1dsconf(8) System Manager's Manual dsconf(8)
2
6 dsconf
7
9 dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10 [-Z] [-j] instance {backend,backup,chaining,config,directory_man‐
11 ager,monitor,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-win‐
12 sync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ...
13
15 instance
16 The instance name OR the LDAP url to connect to, IE localhost,
17 ldap://mai.example.com:389
18 Sub-commands
21 dsconf backend
22 Manage database suffixes and backends
23 dsconf backup
25 Manage online backups
26 dsconf chaining
28 Manage database chaining/database links
29 dsconf config
31 Manage server configuration
32 dsconf directory_manager
34 Manage the directory manager account
35 dsconf monitor
37 Monitor the state of the instance
38 dsconf plugin
40 Manage plugins available on the server
41 dsconf pwpolicy
43 Get and set the global password policy settings
44 dsconf localpwp
46 Manage local (user/subtree) password policies
47 dsconf replication
49 Configure replication for a suffix
50 dsconf repl-agmt
52 Manage replication agreements
53 dsconf repl-winsync-agmt
55 Manage Winsync Agreements
56 dsconf repl-tasks
58 Manage replication tasks
59 dsconf sasl
61 Query and manipulate SASL mappings
62 dsconf security
64 Query and manipulate security options
65 dsconf schema
67 Query and manipulate schema
68 dsconf repl-conflict
70 Manage replication conflicts
71
73 usage: dsconf instance backend [-h]
74 {suffix,index,vlv-index,attr-en‐
75 crypt,config,monitor,import,export,create,delete,get-tree,compact-db}
76 ...
77 Sub-commands
80 dsconf backend suffix
81 Manage a backend suffix
82 dsconf backend index
84 Manage backend indexes
85 dsconf backend vlv-index
87 Manage VLV searches and indexes
88 dsconf backend attr-encrypt
90 Encrypted attribute options
91 dsconf backend config
93 Manage the global database configuration settings
94 dsconf backend monitor
96 Get the global database monitor information
97 dsconf backend import
99 Do an online import of the suffix
100 dsconf backend export
102 Do an online export of the suffix
103 dsconf backend create
105 Create a backend database
106 dsconf backend delete
108 Delete a backend database
109 dsconf backend get-tree
111 Get a representation of the suffix tree
112 dsconf backend compact-db
114 Compact the database and the replication changelog
115
117 usage: dsconf instance backend suffix [-h]
118 {list,get,get-dn,get-sub-suf‐
119 fixes,set}
120 ...
121 Sub-commands
124 dsconf backend suffix list
125 List current active backends and suffixes
126 dsconf backend suffix get
128 Get the suffix entry
129 dsconf backend suffix get-dn
131 get_dn
132 dsconf backend suffix get-sub-suffixes
134 Get the sub-suffixes of this backend
135 dsconf backend suffix set
137 Set configuration settings for a single backend
138
140 usage: dsconf instance backend suffix list [-h] [--suffix]
141 [--skip-subsuffixes]
142 --suffix
146 Just display the suffix, and not the backend name
147 --skip-subsuffixes
150 Skip over sub-suffixes
151
154 usage: dsconf instance backend suffix get [-h] [selector]
155 selector
158 The backend to search for
159
163 usage: dsconf instance backend suffix get-dn [-h] [dn]
164 dn The backend dn to get
167
171 usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix]
172 be_name
173 be_name
176 The backend name or suffix to search for sub-suffixes
177 --suffix
180 Just display the suffix, and not the backend name
181
184 usage: dsconf instance backend suffix set [-h] [--enable-readonly]
185 [--disable-readonly]
186 [--require-index] [--ignore-
187 index]
188 [--add-referral ADD_REFERRAL]
189 [--del-referral DEL_REFERRAL]
190 [--enable] [--disable]
191 [--cache-size CACHE_SIZE]
192 [--cache-memsize CACHE_MEM‐
193 SIZE]
194 [--dncache-memsize
195 DNCACHE_MEMSIZE]
196 be_name
197 be_name
200 The backend name or suffix to delete
201 --enable-readonly
204 Set backend database to be read-only
205 --disable-readonly
208 Disable read-only mode for backend database
209 --require-index
212 Only allow indexed searches
213 --ignore-index
216 Allow all searches even if they are unindexed
217 --add-referral ADD_REFERRAL
220 Add a LDAP referral to the backend
221 --del-referral DEL_REFERRAL
224 Remove a LDAP referral to the backend
225 --enable
228 Enable the backend database
229 --disable
232 Disable the backend database
233 --cache-size CACHE_SIZE
236 The maximum number of entries to keep in the entry cache
237 --cache-memsize CACHE_MEMSIZE
240 The maximum size in bytes that the entry cache can grow to
241 --dncache-memsize DNCACHE_MEMSIZE
244 The maximum size in bytes that the DN cache can grow to
245
249 usage: dsconf instance backend index [-h]
250 {add,set,get,list,delete,reindex}
251 ...
252 Sub-commands
255 dsconf backend index add
256 Set configuration settings for a single backend
257 dsconf backend index set
259 Edit an index entry
260 dsconf backend index get
262 Get an index entry
263 dsconf backend index list
265 Set configuration settings for a single backend
266 dsconf backend index delete
268 Set configuration settings for a single backend
269 dsconf backend index reindex
271 Reindex the database (for a single index or all indexes
272
274 usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
275 [--matching-rule MATCH‐
276 ING_RULE]
277 [--reindex] --attr ATTR
278 be_name
279 be_name
282 The backend name or suffix to delete
283 --index-type INDEX_TYPE
286 An indexing type: eq, sub, pres, or approximate
287 --matching-rule MATCHING_RULE
290 Matching rule for the index
291 --reindex
294 After adding new index, reindex the database
295 --attr ATTR
298 The index attribute's name
299
302 usage: dsconf instance backend index set [-h] --attr ATTR
303 [--add-type ADD_TYPE]
304 [--del-type DEL_TYPE]
305 [--add-mr ADD_MR] [--del-mr
306 DEL_MR]
307 [--reindex]
308 be_name
309 be_name
312 The backend name or suffix to edit an index from
313 --attr ATTR
316 The index name to edit
317 --add-type ADD_TYPE
320 An index type to add to the index: eq, sub, pres, or approx
321 --del-type DEL_TYPE
324 An index type to remove from the index: eq, sub, pres, or approx
325 --add-mr ADD_MR
328 A matching-rule to add to the index
329 --del-mr DEL_MR
332 A matching-rule to remove from the index
333 --reindex
336 After editing index, reindex the database
337
340 usage: dsconf instance backend index get [-h] --attr ATTR be_name
341 be_name
344 The backend name or suffix to get the index from
345 --attr ATTR
348 The index name to get
349
352 usage: dsconf instance backend index list [-h] [--just-names] be_name
353 be_name
356 The backend name or suffix to list indexes from
357 --just-names
360 Return a list of just the attribute names for a backend
361
364 usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
365 be_name
368 The backend name or suffix to delete
369 --attr ATTR
372 The index attribute's name
373
376 usage: dsconf instance backend index reindex [-h] [--attr ATTR]
377 [--wait]
378 be_name
379 be_name
382 The backend name or suffix to reindex
383 --attr ATTR
386 The index attribute's name to reindex. Skip this argument to
387 reindex all attributes
388 --wait Wait for the index task to complete and report the status
391
395 usage: dsconf instance backend vlv-index [-h]
396 {list,get,add-search,edit-
397 search,del-search,add-index,del-index,reindex}
398 ...
399 Sub-commands
402 dsconf backend vlv-index list
403 List VLV search and index entries
404 dsconf backend vlv-index get
406 Get a VLV search & index
407 dsconf backend vlv-index add-search
409 Add a VLV search entry. The search entry is the parent entry of
410 the VLV index entries, and it specifies the search params that
411 are used to match entries for those indexes.
412 dsconf backend vlv-index edit-search
414 Edit a VLV search & index
415 dsconf backend vlv-index del-search
417 Delete VLV search & index
418 dsconf backend vlv-index add-index
420 Create a VLV index under a VLV search entry(parent entry). The
421 VLV index just specifies the attributes to sort
422 dsconf backend vlv-index del-index
424 Delete a VLV index under a VLV search entry(parent entry).
425 dsconf backend vlv-index reindex
427 Index/reindex the VLV database index
428
430 usage: dsconf instance backend vlv-index list [-h] [--just-names]
431 be_name
432 be_name
435 The backend name of the VLV index
436 --just-names
439 List just the names of the VLV search entries
440
443 usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
444 be_name
447 The backend name of the VLV index
448 --name NAME
451 Get the VLV search entry and its index entries
452
455 usage: dsconf instance backend vlv-index add-search [-h] --name NAME
456 --search-base
457 SEARCH_BASE
458 --search-scope
459 SEARCH_SCOPE
460 --search-filter
461 SEARCH_FILTER
462 be_name
463 be_name
466 The backend name of the VLV index
467 --name NAME
470 Name of the VLV search entry
471 --search-base SEARCH_BASE
474 The VLV search base
475 --search-scope SEARCH_SCOPE
478 The VLV search scope: 0 (base search), 1 (one-level search), or
479 2 (subtree search)
480 --search-filter SEARCH_FILTER
483 The VLV search filter
484
487 usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
488 [--search-base
489 SEARCH_BASE]
490 [--search-scope
491 SEARCH_SCOPE]
492 [--search-filter
493 SEARCH_FILTER]
494 [--reindex]
495 be_name
496 be_name
499 The backend name of the VLV index
500 --name NAME
503 Name of the VLV index
504 --search-base SEARCH_BASE
507 The VLV search base
508 --search-scope SEARCH_SCOPE
511 The VLV search scope: 0 (base search), 1 (one-level search), or
512 2 (subtree search)
513 --search-filter SEARCH_FILTER
516 The VLV search filter
517 --reindex
520 Reindex all the VLV database indexes
521
524 usage: dsconf instance backend vlv-index del-search [-h] --name NAME
525 be_name
526 be_name
529 The backend name of the VLV index
530 --name NAME
533 Name of the VLV search index
534
537 usage: dsconf instance backend vlv-index add-index [-h] --parent-name
538 PARENT_NAME --index-
539 name
540 INDEX_NAME --sort
541 SORT
542 [--index-it]
543 be_name
544 be_name
547 The backend name of the VLV index
548 --parent-name PARENT_NAME
551 Name, or "cn" attribute value, of the parent VLV search entry
552 --index-name INDEX_NAME
555 Name of the new VLV index
556 --sort SORT
559 A space separated list of attributes to sort for this VLV index
560 --index-it
563 Create the database index for this VLV index definition
564
567 usage: dsconf instance backend vlv-index del-index [-h] --parent-name
568 PARENT_NAME
569 [--index-name IN‐
570 DEX_NAME]
571 [--sort SORT]
572 be_name
573 be_name
576 The backend name of the VLV index
577 --parent-name PARENT_NAME
580 Name, or "cn" attribute value, of the parent VLV search entry
581 --index-name INDEX_NAME
584 Name of the VLV index to delete
585 --sort SORT
588 Delete a VLV index that has this vlvsort value
589
592 usage: dsconf instance backend vlv-index reindex [-h]
593 [--index-name IN‐
594 DEX_NAME]
595 --parent-name PAR‐
596 ENT_NAME
597 be_name
598 be_name
601 The backend name of the VLV index
602 --index-name INDEX_NAME
605 Name of the VLV Index entry to reindex. If not set, all indexes
606 are reindexed
607 --parent-name PARENT_NAME
610 Name, or "cn" attribute value, of the parent VLV search entry
611
615 usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-
616 names]
617 [--add-attr ADD_ATTR]
618 [--del-attr DEL_ATTR]
619 be_name
620 be_name
623 The backend name or suffix to to reindex
624 --list List all the encrypted attributes for this backend
627 --just-names
630 List just the names of the encrypted attributes (used with
631 --list)
632 --add-attr ADD_ATTR
635 Add an attribute to be encrypted
636 --del-attr DEL_ATTR
639 Remove an attribute from being encrypted
640
643 usage: dsconf instance backend config [-h] {get,set} ...
644 Sub-commands
647 dsconf backend config get
648 Get the global database configuration
649 dsconf backend config set
651 Set the global database configuration
652
654 usage: dsconf instance backend config get [-h]
655
660 usage: dsconf instance backend config set [-h]
661 [--lookthroughlimit LOOK‐
662 THROUGHLIMIT]
663 [--mode MODE]
664 [--idlistscanlimit
665 IDLISTSCANLIMIT]
666 [--directory DIRECTORY]
667 [--dbcachesize DBCACHESIZE]
668 [--logdirectory LOGDIRECTORY]
669 [--durable-txn DURABLE_TXN]
670 [--txn-wait TXN_WAIT]
671 [--checkpoint-interval CHECK‐
672 POINT_INTERVAL]
673 [--compactdb-interval COM‐
674 PACTDB_INTERVAL]
675 [--compactdb-time COM‐
676 PACTDB_TIME]
677 [--txn-batch-val
678 TXN_BATCH_VAL]
679 [--txn-batch-min
680 TXN_BATCH_MIN]
681 [--txn-batch-max
682 TXN_BATCH_MAX]
683 [--logbufsize LOGBUFSIZE]
684 [--locks LOCKS]
685 [--locks-monitoring-enabled
686 LOCKS_MONITORING_ENABLED]
687 [--locks-monitoring-threshold
688 LOCKS_MONITORING_THRESHOLD]
689 [--locks-monitoring-pause
690 LOCKS_MONITORING_PAUSE]
691 [--import-cache-autosize IM‐
692 PORT_CACHE_AUTOSIZE]
693 [--cache-autosize CACHE_AUTO‐
694 SIZE]
695 [--cache-autosize-split
696 CACHE_AUTOSIZE_SPLIT]
697 [--import-cachesize IM‐
698 PORT_CACHESIZE]
699 [--exclude-from-export EX‐
700 CLUDE_FROM_EXPORT]
701 [--pagedlookthroughlimit
702 PAGEDLOOKTHROUGHLIMIT]
703 [--pagedidlistscanlimit PAGE‐
704 DIDLISTSCANLIMIT]
705 [--rangelookthroughlimit
706 RANGELOOKTHROUGHLIMIT]
707 [--backend-opt-level BACK‐
708 END_OPT_LEVEL]
709 [--deadlock-policy DEAD‐
710 LOCK_POLICY]
711 [--db-home-directory
712 DB_HOME_DIRECTORY]
713 --lookthroughlimit LOOKTHROUGHLIMIT
717 specifies the maximum number of entries that the Directory
718 Server will check when examining candidate entries in response
719 to a search request
720 --mode MODE
723 Specifies the permissions used for newly created index files
724 --idlistscanlimit IDLISTSCANLIMIT
727 Specifies the number of entry IDs that are searched during a
728 search operation
729 --directory DIRECTORY
732 Specifies absolute path to database instance
733 --dbcachesize DBCACHESIZE
736 Specifies the database index cache size, in bytes.
737 --logdirectory LOGDIRECTORY
740 Specifies the path to the directory that contains the database
741 transaction logs
742 --durable-txn DURABLE_TXN
745 Sets whether database transaction log entries are immediately
746 written to the disk.
747 --txn-wait TXN_WAIT
750 Sets whether the server should should wait if there are no db
751 locks available
752 --checkpoint-interval CHECKPOINT_INTERVAL
755 Sets the amount of time in seconds after which the Directory
756 Server sends a checkpoint entry to the database transaction log
757 --compactdb-interval COMPACTDB_INTERVAL
760 Sets the interval in seconds when the database is compacted
761 --compactdb-time COMPACTDB_TIME
764 Sets the Time Of Day to compact the database after the "com‐
765 pactdb interval" has been reached: Use this format to set the
766 hour and minute: HH:MM
767 --txn-batch-val TXN_BATCH_VAL
770 Specifies how many transactions will be batched before being
771 committed
772 --txn-batch-min TXN_BATCH_MIN
775 Controls when transactions should be flushed earliest, indepen‐
776 dently of the batch count (only works when txn-batch-val is set)
777 --txn-batch-max TXN_BATCH_MAX
780 Controls when transactions should be flushed latest, indepen‐
781 dently of the batch count (only works when txn-batch-val is set)
782 --logbufsize LOGBUFSIZE
785 Specifies the transaction log information buffer size
786 --locks LOCKS
789 Sets the maximum number of database locks
790 --locks-monitoring-enabled LOCKS_MONITORING_ENABLED
793 Set to "on" or "off" to monitor DB locks. When it crosses the
794 percentage value set with "--locks-monitoring-threshold" ("on"
795 by default)
796 --locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD
799 Sets the DB lock exhaustion value in percentage (valid range is
800 70-95). If too many locks are acquired, the server will abort
801 the searches while the number of locks are not decreased. It
802 helps to avoid DB corruption and long recovery.
803 --locks-monitoring-pause LOCKS_MONITORING_PAUSE
806 Sets the DB lock monitoring value in milliseconds for the amount
807 of time that the monitoring thread spends waiting between
808 checks.
809 --import-cache-autosize IMPORT_CACHE_AUTOSIZE
812 Set to "on" or "off" to automatically set the size of the import
813 cache to be used during the the import process of LDIF files
814 --cache-autosize CACHE_AUTOSIZE
817 Sets the percentage of free memory that is used in total for the
818 database and entry cache. Set to "0" to disable this feature.
819 --cache-autosize-split CACHE_AUTOSIZE_SPLIT
822 Sets the percentage of RAM that is used for the database cache.
823 The remaining percentage is used for the entry cache
824 --import-cachesize IMPORT_CACHESIZE
827 Sets the size, in bytes, of the database cache used in the im‐
828 port process.
829 --exclude-from-export EXCLUDE_FROM_EXPORT
832 List of attributes to not include during database export opera‐
833 tions
834 --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
837 Specifies the maximum number of entries that the Directory
838 Server will check when examining candidate entries for a search
839 which uses the simple paged results control
840 --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
843 Specifies the number of entry IDs that are searched, specifi‐
844 cally, for a search operation using the simple paged results
845 control.
846 --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
849 Specifies the maximum number of entries that the Directory
850 Server will check when examining candidate entries in response
851 to a range search request.
852 --backend-opt-level BACKEND_OPT_LEVEL
855 WARNING this parameter can trigger experimental code to improve
856 write performance. Valid values are: 0, 1, 2, or 4
857 --deadlock-policy DEADLOCK_POLICY
860 Adjusts the backend database deadlock policy (Advanced setting)
861 --db-home-directory DB_HOME_DIRECTORY
864 Sets the directory for the database mmapped files (Advanced set‐
865 ting)
866
870 usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
871 --suffix SUFFIX
875 Get just the suffix monitor entry
876
879 usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
880 [-g GEN_UNIQ_ID] [-O]
881 [-s INCLUDE_SUFFIXES [IN‐
882 CLUDE_SUFFIXES ...]]
883 [-x EXCLUDE_SUFFIXES [EX‐
884 CLUDE_SUFFIXES ...]]
885 [be_name] [ldifs ...]
886 be_name
889 The backend name or the root suffix where to import
890 ldifs Specifies the filename of the input LDIF files.When multiple
893 files are imported, they are imported in the orderthey are spec‐
894 ified on the command line.
895 -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
898 The number of chunks to have during the import operation.
899 -E, --encrypted
902 Decrypts encrypted data during export. This option is used on‐
903 lyif database encryption is enabled.
904 -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
907 Generate a unique id. Type none for no unique ID to be gener‐
908 atedand deterministic for the generated unique ID to be
909 name-based.By default, a time- based unique ID is generated.When
910 using the deterministic generation to have a name-based unique
911 ID,it is also possible to specify the namespace for the server
912 to use.namespaceId is a string of charactersin the format
913 00-xxxxxxxx- xxxxxxxx-xxxxxxxx-xxxxxxxx.
914 -O, --only-core
917 Requests that only the core database is created without attri‐
918 bute indexes.
919 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes IN‐
922 CLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
923 Specifies the suffixes or the subtrees to be included.
924 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EX‐
927 CLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
928 Specifies the suffixes to be excluded.
929
932 usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
933 [-N] [-r]
934 [-u] [-U]
935 [-s INCLUDE_SUFFIXES [IN‐
936 CLUDE_SUFFIXES ...]]
937 [-x EXCLUDE_SUFFIXES [EX‐
938 CLUDE_SUFFIXES ...]]
939 be_names [be_names ...]
940 be_names
943 The backend names or the root suffixes from where to export.
944 -l LDIF, --ldif LDIF
947 Gives the filename of the output LDIF file.If more than one are
948 specified, use a space as a separator
949 -C, --use-id2entry
952 Uses only the main database file.
953 -E, --encrypted
956 Decrypts encrypted data during export. This option is used only
957 if database encryption is enabled.
958 -m, --min-base64
961 Sets minimal base-64 encoding.
962 -N, --no-seq-num
965 Enables you to suppress printing the sequence number.
966 -r, --replication
969 Exports the information required to initialize a replica when
970 the LDIF is imported
971 -u, --no-dump-uniq-id
974 Requests that the unique ID is not exported.
975 -U, --not-folded
978 Requests that the output LDIF is not folded.
979 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes IN‐
982 CLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
983 Specifies the suffixes or the subtrees to be included.
984 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EX‐
987 CLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
988 Specifies the suffixes to be excluded.
989
992 usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
993 FIX]
994 --suffix SUFFIX --be-name BE_NAME
995 [--create-entries] [--create-suf‐
996 fix]
997 --parent-suffix PARENT_SUFFIX
1001 Sets the parent suffix only if this backend is a sub-suffix
1002 --suffix SUFFIX
1005 The database suffix DN, for example "dc=example,dc=com"
1006 --be-name BE_NAME
1009 The database backend name, for example "userroot"
1010 --create-entries
1013 Create sample entries in the database
1014 --create-suffix
1017 Create the suffix object entry in the database. Only suffixes
1018 using the attributes 'dc', 'o', 'ou', or 'cn' are supported in
1019 this feature
1020
1023 usage: dsconf instance backend delete [-h] be_name
1024 be_name
1027 The backend name or suffix to delete
1028
1032 usage: dsconf instance backend get-tree [-h]
1033
1038 usage: dsconf instance backend compact-db [-h] [--only-changelog]
1039 --only-changelog
1043 Only compact the Replication Change Log
1044
1048 usage: dsconf instance backup [-h] {create,restore} ...
1049 Sub-commands
1052 dsconf backup create
1053 Creates a backup of the database
1054 dsconf backup restore
1056 Restores a database from a backup
1057
1059 usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]
1060 archive
1063 The directory where the backup files will be stored.The
1064 /var/lib/dirsrv/slapd- instance/bak directory is used by de‐
1065 fault.The backup file is named according to the
1066 year-month-day-hour format.
1067 -t DB_TYPE, --db-type DB_TYPE
1070 Database type (default: ldbm database).
1071
1074 usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive
1075 archive
1078 The directory of the backup files.
1079 -t DB_TYPE, --db-type DB_TYPE
1082 Database type (default: ldbm database).
1083
1087 usage: dsconf instance chaining [-h]
1088 {config-get,config-set,config-get-
1089 def,config-set-def,link-create,link-get,link-set,link-delete,moni‐
1090 tor,link-list}
1091 ...
1092 Sub-commands
1095 dsconf chaining config-get
1096 Get the chaining controls and server component lists
1097 dsconf chaining config-set
1099 Set the chaining controls and server component lists
1100 dsconf chaining config-get-def
1102 Get the default creation parameters for new database links
1103 dsconf chaining config-set-def
1105 Set the default creation parameters for new database links
1106 dsconf chaining link-create
1108 Create a database link to a remote server
1109 dsconf chaining link-get
1111 get chaining database link
1112 dsconf chaining link-set
1114 Edit a database link to a remote server
1115 dsconf chaining link-delete
1117 Delete a database link
1118 dsconf chaining monitor
1120 Get the monitor information for a database chaining link
1121 dsconf chaining link-list
1123 List database links
1124
1126 usage: dsconf instance chaining config-get [-h] [--avail-controls]
1127 [--avail-comps]
1128 --avail-controls
1132 List available controls for chaining
1133 --avail-comps
1136 List available plugin components for chaining
1137
1140 usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1141 TROL]
1142 [--del-control DEL_CONTROL]
1143 [--add-comp ADD_COMP]
1144 [--del-comp DEL_COMP]
1145 --add-control ADD_CONTROL
1149 Add a transmitted control OID
1150 --del-control DEL_CONTROL
1153 Delete a transmitted control OID
1154 --add-comp ADD_COMP
1157 Add a chaining component
1158 --del-comp DEL_COMP
1161 Delete a chaining component
1162
1165 usage: dsconf instance chaining config-get-def [-h]
1166
1171 usage: dsconf instance chaining config-set-def [-h]
1172 [--conn-bind-limit
1173 CONN_BIND_LIMIT]
1174 [--conn-op-limit
1175 CONN_OP_LIMIT]
1176 [--abandon-check-inter‐
1177 val ABANDON_CHECK_INTERVAL]
1178 [--bind-limit
1179 BIND_LIMIT]
1180 [--op-limit OP_LIMIT]
1181 [--proxied-auth PROX‐
1182 IED_AUTH]
1183 [--conn-lifetime
1184 CONN_LIFETIME]
1185 [--bind-timeout
1186 BIND_TIMEOUT]
1187 [--return-ref RE‐
1188 TURN_REF]
1189 [--check-aci CHECK_ACI]
1190 [--bind-attempts
1191 BIND_ATTEMPTS]
1192 [--size-limit
1193 SIZE_LIMIT]
1194 [--time-limit
1195 TIME_LIMIT]
1196 [--hop-limit HOP_LIMIT]
1197 [--response-delay RE‐
1198 SPONSE_DELAY]
1199 [--test-response-delay
1200 TEST_RESPONSE_DELAY]
1201 [--use-starttls
1202 USE_STARTTLS]
1203 --conn-bind-limit CONN_BIND_LIMIT
1207 The maximum number of BIND connections the database link estab‐
1208 lishes with the remote server.
