1DSCONF(8) Generated Python Manual DSCONF(8)
2
6 dsconf
7
9 dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN]
10 [-Z] [-j] instance {backend,backup,chaining,config,directory_man‐
11 ager,monitor,plugin,pwpolicy,localpwp,replication,repl,repl-agmt,repl-
12 winsync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ...
13
16 dsconf backend
17 Manage database suffixes and backends
18 dsconf backup
20 Manage online backups
21 dsconf chaining
23 Manage database chaining and database links
24 dsconf config
26 Manage the server configuration
27 dsconf directory_manager
29 Manage the Directory Manager account
30 dsconf monitor
32 Monitor the state of the instance
33 dsconf plugin
35 Manage plug-ins available on the server
36 dsconf pwpolicy
38 Manage the global password policy settings
39 dsconf localpwp
41 Manage the local user and subtree password policies
42 dsconf replication
44 Manage replication for a suffix
45 dsconf repl-agmt
47 Manage replication agreements
48 dsconf repl-winsync-agmt
50 Manage Winsync agreements
51 dsconf repl-tasks
53 Manage replication tasks
54 dsconf sasl
56 Manage SASL mappings
57 dsconf security
59 Manage security settings
60 dsconf schema
62 Manage the directory schema
63 dsconf repl-conflict
65 Manage replication conflicts
66
69 usage: dsconf instance backend [-h]
70 {suffix,index,vlv-index,attr-en‐
71 crypt,config,monitor,import,export,create,delete,get-tree,compact-db}
72 ...
73
76 dsconf backend suffix
77 Manage backend suffixes
78 dsconf backend index
80 Manage backend indexes
81 dsconf backend vlv-index
83 Manage VLV searches and indexes
84 dsconf backend attr-encrypt
86 Manage encrypted attribute settings
87 dsconf backend config
89 Manage the global database configuration settings
90 dsconf backend monitor
92 Displays global database or suffix monitoring information
93 dsconf backend import
95 Online import of a suffix
96 dsconf backend export
98 Online export of a suffix
99 dsconf backend create
101 Create a backend database
102 dsconf backend delete
104 Delete a backend database
105 dsconf backend get-tree
107 Display the suffix tree
108 dsconf backend compact-db
110 Compact the database and the replication changelog
111
114 usage: dsconf instance backend suffix [-h]
115 {list,get,get-dn,get-sub-suf‐
116 fixes,set}
117 ...
118
121 dsconf backend suffix list
122 List active backends and suffixes
123 dsconf backend suffix get
125 Display the suffix entry
126 dsconf backend suffix get-dn
128 Display the DN of a backend
129 dsconf backend suffix get-sub-suffixes
131 Display sub-suffixes
132 dsconf backend suffix set
134 Set configuration settings for a specific backend
135
138 usage: dsconf instance backend suffix list [-h] [--suffix]
139 [--skip-subsuffixes]
140
143 --suffix
144 Displays the suffixes without backend name
145 --skip-subsuffixes
148 Displays the list of suffixes without sub-suffixes
149
152 usage: dsconf instance backend suffix get [-h] [selector]
153 selector
156 The backend database name to search for
157
160 usage: dsconf instance backend suffix get-dn [-h] [dn]
161 dn The DN to the database entry in cn=ldbm database,cn=plug‐
164 ins,cn=config
165
168 usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix]
169 be_name
170 be_name
173 The backend name or suffix
174
177 --suffix
178 Displays the list of suffixes without backend name
179
182 usage: dsconf instance backend suffix set [-h] [--enable-readonly]
183 [--disable-readonly]
184 [--enable-orphan] [--dis‐
185 able-orphan]
186 [--require-index] [--ig‐
187 nore-index]
188 [--add-referral ADD_REFERRAL]
189 [--del-referral DEL_REFERRAL]
190 [--enable] [--disable]
191 [--cache-size CACHE_SIZE]
192 [--cache-memsize CACHE_MEM‐
193 SIZE]
194 [--dncache-memsize
195 DNCACHE_MEMSIZE]
196 [--state STATE]
