
8340 Return result in JSON object
8341
8344 lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
8345
8347 The latest version of lib389 may be downloaded from
8348 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
8349 Manual dsconf(8)