1209 --conn-op-limit CONN_OP_LIMIT
1212 The maximum number of LDAP connections the database link estab‐
1213 lishes with the remote server.
1214 --abandon-check-interval ABANDON_CHECK_INTERVAL
1217 The number of seconds that pass before the server checks for
1218 abandoned operations.
1219 --bind-limit BIND_LIMIT
1222 The maximum number of concurrent bind operations per TCP connec‐
1223 tion.
1224 --op-limit OP_LIMIT
1227 The maximum number of concurrent operations allowed.
1228 --proxied-auth PROXIED_AUTH
1231 Set to "off" to disable proxied authorization, then binds for
1232 chained operations are executed as the user set in the nsMulti‐
1233 plexorBindDn attribute (on/off).
1234 --conn-lifetime CONN_LIFETIME
1237 Specifies connection lifetime in seconds. 0 keeps connection
1238 open forever.
1239 --bind-timeout BIND_TIMEOUT
1242 The amount of time in seconds before a bind attempt times out.
1243 --return-ref RETURN_REF
1246 Sets whether referrals are returned by scoped searches (on/off).
1247 --check-aci CHECK_ACI
1250 Set whether ACIs are evaluated on the database link as well as
1251 the remote data server (on/off).
1252 --bind-attempts BIND_ATTEMPTS
1255 Sets the number of times the server tries to bind with the re‐
1256 mote server.
1257 --size-limit SIZE_LIMIT
1260 Sets the maximum number of entries to return from a search oper‐
1261 ation.
1262 --time-limit TIME_LIMIT
1265 Sets the maximum number of seconds allowed for an operation.
1266 --hop-limit HOP_LIMIT
1269 Sets the maximum number of times a database is allowed to chain;
1270 that is, the number of times a request can be forwarded from one
1271 database link to another.
1272 --response-delay RESPONSE_DELAY
1275 The maximum amount of time it can take a remote server to re‐
1276 spond to an LDAP operation request made by a database link be‐
1277 fore an error is suspected.
1278 --test-response-delay TEST_RESPONSE_DELAY
1281 Sets the duration of the test issued by the database link to
1282 check whether the remote server is responding.
1283 --use-starttls USE_STARTTLS
1286 Set to "on" specifies that the database links should use Start‐
1287 TLS for its secure connections.
1288
1291 usage: dsconf instance chaining link-create [-h]
1292 [--conn-bind-limit
1293 CONN_BIND_LIMIT]
1294 [--conn-op-limit
1295 CONN_OP_LIMIT]
1296 [--abandon-check-interval
1297 ABANDON_CHECK_INTERVAL]
1298 [--bind-limit BIND_LIMIT]
1299 [--op-limit OP_LIMIT]
1300 [--proxied-auth PROX‐
1301 IED_AUTH]
1302 [--conn-lifetime CONN_LIFE‐
1303 TIME]
1304 [--bind-timeout BIND_TIME‐
1305 OUT]
1306 [--return-ref RETURN_REF]
1307 [--check-aci CHECK_ACI]
1308 [--bind-attempts BIND_AT‐
1309 TEMPTS]
1310 [--size-limit SIZE_LIMIT]
1311 [--time-limit TIME_LIMIT]
1312 [--hop-limit HOP_LIMIT]
1313 [--response-delay RE‐
1314 SPONSE_DELAY]
1315 [--test-response-delay
1316 TEST_RESPONSE_DELAY]
1317 [--use-starttls USE_START‐
1318 TLS]
1319 --suffix SUFFIX --server-
1320 url
1321 SERVER_URL --bind-mech
1322 BIND_MECH
1323 --bind-dn BIND_DN --bind-pw
1324 BIND_PW
1325 CHAIN_NAME
1326 CHAIN_NAME
1329 The name of the database link
1330 --conn-bind-limit CONN_BIND_LIMIT
1333 The maximum number of BIND connections the database link estab‐
1334 lishes with the remote server.
1335 --conn-op-limit CONN_OP_LIMIT
1338 The maximum number of LDAP connections the database link estab‐
1339 lishes with the remote server.
1340 --abandon-check-interval ABANDON_CHECK_INTERVAL
1343 The number of seconds that pass before the server checks for
1344 abandoned operations.
1345 --bind-limit BIND_LIMIT
1348 The maximum number of concurrent bind operations per TCP connec‐
1349 tion.
1350 --op-limit OP_LIMIT
1353 The maximum number of concurrent operations allowed.
1354 --proxied-auth PROXIED_AUTH
1357 Set to "off" to disable proxied authorization, then binds for
1358 chained operations are executed as the user set in the nsMulti‐
1359 plexorBindDn attribute (on/off).
1360 --conn-lifetime CONN_LIFETIME
1363 Specifies connection lifetime in seconds. 0 keeps connection
1364 open forever.
1365 --bind-timeout BIND_TIMEOUT
1368 The amount of time in seconds before a bind attempt times out.
1369 --return-ref RETURN_REF
1372 Sets whether referrals are returned by scoped searches (on/off).
1373 --check-aci CHECK_ACI
1376 Set whether ACIs are evaluated on the database link as well as
1377 the remote data server (on/off).
1378 --bind-attempts BIND_ATTEMPTS
1381 Sets the number of times the server tries to bind with the re‐
1382 mote server.
1383 --size-limit SIZE_LIMIT
1386 Sets the maximum number of entries to return from a search oper‐
1387 ation.
1388 --time-limit TIME_LIMIT
1391 Sets the maximum number of seconds allowed for an operation.
1392 --hop-limit HOP_LIMIT
1395 Sets the maximum number of times a database is allowed to chain;
1396 that is, the number of times a request can be forwarded from one
1397 database link to another.
1398 --response-delay RESPONSE_DELAY
1401 The maximum amount of time it can take a remote server to re‐
1402 spond to an LDAP operation request made by a database link be‐
1403 fore an error is suspected.
1404 --test-response-delay TEST_RESPONSE_DELAY
1407 Sets the duration of the test issued by the database link to
1408 check whether the remote server is responding.
1409 --use-starttls USE_STARTTLS
1412 Set to "on" specifies that the database links should use Start‐
1413 TLS for its secure connections.
1414 --suffix SUFFIX
1417 The suffix managed by the database link.
1418 --server-url SERVER_URL
1421 Gives the LDAP/LDAPS URL of the remote server.
1422 --bind-mech BIND_MECH
1425 Sets the authentication method to use to authenticate to the re‐
1426 mote server: SIMPLE, EXTERNAL, DIGEST-MD5, or GSSAPI. Default if
1427 unset is SIMPLE.
1428 --bind-dn BIND_DN
1431 DN of the administrative entry used to communicate with the re‐
1432 mote server
1433 --bind-pw BIND_PW
1436 Password for the administrative user.
1437
1440 usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1441 CHAIN_NAME
1444 The chaining link name, or suffix, to retrieve
1445
1449 usage: dsconf instance chaining link-set [-h]
1450 [--conn-bind-limit
1451 CONN_BIND_LIMIT]
1452 [--conn-op-limit
1453 CONN_OP_LIMIT]
1454 [--abandon-check-interval
1455 ABANDON_CHECK_INTERVAL]
1456 [--bind-limit BIND_LIMIT]
1457 [--op-limit OP_LIMIT]
1458 [--proxied-auth PROXIED_AUTH]
1459 [--conn-lifetime CONN_LIFE‐
1460 TIME]
1461 [--bind-timeout BIND_TIMEOUT]
1462 [--return-ref RETURN_REF]
1463 [--check-aci CHECK_ACI]
1464 [--bind-attempts BIND_AT‐
1465 TEMPTS]
1466 [--size-limit SIZE_LIMIT]
1467 [--time-limit TIME_LIMIT]
1468 [--hop-limit HOP_LIMIT]
1469 [--response-delay RESPONSE_DE‐
1470 LAY]
1471 [--test-response-delay
1472 TEST_RESPONSE_DELAY]
1473 [--use-starttls USE_STARTTLS]
1474 [--suffix SUFFIX]
1475 [--server-url SERVER_URL]
1476 [--bind-mech BIND_MECH]
1477 [--bind-dn BIND_DN]
1478 [--bind-pw BIND_PW]
1479 CHAIN_NAME
1480 CHAIN_NAME
1483 The name of the database link
1484 --conn-bind-limit CONN_BIND_LIMIT
1487 The maximum number of BIND connections the database link estab‐
1488 lishes with the remote server.
1489 --conn-op-limit CONN_OP_LIMIT
1492 The maximum number of LDAP connections the database link estab‐
1493 lishes with the remote server.
1494 --abandon-check-interval ABANDON_CHECK_INTERVAL
1497 The number of seconds that pass before the server checks for
1498 abandoned operations.
1499 --bind-limit BIND_LIMIT
1502 The maximum number of concurrent bind operations per TCP connec‐
1503 tion.
1504 --op-limit OP_LIMIT
1507 The maximum number of concurrent operations allowed.
1508 --proxied-auth PROXIED_AUTH
1511 Set to "off" to disable proxied authorization, then binds for
1512 chained operations are executed as the user set in the nsMulti‐
1513 plexorBindDn attribute (on/off).
1514 --conn-lifetime CONN_LIFETIME
1517 Specifies connection lifetime in seconds. 0 keeps connection
1518 open forever.
1519 --bind-timeout BIND_TIMEOUT
1522 The amount of time in seconds before a bind attempt times out.
1523 --return-ref RETURN_REF
1526 Sets whether referrals are returned by scoped searches (on/off).
1527 --check-aci CHECK_ACI
1530 Set whether ACIs are evaluated on the database link as well as
1531 the remote data server (on/off).
1532 --bind-attempts BIND_ATTEMPTS
1535 Sets the number of times the server tries to bind with the re‐
1536 mote server.
1537 --size-limit SIZE_LIMIT
1540 Sets the maximum number of entries to return from a search oper‐
1541 ation.
1542 --time-limit TIME_LIMIT
1545 Sets the maximum number of seconds allowed for an operation.
1546 --hop-limit HOP_LIMIT
1549 Sets the maximum number of times a database is allowed to chain;
1550 that is, the number of times a request can be forwarded from one
1551 database link to another.
1552 --response-delay RESPONSE_DELAY
1555 The maximum amount of time it can take a remote server to re‐
1556 spond to an LDAP operation request made by a database link be‐
1557 fore an error is suspected.
1558 --test-response-delay TEST_RESPONSE_DELAY
1561 Sets the duration of the test issued by the database link to
1562 check whether the remote server is responding.
1563 --use-starttls USE_STARTTLS
1566 Set to "on" specifies that the database links should use Start‐
1567 TLS for its secure connections.
1568 --suffix SUFFIX
1571 The suffix managed by the database link.
1572 --server-url SERVER_URL
1575 Gives the LDAP/LDAPS URL of the remote server.
1576 --bind-mech BIND_MECH
1579 Sets the authentication method to use to authenticate to the re‐
1580 mote server: SIMPLE, EXTERNAL, DIGEST-MD5, or GSSAPI. Default if
1581 unset is SIMPLE.
1582 --bind-dn BIND_DN
1585 DN of the administrative entry used to communicate with the re‐
1586 mote server
1587 --bind-pw BIND_PW
1590 Password for the administrative user.
1591
1594 usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1595 CHAIN_NAME
1598 The name of the database link
1599
1603 usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1604 CHAIN_NAME
1607 The name of the database link
1608
1612 usage: dsconf instance chaining link-list [-h]
1613
1619 usage: dsconf instance config [-h] {get,add,replace,delete} ...
1620 Sub-commands
1623 dsconf config get
1624 get
1625 dsconf config add
1627 Add attribute value to configuration
1628 dsconf config replace
1630 Replace attribute value in configuration
1631 dsconf config delete
1633 Delete attribute value in configuration
1634
1636 usage: dsconf instance config get [-h] [attrs ...]
1637 attrs Configuration attribute(s) to get
1640
1644 usage: dsconf instance config add [-h] [attr ...]
1645 attr Configuration attribute to add
1648
1652 usage: dsconf instance config replace [-h] [attr ...]
1653 attr Configuration attribute to replace
1656
1660 usage: dsconf instance config delete [-h] [attr ...]
1661 attr Configuration attribute to delete
1664
1669 usage: dsconf instance directory_manager [-h] {password_change} ...
1670 Sub-commands
1673 dsconf directory_manager password_change
1674 Change the directory manager password
1675
1677 usage: dsconf instance directory_manager password_change [-h]
1678
1684 usage: dsconf instance monitor [-h]
1685 {server,dbmon,ldbm,backend,snmp,chain‐
1686 ing,disk}
1687 ...
1688 Sub-commands
1691 dsconf monitor server
1692 Monitor the server statistics, connections and operations
1693 dsconf monitor dbmon
1695 Monitor the all the database statistics in a single report
1696 dsconf monitor ldbm
1698 Monitor the ldbm statistics, such as dbcache
1699 dsconf monitor backend
1701 Monitor the behavior of a backend database
1702 dsconf monitor snmp
1704 Monitor the SNMP statistics
1705 dsconf monitor chaining
1707 Monitor database chaining statistics
1708 dsconf monitor disk
1710 Disk space statistics. All values are in bytes
1711
1713 usage: dsconf instance monitor server [-h]
1714
1719 usage: dsconf instance monitor dbmon [-h] [-b BACKENDS] [-x]
1720 -b BACKENDS, --backends BACKENDS
1724 List of space separated backends to monitor. Default is all
1725 backends.
1726 -x, --indexes
1729 Show index stats for each backend
1730
1733 usage: dsconf instance monitor ldbm [-h]
1734
1739 usage: dsconf instance monitor backend [-h] [backend]
1740 backend
1743 Optional name of the backend to monitor
1744
1748 usage: dsconf instance monitor snmp [-h]
1749
1754 usage: dsconf instance monitor chaining [-h] [backend]
1755 backend
1758 Optional name of the chaining backend to monitor
1759
1763 usage: dsconf instance monitor disk [-h]
1764
1770 usage: dsconf instance plugin [-h]
1771 {memberof,automember,referential-integ‐
1772 rity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-en‐
1773 tries,pass-through-auth,retro-changelog,posix-winsync,con‐
1774 tentsync,list,show,set}
1775 ...
1776 Sub-commands
1779 dsconf plugin memberof
1780 Manage and configure MemberOf plugin
1781 dsconf plugin automember
1783 Manage and configure Automembership plugin
1784 dsconf plugin referential-integrity
1786 Manage and configure Referential Integrity Postoperation plugin
1787 dsconf plugin root-dn
1789 Manage and configure RootDN Access Control plugin
1790 dsconf plugin usn
1792 Manage and configure USN plugin
1793 dsconf plugin account-policy
1795 Manage and configure Account Policy plugin
1796 dsconf plugin attr-uniq
1798 Manage and configure Attribute Uniqueness plugin
1799 dsconf plugin dna
1801 Manage and configure DNA plugin
1802 dsconf plugin linked-attr
1804 Manage and configure Linked Attributes plugin
1805 dsconf plugin managed-entries
1807 Manage and configure Managed Entries Plugin
1808 dsconf plugin pass-through-auth
1810 Manage and configure Pass-Through Authentication plugins (URLs
1811 and PAM)
1812 dsconf plugin retro-changelog
1814 Manage and configure Retro Changelog plugin
1815 dsconf plugin posix-winsync
1817 Manage and configure The Posix Winsync API plugin
1818 dsconf plugin contentsync
1820 Manage and configure Content Sync Plugin (aka syncrepl)
1821 dsconf plugin list
1823 List current configured (enabled and disabled) plugins
1824 dsconf plugin show
1826 Show the plugin data
1827 dsconf plugin set
1829 Edit the plugin
1830
1832 usage: dsconf instance plugin memberof [-h]
1833 {show,enable,disable,sta‐
1834 tus,set,config-entry,fixup}
1835 ...
1836 Sub-commands
1839 dsconf plugin memberof show
1840 display plugin configuration
1841 dsconf plugin memberof enable
1843 enable plugin
1844 dsconf plugin memberof disable
1846 disable plugin
1847 dsconf plugin memberof status
1849 display plugin status
1850 dsconf plugin memberof set
1852 Edit the plugin
1853 dsconf plugin memberof config-entry
1855 Manage the config entry
1856 dsconf plugin memberof fixup
1858 Run the fix-up task for memberOf plugin
1859
1861 usage: dsconf instance plugin memberof show [-h]
1862
1867 usage: dsconf instance plugin memberof enable [-h]
1868
1873 usage: dsconf instance plugin memberof disable [-h]
1874
1879 usage: dsconf instance plugin memberof status [-h]
1880
1885 usage: dsconf instance plugin memberof set [-h] [--attr ATTR [ATTR
1886 ...]]
1887 [--groupattr GROUPATTR
1888 [GROUPATTR ...]]
1889 [--allbackends {on,off}]
1890 [--skipnested {on,off}]
1891 [--scope SCOPE] [--exclude
1892 EXCLUDE]
1893 [--autoaddoc AUTOADDOC]
1894 [--config-entry CONFIG_EN‐
1895 TRY]
1896 --attr ATTR [ATTR ...]
1900 Specifies the attribute in the user entry for the Directory
1901 Server to manage to reflect group membership (memberOfAttr)
1902 --groupattr GROUPATTR [GROUPATTR ...]
1905 Specifies the attribute in the group entry to use to identify
1906 the DNs of group members (memberOfGroupAttr)
1907 --allbackends {on,off}
1910 Specifies whether to search the local suffix for user entries on
1911 all available suffixes (memberOfAllBackends)
1912 --skipnested {on,off}
1915 Specifies wherher to skip nested groups or not (memberOfSkip‐
1916 Nested)
1917 --scope SCOPE
1920 Specifies backends or multiple-nested suffixes for the MemberOf
1921 plug-in to work on (memberOfEntryScope)
1922 --exclude EXCLUDE
1925 Specifies backends or multiple-nested suffixes for the MemberOf
1926 plug-in to exclude (memberOfEntryScopeExcludeSubtree)
1927 --autoaddoc AUTOADDOC
1930 If an entry does not have an object class that allows the mem‐
1931 berOf attribute then the memberOf plugin will automatically add
1932 the object class listed in the memberOfAutoAddOC parameter
1933 --config-entry CONFIG_ENTRY
1936 The value to set as nsslapd-pluginConfigArea
1937
1940 usage: dsconf instance plugin memberof config-entry [-h]
1941 {add,set,show,delete}
1942 ...
1943 Sub-commands
1946 dsconf plugin memberof config-entry add
1947 Add the config entry
1948 dsconf plugin memberof config-entry set
1950 Edit the config entry
1951 dsconf plugin memberof config-entry show
1953 Display the config entry
1954 dsconf plugin memberof config-entry delete
1956 Delete the config entry
1957
1959 usage: dsconf instance plugin memberof config-entry add [-h]
1960 [--attr ATTR
1961 [ATTR ...]]
1962 [--groupattr
1963 GROUPATTR [GROUPATTR ...]]
1964 [--allbackends
1965 {on,off}]
1966 [--skipnested
1967 {on,off}]
1968 [--scope SCOPE]
1969 [--exclude EX‐
1970 CLUDE]
1971 [--autoaddoc
1972 AUTOADDOC]
1973 DN
1974 DN The config entry full DN
1977 --attr ATTR [ATTR ...]
1980 Specifies the attribute in the user entry for the Directory
1981 Server to manage to reflect group membership (memberOfAttr)
1982 --groupattr GROUPATTR [GROUPATTR ...]
1985 Specifies the attribute in the group entry to use to identify
1986 the DNs of group members (memberOfGroupAttr)
1987 --allbackends {on,off}
1990 Specifies whether to search the local suffix for user entries on
1991 all available suffixes (memberOfAllBackends)
1992 --skipnested {on,off}
1995 Specifies wherher to skip nested groups or not (memberOfSkip‐
1996 Nested)
1997 --scope SCOPE
2000 Specifies backends or multiple-nested suffixes for the MemberOf
2001 plug-in to work on (memberOfEntryScope)
2002 --exclude EXCLUDE
2005 Specifies backends or multiple-nested suffixes for the MemberOf
2006 plug-in to exclude (memberOfEntryScopeExcludeSubtree)
2007 --autoaddoc AUTOADDOC
2010 If an entry does not have an object class that allows the mem‐
2011 berOf attribute then the memberOf plugin will automatically add
2012 the object class listed in the memberOfAutoAddOC parameter
2013
2016 usage: dsconf instance plugin memberof config-entry set [-h]
2017 [--attr ATTR
2018 [ATTR ...]]
2019 [--groupattr
2020 GROUPATTR [GROUPATTR ...]]
2021 [--allbackends
2022 {on,off}]
2023 [--skipnested
2024 {on,off}]
2025 [--scope SCOPE]
2026 [--exclude EX‐
2027 CLUDE]
2028 [--autoaddoc
2029 AUTOADDOC]
2030 DN
2031 DN The config entry full DN
2034 --attr ATTR [ATTR ...]
2037 Specifies the attribute in the user entry for the Directory
2038 Server to manage to reflect group membership (memberOfAttr)
2039 --groupattr GROUPATTR [GROUPATTR ...]
2042 Specifies the attribute in the group entry to use to identify
2043 the DNs of group members (memberOfGroupAttr)
2044 --allbackends {on,off}
2047 Specifies whether to search the local suffix for user entries on
2048 all available suffixes (memberOfAllBackends)
2049 --skipnested {on,off}
2052 Specifies wherher to skip nested groups or not (memberOfSkip‐
2053 Nested)
2054 --scope SCOPE
2057 Specifies backends or multiple-nested suffixes for the MemberOf
2058 plug-in to work on (memberOfEntryScope)
2059 --exclude EXCLUDE
2062 Specifies backends or multiple-nested suffixes for the MemberOf
2063 plug-in to exclude (memberOfEntryScopeExcludeSubtree)
2064 --autoaddoc AUTOADDOC
2067 If an entry does not have an object class that allows the mem‐
2068 berOf attribute then the memberOf plugin will automatically add
2069 the object class listed in the memberOfAutoAddOC parameter
2070
2073 usage: dsconf instance plugin memberof config-entry show [-h] DN
2074 DN The config entry full DN
2077
2081 usage: dsconf instance plugin memberof config-entry delete [-h] DN
2082 DN The config entry full DN
2085
2090 usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN
2091 DN Base DN that contains entries to fix up
2094 -f FILTER, --filter FILTER
2097 Filter for entries to fix up. If omitted, all entries with ob‐
2098 jectclass inetuser/inetadmin/nsmemberof under the specified base
2099 will have their memberOf attribute regenerated.
2100
2104 usage: dsconf instance plugin automember [-h]
2105 {show,enable,disable,sta‐
2106 tus,list,definition,fixup}
2107 ...
2108 Sub-commands
2111 dsconf plugin automember show
2112 display plugin configuration
2113 dsconf plugin automember enable
2115 enable plugin
2116 dsconf plugin automember disable
2118 disable plugin
2119 dsconf plugin automember status
2121 display plugin status
2122 dsconf plugin automember list
2124 List Automembership definitions or regex rules.
2125 dsconf plugin automember definition
2127 Manage Automembership definition.
2128 dsconf plugin automember fixup
2130 Run a rebuild membership task.
2131
2133 usage: dsconf instance plugin automember show [-h]
2134
2139 usage: dsconf instance plugin automember enable [-h]
2140
2145 usage: dsconf instance plugin automember disable [-h]
2146
2151 usage: dsconf instance plugin automember status [-h]
2152
2157 usage: dsconf instance plugin automember list [-h] {defini‐
2158 tions,regexes} ...
2159 Sub-commands
2162 dsconf plugin automember list definitions
2163 List Automembership definitions.
2164 dsconf plugin automember list regexes
2166 List Automembership regex rules.
2167
2169 usage: dsconf instance plugin automember list definitions [-h]
2170
2175 usage: dsconf instance plugin automember list regexes [-h] DEFNAME
2176 DEFNAME
2179 The definition entry CN.
2180
2185 usage: dsconf instance plugin automember definition [-h]
2186 DEFNAME
2187 {add,set,delete,show,regex}
2188 ...