197 be_name
198 be_name
201 The backend name or suffix
202
205 --enable-readonly
206 Enables read-only mode for the backend database
207 --disable-readonly
210 Disables read-only mode for the backend database
211 --enable-orphan
214 Disconnect a subsuffix from its parent suffix.
215 --disable-orphan
218 Let the subsuffix be connected to its parent suffix.
219 --require-index
222 Allows only indexed searches
223 --ignore-index
226 Allows all searches even if they are unindexed
227 --add-referral ADD_REFERRAL
230 Adds an LDAP referral to the backend
231 --del-referral DEL_REFERRAL
234 Removes an LDAP referral from the backend
235 --enable
238 Enables the backend database
239 --disable
242 Disables the backend database
243 --cache-size CACHE_SIZE
246 Sets the maximum number of entries to keep in the entry cache
247 --cache-memsize CACHE_MEMSIZE
250 Sets the maximum size in bytes that the entry cache can grow to
251 --dncache-memsize DNCACHE_MEMSIZE
254 Sets the maximum size in bytes that the DN cache can grow to
255 --state STATE
258 Changes the backend state to: "database", "disabled", "refer‐
259 ral", or "referral on update"
260
263 usage: dsconf instance backend index [-h]
264 {add,set,get,list,delete,reindex}
265 ...
266
269 dsconf backend index add
270 Add an index
271 dsconf backend index set
273 Update an index
274 dsconf backend index get
276 Display an index entry
277 dsconf backend index list
279 Display the index
280 dsconf backend index delete
282 Delete an index
283 dsconf backend index reindex
285 Re-index the database for a single index or all indexes
286
289 usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE
290 [--matching-rule MATCH‐
291 ING_RULE]
292 [--reindex] --attr ATTR
293 be_name
294 be_name
297 The backend name or suffix
298
301 --index-type INDEX_TYPE
302 Sets the indexing type (eq, sub, pres, or approx)
303 --matching-rule MATCHING_RULE
306 Sets the matching rule for the index
307 --reindex
310 Re-indexes the database after adding a new index
311 --attr ATTR
314 Sets the attribute name to index
315
318 usage: dsconf instance backend index set [-h] --attr ATTR
319 [--add-type ADD_TYPE]
320 [--del-type DEL_TYPE]
321 [--add-mr ADD_MR] [--del-mr
322 DEL_MR]
323 [--reindex]
324 be_name
325 be_name
328 The backend name or suffix
329
332 --attr ATTR
333 Sets the indexed attribute to update
334 --add-type ADD_TYPE
337 Adds an index type to the index (eq, sub, pres, or approx)
338 --del-type DEL_TYPE
341 Removes an index type from the index: (eq, sub, pres, or approx)
342 --add-mr ADD_MR
345 Adds a matching-rule to the index
346 --del-mr DEL_MR
349 Removes a matching-rule from the index
350 --reindex
353 Re-indexes the database after editing the index
354
357 usage: dsconf instance backend index get [-h] --attr ATTR be_name
358 be_name
361 The backend name or suffix
362
365 --attr ATTR
366 Sets the index name to display
367
370 usage: dsconf instance backend index list [-h] [--just-names] be_name
371 be_name
374 The backend name or suffix
375
378 --just-names
379 Displays only the names of indexed attributes
380
383 usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name
384 be_name
387 The backend name or suffix
388
391 --attr ATTR
392 Sets the name of the attribute to delete from the index
393
396 usage: dsconf instance backend index reindex [-h] [--attr ATTR]
397 [--wait]
398 be_name
399 be_name
402 The backend name or suffix
403
406 --attr ATTR
407 Sets the name of the attribute to re-index. Omit this argument
408 to re-index all attributes
409 --wait Waits for the index task to complete and reports the status
412
415 usage: dsconf instance backend vlv-index [-h]
416 {list,get,add-search,edit-search,del-search,add-in‐
417 dex,del-index,reindex}
418 ...
419
422 dsconf backend vlv-index list
423 List VLV search and index entries
424 dsconf backend vlv-index get
426 Display a VLV search and indexes
427 dsconf backend vlv-index add-search
429 Add a VLV search entry. The search entry is the parent entry of
430 the VLV index entries, and it specifies the search parameters
431 that are used to match entries for those indexes.