2189 DEFNAME
2192 The definition entry CN.
2193 Sub-commands
2196 dsconf plugin automember definition add
2197 Create Automembership definition.
2198 dsconf plugin automember definition set
2200 Edit Automembership definition.
2201 dsconf plugin automember definition delete
2203 Remove Automembership definition.
2204 dsconf plugin automember definition show
2206 Display Automembership definition.
2207 dsconf plugin automember definition regex
2209 Manage Automembership regex rules.
2210
2212 usage: dsconf instance plugin automember definition DEFNAME add
2213 [-h] --grouping-attr GROUPING_ATTR [--default-group DE‐
2214 FAULT_GROUP]
2215 --scope SCOPE --filter FILTER
2216 --grouping-attr GROUPING_ATTR
2220 Specifies the name of the member attribute in the group entry
2221 and the attribute in the object entry that supplies the member
2222 attribute value, in the format group_member_attr:entry_attr (au‐
2223 toMemberGroupingAttr)
2224 --default-group DEFAULT_GROUP
2227 Sets default or fallback group to add the entry to as a member
2228 attribute in group entry (autoMemberDefaultGroup)
2229 --scope SCOPE
2232 Sets the subtree DN to search for entries (autoMemberScope)
2233 --filter FILTER
2236 Sets a standard LDAP search filter to use to search for matching
2237 entries (autoMemberFilter)
2238
2241 usage: dsconf instance plugin automember definition DEFNAME set
2242 [-h] --grouping-attr GROUPING_ATTR [--default-group DE‐
2243 FAULT_GROUP]
2244 --scope SCOPE --filter FILTER
2245 --grouping-attr GROUPING_ATTR
2249 Specifies the name of the member attribute in the group entry
2250 and the attribute in the object entry that supplies the member
2251 attribute value, in the format group_member_attr:entry_attr (au‐
2252 toMemberGroupingAttr)
2253 --default-group DEFAULT_GROUP
2256 Sets default or fallback group to add the entry to as a member
2257 attribute in group entry (autoMemberDefaultGroup)
2258 --scope SCOPE
2261 Sets the subtree DN to search for entries (autoMemberScope)
2262 --filter FILTER
2265 Sets a standard LDAP search filter to use to search for matching
2266 entries (autoMemberFilter)
2267
2270 usage: dsconf instance plugin automember definition DEFNAME delete [-h]
2271
2276 usage: dsconf instance plugin automember definition DEFNAME show [-h]
2277
2282 usage: dsconf instance plugin automember definition DEFNAME regex
2283 [-h] REGEXNAME {add,set,delete,show} ...
2284 REGEXNAME
2287 The regex entry CN.
2288 Sub-commands
2291 dsconf plugin automember definition regex add
2292 Create Automembership regex.
2293 dsconf plugin automember definition regex set
2295 Edit Automembership regex.
2296 dsconf plugin automember definition regex delete
2298 Remove Automembership regex.
2299 dsconf plugin automember definition regex show
2301 Display Automembership regex.
2302
2304 usage: dsconf instance plugin automember definition DEFNAME regex
2305 REGEXNAME add
2306 [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2307 [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TAR‐
2308 GET_GROUP
2309 --exclusive EXCLUSIVE [EXCLUSIVE ...]
2313 Sets a single regular expression to use to identify entries to
2314 exclude (autoMemberExclusiveRegex)
2315 --inclusive INCLUSIVE [INCLUSIVE ...]
2318 Sets a single regular expression to use to identify entries to
2319 include (autoMemberInclusiveRegex)
2320 --target-group TARGET_GROUP
2323 Sets which group to add the entry to as a member, if it meets
2324 the regular expression conditions (autoMemberTargetGroup)
2325
2328 usage: dsconf instance plugin automember definition DEFNAME regex
2329 REGEXNAME set
2330 [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2331 [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TAR‐
2332 GET_GROUP
2333 --exclusive EXCLUSIVE [EXCLUSIVE ...]
2337 Sets a single regular expression to use to identify entries to
2338 exclude (autoMemberExclusiveRegex)
2339 --inclusive INCLUSIVE [INCLUSIVE ...]
2342 Sets a single regular expression to use to identify entries to
2343 include (autoMemberInclusiveRegex)
2344 --target-group TARGET_GROUP
2347 Sets which group to add the entry to as a member, if it meets
2348 the regular expression conditions (autoMemberTargetGroup)
2349
2352 usage: dsconf instance plugin automember definition DEFNAME regex
2353 REGEXNAME delete
2354 [-h]
2355
2360 usage: dsconf instance plugin automember definition DEFNAME regex
2361 REGEXNAME show
2362 [-h]
2363
2370 usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2371 {sub,base,one}
2372 DN
2373 DN Base DN that contains entries to fix up
2376 -f FILTER, --filter FILTER
2379 LDAP filter for entries to fix up.
2380 -s {sub,base,one}, --scope {sub,base,one}
2383 LDAP search scope for entries to fix up
2384
2388 usage: dsconf instance plugin referential-integrity [-h]
2389 {show,enable,dis‐
2390 able,status,set,config-entry}
2391 ...
2392 Sub-commands
2395 dsconf plugin referential-integrity show
2396 display plugin configuration
2397 dsconf plugin referential-integrity enable
2399 enable plugin
2400 dsconf plugin referential-integrity disable
2402 disable plugin
2403 dsconf plugin referential-integrity status
2405 display plugin status
2406 dsconf plugin referential-integrity set
2408 Edit the plugin
2409 dsconf plugin referential-integrity config-entry
2411 Manage the config entry
2412
2414 usage: dsconf instance plugin referential-integrity show [-h]
2415
2420 usage: dsconf instance plugin referential-integrity enable [-h]
2421
2426 usage: dsconf instance plugin referential-integrity disable [-h]
2427
2432 usage: dsconf instance plugin referential-integrity status [-h]
2433
2438 usage: dsconf instance plugin referential-integrity set [-h]
2439 [--update-delay
2440 UPDATE_DELAY]
2441 [--membership-
2442 attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2443 [--entry-scope
2444 ENTRY_SCOPE]
2445 [--exclude-en‐
2446 try-scope EXCLUDE_ENTRY_SCOPE]
2447 [--container-
2448 scope CONTAINER_SCOPE]
2449 [--log-file
2450 LOG_FILE]
2451 [--config-entry
2452 CONFIG_ENTRY]
2453 --update-delay UPDATE_DELAY
2457 Sets the update interval. Special values: 0 - The check is per‐
2458 formed immediately, -1 - No check is performed (referint-up‐
2459 date-delay)
2460 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2463 Specifies attributes to check for and update (referint-member‐
2464 ship-attr)
2465 --entry-scope ENTRY_SCOPE
2468 Defines the subtree in which the plug-in looks for the delete or
2469 rename operations of a user entry (nsslapd-pluginEntryScope)
2470 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2473 Defines the subtree in which the plug-in ignores any operations
2474 for deleting or renaming a user (nsslapd-pluginExcludeEn‐
2475 tryScope)
2476 --container-scope CONTAINER_SCOPE
2479 Specifies which branch the plug-in searches for the groups to
2480 which the user belongs. It only updates groups that are under
2481 the specified container branch, and leaves all other groups not
2482 updated (nsslapd-pluginContainerScope)
2483 --log-file LOG_FILE
2486 Specifies a path to the Referential integrity logfile.For exam‐
2487 ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2488 --config-entry CONFIG_ENTRY
2491 The value to set as nsslapd-pluginConfigArea
2492
2495 usage: dsconf instance plugin referential-integrity config-entry
2496 [-h] {add,set,show,delete} ...
2497 Sub-commands
2500 dsconf plugin referential-integrity config-entry add
2501 Add the config entry
2502 dsconf plugin referential-integrity config-entry set
2504 Edit the config entry
2505 dsconf plugin referential-integrity config-entry show
2507 Display the config entry
2508 dsconf plugin referential-integrity config-entry delete
2510 Delete the config entry
2511
2513 usage: dsconf instance plugin referential-integrity config-entry add
2514 [-h] [--update-delay UPDATE_DELAY]
2515 [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2516 [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_EN‐
2517 TRY_SCOPE]
2518 [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2519 DN
2520 DN The config entry full DN
2523 --update-delay UPDATE_DELAY
2526 Sets the update interval. Special values: 0 - The check is per‐
2527 formed immediately, -1 - No check is performed (referint-up‐
2528 date-delay)
2529 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2532 Specifies attributes to check for and update (referint-member‐
2533 ship-attr)
2534 --entry-scope ENTRY_SCOPE
2537 Defines the subtree in which the plug-in looks for the delete or
2538 rename operations of a user entry (nsslapd-pluginEntryScope)
2539 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2542 Defines the subtree in which the plug-in ignores any operations
2543 for deleting or renaming a user (nsslapd-pluginExcludeEn‐
2544 tryScope)
2545 --container-scope CONTAINER_SCOPE
2548 Specifies which branch the plug-in searches for the groups to
2549 which the user belongs. It only updates groups that are under
2550 the specified container branch, and leaves all other groups not
2551 updated (nsslapd-pluginContainerScope)
2552 --log-file LOG_FILE
2555 Specifies a path to the Referential integrity logfile.For exam‐
2556 ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2557
2560 usage: dsconf instance plugin referential-integrity config-entry set
2561 [-h] [--update-delay UPDATE_DELAY]
2562 [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2563 [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_EN‐
2564 TRY_SCOPE]
2565 [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2566 DN
2567 DN The config entry full DN
2570 --update-delay UPDATE_DELAY
2573 Sets the update interval. Special values: 0 - The check is per‐
2574 formed immediately, -1 - No check is performed (referint-up‐
2575 date-delay)
2576 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2579 Specifies attributes to check for and update (referint-member‐
2580 ship-attr)
2581 --entry-scope ENTRY_SCOPE
2584 Defines the subtree in which the plug-in looks for the delete or
2585 rename operations of a user entry (nsslapd-pluginEntryScope)
2586 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2589 Defines the subtree in which the plug-in ignores any operations
2590 for deleting or renaming a user (nsslapd-pluginExcludeEn‐
2591 tryScope)
2592 --container-scope CONTAINER_SCOPE
2595 Specifies which branch the plug-in searches for the groups to
2596 which the user belongs. It only updates groups that are under
2597 the specified container branch, and leaves all other groups not
2598 updated (nsslapd-pluginContainerScope)
2599 --log-file LOG_FILE
2602 Specifies a path to the Referential integrity logfile.For exam‐
2603 ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2604
2607 usage: dsconf instance plugin referential-integrity config-entry show
2608 [-h] DN
2609 DN The config entry full DN
2612
2616 usage: dsconf instance plugin referential-integrity config-entry delete
2617 [-h] DN
2618 DN The config entry full DN
2621
2627 usage: dsconf instance plugin root-dn [-h]
2628 {show,enable,disable,status,set}
2629 ...
2630 Sub-commands
2633 dsconf plugin root-dn show
2634 display plugin configuration
2635 dsconf plugin root-dn enable
2637 enable plugin
2638 dsconf plugin root-dn disable
2640 disable plugin
2641 dsconf plugin root-dn status
2643 display plugin status
2644 dsconf plugin root-dn set
2646 Edit the plugin
2647
2649 usage: dsconf instance plugin root-dn show [-h]
2650
2655 usage: dsconf instance plugin root-dn enable [-h]
2656
2661 usage: dsconf instance plugin root-dn disable [-h]
2662
2667 usage: dsconf instance plugin root-dn status [-h]
2668
2673 usage: dsconf instance plugin root-dn set [-h]
2674 [--allow-host ALLOW_HOST [AL‐
2675 LOW_HOST ...]]
2676 [--deny-host DENY_HOST
2677 [DENY_HOST ...]]
2678 [--allow-ip ALLOW_IP [AL‐
2679 LOW_IP ...]]
2680 [--deny-ip DENY_IP [DENY_IP
2681 ...]]
2682 [--open-time OPEN_TIME]
2683 [--close-time CLOSE_TIME]
2684 [--days-allowed DAYS_ALLOWED]
2685 --allow-host ALLOW_HOST [ALLOW_HOST ...]
2689 Sets what hosts, by fully-qualified domain name, the root user
2690 is allowed to use to access the Directory Server. Any hosts not
2691 listed are implicitly denied (rootdn-allow-host)
2692 --deny-host DENY_HOST [DENY_HOST ...]
2695 Sets what hosts, by fully-qualified domain name, the root user
2696 is not allowed to use to access the Directory Server Any hosts
2697 not listed are implicitly allowed (rootdn-deny-host). If an host
2698 address is listed in both the rootdn- allow-host and
2699 rootdn-deny-host attributes, it is denied access.
2700 --allow-ip ALLOW_IP [ALLOW_IP ...]
2703 Sets what IP addresses, either IPv4 or IPv6, for machines the
2704 root user is allowed to use to access the Directory Server Any
2705 IP addresses not listed are implicitly denied (rootdn-allow-ip)
2706 --deny-ip DENY_IP [DENY_IP ...]
2709 Sets what IP addresses, either IPv4 or IPv6, for machines the
2710 root user is not allowed to use to access the Directory Server.
2711 Any IP addresses not listed are implicitly allowed
2712 (rootdn-deny-ip) If an IP address is listed in both the
2713 rootdn-allow-ip and rootdn-deny-ip attributes, it is denied ac‐
2714 cess.
2715 --open-time OPEN_TIME
2718 Sets part of a time period or range when the root user is al‐
2719 lowed to access the Directory Server. This sets when the
2720 time-based access begins (rootdn- open-time)
2721 --close-time CLOSE_TIME
2724 Sets part of a time period or range when the root user is al‐
2725 lowed to access the Directory Server. This sets when the
2726 time-based access ends (rootdn-close- time)
2727 --days-allowed DAYS_ALLOWED
2730 Gives a comma-separated list of what days the root user is al‐
2731 lowed to use to access the Directory Server. Any days listed are
2732 implicitly denied (rootdn- days-allowed)
2733
2737 usage: dsconf instance plugin usn [-h]
2738 {show,enable,disable,sta‐
2739 tus,global,cleanup}
2740 ...
2741 Sub-commands
2744 dsconf plugin usn show
2745 display plugin configuration
2746 dsconf plugin usn enable
2748 enable plugin
2749 dsconf plugin usn disable
2751 disable plugin
2752 dsconf plugin usn status
2754 display plugin status
2755 dsconf plugin usn global
2757 Get or manage global usn mode (nsslapd-entryusn-global)
2758 dsconf plugin usn cleanup
2760 Run the USN tombstone cleanup task
2761
2763 usage: dsconf instance plugin usn show [-h]
2764
2769 usage: dsconf instance plugin usn enable [-h]
2770
2775 usage: dsconf instance plugin usn disable [-h]
2776
2781 usage: dsconf instance plugin usn status [-h]
2782
2787 usage: dsconf instance plugin usn global [-h] {on,off} ...
2788 Sub-commands
2791 dsconf plugin usn global on
2792 Enable usn global mode
2793 dsconf plugin usn global off
2795 Disable usn global mode
2796
2798 usage: dsconf instance plugin usn global on [-h]
2799
2804 usage: dsconf instance plugin usn global off [-h]
2805
2811 usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2812 [-m MAX_USN]
2813 -s SUFFIX, --suffix SUFFIX
2817 Gives the suffix or subtree in the Directory Server to run the
2818 cleanup operation against. If the suffix is not specified, then
2819 the back end must be given (suffix)
2820 -n BACKEND, --backend BACKEND
2823 Gives the Directory Server instance back end, or database, to
2824 run the cleanup operation against. If the back end is not speci‐
2825 fied, then the suffix must be specified. Backend instance in
2826 which USN tombstone entries (backend)
2827 -m MAX_USN, --max-usn MAX_USN
2830 Gives the highest USN value to delete when removing tombstone
2831 entries (max_usn_to_delete)
2832
2836 usage: dsconf instance plugin account-policy [-h]
2837 {show,enable,disable,sta‐
2838 tus,set,config-entry}
2839 ...
2840 Sub-commands
2843 dsconf plugin account-policy show
2844 display plugin configuration
2845 dsconf plugin account-policy enable
2847 enable plugin
2848 dsconf plugin account-policy disable
2850 disable plugin
2851 dsconf plugin account-policy status
2853 display plugin status
2854 dsconf plugin account-policy set
2856 Edit the plugin
2857 dsconf plugin account-policy config-entry
2859 Manage the config entry
2860
2862 usage: dsconf instance plugin account-policy show [-h]
2863
2868 usage: dsconf instance plugin account-policy enable [-h]
2869
2874 usage: dsconf instance plugin account-policy disable [-h]
2875
2880 usage: dsconf instance plugin account-policy status [-h]
2881
2886 usage: dsconf instance plugin account-policy set [-h]
2887 [--config-entry CON‐
2888 FIG_ENTRY]
2889 --config-entry CONFIG_ENTRY
2893 The value to set as nsslapd-pluginConfigArea
2894
2897 usage: dsconf instance plugin account-policy config-entry [-h]
2898 {add,set,show,delete}
2899 ...
2900 Sub-commands
2903 dsconf plugin account-policy config-entry add
2904 Add the config entry
2905 dsconf plugin account-policy config-entry set
2907 Edit the config entry
2908 dsconf plugin account-policy config-entry show
2910 Display the config entry
2911 dsconf plugin account-policy config-entry delete
2913 Delete the config entry
2914
2916 usage: dsconf instance plugin account-policy config-entry add
2917 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2918 ALT_STATE_ATTR]
2919 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2920 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2921 [--state-attr STATE_ATTR]
2922 DN
2923 DN The config entry full DN
2926 --always-record-login {yes,no}
2929 Sets that every entry records its last login time (alwaysRecord‐
2930 Login)
2931 --alt-state-attr ALT_STATE_ATTR
2934 Provides a backup attribute for the server to reference to eval‐
2935 uate the expiration time (altStateAttrName)
2936 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2939 Specifies the attribute to store the time of the last successful
2940 login in this attribute in the users directory entry (al‐
2941 waysRecordLoginAttr)
2942 --limit-attr LIMIT_ATTR
2945 Specifies the attribute within the policy to use for the account
2946 inactivation limit (limitAttrName)
2947 --spec-attr SPEC_ATTR
2950 Specifies the attribute to identify which entries are account
2951 policy configuration entries (specAttrName)
2952 --state-attr STATE_ATTR
2955 Specifies the primary time attribute used to evaluate an account
2956 policy (stateAttrName)
2957
2960 usage: dsconf instance plugin account-policy config-entry set
2961 [-h] [--always-record-login {yes,no}] [--alt-state-attr
2962 ALT_STATE_ATTR]
2963 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
2964 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
2965 [--state-attr STATE_ATTR]
2966 DN
2967 DN The config entry full DN
2970 --always-record-login {yes,no}
2973 Sets that every entry records its last login time (alwaysRecord‐
2974 Login)
2975 --alt-state-attr ALT_STATE_ATTR
2978 Provides a backup attribute for the server to reference to eval‐
2979 uate the expiration time (altStateAttrName)
2980 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
2983 Specifies the attribute to store the time of the last successful
2984 login in this attribute in the users directory entry (al‐
2985 waysRecordLoginAttr)
2986 --limit-attr LIMIT_ATTR
2989 Specifies the attribute within the policy to use for the account
2990 inactivation limit (limitAttrName)
2991 --spec-attr SPEC_ATTR
2994 Specifies the attribute to identify which entries are account
2995 policy configuration entries (specAttrName)
2996 --state-attr STATE_ATTR
2999 Specifies the primary time attribute used to evaluate an account
3000 policy (stateAttrName)
3001
3004 usage: dsconf instance plugin account-policy config-entry show [-h] DN
3005 DN The config entry full DN
3008
3012 usage: dsconf instance plugin account-policy config-entry delete [-h]
3013 DN
3014 DN The config entry full DN
3017
3023 usage: dsconf instance plugin attr-uniq [-h]
3024 {list,add,set,show,delete,en‐
3025 able,disable,status}
3026 ...
3027 Sub-commands
3030 dsconf plugin attr-uniq list
3031 List available plugin configs
3032 dsconf plugin attr-uniq add
3034 Add the config entry
3035 dsconf plugin attr-uniq set
3037 Edit the config entry
3038 dsconf plugin attr-uniq show
3040 Display the config entry
3041 dsconf plugin attr-uniq delete
3043 Delete the config entry
3044 dsconf plugin attr-uniq enable
3046 enable plugin
3047 dsconf plugin attr-uniq disable
3049 disable plugin
3050 dsconf plugin attr-uniq status
3052 display plugin status
3053
3055 usage: dsconf instance plugin attr-uniq list [-h]
3056
3061 usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}]
3062 [--attr-name ATTR_NAME
3063 [ATTR_NAME ...]]
3064 [--subtree SUBTREE [SUBTREE
3065 ...]]
3066 [--across-all-subtrees
3067 {on,off}]
3068 [--top-entry-oc TOP_EN‐
3069 TRY_OC]
3070 [--subtree-entries-oc SUB‐
3071 TREE_ENTRIES_OC]
3072 NAME
3073 NAME Sets the name of the plug-in configuration record. (cn) You can
3076 use any string, but "attribute_name Attribute Uniqueness" is
3077 recommended.
3078 --enabled {on,off}
3081 Identifies whether or not the config is enabled.
3082 --attr-name ATTR_NAME [ATTR_NAME ...]
3085 Sets the name of the attribute whose values must be unique. This
3086 attribute is multi-valued. (uniqueness-attribute-name)
3087 --subtree SUBTREE [SUBTREE ...]
3090 Sets the DN under which the plug-in checks for uniqueness of the
3091 attributes value. This attribute is multi-valued (unique‐
3092 ness-subtrees)
3093 --across-all-subtrees {on,off}
3096 If enabled (on), the plug-in checks that the attribute is unique
3097 across all subtrees set. If you set the attribute to off,
3098 uniqueness is only enforced within the subtree of the updated
3099 entry (uniqueness-across-all-subtrees)
3100 --top-entry-oc TOP_ENTRY_OC
3103 Verifies that the value of the attribute set in uniqueness-at‐
3104 tribute-name is unique in this subtree (uniqueness-top-entry-oc)
3105 --subtree-entries-oc SUBTREE_ENTRIES_OC
3108 Verifies if an attribute is unique, if the entry contains the
3109 object class set in this parameter (uniqueness-subtree-en‐
3110 tries-oc)
3111
3114 usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}]
3115 [--attr-name ATTR_NAME
3116 [ATTR_NAME ...]]
3117 [--subtree SUBTREE [SUBTREE
3118 ...]]
3119 [--across-all-subtrees
3120 {on,off}]
3121 [--top-entry-oc TOP_EN‐
3122 TRY_OC]
3123 [--subtree-entries-oc SUB‐
3124 TREE_ENTRIES_OC]
3125 NAME
3126 NAME Sets the name of the plug-in configuration record. (cn) You can
3129 use any string, but "attribute_name Attribute Uniqueness" is
3130 recommended.
3131 --enabled {on,off}
3134 Identifies whether or not the config is enabled.
3135 --attr-name ATTR_NAME [ATTR_NAME ...]
3138 Sets the name of the attribute whose values must be unique. This
3139 attribute is multi-valued. (uniqueness-attribute-name)
3140 --subtree SUBTREE [SUBTREE ...]
3143 Sets the DN under which the plug-in checks for uniqueness of the
3144 attributes value. This attribute is multi-valued (unique‐
3145 ness-subtrees)
3146 --across-all-subtrees {on,off}
3149 If enabled (on), the plug-in checks that the attribute is unique
3150 across all subtrees set. If you set the attribute to off,
3151 uniqueness is only enforced within the subtree of the updated
3152 entry (uniqueness-across-all-subtrees)
3153 --top-entry-oc TOP_ENTRY_OC
3156 Verifies that the value of the attribute set in uniqueness-at‐
3157 tribute-name is unique in this subtree (uniqueness-top-entry-oc)
3158 --subtree-entries-oc SUBTREE_ENTRIES_OC
3161 Verifies if an attribute is unique, if the entry contains the
3162 object class set in this parameter (uniqueness-subtree-en‐
3163 tries-oc)
3164
3167 usage: dsconf instance plugin attr-uniq show [-h] NAME
3168 NAME The name of the plug-in configuration record
3171
3175 usage: dsconf instance plugin attr-uniq delete [-h] NAME
3176 NAME Sets the name of the plug-in configuration record
3179
3183 usage: dsconf instance plugin attr-uniq enable [-h] NAME
3184 NAME Sets the name of the plug-in configuration record
3187
3191 usage: dsconf instance plugin attr-uniq disable [-h] NAME
3192 NAME Sets the name of the plug-in configuration record
3195
3199 usage: dsconf instance plugin attr-uniq status [-h] NAME
3200 NAME Sets the name of the plug-in configuration record
3203
3208 usage: dsconf instance plugin dna [-h]
3209 {show,enable,disable,status,list,con‐
3210 fig} ...
3211 Sub-commands
3214 dsconf plugin dna show
3215 display plugin configuration
3216 dsconf plugin dna enable
3218 enable plugin
3219 dsconf plugin dna disable
3221 disable plugin
3222 dsconf plugin dna status
3224 display plugin status
3225 dsconf plugin dna list
3227 List available plugin configs
3228 dsconf plugin dna config
3230 Manage plugin configs
3231
3233 usage: dsconf instance plugin dna show [-h]
3234
3239 usage: dsconf instance plugin dna enable [-h]
3240
3245 usage: dsconf instance plugin dna disable [-h]
3246
3251 usage: dsconf instance plugin dna status [-h]
3252
3257 usage: dsconf instance plugin dna list [-h] {configs,shared-configs}
3258 ...
3259 Sub-commands
3262 dsconf plugin dna list configs
3263 List main DNA plugin config entries
3264 dsconf plugin dna list shared-configs
3266 List DNA plugin shared config entries
3267
3269 usage: dsconf instance plugin dna list configs [-h]
3270
3275 usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3276 BASEDN The search DN
3279
3284 usage: dsconf instance plugin dna config [-h]
3285 NAME
3286 {add,set,show,delete,shared-
3287 config-entry}
3288 ...
3289 NAME The DNA configuration name
3292 Sub-commands
3295 dsconf plugin dna config add
3296 Add the config entry
3297 dsconf plugin dna config set
3299 Edit the config entry
3300 dsconf plugin dna config show
3302 Display the config entry
3303 dsconf plugin dna config delete
3305 Delete the config entry
3306 dsconf plugin dna config shared-config-entry
3308 Manage the shared config entry
3309
3311 usage: dsconf instance plugin dna config NAME add [-h]
3312 [--type TYPE [TYPE
3313 ...]]
3314 [--prefix PREFIX]
3315 [--next-value
3316 NEXT_VALUE]
3317 [--max-value
3318 MAX_VALUE]
3319 [--interval INTERVAL]
3320 [--magic-regen
3321 MAGIC_REGEN]
3322 [--filter FILTER]
3323 [--scope SCOPE]
3324 [--remote-bind-dn RE‐
3325 MOTE_BIND_DN]
3326 [--remote-bind-cred
3327 REMOTE_BIND_CRED]
3328 [--shared-config-en‐
3329 try SHARED_CONFIG_ENTRY]
3330 [--threshold THRESH‐
3331 OLD]
3332 [--next-range
3333 NEXT_RANGE]
3334 [--range-request-
3335 timeout RANGE_REQUEST_TIMEOUT]
3336 --type TYPE [TYPE ...]
3340 Sets which attributes have unique numbers being generated for
3341 them (dnaType)
3342 --prefix PREFIX
3345 Defines a prefix that can be prepended to the generated number
3346 values for the attribute (dnaPrefix)
3347 --next-value NEXT_VALUE
3350 Gives the next available number which can be assigned
3351 (dnaNextValue)
3352 --max-value MAX_VALUE
3355 Sets the maximum value that can be assigned for the range (dna‐
3356 MaxValue)
3357 --interval INTERVAL
3360 Sets an interval to use to increment through numbers in a range
3361 (dnaInterval)
3362 --magic-regen MAGIC_REGEN
3365 Sets a user-defined value that instructs the plug-in to assign a
3366 new value for the entry (dnaMagicRegen)
3367 --filter FILTER
3370 Sets an LDAP filter to use to search for and identify the en‐
3371 tries to which to apply the distributed numeric assignment range
3372 (dnaFilter)
3373 --scope SCOPE
3376 Sets the base DN to search for entries to which to apply the
3377 distributed numeric assignment (dnaScope)
3378 --remote-bind-dn REMOTE_BIND_DN
3381 Specifies the Replication Manager DN (dnaRemoteBindDN)
3382 --remote-bind-cred REMOTE_BIND_CRED
3385 Specifies the Replication Manager's password (dnaRemoteBindCred)
3386 --shared-config-entry SHARED_CONFIG_ENTRY
3389 Defines a shared identity that the servers can use to transfer
3390 ranges to one another (dnaSharedCfgDN)
3391 --threshold THRESHOLD
3394 Sets a threshold of remaining available numbers in the range.
3395 When the server hits the threshold, it sends a request for a new
3396 range (dnaThreshold)
3397 --next-range NEXT_RANGE
3400 Defines the next range to use when the current range is ex‐
3401 hausted (dnaNextRange)
3402 --range-request-timeout RANGE_REQUEST_TIMEOUT
3405 sets a timeout period, in seconds, for range requests so that
3406 the server does not stall waiting on a new range from one server
3407 and can request a range from a new server (dnaRangeRequestTime‐
3408 out)
3409
3412 usage: dsconf instance plugin dna config NAME set [-h]
3413 [--type TYPE [TYPE
3414 ...]]
3415 [--prefix PREFIX]
3416 [--next-value
3417 NEXT_VALUE]
3418 [--max-value
3419 MAX_VALUE]
3420 [--interval INTERVAL]
3421 [--magic-regen
3422 MAGIC_REGEN]
3423 [--filter FILTER]
3424 [--scope SCOPE]
3425 [--remote-bind-dn RE‐
3426 MOTE_BIND_DN]
3427 [--remote-bind-cred
3428 REMOTE_BIND_CRED]
3429 [--shared-config-en‐
3430 try SHARED_CONFIG_ENTRY]
3431 [--threshold THRESH‐
3432 OLD]
3433 [--next-range
3434 NEXT_RANGE]
3435 [--range-request-
3436 timeout RANGE_REQUEST_TIMEOUT]
3437 --type TYPE [TYPE ...]
3441 Sets which attributes have unique numbers being generated for
3442 them (dnaType)
3443 --prefix PREFIX
3446 Defines a prefix that can be prepended to the generated number
3447 values for the attribute (dnaPrefix)
3448 --next-value NEXT_VALUE
3451 Gives the next available number which can be assigned
3452 (dnaNextValue)
3453 --max-value MAX_VALUE
3456 Sets the maximum value that can be assigned for the range (dna‐
3457 MaxValue)
3458 --interval INTERVAL
3461 Sets an interval to use to increment through numbers in a range
3462 (dnaInterval)
3463 --magic-regen MAGIC_REGEN
3466 Sets a user-defined value that instructs the plug-in to assign a
3467 new value for the entry (dnaMagicRegen)
3468 --filter FILTER
3471 Sets an LDAP filter to use to search for and identify the en‐
3472 tries to which to apply the distributed numeric assignment range
3473 (dnaFilter)
3474 --scope SCOPE
3477 Sets the base DN to search for entries to which to apply the
3478 distributed numeric assignment (dnaScope)
3479 --remote-bind-dn REMOTE_BIND_DN
3482 Specifies the Replication Manager DN (dnaRemoteBindDN)
3483 --remote-bind-cred REMOTE_BIND_CRED
3486 Specifies the Replication Manager's password (dnaRemoteBindCred)
3487 --shared-config-entry SHARED_CONFIG_ENTRY
3490 Defines a shared identity that the servers can use to transfer
3491 ranges to one another (dnaSharedCfgDN)
3492 --threshold THRESHOLD
3495 Sets a threshold of remaining available numbers in the range.
3496 When the server hits the threshold, it sends a request for a new
3497 range (dnaThreshold)
3498 --next-range NEXT_RANGE
3501 Defines the next range to use when the current range is ex‐
3502 hausted (dnaNextRange)
3503 --range-request-timeout RANGE_REQUEST_TIMEOUT
3506 sets a timeout period, in seconds, for range requests so that
3507 the server does not stall waiting on a new range from one server
3508 and can request a range from a new server (dnaRangeRequestTime‐
3509 out)
3510
3513 usage: dsconf instance plugin dna config NAME show [-h]
3514
3519 usage: dsconf instance plugin dna config NAME delete [-h]
3520
3525 usage: dsconf instance plugin dna config NAME shared-config-entry
3526 [-h] SHARED_CFG {set,show,delete} ...
3527 SHARED_CFG
3530 Use HOSTNAME:PORT for this argument to identify the host name
3531 and port of a server in a shared range, as part of the DNA range
3532 configuration for that specific host in multi-supplier replica‐
3533 tion. (dnaHostname+dnaPortNum)
3534 Sub-commands
3537 dsconf plugin dna config shared-config-entry set
3538 Edit the shared config entry
3539 dsconf plugin dna config shared-config-entry show
3541 Display the shared config entry
3542 dsconf plugin dna config shared-config-entry delete
3544 Delete the shared config entry
3545
3547 usage: dsconf instance plugin dna config NAME shared-config-entry
3548 SHARED_CFG set
3549 [-h] [--remote-bind-method REMOTE_BIND_METHOD]
3550 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3551 --remote-bind-method REMOTE_BIND_METHOD
3555 Specifies the remote bind method "SIMPLE", "SSL" (for SSL client
3556 auth), "SASL/GSSAPI", or "SASL/DIGEST-MD5" (dnaRemoteBindMethod)
3557 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3560 Specifies the remote connection protocol "LDAP", or "TLS"
3561 (dnaRemoteConnProtocol)
3562
3565 usage: dsconf instance plugin dna config NAME shared-config-entry
3566 SHARED_CFG show
3567 [-h]
3568
3573 usage: dsconf instance plugin dna config NAME shared-config-entry
3574 SHARED_CFG delete
3575 [-h]
3576
3584 usage: dsconf instance plugin linked-attr [-h]
3585 {show,enable,disable,sta‐
3586 tus,fixup,list,config}
3587 ...
3588 Sub-commands
3591 dsconf plugin linked-attr show
3592 display plugin configuration
3593 dsconf plugin linked-attr enable
3595 enable plugin
3596 dsconf plugin linked-attr disable
3598 disable plugin
3599 dsconf plugin linked-attr status
3601 display plugin status
3602 dsconf plugin linked-attr fixup
3604 Run the fix-up task for linked attributes plugin
3605 dsconf plugin linked-attr list
3607 List available plugin configs
3608 dsconf plugin linked-attr config
3610 Manage plugin configs
3611
3613 usage: dsconf instance plugin linked-attr show [-h]
3614
3619 usage: dsconf instance plugin linked-attr enable [-h]
3620
3625 usage: dsconf instance plugin linked-attr disable [-h]
3626
3631 usage: dsconf instance plugin linked-attr status [-h]
3632
3637 usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3638 -l LINKDN, --linkdn LINKDN
3642 Base DN that contains entries to fix up
3643
3646 usage: dsconf instance plugin linked-attr list [-h]
3647
3652 usage: dsconf instance plugin linked-attr config [-h]
3653 NAME
3654 {add,set,show,delete}
3655 ...
3656 NAME The Linked Attributes configuration name
3659 Sub-commands
3662 dsconf plugin linked-attr config add
3663 Add the config entry
3664 dsconf plugin linked-attr config set
3666 Edit the config entry
3667 dsconf plugin linked-attr config show
3669 Display the config entry
3670 dsconf plugin linked-attr config delete
3672 Delete the config entry
3673
3675 usage: dsconf instance plugin linked-attr config NAME add [-h]
3676 [--link-type
3677 LINK_TYPE]
3678 [--managed-
3679 type MANAGED_TYPE]
3680 [--link-scope
3681 LINK_SCOPE]
3682 --link-type LINK_TYPE
3686 Sets the attribute that is managed manually by administrators
3687 (linkType)
3688 --managed-type MANAGED_TYPE
3691 Sets the attribute that is created dynamically by the plugin
3692 (managedType)
3693 --link-scope LINK_SCOPE
3696 Sets the scope that restricts the plugin to a specific part of
3697 the directory tree (linkScope)
3698
3701 usage: dsconf instance plugin linked-attr config NAME set [-h]
3702 [--link-type
3703 LINK_TYPE]
3704 [--managed-
3705 type MANAGED_TYPE]
3706 [--link-scope
3707 LINK_SCOPE]
3708 --link-type LINK_TYPE
3712 Sets the attribute that is managed manually by administrators
3713 (linkType)
3714 --managed-type MANAGED_TYPE
3717 Sets the attribute that is created dynamically by the plugin
3718 (managedType)
3719 --link-scope LINK_SCOPE
3722 Sets the scope that restricts the plugin to a specific part of
3723 the directory tree (linkScope)
3724
3727 usage: dsconf instance plugin linked-attr config NAME show [-h]
3728
3733 usage: dsconf instance plugin linked-attr config NAME delete [-h]
3734
3741 usage: dsconf instance plugin managed-entries [-h]
3742 {show,enable,disable,sta‐
3743 tus,set,list,config,template}
3744 ...
3745 Sub-commands
3748 dsconf plugin managed-entries show
3749 display plugin configuration
3750 dsconf plugin managed-entries enable
3752 enable plugin
3753 dsconf plugin managed-entries disable
3755 disable plugin
3756 dsconf plugin managed-entries status
3758 display plugin status
3759 dsconf plugin managed-entries set
3761 Edit the plugin
3762 dsconf plugin managed-entries list
3764 List Managed Entries Plugin configs and templates
3765 dsconf plugin managed-entries config
3767 Handle Managed Entries Plugin configs
3768 dsconf plugin managed-entries template
3770 Handle Managed Entries Plugin templates
3771
3773 usage: dsconf instance plugin managed-entries show [-h]
3774
3779 usage: dsconf instance plugin managed-entries enable [-h]
3780
3785 usage: dsconf instance plugin managed-entries disable [-h]
3786
3791 usage: dsconf instance plugin managed-entries status [-h]
3792
3797 usage: dsconf instance plugin managed-entries set [-h]
3798 [--config-area CON‐
3799 FIG_AREA]
3800 --config-area CONFIG_AREA
3804 The value to set as nsslapd-pluginConfigArea
3805
3808 usage: dsconf instance plugin managed-entries list [-h]
3809 {configs,templates}
3810 ...
3811 Sub-commands
3814 dsconf plugin managed-entries list configs
3815 List Managed Entries Plugin configs (list config-area if speci‐
3816 fied in the main plugin entry)
3817 dsconf plugin managed-entries list templates
3819 List Managed Entries Plugin templates in the directory
3820
3822 usage: dsconf instance plugin managed-entries list configs [-h]
3823
3828 usage: dsconf instance plugin managed-entries list templates [-h]
3829 [BASEDN]
3830 BASEDN The base DN where to search the templates.
3833
3838 usage: dsconf instance plugin managed-entries config [-h]
3839 NAME
3840 {add,set,show,delete}
3841 ...
3842 NAME The config entry CN.
3845 Sub-commands
3848 dsconf plugin managed-entries config add
3849 Add the config entry
3850 dsconf plugin managed-entries config set
3852 Edit the config entry
3853 dsconf plugin managed-entries config show
3855 Display the config entry
3856 dsconf plugin managed-entries config delete
3858 Delete the config entry
3859
3861 usage: dsconf instance plugin managed-entries config NAME add
3862 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
3863 AGED_BASE]
3864 [--managed-template MANAGED_TEMPLATE]
3865 --scope SCOPE
3869 Sets the scope of the search to use to see which entries the
3870 plug-in monitors (originScope)
3871 --filter FILTER
3874 Sets the search filter to use to search for and identify the en‐
3875 tries within the subtree which require a managed entry (origin‐
3876 Filter)
3877 --managed-base MANAGED_BASE
3880 Sets the subtree under which to create the managed entries (man‐
3881 agedBase)
3882 --managed-template MANAGED_TEMPLATE
3885 Identifies the template entry to use to create the managed entry
3886 (managedTemplate)
3887
3890 usage: dsconf instance plugin managed-entries config NAME set
3891 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
3892 AGED_BASE]
3893 [--managed-template MANAGED_TEMPLATE]
3894 --scope SCOPE
3898 Sets the scope of the search to use to see which entries the
3899 plug-in monitors (originScope)
3900 --filter FILTER
3903 Sets the search filter to use to search for and identify the en‐
3904 tries within the subtree which require a managed entry (origin‐
3905 Filter)
3906 --managed-base MANAGED_BASE
3909 Sets the subtree under which to create the managed entries (man‐
3910 agedBase)
3911 --managed-template MANAGED_TEMPLATE
3914 Identifies the template entry to use to create the managed entry
3915 (managedTemplate)
3916
3919 usage: dsconf instance plugin managed-entries config NAME show [-h]
3920
3925 usage: dsconf instance plugin managed-entries config NAME delete [-h]
3926
3932 usage: dsconf instance plugin managed-entries template [-h]
3933 DN
3934 {add,set,show,delete}
3935 ...
3936 DN The template entry DN.
3939 Sub-commands
3942 dsconf plugin managed-entries template add
3943 Add the template entry
3944 dsconf plugin managed-entries template set
3946 Edit the template entry
3947 dsconf plugin managed-entries template show
3949 Display the template entry
3950 dsconf plugin managed-entries template delete
3952 Delete the template entry
3953
3955 usage: dsconf instance plugin managed-entries template DN add
3956 [-h] [--rdn-attr RDN_ATTR]
3957 [--static-attr STATIC_ATTR [STATIC_ATTR ...]]
3958 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3959 --rdn-attr RDN_ATTR
3963 Sets which attribute to use as the naming attribute in the auto‐
3964 matically- generated entry (mepRDNAttr)
3965 --static-attr STATIC_ATTR [STATIC_ATTR ...]
3968 Sets an attribute with a defined value that must be added to the
3969 automatically-generated entry (mepStaticAttr)
3970 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3973 Sets attributes in the Managed Entries template entry which must
3974 exist in the generated entry (mepMappedAttr)
3975
3978 usage: dsconf instance plugin managed-entries template DN set
3979 [-h] [--rdn-attr RDN_ATTR]
3980 [--static-attr STATIC_ATTR [STATIC_ATTR ...]]
3981 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
3982 --rdn-attr RDN_ATTR
3986 Sets which attribute to use as the naming attribute in the auto‐
3987 matically- generated entry (mepRDNAttr)
3988 --static-attr STATIC_ATTR [STATIC_ATTR ...]
3991 Sets an attribute with a defined value that must be added to the
3992 automatically-generated entry (mepStaticAttr)
3993 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
3996 Sets attributes in the Managed Entries template entry which must
3997 exist in the generated entry (mepMappedAttr)
3998
4001 usage: dsconf instance plugin managed-entries template DN show [-h]
4002
4007 usage: dsconf instance plugin managed-entries template DN delete [-h]
4008
4015 usage: dsconf instance plugin pass-through-auth [-h]
4016 {show,enable,dis‐
4017 able,status,list,url,pam-config}
4018 ...
4019 Sub-commands
4022 dsconf plugin pass-through-auth show
4023 display plugin configuration
4024 dsconf plugin pass-through-auth enable
4026 enable plugin
4027 dsconf plugin pass-through-auth disable
4029 disable plugin
4030 dsconf plugin pass-through-auth status
4032 display plugin status
4033 dsconf plugin pass-through-auth list
4035 List pass-though plugin URLs or PAM configurations.
4036 dsconf plugin pass-through-auth url
4038 Manage PTA URL configurations.
4039 dsconf plugin pass-through-auth pam-config
4041 Manage PAM PTA configurations.
4042
4044 usage: dsconf instance plugin pass-through-auth show [-h]
4045
4050 usage: dsconf instance plugin pass-through-auth enable [-h]
4051
4056 usage: dsconf instance plugin pass-through-auth disable [-h]
4057
4062 usage: dsconf instance plugin pass-through-auth status [-h]
4063
4068 usage: dsconf instance plugin pass-through-auth list [-h]
4069 {urls,pam-configs}
4070 ...
4071 Sub-commands
4074 dsconf plugin pass-through-auth list urls
4075 List URLs.
4076 dsconf plugin pass-through-auth list pam-configs
4078 List PAM configurations.
4079
4081 usage: dsconf instance plugin pass-through-auth list urls [-h]
4082
4087 usage: dsconf instance plugin pass-through-auth list pam-configs [-h]
4088
4094 usage: dsconf instance plugin pass-through-auth url [-h]
4095 {add,modify,delete}
4096 ...
4097 Sub-commands
4100 dsconf plugin pass-through-auth url add
4101 Add the config entry
4102 dsconf plugin pass-through-auth url modify
4104 Edit the config entry
4105 dsconf plugin pass-through-auth url delete
4107 Delete the config entry
4108
4110 usage: dsconf instance plugin pass-through-auth url add [-h] URL
4111 URL The full LDAP URL in format "ldap|ldaps://authDS/subtree max‐
4114 conns,maxops,timeout,ldver,connlifetime,startTLS". If one op‐
4115 tional parameter is specified the rest should be specified too
4116
4120 usage: dsconf instance plugin pass-through-auth url modify [-h]
4121 OLD_URL
4122 NEW_URL
4123 OLD_URL
4126 The full LDAP URL you get from the "list" command
4127 NEW_URL
4130 The full LDAP URL in format "ldap|ldaps://authDS/subtree max‐
4131 conns,maxops,timeout,ldver,connlifetime,startTLS". If one op‐
4132 tional parameter is specified the rest should be specified too
4133
4137 usage: dsconf instance plugin pass-through-auth url delete [-h] URL
4138 URL The full LDAP URL you get from the "list" command
4141
4146 usage: dsconf instance plugin pass-through-auth pam-config [-h]
4147 NAME
4148 {add,set,show,delete}
4149 ...
4150 NAME The PAM PTA configuration name
4153 Sub-commands
4156 dsconf plugin pass-through-auth pam-config add
4157 Add the config entry
4158 dsconf plugin pass-through-auth pam-config set
4160 Edit the config entry
4161 dsconf plugin pass-through-auth pam-config show
4163 Display the config entry
4164 dsconf plugin pass-through-auth pam-config delete
4166 Delete the config entry
4167
4169 usage: dsconf instance plugin pass-through-auth pam-config NAME add
4170 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4171 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4172 [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FIL‐
4173 TER]
4174 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4175 ID_MAP_METHOD]
4176 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4177 SERVICE]
4178 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4182 Specifies a suffix to exclude from PAM authentication (pamEx‐
4183 cludeSuffix)
4184 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4187 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4188 fix)
4189 --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4192 Identifies how to handle missing include or exclude suffixes
4193 (pamMissingSuffix)
4194 --filter FILTER
4197 Sets an LDAP filter to use to identify specific entries within
4198 the included suffixes for which to use PAM pass-through authen‐
4199 tication (pamFilter)
4200 --id-attr ID_ATTR [ID_ATTR ...]
4203 Contains the attribute name which is used to hold the PAM user
4204 ID (pamIDAttr)
4205 --id_map_method ID_MAP_METHOD
4208 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4209 tity (pamIDMapMethod)
4210 --fallback {TRUE,FALSE}
4213 Sets whether to fallback to regular LDAP authentication if PAM
4214 authentication fails (pamFallback)
4215 --secure {TRUE,FALSE}
4218 Requires secure TLS connection for PAM authentication (pamSe‐
4219 cure)
4220 --service SERVICE
4223 Contains the service name to pass to PAM (pamService)
4224
4227 usage: dsconf instance plugin pass-through-auth pam-config NAME set
4228 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4229 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4230 [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FIL‐
4231 TER]
4232 [--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method
4233 ID_MAP_METHOD]
4234 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4235 SERVICE]
4236 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4240 Specifies a suffix to exclude from PAM authentication (pamEx‐
4241 cludeSuffix)
4242 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4245 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4246 fix)
4247 --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4250 Identifies how to handle missing include or exclude suffixes
4251 (pamMissingSuffix)
4252 --filter FILTER
4255 Sets an LDAP filter to use to identify specific entries within
4256 the included suffixes for which to use PAM pass-through authen‐
4257 tication (pamFilter)
4258 --id-attr ID_ATTR [ID_ATTR ...]
4261 Contains the attribute name which is used to hold the PAM user
4262 ID (pamIDAttr)
4263 --id_map_method ID_MAP_METHOD
4266 Gives the method to use to map the LDAP bind DN to a PAM iden‐
4267 tity (pamIDMapMethod)
4268 --fallback {TRUE,FALSE}
4271 Sets whether to fallback to regular LDAP authentication if PAM
4272 authentication fails (pamFallback)
4273 --secure {TRUE,FALSE}
4276 Requires secure TLS connection for PAM authentication (pamSe‐
4277 cure)
4278 --service SERVICE
4281 Contains the service name to pass to PAM (pamService)
4282
4285 usage: dsconf instance plugin pass-through-auth pam-config NAME show
4286 [-h]
4287
4292 usage: dsconf instance plugin pass-through-auth pam-config NAME delete
4293 [-h]
4294
4301 usage: dsconf instance plugin retro-changelog [-h]
4302 {show,enable,disable,sta‐
4303 tus,set,add}
4304 ...