432 dsconf backend vlv-index edit-search
434 Update a VLV search and index
435 dsconf backend vlv-index del-search
437 Delete VLV search & index
438 dsconf backend vlv-index add-index
440 Create a VLV index under a VLV search entry (parent entry). The
441 VLV index specifies the attributes to sort
442 dsconf backend vlv-index del-index
444 Delete a VLV index under a VLV search entry (parent entry)
445 dsconf backend vlv-index reindex
447 Index/re-index the VLV database index
448
451 usage: dsconf instance backend vlv-index list [-h] [--just-names]
452 be_name
453 be_name
456 The backend name of the VLV index
457
460 --just-names
461 Displays only the names of VLV search entries
462
465 usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name
466 be_name
469 The backend name of the VLV index
470
473 --name NAME
474 Displays the VLV search entry and its index entries
475
478 usage: dsconf instance backend vlv-index add-search [-h] --name NAME
479 --search-base
480 SEARCH_BASE
481 --search-scope
482 SEARCH_SCOPE
483 --search-filter
484 SEARCH_FILTER
485 be_name
486 be_name
489 The backend name of the VLV index
490
493 --name NAME
494 Sets the name of the VLV search entry
495 --search-base SEARCH_BASE
498 Sets the VLV search base
499 --search-scope SEARCH_SCOPE
502 Sets the VLV search scope: 0 (base search), 1 (one-level
503 search), or 2 (subtree search)
504 --search-filter SEARCH_FILTER
507 Sets the VLV search filter
508
511 usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
512 [--search-base
513 SEARCH_BASE]
514 [--search-scope
515 SEARCH_SCOPE]
516 [--search-filter
517 SEARCH_FILTER]
518 [--reindex]
519 be_name
520 be_name
523 The backend name of the VLV index to update
524
527 --name NAME
528 Sets the name of the VLV index
529 --search-base SEARCH_BASE
532 Sets the VLV search base
533 --search-scope SEARCH_SCOPE
536 Sets the VLV search scope: 0 (base search), 1 (one-level
537 search), or 2 (subtree search)
538 --search-filter SEARCH_FILTER
541 Sets the VLV search filter
542 --reindex
545 Re-indexes all VLV database indexes
546
549 usage: dsconf instance backend vlv-index del-search [-h] --name NAME
550 be_name
551 be_name
554 The backend name of the VLV index
555
558 --name NAME
559 Sets the name of the VLV search index
560
563 usage: dsconf instance backend vlv-index add-index [-h] --parent-name
564 PARENT_NAME --in‐
565 dex-name
566 INDEX_NAME --sort
567 SORT
568 [--index-it]
569 be_name
570 be_name
573 The backend name of the VLV index
574
577 --parent-name PARENT_NAME
578 Sets the name or "cn" attribute of the parent VLV search entry
579 --index-name INDEX_NAME
582 Sets the name of the new VLV index
583 --sort SORT
586 Sets a space-separated list of attributes to sort for this VLV
587 index
588 --index-it
591 Creates the database index for this VLV index definition
592
595 usage: dsconf instance backend vlv-index del-index [-h] --parent-name
596 PARENT_NAME
597 [--index-name IN‐
598 DEX_NAME]
599 [--sort SORT]
600 be_name
601 be_name
604 The backend name of the VLV index
605
608 --parent-name PARENT_NAME
609 Sets the name or "cn" attribute value of the parent VLV search
610 entry
611 --index-name INDEX_NAME
614 Sets the name of the VLV index to delete
615 --sort SORT
618 Delete a VLV index that has this vlvsort value
619
622 usage: dsconf instance backend vlv-index reindex [-h]
623 [--index-name IN‐
624 DEX_NAME]
625 --parent-name PAR‐
626 ENT_NAME
627 be_name
628 be_name
631 The backend name of the VLV index
632
635 --index-name INDEX_NAME
636 Sets the name of the VLV index entry to re-index. If not set,
637 all indexes are re-indexed
638 --parent-name PARENT_NAME
641 Sets the name or "cn" attribute value of the parent VLV search
642 entry
643
646 usage: dsconf instance backend attr-encrypt [-h] [--list]
647 [--just-names]
648 [--add-attr ADD_ATTR]
649 [--del-attr DEL_ATTR]
650 be_name
651 be_name
654 The backend name or suffix
655
658 --list Lists all encrypted attributes in the backend
659 --just-names
662 List only the names of the encrypted attributes when used with
663 --list
664 --add-attr ADD_ATTR
667 Enables encryption for the specified attribute
668 --del-attr DEL_ATTR
671 Disables encryption for the specified attribute
672
675 usage: dsconf instance backend config [-h] {get,set} ...