4305 Sub-commands
4308 dsconf plugin retro-changelog show
4309 display plugin configuration
4310 dsconf plugin retro-changelog enable
4312 enable plugin
4313 dsconf plugin retro-changelog disable
4315 disable plugin
4316 dsconf plugin retro-changelog status
4318 display plugin status
4319 dsconf plugin retro-changelog set
4321 Edit the plugin
4322 dsconf plugin retro-changelog add
4324 Add attributes to the plugin
4325
4327 usage: dsconf instance plugin retro-changelog show [-h]
4328
4333 usage: dsconf instance plugin retro-changelog enable [-h]
4334
4339 usage: dsconf instance plugin retro-changelog disable [-h]
4340
4345 usage: dsconf instance plugin retro-changelog status [-h]
4346
4351 usage: dsconf instance plugin retro-changelog set [-h]
4352 [--is-replicated
4353 {TRUE,FALSE}]
4354 [--attribute ATTRI‐
4355 BUTE]
4356 [--directory DIREC‐
4357 TORY]
4358 [--max-age MAX_AGE]
4359 [--exclude-suffix EX‐
4360 CLUDE_SUFFIX]
4361 [--exclude-attrs EX‐
4362 CLUDE_ATTRS]
4363 --is-replicated {TRUE,FALSE}
4367 Sets a flag to indicate on a change in the changelog whether the
4368 change is newly made on that server or whether it was replicated
4369 over from another server (isReplicated)
4370 --attribute ATTRIBUTE
4373 Specifies another Directory Server attribute which must be in‐
4374 cluded in the retro changelog entries (nsslapd-attribute)
4375 --directory DIRECTORY
4378 Specifies the name of the directory in which the changelog data‐
4379 base is created the first time the plug-in is run
4380 --max-age MAX_AGE
4383 This attribute specifies the maximum age of any entry in the
4384 changelog (nsslapd-changelogmaxage)
4385 --exclude-suffix EXCLUDE_SUFFIX
4388 This attribute specifies the suffix which will be excluded from
4389 the scope of the plugin (nsslapd-exclude-suffix)
4390 --exclude-attrs EXCLUDE_ATTRS
4393 This attribute specifies the attributes which will be excluded
4394 from the scope of the plugin (nsslapd-exclude-attrs)
4395
4398 usage: dsconf instance plugin retro-changelog add [-h]
4399 [--is-replicated
4400 {TRUE,FALSE}]
4401 [--attribute ATTRI‐
4402 BUTE]
4403 [--directory DIREC‐
4404 TORY]
4405 [--max-age MAX_AGE]
4406 [--exclude-suffix EX‐
4407 CLUDE_SUFFIX]
4408 [--exclude-attrs EX‐
4409 CLUDE_ATTRS]
4410 --is-replicated {TRUE,FALSE}
4414 Sets a flag to indicate on a change in the changelog whether the
4415 change is newly made on that server or whether it was replicated
4416 over from another server (isReplicated)
4417 --attribute ATTRIBUTE
4420 Specifies another Directory Server attribute which must be in‐
4421 cluded in the retro changelog entries (nsslapd-attribute)
4422 --directory DIRECTORY
4425 Specifies the name of the directory in which the changelog data‐
4426 base is created the first time the plug-in is run
4427 --max-age MAX_AGE
4430 This attribute specifies the maximum age of any entry in the
4431 changelog (nsslapd-changelogmaxage)
4432 --exclude-suffix EXCLUDE_SUFFIX
4435 This attribute specifies the suffix which will be excluded from
4436 the scope of the plugin (nsslapd-exclude-suffix)
4437 --exclude-attrs EXCLUDE_ATTRS
4440 This attribute specifies the attributes which will be excluded
4441 from the scope of the plugin (nsslapd-exclude-attrs)
4442
4446 usage: dsconf instance plugin posix-winsync [-h]
4447 {show,enable,disable,sta‐
4448 tus,set,fixup}
4449 ...
4450 Sub-commands
4453 dsconf plugin posix-winsync show
4454 display plugin configuration
4455 dsconf plugin posix-winsync enable
4457 enable plugin
4458 dsconf plugin posix-winsync disable
4460 disable plugin
4461 dsconf plugin posix-winsync status
4463 display plugin status
4464 dsconf plugin posix-winsync set
4466 Edit the plugin
4467 dsconf plugin posix-winsync fixup
4469 Run the memberOf fix-up task to correct mismatched member and
4470 uniquemember values for synced users
4471
4473 usage: dsconf instance plugin posix-winsync show [-h]
4474
4479 usage: dsconf instance plugin posix-winsync enable [-h]
4480
4485 usage: dsconf instance plugin posix-winsync disable [-h]
4486
4491 usage: dsconf instance plugin posix-winsync status [-h]
4492
4497 usage: dsconf instance plugin posix-winsync set [-h]
4498 [--create-memberof-task
4499 {true,false}]
4500 [--lower-case-uid
4501 {true,false}]
4502 [--map-member-uid
4503 {true,false}]
4504 [--map-nested-grouping
4505 {true,false}]
4506 [--ms-sfu-schema
4507 {true,false}]
4508 --create-memberof-task {true,false}
4512 Sets whether to run the memberUID fix-up task immediately after
4513 a sync run in order to update group memberships for synced users
4514 (posixWinsyncCreateMemberOfTask)
4515 --lower-case-uid {true,false}
4518 Sets whether to store (and, if necessary, convert) the UID value
4519 in the memberUID attribute in lower case.(posixWinsyncLower‐
4520 CaseUID)
4521 --map-member-uid {true,false}
4524 Sets whether to map the memberUID attribute in an Active Direc‐
4525 tory group to the uniqueMember attribute in a Directory Server
4526 group (posixWinsyncMapMemberUID)
4527 --map-nested-grouping {true,false}
4530 Manages if nested groups are updated when memberUID attributes
4531 in an Active Directory POSIX group change (posixWinsyncMapNest‐
4532 edGrouping)
4533 --ms-sfu-schema {true,false}
4536 Sets whether to the older Microsoft System Services for Unix 3.0
4537 (msSFU30) schema when syncing Posix attributes from Active Di‐
4538 rectory (posixWinsyncMsSFUSchema)
4539
4542 usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER] DN
4543 DN Base DN that contains entries to fix up
4546 -f FILTER, --filter FILTER
4549 Filter for entries to fix up. If omitted, all entries with ob‐
4550 jectclass inetuser/inetadmin/nsmemberof under the specified base
4551 will have their memberOf attribute regenerated.
4552
4556 usage: dsconf instance plugin contentsync [-h]
4557 {show,enable,disable,sta‐
4558 tus,set,add}
4559 ...
4560 Sub-commands
4563 dsconf plugin contentsync show
4564 display plugin configuration
4565 dsconf plugin contentsync enable
4567 enable plugin
4568 dsconf plugin contentsync disable
4570 disable plugin
4571 dsconf plugin contentsync status
4573 display plugin status
4574 dsconf plugin contentsync set
4576 Edit the plugin
4577 dsconf plugin contentsync add
4579 Add attributes to the plugin
4580
4582 usage: dsconf instance plugin contentsync show [-h]
4583
4588 usage: dsconf instance plugin contentsync enable [-h]
4589
4594 usage: dsconf instance plugin contentsync disable [-h]
4595
4600 usage: dsconf instance plugin contentsync status [-h]
4601
4606 usage: dsconf instance plugin contentsync set [-h] [--allow-openldap
4607 {on,off}]
4608 --allow-openldap {on,off}
4612 Allows openldap servers to act as read only consumers of this
4613 server via syncrepl
4614
4617 usage: dsconf instance plugin contentsync add [-h] [--allow-openldap
4618 {on,off}]
4619 --allow-openldap {on,off}
4623 Allows openldap servers to act as read only consumers of this
4624 server via syncrepl
4625
4629 usage: dsconf instance plugin list [-h]
4630
4635 usage: dsconf instance plugin show [-h] [selector]
4636 selector
4639 The plugin to search for
4640
4644 usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled
4645 {on,off}]
4646 [--path PATH] [--initfunc INITFUNC]
4647 [--id ID] [--vendor VENDOR]
4648 [--version VERSION]
4649 [--description DESCRIPTION]
4650 [--depends-on-type DEPENDS_ON_TYPE]
4651 [--depends-on-named DEPENDS_ON_NAMED]
4652 [--precedence PRECEDENCE]
4653 [selector]
4654 selector
4657 The plugin to edit
4658 --type TYPE
4661 The type of plugin.
4662 --enabled {on,off}
4665 Identifies whether or not the plugin is enabled.
4666 --path PATH
4669 The plugin library name (without the library suffix).
4670 --initfunc INITFUNC
4673 An initialization function of the plugin.
4674 --id ID
4677 The plugin ID.
4678 --vendor VENDOR
4681 The vendor of plugin.
4682 --version VERSION
4685 The version of plugin.
4686 --description DESCRIPTION
4689 The description of the plugin.
4690 --depends-on-type DEPENDS_ON_TYPE
4693 All plug-ins with a type value which matches one of the values
4694 in the following valid range will be started by the server prior
4695 to this plug-in.
4696 --depends-on-named DEPENDS_ON_NAMED
4699 The plug-in name matching one of the following values will be
4700 started by the server prior to this plug-in
4701 --precedence PRECEDENCE
4704 The priority it has in the execution order of plug-ins
4705
4709 usage: dsconf instance pwpolicy [-h] {get,set} ...
4710 Sub-commands
4713 dsconf pwpolicy get
4714 Get the global password policy entry
4715 dsconf pwpolicy set
4717 Set an attribute in a global password policy
4718
4720 usage: dsconf instance pwpolicy get [-h]
4721
4726 usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4727 [--pwdchange PWDCHANGE]
4728 [--pwdmustchange PWDMUSTCHANGE]
4729 [--pwdhistory PWDHISTORY]
4730 [--pwdhistorycount PWDHISTORYCOUNT]
4731 [--pwdadmin PWDADMIN]
4732 [--pwdtrack PWDTRACK]
4733 [--pwdwarning PWDWARNING]
4734 [--pwdexpire PWDEXPIRE]
4735 [--pwdmaxage PWDMAXAGE]
4736 [--pwdminage PWDMINAGE]
4737 [--pwdgracelimit PWDGRACELIMIT]
4738 [--pwdsendexpiring PWDSENDEXPIRING]
4739 [--pwdlockout PWDLOCKOUT]
4740 [--pwdunlock PWDUNLOCK]
4741 [--pwdlockoutduration PWDLOCKOUTDU‐
4742 RATION]
4743 [--pwdmaxfailures PWDMAXFAILURES]
4744 [--pwdresetfailcount PWDRESETFAIL‐
4745 COUNT]
4746 [--pwdchecksyntax PWDCHECKSYNTAX]
4747 [--pwdminlen PWDMINLEN]
4748 [--pwdmindigits PWDMINDIGITS]
4749 [--pwdminalphas PWDMINALPHAS]
4750 [--pwdminuppers PWDMINUPPERS]
4751 [--pwdminlowers PWDMINLOWERS]
4752 [--pwdminspecials PWDMINSPECIALS]
4753 [--pwdmin8bits PWDMIN8BITS]
4754 [--pwdmaxrepeats PWDMAXREPEATS]
4755 [--pwdpalindrome PWDPALINDROME]
4756 [--pwdmaxseq PWDMAXSEQ]
4757 [--pwdmaxseqsets PWDMAXSEQSETS]
4758 [--pwdmaxclasschars PWDMAXCLASS‐
4759 CHARS]
4760 [--pwdmincatagories PWDMIN‐
4761 CATAGORIES]
4762 [--pwdmintokenlen PWDMINTOKENLEN]
4763 [--pwdbadwords PWDBADWORDS]
4764 [--pwduserattrs PWDUSERATTRS]
4765 [--pwpinheritglobal PWPINHERIT‐
4766 GLOBAL]
4767 [--pwddictcheck PWDDICTCHECK]
4768 [--pwddictpath PWDDICTPATH]
4769 [--pwdlocal PWDLOCAL]
4770 [--pwdisglobal PWDISGLOBAL]
4771 [--pwdallowhash PWDALLOWHASH]
4772 --pwdscheme PWDSCHEME
4776 The password storage scheme
4777 --pwdchange PWDCHANGE
4780 Allow users to change their passwords
4781 --pwdmustchange PWDMUSTCHANGE
4784 User must change their passwrod after it is reset by an Adminis‐
4785 trator
4786 --pwdhistory PWDHISTORY
4789 To enable password history set this to "on", otherwise "off"
4790 --pwdhistorycount PWDHISTORYCOUNT
4793 The number of password to keep in history
4794 --pwdadmin PWDADMIN
4797 The DN of an entry or a group of account that can bypass pass‐
4798 word policy constraints
4799 --pwdtrack PWDTRACK
4802 Set to "on" to track the time the password was last changed
4803 --pwdwarning PWDWARNING
4806 Send an expiring warning if password expires within this time
4807 (in seconds)
4808 --pwdexpire PWDEXPIRE
4811 Set to "on" to enable password expiration
4812 --pwdmaxage PWDMAXAGE
4815 The password expiration time in seconds
4816 --pwdminage PWDMINAGE
4819 The number of seconds that must pass before a user can change
4820 their password
4821 --pwdgracelimit PWDGRACELIMIT
4824 The number of allowed logins after the password has expired
4825 --pwdsendexpiring PWDSENDEXPIRING
4828 Set to "on" to always send the expiring control regardless of
4829 the warning period
4830 --pwdlockout PWDLOCKOUT
4833 Set to "on" to enable account lockout
4834 --pwdunlock PWDUNLOCK
4837 Set to "on" to allow an account to become unlocked after the
4838 lockout duration
4839 --pwdlockoutduration PWDLOCKOUTDURATION
4842 The number of seconds an account stays locked out
4843 --pwdmaxfailures PWDMAXFAILURES
4846 The maximum number of allowed failed password attempts before
4847 the account gets locked
4848 --pwdresetfailcount PWDRESETFAILCOUNT
4851 The number of seconds to wait before reducing the failed login
4852 count on an account
4853 --pwdchecksyntax PWDCHECKSYNTAX
4856 Set to "on" to Enable password syntax checking
4857 --pwdminlen PWDMINLEN
4860 The minimum number of characters required in a password
4861 --pwdmindigits PWDMINDIGITS
4864 The minimum number of digit/number characters in a password
4865 --pwdminalphas PWDMINALPHAS
4868 The minimum number of alpha characters required in a password
4869 --pwdminuppers PWDMINUPPERS
4872 The minimum number of uppercase characters required in a pass‐
4873 word
4874 --pwdminlowers PWDMINLOWERS
4877 The minimum number of lowercase characters required in a pass‐
4878 word
4879 --pwdminspecials PWDMINSPECIALS
4882 The minimum number of special characters required in a password
4883 --pwdmin8bits PWDMIN8BITS
4886 The minimum number of 8-bit characters required in a password
4887 --pwdmaxrepeats PWDMAXREPEATS
4890 The maximum number of times the same character can appear se‐
4891 quentially in the password
4892 --pwdpalindrome PWDPALINDROME
4895 Set to "on" to reject passwords that are palindromes
4896 --pwdmaxseq PWDMAXSEQ
4899 The maximum number of allowed monotonic character sequences in a
4900 password
4901 --pwdmaxseqsets PWDMAXSEQSETS
4904 The maximum number of allowed monotonic character sequences that
4905 can be duplicated in a password
4906 --pwdmaxclasschars PWDMAXCLASSCHARS
4909 The maximum number of sequential characters from the same char‐
4910 acter class that is allowed in a password
4911 --pwdmincatagories PWDMINCATAGORIES
4914 The minimum number of syntax category checks
4915 --pwdmintokenlen PWDMINTOKENLEN
4918 Sets the smallest attribute value length that is used for triv‐
4919 ial/user words checking. This also impacts "--pwduserattrs"
4920 --pwdbadwords PWDBADWORDS
4923 A space-separated list of words that can not be in a password
4924 --pwduserattrs PWDUSERATTRS
4927 A space-separated list of attributes whose values can not appear
4928 in the password (See "--pwdmintokenlen")
4929 --pwpinheritglobal PWPINHERITGLOBAL
4932 Set to "on" to allow local policies to inherit the global policy
4933 --pwddictcheck PWDDICTCHECK
4936 Set to "on" to enforce CrackLib dictionary checking
4937 --pwddictpath PWDDICTPATH
4940 Filesystem path to specific/custom CrackLib dictionary files
4941 --pwdlocal PWDLOCAL
4944 Set to "on" to enable fine-grained (subtree/user-level) password
4945 policies
4946 --pwdisglobal PWDISGLOBAL
4949 Set to "on" to enable password policy state attributesto be
4950 replicated
4951 --pwdallowhash PWDALLOWHASH
4954 Set to "on" to allow adding prehashed passwords
4955
4959 usage: dsconf instance localpwp [-h]
4960 {list,get,set,remove,adduser,addsub‐
4961 tree} ...
4962 Sub-commands
4965 dsconf localpwp list
4966 List all the local password policies
4967 dsconf localpwp get
4969 Get local password policy entry
4970 dsconf localpwp set
4972 Set an attribute in a local password policy
4973 dsconf localpwp remove
4975 Remove a local password policy
4976 dsconf localpwp adduser
4978 Add new user password policy
4979 dsconf localpwp addsubtree
4981 Add new subtree password policy
4982
4984 usage: dsconf instance localpwp list [-h] [DN]
4985 DN Suffix to search for local password policies
4988
4992 usage: dsconf instance localpwp get [-h] DN
4993 DN Get the local policy for this entry DN
4996
5000 usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
5001 [--pwdchange PWDCHANGE]
5002 [--pwdmustchange PWDMUSTCHANGE]
5003 [--pwdhistory PWDHISTORY]
5004 [--pwdhistorycount PWDHISTORYCOUNT]
5005 [--pwdadmin PWDADMIN]
5006 [--pwdtrack PWDTRACK]
5007 [--pwdwarning PWDWARNING]
5008 [--pwdexpire PWDEXPIRE]
5009 [--pwdmaxage PWDMAXAGE]
5010 [--pwdminage PWDMINAGE]
5011 [--pwdgracelimit PWDGRACELIMIT]
5012 [--pwdsendexpiring PWDSENDEXPIRING]
5013 [--pwdlockout PWDLOCKOUT]
5014 [--pwdunlock PWDUNLOCK]
5015 [--pwdlockoutduration PWDLOCKOUTDU‐
5016 RATION]
5017 [--pwdmaxfailures PWDMAXFAILURES]
5018 [--pwdresetfailcount PWDRESETFAIL‐
5019 COUNT]
5020 [--pwdchecksyntax PWDCHECKSYNTAX]
5021 [--pwdminlen PWDMINLEN]
5022 [--pwdmindigits PWDMINDIGITS]
5023 [--pwdminalphas PWDMINALPHAS]
5024 [--pwdminuppers PWDMINUPPERS]
5025 [--pwdminlowers PWDMINLOWERS]
5026 [--pwdminspecials PWDMINSPECIALS]
5027 [--pwdmin8bits PWDMIN8BITS]
5028 [--pwdmaxrepeats PWDMAXREPEATS]
5029 [--pwdpalindrome PWDPALINDROME]
5030 [--pwdmaxseq PWDMAXSEQ]
5031 [--pwdmaxseqsets PWDMAXSEQSETS]
5032 [--pwdmaxclasschars PWDMAXCLASS‐
5033 CHARS]
5034 [--pwdmincatagories PWDMIN‐
5035 CATAGORIES]
5036 [--pwdmintokenlen PWDMINTOKENLEN]
5037 [--pwdbadwords PWDBADWORDS]
5038 [--pwduserattrs PWDUSERATTRS]
5039 [--pwpinheritglobal PWPINHERIT‐
5040 GLOBAL]
5041 [--pwddictcheck PWDDICTCHECK]
5042 [--pwddictpath PWDDICTPATH]
5043 DN
5044 DN Set the local policy for this entry DN
5047 --pwdscheme PWDSCHEME
5050 The password storage scheme
5051 --pwdchange PWDCHANGE
5054 Allow users to change their passwords
5055 --pwdmustchange PWDMUSTCHANGE
5058 User must change their passwrod after it is reset by an Adminis‐
5059 trator
5060 --pwdhistory PWDHISTORY
5063 To enable password history set this to "on", otherwise "off"
5064 --pwdhistorycount PWDHISTORYCOUNT
5067 The number of password to keep in history
5068 --pwdadmin PWDADMIN
5071 The DN of an entry or a group of account that can bypass pass‐
5072 word policy constraints
5073 --pwdtrack PWDTRACK
5076 Set to "on" to track the time the password was last changed
5077 --pwdwarning PWDWARNING
5080 Send an expiring warning if password expires within this time
5081 (in seconds)
5082 --pwdexpire PWDEXPIRE
5085 Set to "on" to enable password expiration
5086 --pwdmaxage PWDMAXAGE
5089 The password expiration time in seconds
5090 --pwdminage PWDMINAGE
5093 The number of seconds that must pass before a user can change
5094 their password
5095 --pwdgracelimit PWDGRACELIMIT
5098 The number of allowed logins after the password has expired
5099 --pwdsendexpiring PWDSENDEXPIRING
5102 Set to "on" to always send the expiring control regardless of
5103 the warning period
5104 --pwdlockout PWDLOCKOUT
5107 Set to "on" to enable account lockout
5108 --pwdunlock PWDUNLOCK
5111 Set to "on" to allow an account to become unlocked after the
5112 lockout duration
5113 --pwdlockoutduration PWDLOCKOUTDURATION
5116 The number of seconds an account stays locked out
5117 --pwdmaxfailures PWDMAXFAILURES
5120 The maximum number of allowed failed password attempts before
5121 the account gets locked
5122 --pwdresetfailcount PWDRESETFAILCOUNT
5125 The number of seconds to wait before reducing the failed login
5126 count on an account
5127 --pwdchecksyntax PWDCHECKSYNTAX
5130 Set to "on" to Enable password syntax checking
5131 --pwdminlen PWDMINLEN
5134 The minimum number of characters required in a password
5135 --pwdmindigits PWDMINDIGITS
5138 The minimum number of digit/number characters in a password
5139 --pwdminalphas PWDMINALPHAS
5142 The minimum number of alpha characters required in a password
5143 --pwdminuppers PWDMINUPPERS
5146 The minimum number of uppercase characters required in a pass‐
5147 word
5148 --pwdminlowers PWDMINLOWERS
5151 The minimum number of lowercase characters required in a pass‐
5152 word
5153 --pwdminspecials PWDMINSPECIALS
5156 The minimum number of special characters required in a password
5157 --pwdmin8bits PWDMIN8BITS
5160 The minimum number of 8-bit characters required in a password
5161 --pwdmaxrepeats PWDMAXREPEATS
5164 The maximum number of times the same character can appear se‐
5165 quentially in the password
5166 --pwdpalindrome PWDPALINDROME
5169 Set to "on" to reject passwords that are palindromes
5170 --pwdmaxseq PWDMAXSEQ
5173 The maximum number of allowed monotonic character sequences in a
5174 password
5175 --pwdmaxseqsets PWDMAXSEQSETS
5178 The maximum number of allowed monotonic character sequences that
5179 can be duplicated in a password
5180 --pwdmaxclasschars PWDMAXCLASSCHARS
5183 The maximum number of sequential characters from the same char‐
5184 acter class that is allowed in a password
5185 --pwdmincatagories PWDMINCATAGORIES
5188 The minimum number of syntax category checks
5189 --pwdmintokenlen PWDMINTOKENLEN
5192 Sets the smallest attribute value length that is used for triv‐
5193 ial/user words checking. This also impacts "--pwduserattrs"
5194 --pwdbadwords PWDBADWORDS
5197 A space-separated list of words that can not be in a password
5198 --pwduserattrs PWDUSERATTRS
5201 A space-separated list of attributes whose values can not appear
5202 in the password (See "--pwdmintokenlen")
5203 --pwpinheritglobal PWPINHERITGLOBAL
5206 Set to "on" to allow local policies to inherit the global policy
5207 --pwddictcheck PWDDICTCHECK
5210 Set to "on" to enforce CrackLib dictionary checking
5211 --pwddictpath PWDDICTPATH
5214 Filesystem path to specific/custom CrackLib dictionary files
5215
5218 usage: dsconf instance localpwp remove [-h] DN
5219 DN Remove local policy for this entry DN
5222
5226 usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5227 [--pwdchange PWDCHANGE]
5228 [--pwdmustchange PWDMUSTCHANGE]
5229 [--pwdhistory PWDHISTORY]
5230 [--pwdhistorycount PWDHISTO‐
5231 RYCOUNT]
5232 [--pwdadmin PWDADMIN]
5233 [--pwdtrack PWDTRACK]
5234 [--pwdwarning PWDWARNING]
5235 [--pwdexpire PWDEXPIRE]
5236 [--pwdmaxage PWDMAXAGE]
5237 [--pwdminage PWDMINAGE]
5238 [--pwdgracelimit PWDGRACELIMIT]
5239 [--pwdsendexpiring PWDSENDEX‐
5240 PIRING]
5241 [--pwdlockout PWDLOCKOUT]
5242 [--pwdunlock PWDUNLOCK]
5243 [--pwdlockoutduration PWDLOCK‐
5244 OUTDURATION]
5245 [--pwdmaxfailures PWDMAXFAIL‐
5246 URES]
5247 [--pwdresetfailcount PWDRESET‐
5248 FAILCOUNT]
5249 [--pwdchecksyntax PWDCHECKSYN‐
5250 TAX]
5251 [--pwdminlen PWDMINLEN]
5252 [--pwdmindigits PWDMINDIGITS]
5253 [--pwdminalphas PWDMINALPHAS]
5254 [--pwdminuppers PWDMINUPPERS]
5255 [--pwdminlowers PWDMINLOWERS]
5256 [--pwdminspecials PWDMINSPE‐
5257 CIALS]
5258 [--pwdmin8bits PWDMIN8BITS]
5259 [--pwdmaxrepeats PWDMAXREPEATS]
5260 [--pwdpalindrome PWDPALINDROME]
5261 [--pwdmaxseq PWDMAXSEQ]
5262 [--pwdmaxseqsets PWDMAXSEQSETS]
5263 [--pwdmaxclasschars PWDMAX‐
5264 CLASSCHARS]
5265 [--pwdmincatagories PWDMIN‐
5266 CATAGORIES]
5267 [--pwdmintokenlen PWDMINTO‐
5268 KENLEN]
5269 [--pwdbadwords PWDBADWORDS]
5270 [--pwduserattrs PWDUSERATTRS]
5271 [--pwpinheritglobal PWPINHERIT‐
5272 GLOBAL]
5273 [--pwddictcheck PWDDICTCHECK]
5274 [--pwddictpath PWDDICTPATH]
5275 DN
5276 DN Add/replace the local password policy for this entry DN
5279 --pwdscheme PWDSCHEME
5282 The password storage scheme
5283 --pwdchange PWDCHANGE
5286 Allow users to change their passwords
5287 --pwdmustchange PWDMUSTCHANGE
5290 User must change their passwrod after it is reset by an Adminis‐
5291 trator
5292 --pwdhistory PWDHISTORY
5295 To enable password history set this to "on", otherwise "off"
5296 --pwdhistorycount PWDHISTORYCOUNT
5299 The number of password to keep in history
5300 --pwdadmin PWDADMIN
5303 The DN of an entry or a group of account that can bypass pass‐
5304 word policy constraints
5305 --pwdtrack PWDTRACK
5308 Set to "on" to track the time the password was last changed
5309 --pwdwarning PWDWARNING
5312 Send an expiring warning if password expires within this time
5313 (in seconds)
5314 --pwdexpire PWDEXPIRE
5317 Set to "on" to enable password expiration
5318 --pwdmaxage PWDMAXAGE
5321 The password expiration time in seconds
5322 --pwdminage PWDMINAGE
5325 The number of seconds that must pass before a user can change
5326 their password
5327 --pwdgracelimit PWDGRACELIMIT
5330 The number of allowed logins after the password has expired
5331 --pwdsendexpiring PWDSENDEXPIRING
5334 Set to "on" to always send the expiring control regardless of
5335 the warning period
5336 --pwdlockout PWDLOCKOUT
5339 Set to "on" to enable account lockout
5340 --pwdunlock PWDUNLOCK
5343 Set to "on" to allow an account to become unlocked after the
5344 lockout duration
5345 --pwdlockoutduration PWDLOCKOUTDURATION
5348 The number of seconds an account stays locked out
5349 --pwdmaxfailures PWDMAXFAILURES
5352 The maximum number of allowed failed password attempts before
5353 the account gets locked
5354 --pwdresetfailcount PWDRESETFAILCOUNT
5357 The number of seconds to wait before reducing the failed login
5358 count on an account
5359 --pwdchecksyntax PWDCHECKSYNTAX
5362 Set to "on" to Enable password syntax checking
5363 --pwdminlen PWDMINLEN
5366 The minimum number of characters required in a password
5367 --pwdmindigits PWDMINDIGITS
5370 The minimum number of digit/number characters in a password
5371 --pwdminalphas PWDMINALPHAS
5374 The minimum number of alpha characters required in a password
5375 --pwdminuppers PWDMINUPPERS
5378 The minimum number of uppercase characters required in a pass‐
5379 word
5380 --pwdminlowers PWDMINLOWERS
5383 The minimum number of lowercase characters required in a pass‐
5384 word
5385 --pwdminspecials PWDMINSPECIALS
5388 The minimum number of special characters required in a password
5389 --pwdmin8bits PWDMIN8BITS
5392 The minimum number of 8-bit characters required in a password
5393 --pwdmaxrepeats PWDMAXREPEATS
5396 The maximum number of times the same character can appear se‐
5397 quentially in the password
5398 --pwdpalindrome PWDPALINDROME
5401 Set to "on" to reject passwords that are palindromes
5402 --pwdmaxseq PWDMAXSEQ
5405 The maximum number of allowed monotonic character sequences in a
5406 password
5407 --pwdmaxseqsets PWDMAXSEQSETS
5410 The maximum number of allowed monotonic character sequences that
5411 can be duplicated in a password
5412 --pwdmaxclasschars PWDMAXCLASSCHARS
5415 The maximum number of sequential characters from the same char‐
5416 acter class that is allowed in a password
5417 --pwdmincatagories PWDMINCATAGORIES
5420 The minimum number of syntax category checks
5421 --pwdmintokenlen PWDMINTOKENLEN
5424 Sets the smallest attribute value length that is used for triv‐
5425 ial/user words checking. This also impacts "--pwduserattrs"
5426 --pwdbadwords PWDBADWORDS
5429 A space-separated list of words that can not be in a password
5430 --pwduserattrs PWDUSERATTRS
5433 A space-separated list of attributes whose values can not appear
5434 in the password (See "--pwdmintokenlen")
5435 --pwpinheritglobal PWPINHERITGLOBAL
5438 Set to "on" to allow local policies to inherit the global policy
5439 --pwddictcheck PWDDICTCHECK
5442 Set to "on" to enforce CrackLib dictionary checking
5443 --pwddictpath PWDDICTPATH
5446 Filesystem path to specific/custom CrackLib dictionary files
5447
5450 usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5451 [--pwdchange PWDCHANGE]
5452 [--pwdmustchange PWD‐
5453 MUSTCHANGE]
5454 [--pwdhistory PWDHISTORY]
5455 [--pwdhistorycount PWDHISTO‐
5456 RYCOUNT]
5457 [--pwdadmin PWDADMIN]
5458 [--pwdtrack PWDTRACK]
5459 [--pwdwarning PWDWARNING]
5460 [--pwdexpire PWDEXPIRE]
5461 [--pwdmaxage PWDMAXAGE]
5462 [--pwdminage PWDMINAGE]
5463 [--pwdgracelimit PWDGRACE‐
5464 LIMIT]
5465 [--pwdsendexpiring PWDSEND‐
5466 EXPIRING]
5467 [--pwdlockout PWDLOCKOUT]
5468 [--pwdunlock PWDUNLOCK]
5469 [--pwdlockoutduration PWD‐
5470 LOCKOUTDURATION]
5471 [--pwdmaxfailures PWDMAX‐
5472 FAILURES]
5473 [--pwdresetfailcount PW‐
5474 DRESETFAILCOUNT]
5475 [--pwdchecksyntax PWD‐
5476 CHECKSYNTAX]
5477 [--pwdminlen PWDMINLEN]
5478 [--pwdmindigits PWDMINDIG‐
5479 ITS]
5480 [--pwdminalphas PWDMINAL‐
5481 PHAS]
5482 [--pwdminuppers PWDMINUP‐
5483 PERS]
5484 [--pwdminlowers PWDMINLOW‐
5485 ERS]
5486 [--pwdminspecials PWDMINSPE‐
5487 CIALS]
5488 [--pwdmin8bits PWDMIN8BITS]
5489 [--pwdmaxrepeats PWDMAXRE‐
5490 PEATS]
5491 [--pwdpalindrome PWDPALIN‐
5492 DROME]
5493 [--pwdmaxseq PWDMAXSEQ]
5494 [--pwdmaxseqsets PWDMAXSE‐
5495 QSETS]
5496 [--pwdmaxclasschars PWDMAX‐
5497 CLASSCHARS]
5498 [--pwdmincatagories PWDMIN‐
5499 CATAGORIES]
5500 [--pwdmintokenlen PWDMINTO‐
5501 KENLEN]
5502 [--pwdbadwords PWDBADWORDS]
5503 [--pwduserattrs PWDUSERAT‐
5504 TRS]
5505 [--pwpinheritglobal PWPIN‐
5506 HERITGLOBAL]
5507 [--pwddictcheck PWD‐
5508 DICTCHECK]
5509 [--pwddictpath PWDDICTPATH]
5510 DN
5511 DN Add/replace the subtree policy for this entry DN
5514 --pwdscheme PWDSCHEME
5517 The password storage scheme
5518 --pwdchange PWDCHANGE
5521 Allow users to change their passwords
5522 --pwdmustchange PWDMUSTCHANGE
5525 User must change their passwrod after it is reset by an Adminis‐
5526 trator
5527 --pwdhistory PWDHISTORY
5530 To enable password history set this to "on", otherwise "off"
5531 --pwdhistorycount PWDHISTORYCOUNT
5534 The number of password to keep in history
5535 --pwdadmin PWDADMIN
5538 The DN of an entry or a group of account that can bypass pass‐
5539 word policy constraints
5540 --pwdtrack PWDTRACK
5543 Set to "on" to track the time the password was last changed
5544 --pwdwarning PWDWARNING
5547 Send an expiring warning if password expires within this time
5548 (in seconds)
5549 --pwdexpire PWDEXPIRE
5552 Set to "on" to enable password expiration
5553 --pwdmaxage PWDMAXAGE
5556 The password expiration time in seconds
5557 --pwdminage PWDMINAGE
5560 The number of seconds that must pass before a user can change
5561 their password
5562 --pwdgracelimit PWDGRACELIMIT
5565 The number of allowed logins after the password has expired
5566 --pwdsendexpiring PWDSENDEXPIRING
5569 Set to "on" to always send the expiring control regardless of
5570 the warning period
5571 --pwdlockout PWDLOCKOUT
5574 Set to "on" to enable account lockout
5575 --pwdunlock PWDUNLOCK
5578 Set to "on" to allow an account to become unlocked after the
5579 lockout duration
5580 --pwdlockoutduration PWDLOCKOUTDURATION
5583 The number of seconds an account stays locked out
5584 --pwdmaxfailures PWDMAXFAILURES
5587 The maximum number of allowed failed password attempts before
5588 the account gets locked
5589 --pwdresetfailcount PWDRESETFAILCOUNT
5592 The number of seconds to wait before reducing the failed login
5593 count on an account
5594 --pwdchecksyntax PWDCHECKSYNTAX
5597 Set to "on" to Enable password syntax checking
5598 --pwdminlen PWDMINLEN
5601 The minimum number of characters required in a password
5602 --pwdmindigits PWDMINDIGITS
5605 The minimum number of digit/number characters in a password
5606 --pwdminalphas PWDMINALPHAS
5609 The minimum number of alpha characters required in a password
5610 --pwdminuppers PWDMINUPPERS
5613 The minimum number of uppercase characters required in a pass‐
5614 word
5615 --pwdminlowers PWDMINLOWERS
5618 The minimum number of lowercase characters required in a pass‐
5619 word
5620 --pwdminspecials PWDMINSPECIALS
5623 The minimum number of special characters required in a password
5624 --pwdmin8bits PWDMIN8BITS
5627 The minimum number of 8-bit characters required in a password
5628 --pwdmaxrepeats PWDMAXREPEATS
5631 The maximum number of times the same character can appear se‐
5632 quentially in the password
5633 --pwdpalindrome PWDPALINDROME
5636 Set to "on" to reject passwords that are palindromes
5637 --pwdmaxseq PWDMAXSEQ
5640 The maximum number of allowed monotonic character sequences in a
5641 password
5642 --pwdmaxseqsets PWDMAXSEQSETS
5645 The maximum number of allowed monotonic character sequences that
5646 can be duplicated in a password
5647 --pwdmaxclasschars PWDMAXCLASSCHARS
5650 The maximum number of sequential characters from the same char‐
5651 acter class that is allowed in a password
5652 --pwdmincatagories PWDMINCATAGORIES
5655 The minimum number of syntax category checks
5656 --pwdmintokenlen PWDMINTOKENLEN
5659 Sets the smallest attribute value length that is used for triv‐
5660 ial/user words checking. This also impacts "--pwduserattrs"
5661 --pwdbadwords PWDBADWORDS
5664 A space-separated list of words that can not be in a password
5665 --pwduserattrs PWDUSERATTRS
5668 A space-separated list of attributes whose values can not appear
5669 in the password (See "--pwdmintokenlen")
5670 --pwpinheritglobal PWPINHERITGLOBAL
5673 Set to "on" to allow local policies to inherit the global policy
5674 --pwddictcheck PWDDICTCHECK
5677 Set to "on" to enforce CrackLib dictionary checking
5678 --pwddictpath PWDDICTPATH
5681 Filesystem path to specific/custom CrackLib dictionary files
5682
5686 usage: dsconf instance replication [-h]
5687 {enable,disable,get-ruv,list,sta‐
5688 tus,winsync-status,promote,create-manager,delete-manager,de‐
5689 mote,get,set-changelog,get-changelog,export-changelog,import-
5690 changelog,set,monitor}
5691 ...
5692 Sub-commands
5695 dsconf replication enable
5696 Enable replication for a suffix
5697 dsconf replication disable
5699 Disable replication for a suffix
5700 dsconf replication get-ruv
5702 Get the database RUV entry for his suffix
5703 dsconf replication list
5705 List all the replicated suffixes
5706 dsconf replication status
5708 Get the current status of all the replication agreements
5709 dsconf replication winsync-status
5711 Get the current status of all the replication agreements
5712 dsconf replication promote
5714 Promote replica to a Hub or Supplier
5715 dsconf replication create-manager
5717 Create a replication manager entry
5718 dsconf replication delete-manager
5720 Delete a replication manager entry
5721 dsconf replication demote
5723 Demote replica to a Hub or Consumer
5724 dsconf replication get
5726 Get replication configuration
5727 dsconf replication set-changelog
5729 Set replication changelog attributes.
5730 dsconf replication get-changelog
5732 Display replication changelog attributes.
5733 dsconf replication export-changelog
5735 Export the Directory Server replication changelog to an LDIF
5736 dsconf replication import-changelog
5738 Restore/Import Directory Server replication change log from an
5739 LDIF file. This is typically used when managing changelog en‐
5740 cryption
5741 dsconf replication set
5743 Set an attribute in the replication configuration
5744 dsconf replication monitor
5746 Get the full replication topology report
5747
5749 usage: dsconf instance replication enable [-h] --suffix SUFFIX --role
5750 ROLE
5751 [--replica-id REPLICA_ID]
5752 [--bind-group-dn
5753 BIND_GROUP_DN]
5754 [--bind-dn BIND_DN]
5755 [--bind-passwd BIND_PASSWD]
5756 --suffix SUFFIX
5760 The DN of the suffix to be enabled for replication
5761 --role ROLE
5764 The Replication role: "supplier", "hub", or "consumer"
5765 --replica-id REPLICA_ID
5768 The replication identifier for a "supplier". Values range from 1
5769 - 65534
5770 --bind-group-dn BIND_GROUP_DN
5773 A group entry DN containing members that are "bind/supplier" DNs
5774 --bind-dn BIND_DN
5777 The Bind or Supplier DN that can make replication updates
5778 --bind-passwd BIND_PASSWD
5781 Password for replication manager(--bind-dn). This will create
5782 the manager entry if a value is set
5783
5786 usage: dsconf instance replication disable [-h] --suffix SUFFIX
5787 --suffix SUFFIX
5791 The DN of the suffix to have replication disabled
5792
5795 usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX
5796 --suffix SUFFIX
5800 The DN of the replicated suffix
5801
5804 usage: dsconf instance replication list [-h]
5805
5810 usage: dsconf instance replication status [-h] --suffix SUFFIX
5811 [--bind-dn BIND_DN]
5812 [--bind-passwd BIND_PASSWD]
5813 --suffix SUFFIX
5817 The DN of the replication suffix
5818 --bind-dn BIND_DN
5821 The DN to use to authenticate to the consumer
5822 --bind-passwd BIND_PASSWD
5825 The password for the bind DN
5826
5829 usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX
5830 [--bind-dn BIND_DN]
5831 [--bind-passwd
5832 BIND_PASSWD]
5833 --suffix SUFFIX
5837 The DN of the replication suffix
5838 --bind-dn BIND_DN
5841 The DN to use to authenticate to the consumer
5842 --bind-passwd BIND_PASSWD
5845 The password for the bind DN
5846
5849 usage: dsconf instance replication promote [-h] --suffix SUFFIX --new‐
5850 role
5851 NEWROLE [--replica-id
5852 REPLICA_ID]
5853 [--bind-group-dn
5854 BIND_GROUP_DN]
5855 [--bind-dn BIND_DN]
5856 --suffix SUFFIX
5860 The DN of the replication suffix to promote
5861 --newrole NEWROLE
5864 Promote this replica to a "hub" or "supplier"
5865 --replica-id REPLICA_ID
5868 The replication identifier for a "supplier". Values range from 1
5869 - 65534
5870 --bind-group-dn BIND_GROUP_DN
5873 A group entry DN containing members that are "bind/supplier" DNs
5874 --bind-dn BIND_DN
5877 The Bind or Supplier DN that can make replication updates
5878
5881 usage: dsconf instance replication create-manager [-h] [--name NAME]
5882 [--passwd PASSWD]
5883 [--suffix SUFFIX]
5884 --name NAME
5888 The NAME of the new replication manager entry. For example, if
5889 the NAME is "replication manager" then the new manager entry's
5890 DN would be "cn=replication manager,cn=config".
5891 --passwd PASSWD
5894 Password for replication manager. If not provided, you will be
5895 prompted for the password
5896 --suffix SUFFIX
5899 The DN of the replication suffix whose replication configuration
5900 you want to add this new manager to (OPTIONAL)
5901
5904 usage: dsconf instance replication delete-manager [-h] [--name NAME]
5905 [--suffix SUFFIX]
5906 --name NAME
5910 The NAME of the replication manager entry under cn=config:
5911 "cn=NAME,cn=config"
5912 --suffix SUFFIX
5915 The DN of the replication suffix whose replication configuration
5916 you want to remove this manager from (OPTIONAL)
5917
5920 usage: dsconf instance replication demote [-h] --suffix SUFFIX --new‐
5921 role
5922 NEWROLE
5923 --suffix SUFFIX
5927 Promote this replica to a "hub" or "consumer"
5928 --newrole NEWROLE
5931 The Replication role: "hub", or "consumer"
5932
5935 usage: dsconf instance replication get [-h] --suffix SUFFIX
5936 --suffix SUFFIX
5940 Get the replication configuration for this suffix DN
5941
5944 usage: dsconf instance replication set-changelog [-h] --suffix SUFFIX
5945 [--max-entries MAX_EN‐
5946 TRIES]
5947 [--max-age MAX_AGE]
5948 [--trim-interval
5949 TRIM_INTERVAL]
5950 [--encrypt]
5951 [--disable-encrypt]
5952 --suffix SUFFIX
5956 The suffix that uses the changelog
5957 --max-entries MAX_ENTRIES
5960 The maximum number of entries to get in the replication
5961 changelog
5962 --max-age MAX_AGE
5965 The maximum age of a replication changelog entry
5966 --trim-interval TRIM_INTERVAL
5969 The interval to check if the replication changelog can be
5970 trimmed
5971 --encrypt
5974 Set the replication changelog to use encryption. You must export
5975 & import the changelog after setting this.
5976 --disable-encrypt
5979 Set the replication changelog to not use encryption. You must
5980 export & import the changelog after setting this.
5981
5984 usage: dsconf instance replication get-changelog [-h] --suffix SUFFIX
5985 --suffix SUFFIX
5989 The suffix that uses the changelog
5990
5993 usage: dsconf instance replication export-changelog [-h] {to-ldif,de‐
5994 fault} ...
5995 Sub-commands
5998 dsconf replication export-changelog to-ldif
5999 Export the specific single LDIF file. This is typically used
6000 for setting up changelog encryption
6001 dsconf replication export-changelog default
6003 Export the replication changelog to the server's default LDIF
6004 directory.
6005
6007 usage: dsconf instance replication export-changelog to-ldif
6008 [-h] [-c] [-d] [-l] [-i CHANGELOG_LDIF] -o OUTPUT_FILE -r
6009 REPLICA_ROOT
6010 -c, --csn-only
6014 Export and interpret CSN only. This option can be used with or
6015 without -i option. The LDIF file that is generated can not be
6016 imported and is only used debugging purposes
6017 -d, --decode
6020 Decode the base64 values in each changelog entry. The LDIF file
6021 that is generated can not be imported and is only used debugging
6022 purposes
6023 -l, --preserve-ldif-done
6026 Preserve generated ldif.done files in changelog dirextory.
6027 -i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF
6030 If you already have a changelog LDIF file, but the changes in
6031 that file are encoded, you may use this option to decode the
6032 changes in that LDIF file.
6033 -o OUTPUT_FILE, --output-file OUTPUT_FILE
6036 Path name for the final result.
6037 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6040 Specify replica root whose changelog you want to export.
6041
6044 usage: dsconf instance replication export-changelog default
6045 [-h] -r REPLICA_ROOT
6046 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6050 Specify replica root whose changelog you want to export.
6051
6055 usage: dsconf instance replication import-changelog [-h]
6056 {from-ldif,default}
6057 ...
6058 Sub-commands
6061 dsconf replication import-changelog from-ldif
6062 Restore/Import a specific single LDIF file.
6063 dsconf replication import-changelog default
6065 Import the default changelog LDIF file created by the server.
6066
6068 usage: dsconf instance replication import-changelog from-ldif
6069 [-h] -r REPLICA_ROOT LDIF_PATH
6070 LDIF_PATH
6073 The path of the changelog LDIF file.
6074 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6077 Specify the replica root whose changelog you want to import.
6078
6081 usage: dsconf instance replication import-changelog default
6082 [-h] -r REPLICA_ROOT
6083 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6087 Specify the replica root whose changelog you want to import.
6088
6092 usage: dsconf instance replication set [-h] --suffix SUFFIX
6093 [--repl-add-bind-dn
6094 REPL_ADD_BIND_DN]
6095 [--repl-del-bind-dn
6096 REPL_DEL_BIND_DN]
6097 [--repl-add-ref REPL_ADD_REF]
6098 [--repl-del-ref REPL_DEL_REF]
6099 [--repl-purge-delay
6100 REPL_PURGE_DELAY]
6101 [--repl-tombstone-purge-interval
6102 REPL_TOMBSTONE_PURGE_INTERVAL]
6103 [--repl-fast-tombstone-purging
6104 REPL_FAST_TOMBSTONE_PURGING]
6105 [--repl-bind-group
6106 REPL_BIND_GROUP]
6107 [--repl-bind-group-interval
6108 REPL_BIND_GROUP_INTERVAL]
6109 [--repl-protocol-timeout
6110 REPL_PROTOCOL_TIMEOUT]
6111 [--repl-backoff-max REPL_BACK‐
6112 OFF_MAX]
6113 [--repl-backoff-min REPL_BACK‐
6114 OFF_MIN]
6115 [--repl-release-timeout REPL_RE‐
6116 LEASE_TIMEOUT]
6117 --suffix SUFFIX
6121 The DN of the replication suffix
6122 --repl-add-bind-dn REPL_ADD_BIND_DN
6125 Add a bind (supplier) DN
6126 --repl-del-bind-dn REPL_DEL_BIND_DN
6129 Remove a bind (supplier) DN
6130 --repl-add-ref REPL_ADD_REF
6133 Add a replication referral (for consumers only)
6134 --repl-del-ref REPL_DEL_REF
6137 Remove a replication referral (for conusmers only)
6138 --repl-purge-delay REPL_PURGE_DELAY
6141 The replication purge delay
6142 --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
6145 The interval in seconds to check for tombstones that can be
6146 purged
6147 --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
6150 Set to "on" to improve tombstone purging performance
6151 --repl-bind-group REPL_BIND_GROUP
6154 A group entry DN containing members that are "bind/supplier" DNs
6155 --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
6158 An interval in seconds to check if the bind group has been up‐
6159 dated
6160 --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
6163 A timeout in seconds on how long to wait before stopping repli‐
6164 cation when the server is under load
6165 --repl-backoff-max REPL_BACKOFF_MAX
6168 The maximum time in seconds a replication agreement should stay
6169 in a backoff state while waiting to acquire the consumer. De‐
6170 fault is 300 seconds
6171 --repl-backoff-min REPL_BACKOFF_MIN
6174 The starting time in seconds a replication agreement should stay
6175 in a backoff state while waiting to acquire the consumer. De‐
6176 fault is 3 seconds
6177 --repl-release-timeout REPL_RELEASE_TIMEOUT
6180 A timeout in seconds a replication supplier should send updates
6181 before it yields its replication session
6182
6185 usage: dsconf instance replication monitor [-h] [-c [CONNECTIONS ...]]
6186 [-a [ALIASES ...]]
6187 -c [CONNECTIONS ...], --connections [CONNECTIONS ...]
6191 The connection values for monitoring other not connected topolo‐
6192 gies. The format: 'host:port:binddn:bindpwd'. You can use regex
6193 for host and port. You can set bindpwd to * and it will be re‐
6194 quested at the runtime or you can include the path to the pass‐
6195 word file in square brackets - [~/pwd.txt]
6196 -a [ALIASES ...], --aliases [ALIASES ...]
6199 If a host:port is assigned an alias, then the alias instead of
6200 host:port will be displayed in the output. The format:
6201 alias=host:port
6202
6206 usage: dsconf instance repl-agmt [-h]
6207 {list,enable,disable,init,init-sta‐
6208 tus,poke,status,delete,create,set,get}
6209 ...
6210 Sub-commands
6213 dsconf repl-agmt list
6214 List all the replication agreements
6215 dsconf repl-agmt enable
6217 Enable replication agreement
6218 dsconf repl-agmt disable
6220 Disable replication agreement
6221 dsconf repl-agmt init
6223 Initialize replication agreement
6224 dsconf repl-agmt init-status
6226 Check the agreement initialization status
6227 dsconf repl-agmt poke
6229 Trigger replication to send updates now
6230 dsconf repl-agmt status
6232 Get the current status of the replication agreement
6233 dsconf repl-agmt delete
6235 Delete replication agreement
6236 dsconf repl-agmt create
6238 Initialize replication agreement
6239 dsconf repl-agmt set
6241 Set an attribute in the replication agreement
6242 dsconf repl-agmt get
6244 Get replication configuration
6245
6247 usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry EN‐
6248 TRY]
6249 --suffix SUFFIX
6253 The DN of the suffix to look up replication agreements
6254 --entry ENTRY
6257 Return the entire entry for each agreement
6258
6261 usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
6262 AGMT_NAME
6265 The name of the replication agreement
6266 --suffix SUFFIX
6269 The DN of the replication suffix
6270
6273 usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
6274 AGMT_NAME
6277 The name of the replication agreement
6278 --suffix SUFFIX
6281 The DN of the replication suffix
6282
6285 usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
6286 AGMT_NAME
6289 The name of the replication agreement
6290 --suffix SUFFIX
6293 The DN of the replication suffix
6294
6297 usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX
6298 AGMT_NAME
6299 AGMT_NAME
6302 The name of the replication agreement
6303 --suffix SUFFIX
6306 The DN of the replication suffix
6307
6310 usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
6311 AGMT_NAME
6314 The name of the replication agreement
6315 --suffix SUFFIX
6318 The DN of the replication suffix
6319
6322 usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
6323 [--bind-dn BIND_DN]
6324 [--bind-passwd BIND_PASSWD]
6325 AGMT_NAME
6326 AGMT_NAME
6329 The name of the replication agreement
6330 --suffix SUFFIX
6333 The DN of the replication suffix
6334 --bind-dn BIND_DN
6337 The DN to use to authenticate to the consumer
6338 --bind-passwd BIND_PASSWD
6341 The password for the bind DN
6342
6345 usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6346 AGMT_NAME
6349 The name of the replication agreement
6350 --suffix SUFFIX
6353 The DN of the replication suffix
6354
6357 usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host
6358 HOST
6359 --port PORT --conn-protocol
6360 CONN_PROTOCOL [--bind-dn
6361 BIND_DN]
6362 [--bind-passwd BIND_PASSWD]
6363 --bind-method BIND_METHOD
6364 [--frac-list FRAC_LIST]
6365 [--frac-list-total
6366 FRAC_LIST_TOTAL]
6367 [--strip-list STRIP_LIST]
6368 [--schedule SCHEDULE]
6369 [--conn-timeout CONN_TIMEOUT]
6370 [--protocol-timeout PROTO‐
6371 COL_TIMEOUT]
6372 [--wait-async-results
6373 WAIT_ASYNC_RESULTS]
6374 [--busy-wait-time
6375 BUSY_WAIT_TIME]
6376 [--session-pause-time SES‐
6377 SION_PAUSE_TIME]
6378 [--flow-control-window
6379 FLOW_CONTROL_WINDOW]
6380 [--flow-control-pause FLOW_CON‐
6381 TROL_PAUSE]
6382 [--bootstrap-bind-dn BOOT‐
6383 STRAP_BIND_DN]
6384 [--bootstrap-bind-passwd BOOT‐
6385 STRAP_BIND_PASSWD]
6386 [--bootstrap-conn-protocol
6387 BOOTSTRAP_CONN_PROTOCOL]
6388 [--bootstrap-bind-method BOOT‐
6389 STRAP_BIND_METHOD]
6390 [--init]
6391 AGMT_NAME
6392 AGMT_NAME
6395 The name of the replication agreement
6396 --suffix SUFFIX
6399 The DN of the replication suffix
6400 --host HOST
6403 The hostname of the remote replica
6404 --port PORT
6407 The port number of the remote replica
6408 --conn-protocol CONN_PROTOCOL
6411 The replication connection protocol: LDAP, LDAPS, or StartTLS
6412 --bind-dn BIND_DN
6415 The Bind DN the agreement uses to authenticate to the replica
6416 --bind-passwd BIND_PASSWD
6419 The credentials for the Bind DN
6420 --bind-method BIND_METHOD
6423 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6424 "SASL/GSSAPI"
6425 --frac-list FRAC_LIST
6428 List of attributes to NOT replicate to the consumer during in‐
6429 cremental updates
6430 --frac-list-total FRAC_LIST_TOTAL
6433 List of attributes to NOT replicate during a total initializa‐
6434 tion
6435 --strip-list STRIP_LIST
6438 A list of attributes that are removed from updates only if the
6439 event would otherwise be empty. Typically this is set to "modi‐
6440 fiersname" and "modifytimestmap"
6441 --schedule SCHEDULE
6444 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6445 0-6 (Sunday - Saturday).
6446 --conn-timeout CONN_TIMEOUT
6449 The timeout used for replication connections
6450 --protocol-timeout PROTOCOL_TIMEOUT
6453 A timeout in seconds on how long to wait before stopping repli‐
6454 cation when the server is under load
6455 --wait-async-results WAIT_ASYNC_RESULTS
6458 The amount of time in milliseconds the server waits if the con‐
6459 sumer is not ready before resending data
6460 --busy-wait-time BUSY_WAIT_TIME
6463 The amount of time in seconds a supplier should wait after a
6464 consumer sends back a busy response before making another at‐
6465 tempt to acquire access.
6466 --session-pause-time SESSION_PAUSE_TIME
6469 The amount of time in seconds a supplier should wait between up‐
6470 date sessions.
6471 --flow-control-window FLOW_CONTROL_WINDOW
6474 Sets the maximum number of entries and updates sent by a sup‐
6475 plier, which are not acknowledged by the consumer.
6476 --flow-control-pause FLOW_CONTROL_PAUSE
6479 The time in milliseconds to pause after reaching the number of
6480 entries and updates set in "--flow-control-window"
6481 --bootstrap-bind-dn BOOTSTRAP_BIND_DN
6484 An optional Bind DN the agreement can use to bootstrap initial‐
6485 ization when bind groups are being used
6486 --bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD
6489 The bootstrap credentials for the Bind DN
6490 --bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL
6493 The replication bootstrap connection protocol: LDAP, LDAPS, or
6494 StartTLS
6495 --bootstrap-bind-method BOOTSTRAP_BIND_METHOD
6498 The bind method: "SIMPLE", or "SSLCLIENTAUTH"
6499 --init Initialize the agreement after creating it.
6502
6505 usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6506 [--port PORT]
6507 [--conn-protocol CONN_PROTOCOL]
6508 [--bind-dn BIND_DN]
6509 [--bind-passwd BIND_PASSWD]
6510 [--bind-method BIND_METHOD]
6511 [--frac-list FRAC_LIST]
6512 [--frac-list-total FRAC_LIST_TO‐
6513 TAL]
6514 [--strip-list STRIP_LIST]
6515 [--schedule SCHEDULE]
6516 [--conn-timeout CONN_TIMEOUT]
6517 [--protocol-timeout PROTOCOL_TIME‐
6518 OUT]
6519 [--wait-async-results
6520 WAIT_ASYNC_RESULTS]
6521 [--busy-wait-time BUSY_WAIT_TIME]
6522 [--session-pause-time SES‐
6523 SION_PAUSE_TIME]
6524 [--flow-control-window FLOW_CON‐
6525 TROL_WINDOW]
6526 [--flow-control-pause FLOW_CON‐
6527 TROL_PAUSE]
6528 [--bootstrap-bind-dn BOOT‐
6529 STRAP_BIND_DN]
6530 [--bootstrap-bind-passwd BOOT‐
6531 STRAP_BIND_PASSWD]
6532 [--bootstrap-conn-protocol BOOT‐
6533 STRAP_CONN_PROTOCOL]
6534 [--bootstrap-bind-method BOOT‐
6535 STRAP_BIND_METHOD]
6536 AGMT_NAME
6537 AGMT_NAME
6540 The name of the replication agreement
6541 --suffix SUFFIX
6544 The DN of the replication suffix
6545 --host HOST
6548 The hostname of the remote replica
6549 --port PORT
6552 The port number of the remote replica
6553 --conn-protocol CONN_PROTOCOL
6556 The replication connection protocol: LDAP, LDAPS, or StartTLS
6557 --bind-dn BIND_DN
6560 The Bind DN the agreement uses to authenticate to the replica
6561 --bind-passwd BIND_PASSWD
6564 The credentials for the Bind DN
6565 --bind-method BIND_METHOD
6568 The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or
6569 "SASL/GSSAPI"
6570 --frac-list FRAC_LIST
6573 List of attributes to NOT replicate to the consumer during in‐
6574 cremental updates
6575 --frac-list-total FRAC_LIST_TOTAL
6578 List of attributes to NOT replicate during a total initializa‐
6579 tion
6580 --strip-list STRIP_LIST
6583 A list of attributes that are removed from updates only if the
6584 event would otherwise be empty. Typically this is set to "modi‐
6585 fiersname" and "modifytimestmap"
6586 --schedule SCHEDULE
6589 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6590 0-6 (Sunday - Saturday).
6591 --conn-timeout CONN_TIMEOUT
6594 The timeout used for replication connections
6595 --protocol-timeout PROTOCOL_TIMEOUT
6598 A timeout in seconds on how long to wait before stopping repli‐
6599 cation when the server is under load
6600 --wait-async-results WAIT_ASYNC_RESULTS
6603 The amount of time in milliseconds the server waits if the con‐
6604 sumer is not ready before resending data
6605 --busy-wait-time BUSY_WAIT_TIME
6608 The amount of time in seconds a supplier should wait after a
6609 consumer sends back a busy response before making another at‐
6610 tempt to acquire access.
6611 --session-pause-time SESSION_PAUSE_TIME
6614 The amount of time in seconds a supplier should wait between up‐
6615 date sessions.
6616 --flow-control-window FLOW_CONTROL_WINDOW
6619 Sets the maximum number of entries and updates sent by a sup‐
6620 plier, which are not acknowledged by the consumer.
6621 --flow-control-pause FLOW_CONTROL_PAUSE
6624 The time in milliseconds to pause after reaching the number of
6625 entries and updates set in "--flow-control-window"
6626 --bootstrap-bind-dn BOOTSTRAP_BIND_DN
6629 An optional Bind DN the agreement can use to bootstrap initial‐
6630 ization when bind groups are being used
6631 --bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD
6634 The bootstrap credentials for the Bind DN
6635 --bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL
6638 The replication bootstrap connection protocol: LDAP, LDAPS, or
6639 StartTLS
6640 --bootstrap-bind-method BOOTSTRAP_BIND_METHOD
6643 The bind method: "SIMPLE", or "SSLCLIENTAUTH"
6644
6647 usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
6648 AGMT_NAME
6651 Get the replication configuration for this suffix DN
6652 --suffix SUFFIX
6655 The DN of the replication suffix
6656
6660 usage: dsconf instance repl-winsync-agmt [-h]
6661 {list,enable,dis‐
6662 able,init,init-status,poke,status,delete,create,set,get}
6663 ...
6664 Sub-commands
6667 dsconf repl-winsync-agmt list
6668 List all the replication winsync agreements
6669 dsconf repl-winsync-agmt enable
6671 Enable replication winsync agreement
6672 dsconf repl-winsync-agmt disable
6674 Disable replication winsync agreement
6675 dsconf repl-winsync-agmt init
6677 Initialize replication winsync agreement
6678 dsconf repl-winsync-agmt init-status
6680 Check the agreement initialization status
6681 dsconf repl-winsync-agmt poke
6683 Trigger replication to send updates now
6684 dsconf repl-winsync-agmt status
6686 Get the current status of the replication agreement
6687 dsconf repl-winsync-agmt delete
6689 Delete replication winsync agreement
6690 dsconf repl-winsync-agmt create
6692 Initialize replication winsync agreement
6693 dsconf repl-winsync-agmt set
6695 Set an attribute in the replication winsync agreement
6696 dsconf repl-winsync-agmt get
6698 Get replication configuration
6699
6701 usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
6702 --suffix SUFFIX
6706 The DN of the suffix to look up replication winsync agreements
6707
6710 usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX
6711 AGMT_NAME
6712 AGMT_NAME
6715 The name of the replication winsync agreement
6716 --suffix SUFFIX
6719 The DN of the replication winsync suffix
6720
6723 usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
6724 AGMT_NAME
6725 AGMT_NAME
6728 The name of the replication winsync agreement
6729 --suffix SUFFIX
6732 The DN of the replication winsync suffix
6733
6736 usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX
6737 AGMT_NAME
6738 AGMT_NAME
6741 The name of the replication winsync agreement
6742 --suffix SUFFIX
6745 The DN of the replication winsync suffix
6746
6749 usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
6750 FIX
6751 AGMT_NAME
6752 AGMT_NAME
6755 The name of the replication agreement
6756 --suffix SUFFIX
6759 The DN of the replication suffix
6760
6763 usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX
6764 AGMT_NAME
6765 AGMT_NAME
6768 The name of the replication winsync agreement
6769 --suffix SUFFIX
6772 The DN of the replication winsync suffix
6773
6776 usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX
6777 AGMT_NAME
6778 AGMT_NAME
6781 The name of the replication agreement
6782 --suffix SUFFIX
6785 The DN of the replication suffix
6786
6789 usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX
6790 AGMT_NAME
6791 AGMT_NAME
6794 The name of the replication winsync agreement
6795 --suffix SUFFIX
6798 The DN of the replication winsync suffix
6799
6802 usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX
6803 --host
6804 HOST --port PORT
6805 --conn-protocol
6806 CONN_PROTOCOL
6807 --bind-dn BIND_DN
6808 --bind-passwd
6809 BIND_PASSWD
6810 [--frac-list FRAC_LIST]
6811 [--schedule SCHEDULE]
6812 --win-subtree WIN_SUB‐
6813 TREE
6814 --ds-subtree DS_SUBTREE
6815 --win-domain WIN_DOMAIN
6816 [--sync-users
6817 SYNC_USERS]
6818 [--sync-groups
6819 SYNC_GROUPS]
6820 [--sync-interval
6821 SYNC_INTERVAL]
6822 [--one-way-sync
6823 ONE_WAY_SYNC]
6824 [--move-action MOVE_AC‐
6825 TION]
6826 [--win-filter WIN_FIL‐
6827 TER]
6828 [--ds-filter DS_FILTER]
6829 [--subtree-pair SUB‐
6830 TREE_PAIR]
6831 [--conn-timeout
6832 CONN_TIMEOUT]
6833 [--busy-wait-time
6834 BUSY_WAIT_TIME]
6835 [--session-pause-time
6836 SESSION_PAUSE_TIME]
6837 [--init]
6838 AGMT_NAME
6839 AGMT_NAME
6842 The name of the replication winsync agreement
6843 --suffix SUFFIX
6846 The DN of the replication winsync suffix
6847 --host HOST
6850 The hostname of the AD server
6851 --port PORT
6854 The port number of the AD server
6855 --conn-protocol CONN_PROTOCOL
6858 The replication winsync connection protocol: LDAP, LDAPS, or
6859 StartTLS
6860 --bind-dn BIND_DN
6863 The Bind DN the agreement uses to authenticate to the AD Server
6864 --bind-passwd BIND_PASSWD
6867 The credentials for the Bind DN
6868 --frac-list FRAC_LIST
6871 List of attributes to NOT replicate to the consumer during in‐
6872 cremental updates
6873 --schedule SCHEDULE
6876 Sets the replication update schedule
6877 --win-subtree WIN_SUBTREE
6880 The suffix of the AD Server
6881 --ds-subtree DS_SUBTREE
6884 The Directory Server suffix
6885 --win-domain WIN_DOMAIN
6888 The AD Domain
6889 --sync-users SYNC_USERS
6892 Synchronize Users between AD and DS
6893 --sync-groups SYNC_GROUPS
6896 Synchronize Groups between AD and DS
6897 --sync-interval SYNC_INTERVAL
6900 The interval that DS checks AD for changes in entries
6901 --one-way-sync ONE_WAY_SYNC
6904 Sets which direction to perform synchronization: "toWindows",
6905 "fromWindows", "both"
6906 --move-action MOVE_ACTION
6909 Sets instructions on how to handle moved or deleted entries:
6910 "none", "unsync", or "delete"
6911 --win-filter WIN_FILTER
6914 Custom filter for finding users in AD Server
6915 --ds-filter DS_FILTER
6918 Custom filter for finding AD users in DS Server
6919 --subtree-pair SUBTREE_PAIR
6922 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
6923 --conn-timeout CONN_TIMEOUT
6926 The timeout used for replicaton connections
6927 --busy-wait-time BUSY_WAIT_TIME
6930 The amount of time in seconds a supplier should wait after a
6931 consumer sends back a busy response before making another at‐
6932 tempt to acquire access.
6933 --session-pause-time SESSION_PAUSE_TIME
6936 The amount of time in seconds a supplier should wait between up‐
6937 date sessions.
6938 --init Initialize the agreement after creating it.
6941
6944 usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
6945 [--host HOST] [--port
6946 PORT]
6947 [--conn-protocol CONN_PRO‐
6948 TOCOL]
6949 [--bind-dn BIND_DN]
6950 [--bind-passwd
6951 BIND_PASSWD]
6952 [--frac-list FRAC_LIST]
6953 [--schedule SCHEDULE]
6954 [--win-subtree WIN_SUB‐
6955 TREE]
6956 [--ds-subtree DS_SUBTREE]
6957 [--win-domain WIN_DOMAIN]
6958 [--sync-users SYNC_USERS]
6959 [--sync-groups
6960 SYNC_GROUPS]
6961 [--sync-interval SYNC_IN‐
6962 TERVAL]
6963 [--one-way-sync
6964 ONE_WAY_SYNC]
6965 [--move-action MOVE_AC‐
6966 TION]
6967 [--win-filter WIN_FILTER]
6968 [--ds-filter DS_FILTER]
6969 [--subtree-pair SUB‐
6970 TREE_PAIR]
6971 [--conn-timeout CONN_TIME‐
6972 OUT]
6973 [--busy-wait-time
6974 BUSY_WAIT_TIME]
6975 [--session-pause-time SES‐
6976 SION_PAUSE_TIME]
6977 AGMT_NAME
6978 AGMT_NAME
6981 The name of the replication winsync agreement
6982 --suffix SUFFIX
6985 The DN of the replication winsync suffix
6986 --host HOST
6989 The hostname of the AD server
6990 --port PORT
6993 The port number of the AD server
6994 --conn-protocol CONN_PROTOCOL
6997 The replication winsync connection protocol: LDAP, LDAPS, or
6998 StartTLS
6999 --bind-dn BIND_DN
7002 The Bind DN the agreement uses to authenticate to the AD Server
7003 --bind-passwd BIND_PASSWD
7006 The credentials for the Bind DN
7007 --frac-list FRAC_LIST
7010 List of attributes to NOT replicate to the consumer during in‐
7011 cremental updates
7012 --schedule SCHEDULE
7015 Sets the replication update schedule
7016 --win-subtree WIN_SUBTREE
7019 The suffix of the AD Server
7020 --ds-subtree DS_SUBTREE
7023 The Directory Server suffix
7024 --win-domain WIN_DOMAIN
7027 The AD Domain
7028 --sync-users SYNC_USERS
7031 Synchronize Users between AD and DS
7032 --sync-groups SYNC_GROUPS
7035 Synchronize Groups between AD and DS
7036 --sync-interval SYNC_INTERVAL
7039 The interval that DS checks AD for changes in entries
7040 --one-way-sync ONE_WAY_SYNC
7043 Sets which direction to perform synchronization: "toWindows",
7044 "fromWindows", "both"
7045 --move-action MOVE_ACTION
7048 Sets instructions on how to handle moved or deleted entries:
7049 "none", "unsync", or "delete"
7050 --win-filter WIN_FILTER
7053 Custom filter for finding users in AD Server
7054 --ds-filter DS_FILTER
7057 Custom filter for finding AD users in DS Server
7058 --subtree-pair SUBTREE_PAIR
7061 Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
7062 --conn-timeout CONN_TIMEOUT
7065 The timeout used for replicaton connections
7066 --busy-wait-time BUSY_WAIT_TIME
7069 The amount of time in seconds a supplier should wait after a
7070 consumer sends back a busy response before making another at‐
7071 tempt to acquire access.
7072 --session-pause-time SESSION_PAUSE_TIME
7075 The amount of time in seconds a supplier should wait between up‐
7076 date sessions.
7077
7080 usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX
7081 AGMT_NAME
7082 AGMT_NAME
7085 Get the replication configuration for this suffix DN
7086 --suffix SUFFIX
7089 The DN of the replication suffix
7090
7094 usage: dsconf instance repl-tasks [-h]
7095 {cleanallruv,list-cleanruv-
7096 tasks,abort-cleanallruv,list-abortruv-tasks}
7097 ...
7098 Sub-commands
7101 dsconf repl-tasks cleanallruv
7102 Cleanup old/removed replica IDs
7103 dsconf repl-tasks list-cleanruv-tasks
7105 List all the running CleanAllRUV tasks
7106 dsconf repl-tasks abort-cleanallruv
7108 Abort cleanallruv tasks
7109 dsconf repl-tasks list-abortruv-tasks
7111 List all the running CleanAllRUV abort Tasks
7112
7114 usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
7115 --replica-id REPLICA_ID
7116 [--force-cleaning]
7117 --suffix SUFFIX
7121 The Directory Server suffix
7122 --replica-id REPLICA_ID
7125 The replica ID to remove/clean
7126 --force-cleaning
7129 Ignore errors and do a best attempt to clean all the replicas
7130
7133 usage: dsconf instance repl-tasks list-cleanruv-tasks [-h] [--suffix
7134 SUFFIX]
7135 --suffix SUFFIX
7139 List only tasks from for suffix
7140
7143 usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
7144 FIX
7145 --replica-id
7146 REPLICA_ID
7147 [--certify]
7148 --suffix SUFFIX
7152 The Directory Server suffix
7153 --replica-id REPLICA_ID
7156 The replica ID of the cleaning task to abort
7157 --certify
7160 Enforce that the abort task completed on all replicas
7161
7164 usage: dsconf instance repl-tasks list-abortruv-tasks [-h] [--suffix
7165 SUFFIX]
7166 --suffix SUFFIX
7170 List only tasks from for suffix
7171
7175 usage: dsconf instance sasl [-h] {list,get-mechs,get,create,delete} ...
7176 Sub-commands
7179 dsconf sasl list
7180 List available SASL mappings
7181 dsconf sasl get-mechs
7183 List available SASL mechanisms
7184 dsconf sasl get
7186 get
7187 dsconf sasl create
7189 create
7190 dsconf sasl delete
7192 deletes the object
7193
7195 usage: dsconf instance sasl list [-h] [--details]
7196 --details
7200 Get each SASL Mapping in detail.
7201
7204 usage: dsconf instance sasl get-mechs [-h]
7205
7210 usage: dsconf instance sasl get [-h] [selector]
7211 selector
7214 SASL mapping name to get
7215
7219 usage: dsconf instance sasl create [-h] [--cn [CN]]
7220 [--nsSaslMapRegexString
7221 [NSSASLMAPREGEXSTRING]]
7222 [--nsSaslMapBaseDNTemplate
7223 [NSSASLMAPBASEDNTEMPLATE]]
7224 [--nsSaslMapFilterTemplate
7225 [NSSASLMAPFILTERTEMPLATE]]
7226 [--nsSaslMapPriority [NSSASLMAPPRI‐
7227 ORITY]]
7228 --cn [CN]
7232 Value of cn
7233 --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
7236 Value of nsSaslMapRegexString
7237 --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
7240 Value of nsSaslMapBaseDNTemplate
7241 --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
7244 Value of nsSaslMapFilterTemplate
7245 --nsSaslMapPriority [NSSASLMAPPRIORITY]
7248 Value of nsSaslMapPriority
7249
7252 usage: dsconf instance sasl delete [-h] map_name
7253 map_name
7256 The SASL Mapping name ("cn" value)
7257
7262 usage: dsconf instance security [-h]
7263 {set,get,enable,disable,dis‐
7264 able_plain_port,certificate,ca-certificate,rsa,ciphers}
7265 ...
7266 Sub-commands
7269 dsconf security set
7270 Set general security options
7271 dsconf security get
7273 Get general security options
7274 dsconf security enable
7276 Enable security
7277 dsconf security disable
7279 Disable security
7280 dsconf security disable_plain_port
7282 Disables the plain text LDAP port, allowing only LDAPS to func‐
7283 tion
7284 dsconf security certificate
7286 Manage TLS certificates
7287 dsconf security ca-certificate
7289 Manage TLS Certificate Authorities
7290 dsconf security rsa
7292 Query and manipulate RSA security options
7293 dsconf security ciphers
7295 Manage secure ciphers
7296
7298 usage: dsconf instance security set [-h] [--security SECURITY]
7299 [--listen-host LISTEN_HOST]
7300 [--secure-port SECURE_PORT]
7301 [--tls-client-auth TLS_CLIENT_AUTH]
7302 [--tls-client-renegotiation
7303 TLS_CLIENT_RENEGOTIATION]
7304 [--require-secure-authentication
7305 REQUIRE_SECURE_AUTHENTICATION]
7306 [--check-hostname CHECK_HOSTNAME]
7307 [--verify-cert-chain-on-startup
7308 VERIFY_CERT_CHAIN_ON_STARTUP]
7309 [--session-timeout SESSION_TIMEOUT]
7310 [--tls-protocol-min TLS_PROTO‐
7311 COL_MIN]
7312 [--tls-protocol-max TLS_PROTO‐
7313 COL_MAX]
7314 [--allow-insecure-ciphers ALLOW_IN‐
7315 SECURE_CIPHERS]
7316 [--allow-weak-dh-param AL‐
7317 LOW_WEAK_DH_PARAM]
7318 [--cipher-pref CIPHER_PREF]
7319 Use this command for setting security related options located in
7321 cn=config and cn=encryption,cn=config.
7322 To enable/disable security you can use enable and disable commands in‐
7324 stead.
7325 --security SECURITY
7329 Enable or disable security (nsslapd-security)
7330 --listen-host LISTEN_HOST
7333 Host/address to listen on for LDAPS (nsslapd-securelistenhost)
7334 --secure-port SECURE_PORT
7337 Port for LDAPS to listen on (nsslapd-securePort)
7338 --tls-client-auth TLS_CLIENT_AUTH
7341 Client authentication requirement (nsSSLClientAuth)
7342 --tls-client-renegotiation TLS_CLIENT_RENEGOTIATION
7345 Allow client TLS renegotiation (nsTLSAllowClientRenegotiation)
7346 --require-secure-authentication REQUIRE_SECURE_AUTHENTICATION
7349 Require binds over LDAPS, StartTLS, or SASL (nsslapd-require-se‐
7350 cure-binds)
7351 --check-hostname CHECK_HOSTNAME
7354 Check Subject of remote certificate against the hostname (nss‐
7355 lapd-ssl-check- hostname)
7356 --verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP
7359 Validate server certificate during startup (nsslapd-vali‐
7360 date-cert)
7361 --session-timeout SESSION_TIMEOUT
7364 Secure session timeout (nsSSLSessionTimeout)
7365 --tls-protocol-min TLS_PROTOCOL_MIN
7368 Secure protocol minimal allowed version (sslVersionMin)
7369 --tls-protocol-max TLS_PROTOCOL_MAX
7372 Secure protocol maximal allowed version (sslVersionMax)
7373 --allow-insecure-ciphers ALLOW_INSECURE_CIPHERS
7376 Allow weak ciphers for legacy use (allowWeakCipher)
7377 --allow-weak-dh-param ALLOW_WEAK_DH_PARAM
7380 Allow short DH params for legacy use (allowWeakDHParam)
7381 --cipher-pref CIPHER_PREF
7384 Use this command to directly set nsSSL3Ciphers attribute. It is
7385 a comma separated list of cipher names (prefixed with + or -),
7386 optionally including +all or -all. The attribute may optionally
7387 be prefixed by keyword default. Please refer to documentation
7388 of the attribute for a more detailed description. (nsSSL3Ci‐
7389 phers)
7390
7393 usage: dsconf instance security get [-h]
7394
7399 usage: dsconf instance security enable [-h] [--cert-name CERT_NAME]
7400 If missing, create security database, then turn on security functional‐
7402 ity. Please note this is usually not enough for TLS connections to work
7403 - proper setup of CA and server certificate is necessary.
7404 --cert-name CERT_NAME
7408 The name of the certificate the server should use
7409
7412 usage: dsconf instance security disable [-h]
7413 Turn off security functionality. The rest of the configuration will be
7415 left untouched.
7416
7421 usage: dsconf instance security disable_plain_port [-h]
7422
7427 usage: dsconf instance security certificate [-h]
7428 {add,set-trust-
7429 flags,del,get,list}
7430 ...
7431 Sub-commands
7434 dsconf security certificate add
7435 Add a server certificate
7436 dsconf security certificate set-trust-flags
7438 Set the Trust flags
7439 dsconf security certificate del
7441 Delete a certificate
7442 dsconf security certificate get
7444 Get a server certificate's information
7445 dsconf security certificate list
7447 List the server certificates
7448
7450 usage: dsconf instance security certificate add [-h] --file FILE --name
7451 NAME
7452 [--primary-cert]
7453 Add a server certificate to the NSS database
7455 --file FILE
7459 The file name of the certificate
7460 --name NAME
7463 The name/nickname of the certificate
7464 --primary-cert
7467 Set this certificate as the server's certificate
7468
7471 usage: dsconf instance security certificate set-trust-flags
7472 [-h] --flags FLAGS name
7473 Change the trust flags of a server certificate
7475 name The name/nickname of the certificate
7478 --flags FLAGS
7481 The trust flags for the server certificate
7482
7485 usage: dsconf instance security certificate del [-h] name
7486 Delete a certificate from the NSS database
7488 name The name/nickname of the certificate
7491
7495 usage: dsconf instance security certificate get [-h] name
7496 Get detailed information about a certificate, like trust attributes,
7498 expiration dates, Subject and Issuer DNs
7499 name The name/nickname of the certificate
7502
7506 usage: dsconf instance security certificate list [-h]
7507 List the server certificates in the NSS database
7509
7515 usage: dsconf instance security ca-certificate [-h]
7516 {add,set-trust-
7517 flags,del,get,list}
7518 ...
7519 Sub-commands
7522 dsconf security ca-certificate add
7523 Add a Certificate Authority
7524 dsconf security ca-certificate set-trust-flags
7526 Set the Trust flags
7527 dsconf security ca-certificate del
7529 Delete a certificate
7530 dsconf security ca-certificate get
7532 Get a Certificate Authority's information
7533 dsconf security ca-certificate list
7535 List the Certificate Authorities
7536
7538 usage: dsconf instance security ca-certificate add [-h] --file FILE
7539 --name
7540 NAME
7541 Add a Certificate Authority to the NSS database
7543 --file FILE
7547 The file name of the CA certificate
7548 --name NAME
7551 The name/nickname of the CA certificate
7552
7555 usage: dsconf instance security ca-certificate set-trust-flags
7556 [-h] --flags FLAGS name
7557 Change the trust attributes of a CA certificate. Certificate Authori‐
7559 ties typically use "CT,,"
7560 name The name/nickname of the CA certificate
7563 --flags FLAGS
7566 The trust flags for the CA certificate
7567
7570 usage: dsconf instance security ca-certificate del [-h] name
7571 Delete a CA certificate from the NSS database
7573 name The name/nickname of the CA certificate
7576
7580 usage: dsconf instance security ca-certificate get [-h] name
7581 Get detailed information about a CA certificate, like trust attributes,
7583 expiration dates, Subject and Issuer DN
7584 name The name/nickname of the CA certificate
7587
7591 usage: dsconf instance security ca-certificate list [-h]
7592 List the CA certificates in the NSS database
7594
7600 usage: dsconf instance security rsa [-h] {set,get,enable,disable} ...
7601 Sub-commands
7604 dsconf security rsa set
7605 Set RSA security options
7606 dsconf security rsa get
7608 Get RSA security options
7609 dsconf security rsa enable
7611 Enable RSA
7612 dsconf security rsa disable
7614 Disable RSA
7615
7617 usage: dsconf instance security rsa set [-h]
7618 [--tls-allow-rsa-certificates
7619 TLS_ALLOW_RSA_CERTIFICATES]
7620 [--nss-cert-name NSS_CERT_NAME]
7621 [--nss-token NSS_TOKEN]
7622 Use this command for setting RSA (private key) related options located
7624 in cn=RSA,cn=encryption,cn=config.
7625 To enable/disable RSA you can use enable and disable commands instead.
7627 --tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES
7631 Activate use of RSA certificates (nsSSLActivation)
7632 --nss-cert-name NSS_CERT_NAME
7635 Server certificate name in NSS DB (nsSSLPersonalitySSL)
7636 --nss-token NSS_TOKEN
7639 Security token name (module of NSS DB) (nsSSLToken)
7640
7643 usage: dsconf instance security rsa get [-h]
7644
7649 usage: dsconf instance security rsa enable [-h]
7650
7655 usage: dsconf instance security rsa disable [-h]
7656
7662 usage: dsconf instance security ciphers [-h] {enable,dis‐
7663 able,get,set,list} ...
7664 Sub-commands
7667 dsconf security ciphers enable
7668 Enable ciphers
7669 dsconf security ciphers disable
7671 Disable ciphers
7672 dsconf security ciphers get
7674 Get ciphers attribute
7675 dsconf security ciphers set
7677 Set ciphers attribute
7678 dsconf security ciphers list
7680 List ciphers
7681
7683 usage: dsconf instance security ciphers enable [-h] cipher [cipher ...]
7684 Use this command to enable specific ciphers.
7686 cipher
7689
7692 usage: dsconf instance security ciphers disable [-h] cipher [cipher
7693 ...]
7694 Use this command to disable specific ciphers.
7696 cipher
7699
7702 usage: dsconf instance security ciphers get [-h]
7703 Use this command to get contents of nsSSL3Ciphers attribute.
7705
7710 usage: dsconf instance security ciphers set [-h] cipher-string
7711 Use this command to directly set nsSSL3Ciphers attribute. It is a comma
7713 separated list of cipher names (prefixed with + or -), optionally in‐
7714 cluding +all or -all. The attribute may optionally be prefixed by key‐
7715 word default. Please refer to documentation of the attribute for a more
7716 detailed description.
7717 cipher-string
7720
7723 usage: dsconf instance security ciphers list [-h]
7724 [--enabled | --supported |
7725 --disabled]
7726 List secure ciphers. Without arguments, list ciphers as configured in
7728 nsSSL3Ciphers attribute.
7729 --enabled
7733 Only enabled ciphers
7734 --supported
7737 Only supported ciphers
7738 --disabled
7741 Only supported ciphers without enabled ciphers
7742
7747 usage: dsconf instance schema [-h]
7748 {list,attributetypes,objectclasses,match‐
7749 ingrules,reload,validate-syntax,import-openldap-file}
7750 ...
7751 Sub-commands
7754 dsconf schema list
7755 List all schema objects on this system
7756 dsconf schema attributetypes
7758 Work with attribute types on this system
7759 dsconf schema objectclasses
7761 Work with objectClasses on this system
7762 dsconf schema matchingrules
7764 Work with matching rules on this system
7765 dsconf schema reload
7767 Dynamically reload schema while server is running
7768 dsconf schema validate-syntax
7770 Run a task to check every modification to attributes to make
7771 sure that the new value has the required syntax for that attri‐
7772 bute type
7773 dsconf schema import-openldap-file
7775 Import an openldap formatted dynamic schema ldifs. These will
7776 contain values like olcAttributeTypes and olcObjectClasses.
7777
7779 usage: dsconf instance schema list [-h]
7780
7785 usage: dsconf instance schema attributetypes [-h]
7786 {get_syn‐
7787 taxes,list,query,add,replace,remove}
7788 ...
7789 Sub-commands
7792 dsconf schema attributetypes get_syntaxes
7793 List all available attribute type syntaxes
7794 dsconf schema attributetypes list
7796 List available attribute types on this system
7797 dsconf schema attributetypes query
7799 Query an attribute to determine object classes that may or must
7800 take it
7801 dsconf schema attributetypes add
7803 Add an attribute type to this system
7804 dsconf schema attributetypes replace
7806 Replace an attribute type on this system
7807 dsconf schema attributetypes remove
7809 Remove an attribute type on this system
7810
7812 usage: dsconf instance schema attributetypes get_syntaxes [-h]
7813
7818 usage: dsconf instance schema attributetypes list [-h]
7819
7824 usage: dsconf instance schema attributetypes query [-h] [name]
7825 name Attribute type to query
7828
7832 usage: dsconf instance schema attributetypes add [-h] [--oid OID]
7833 [--desc DESC]
7834 [--x-origin X_ORIGIN]
7835 [--aliases ALIASES
7836 [ALIASES ...]]
7837 [--single-value]
7838 [--multi-value]
7839 [--no-user-mod]
7840 [--user-mod]
7841 [--equality EQUALITY]
7842 [--substr SUBSTR]
7843 [--ordering ORDERING]
7844 [--usage USAGE]
7845 [--sup SUP [SUP ...]]
7846 --syntax SYNTAX
7847 name
7848 name NAME of the object
7851 --oid OID
7854 OID assigned to the object
7855 --desc DESC
7858 Description text(DESC) of the object
7859 --x-origin X_ORIGIN
7862 Provides information about where the attribute type is defined
7863 --aliases ALIASES [ALIASES ...]
7866 Additional NAMEs of the object.
7867 --single-value
7870 True if the matching rule must have only one valueOnly one of
7871 the flags this or --multi-value should be specified
7872 --multi-value
7875 True if the matching rule may have multiple values (default)Only
7876 one of the flags this or --single-value should be specified
7877 --no-user-mod
7880 True if the attribute is not modifiable by a client applica‐
7881 tionOnly one of the flags this or --user-mod should be specified
7882 --user-mod
7885 True if the attribute is modifiable by a client application (de‐
7886 fault)Only one of the flags this or --no-user-mode should be
7887 specified
7888 --equality EQUALITY
7891 NAME or OID of the matching rule used for checkingwhether attri‐
7892 bute values are equal
7893 --substr SUBSTR
7896 NAME or OID of the matching rule used for checkingwhether an at‐
7897 tribute value contains another value
7898 --ordering ORDERING
7901 NAME or OID of the matching rule used for checkingwhether attri‐
7902 bute values are lesser - equal than
7903 --usage USAGE
7906 The flag indicates how the attribute type is to be used. Choose
7907 from the list: userApplications (default), directoryOperation,
7908 distributedOperation, dSAOperation
7909 --sup SUP [SUP ...]
7912 The list of NAMEs or OIDs of attribute typesthis attribute type
7913 is derived from
7914 --syntax SYNTAX
7917 OID of the LDAP syntax assigned to the attribute
7918
7921 usage: dsconf instance schema attributetypes replace [-h] [--oid OID]
7922 [--desc DESC]
7923 [--x-origin X_ORI‐
7924 GIN]
7925 [--aliases ALIASES
7926 [ALIASES ...]]
7927 [--single-value]
7928 [--multi-value]
7929 [--no-user-mod]
7930 [--user-mod]
7931 [--equality EQUAL‐
7932 ITY]
7933 [--substr SUBSTR]
7934 [--ordering ORDER‐
7935 ING]
7936 [--usage USAGE]
7937 [--sup SUP [SUP
7938 ...]]
7939 [--syntax SYNTAX]
7940 name
7941 name NAME of the object
7944 --oid OID
7947 OID assigned to the object
7948 --desc DESC
7951 Description text(DESC) of the object
7952 --x-origin X_ORIGIN
7955 Provides information about where the attribute type is defined
7956 --aliases ALIASES [ALIASES ...]
7959 Additional NAMEs of the object.
7960 --single-value
7963 True if the matching rule must have only one valueOnly one of
7964 the flags this or --multi-value should be specified
7965 --multi-value
7968 True if the matching rule may have multiple values (default)Only
7969 one of the flags this or --single-value should be specified
7970 --no-user-mod
7973 True if the attribute is not modifiable by a client applica‐
7974 tionOnly one of the flags this or --user-mod should be specified
7975 --user-mod
7978 True if the attribute is modifiable by a client application (de‐
7979 fault)Only one of the flags this or --no-user-mode should be
7980 specified
7981 --equality EQUALITY
7984 NAME or OID of the matching rule used for checkingwhether attri‐
7985 bute values are equal
7986 --substr SUBSTR
7989 NAME or OID of the matching rule used for checkingwhether an at‐
7990 tribute value contains another value
7991 --ordering ORDERING
7994 NAME or OID of the matching rule used for checkingwhether attri‐
7995 bute values are lesser - equal than
7996 --usage USAGE
7999 The flag indicates how the attribute type is to be used. Choose
8000 from the list: userApplications (default), directoryOperation,
8001 distributedOperation, dSAOperation
8002 --sup SUP [SUP ...]
8005 The list of NAMEs or OIDs of attribute typesthis attribute type
8006 is derived from
8007 --syntax SYNTAX
8010 OID of the LDAP syntax assigned to the attribute
8011
8014 usage: dsconf instance schema attributetypes remove [-h] name
8015 name NAME of the object
8018
8023 usage: dsconf instance schema objectclasses [-h]
8024 {list,query,add,replace,re‐
8025 move}
8026 ...
8027 Sub-commands
8030 dsconf schema objectclasses list
8031 List available objectClasses on this system
8032 dsconf schema objectclasses query
8034 Query an objectClass
8035 dsconf schema objectclasses add
8037 Add an objectClass to this system
8038 dsconf schema objectclasses replace
8040 Replace an objectClass on this system
8041 dsconf schema objectclasses remove
8043 Remove an objectClass on this system
8044
8046 usage: dsconf instance schema objectclasses list [-h]
8047
8052 usage: dsconf instance schema objectclasses query [-h] [name]
8053 name ObjectClass to query
8056
8060 usage: dsconf instance schema objectclasses add [-h] [--oid OID]
8061 [--desc DESC]
8062 [--x-origin X_ORIGIN]
8063 [--must MUST [MUST
8064 ...]]
8065 [--may MAY [MAY ...]]
8066 [--kind KIND]
8067 [--sup SUP [SUP ...]]
8068 name
8069 name NAME of the object
8072 --oid OID
8075 OID assigned to the object
8076 --desc DESC
8079 Description text(DESC) of the object
8080 --x-origin X_ORIGIN
8083 Provides information about where the attribute type is defined
8084 --must MUST [MUST ...]
8087 NAMEs or OIDs of all attributes an entry of the object must have
8088 --may MAY [MAY ...]
8091 NAMEs or OIDs of additional attributes an entry of the object
8092 may have
8093 --kind KIND
8096 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8097 --sup SUP [SUP ...]
8100 NAMEs or OIDs of object classes this object is derived from
8101
8104 usage: dsconf instance schema objectclasses replace [-h] [--oid OID]
8105 [--desc DESC]
8106 [--x-origin X_ORI‐
8107 GIN]
8108 [--must MUST [MUST
8109 ...]]
8110 [--may MAY [MAY
8111 ...]]
8112 [--kind KIND]
8113 [--sup SUP [SUP
8114 ...]]
8115 name
8116 name NAME of the object
8119 --oid OID
8122 OID assigned to the object
8123 --desc DESC
8126 Description text(DESC) of the object
8127 --x-origin X_ORIGIN
8130 Provides information about where the attribute type is defined
8131 --must MUST [MUST ...]
8134 NAMEs or OIDs of all attributes an entry of the object must have
8135 --may MAY [MAY ...]
8138 NAMEs or OIDs of additional attributes an entry of the object
8139 may have
8140 --kind KIND
8143 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8144 --sup SUP [SUP ...]
8147 NAMEs or OIDs of object classes this object is derived from
8148
8151 usage: dsconf instance schema objectclasses remove [-h] name
8152 name NAME of the object
8155
8160 usage: dsconf instance schema matchingrules [-h] {list,query} ...
8161 Sub-commands
8164 dsconf schema matchingrules list
8165 List available matching rules on this system
8166 dsconf schema matchingrules query
8168 Query a matching rule
8169
8171 usage: dsconf instance schema matchingrules list [-h]
8172
8177 usage: dsconf instance schema matchingrules query [-h] [name]
8178 name Matching rule to query
8181
8186 usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
8187 -d SCHEMADIR, --schemadir SCHEMADIR
8191 directory where schema files are located
8192 --wait Wait for the reload task to complete
8195
8198 usage: dsconf instance schema validate-syntax [-h] [-f FILTER] DN
8199 DN Base DN that contains entries to validate
8202 -f FILTER, --filter FILTER
8205 Filter for entries to validate. If omitted, all entries with
8206 filter "(objectclass=*)" are validated
8207
8210 usage: dsconf instance schema import-openldap-file [-h] [--confirm]
8211 schema_file
8212 schema_file
8215 Path to the openldap dynamic schema ldif to import
8216 --confirm
8219 Confirm that you want to apply these schema migration actions to
8220 the 389-ds instance. By default no actions are taken.
8221
8225 usage: dsconf instance repl-conflict [-h]
8226 {list,compare,delete,swap,con‐
8227 vert,list-glue,delete-glue,convert-glue}
8228 ...
8229 Sub-commands
8232 dsconf repl-conflict list
8233 List conflict entries
8234 dsconf repl-conflict compare
8236 Compare the conflict entry with its valid counterpart
8237 dsconf repl-conflict delete
8239 Delete a conflict entry
8240 dsconf repl-conflict swap
8242 Replace the valid entry with the conflict entry
8243 dsconf repl-conflict convert
8245 Convert the conflict entry to a valid entry, while keeping the
8246 original valid entry counterpart. This requires that the con‐
8247 verted conflict entry have a new RDN value. For example:
8248 "cn=my_new_rdn_value".
8249 dsconf repl-conflict list-glue
8251 List replication glue entries
8252 dsconf repl-conflict delete-glue
8254 Delete the glue entry and its child entries
8255 dsconf repl-conflict convert-glue
8257 Convert the glue entry into a regular entry
8258
8260 usage: dsconf instance repl-conflict list [-h] suffix
8261 suffix The backend name, or suffix, to look for conflict entries
8264
8268 usage: dsconf instance repl-conflict compare [-h] DN
8269 DN The DN of the conflict entry
8272
8276 usage: dsconf instance repl-conflict delete [-h] DN
8277 DN The DN of the conflict entry
8280
8284 usage: dsconf instance repl-conflict swap [-h] DN
8285 DN The DN of the conflict entry
8288
8292 usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN
8293 DN The DN of the conflict entry
8296 --new-rdn NEW_RDN
8299 The new RDN for the converted conflict entry. For example:
8300 "cn=my_new_rdn_value"
8301
8304 usage: dsconf instance repl-conflict list-glue [-h] suffix
8305 suffix The backend name, or suffix, to look for glue entries
8308
8312 usage: dsconf instance repl-conflict delete-glue [-h] DN
8313 DN The DN of the glue entry
8316
8320 usage: dsconf instance repl-conflict convert-glue [-h] DN
8321 DN The DN of the glue entry
8324 -v, --verbose
8329 Display verbose operation tracing during command execution
8330 -D BINDDN, --binddn BINDDN
8333 The account to bind as for executing operations
8334 -w BINDPW, --bindpw BINDPW
8337 Password for binddn
8338 -W, --prompt
8341 Prompt for password for the bind DN
8342 -y PWDFILE, --pwdfile PWDFILE
8345 Specifies a file containing the password for the binddn
8346 -b BASEDN, --basedn BASEDN
8349 Basedn (root naming context) of the instance to manage
8350 -Z, --starttls
8353 Connect with StartTLS
8354 -j, --json
8357 Return result in JSON object
8358
8361 lib389 was written by Red Hat Inc., and William Brown <389-de‐
8362 vel@lists.fedoraproject.org>.
8363
8365 The latest version of lib389 may be downloaded from
8366 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
8367 Manual dsconf(8)