676
679 dsconf backend config get
680 Display the global database configuration
681 dsconf backend config set
683 Set the global database configuration
684
687 usage: dsconf instance backend config get [-h]
688
691 usage: dsconf instance backend config set [-h]
692 [--lookthroughlimit LOOK‐
693 THROUGHLIMIT]
694 [--mode MODE]
695 [--idlistscanlimit
696 IDLISTSCANLIMIT]
697 [--directory DIRECTORY]
698 [--dbcachesize DBCACHESIZE]
699 [--logdirectory LOGDIRECTORY]
700 [--txn-wait TXN_WAIT]
701 [--checkpoint-interval CHECK‐
702 POINT_INTERVAL]
703 [--compactdb-interval COM‐
704 PACTDB_INTERVAL]
705 [--compactdb-time COM‐
706 PACTDB_TIME]
707 [--txn-batch-val
708 TXN_BATCH_VAL]
709 [--txn-batch-min
710 TXN_BATCH_MIN]
711 [--txn-batch-max
712 TXN_BATCH_MAX]
713 [--logbufsize LOGBUFSIZE]
714 [--locks LOCKS]
715 [--locks-monitoring-enabled
716 LOCKS_MONITORING_ENABLED]
717 [--locks-monitoring-threshold
718 LOCKS_MONITORING_THRESHOLD]
719 [--locks-monitoring-pause
720 LOCKS_MONITORING_PAUSE]
721 [--import-cache-autosize IM‐
722 PORT_CACHE_AUTOSIZE]
723 [--cache-autosize CACHE_AUTO‐
724 SIZE]
725 [--cache-autosize-split
726 CACHE_AUTOSIZE_SPLIT]
727 [--import-cachesize IM‐
728 PORT_CACHESIZE]
729 [--exclude-from-export EX‐
730 CLUDE_FROM_EXPORT]
731 [--pagedlookthroughlimit
732 PAGEDLOOKTHROUGHLIMIT]
733 [--pagedidlistscanlimit PAGE‐
734 DIDLISTSCANLIMIT]
735 [--rangelookthroughlimit
736 RANGELOOKTHROUGHLIMIT]
737 [--backend-opt-level BACK‐
738 END_OPT_LEVEL]
739 [--deadlock-policy DEAD‐
740 LOCK_POLICY]
741 [--db-home-directory
742 DB_HOME_DIRECTORY]
743 [--db-lib DB_LIB]
744
747 --lookthroughlimit LOOKTHROUGHLIMIT
748 Specifies the maximum number of entries that the server will
749 check when examining candidate entries in response to a search
750 request
751 --mode MODE
754 Specifies the permissions used for newly created index files
755 --idlistscanlimit IDLISTSCANLIMIT
758 Specifies the number of entry IDs that are searched during a
759 search operation
760 --directory DIRECTORY
763 Specifies absolute path to database instance
764 --dbcachesize DBCACHESIZE
767 Specifies the database index cache size in bytes
768 --logdirectory LOGDIRECTORY
771 Specifies the path to the directory that contains the database
772 transaction logs
773 --txn-wait TXN_WAIT
776 Sets whether the server should should wait if there are no db
777 locks available
778 --checkpoint-interval CHECKPOINT_INTERVAL
781 Sets the amount of time in seconds after which the server sends
782 a checkpoint entry to the database transaction log
783 --compactdb-interval COMPACTDB_INTERVAL
786 Sets the interval in seconds when the database is compacted
787 --compactdb-time COMPACTDB_TIME
790 Sets the time (HH:MM format) of day when to compact the database
791 after the "compactdb interval" has been reached
792 --txn-batch-val TXN_BATCH_VAL
795 Specifies how many transactions will be batched before being
796 committed
797 --txn-batch-min TXN_BATCH_MIN
800 Controls when transactions should be flushed earliest, indepen‐
801 dently of the batch count. Requires that txn-batch-val is set
802 --txn-batch-max TXN_BATCH_MAX
805 Controls when transactions should be flushed latest, indepen‐
806 dently of the batch count. Requires that txn-batch-val is set)
807 --logbufsize LOGBUFSIZE
810 Specifies the transaction log information buffer size
811 --locks LOCKS
814 Sets the maximum number of database locks
815 --locks-monitoring-enabled LOCKS_MONITORING_ENABLED
818 Enables or disables monitoring of DB locks when the value
819 crosses the percentage set with "--locks-monitoring-threshold"
820 --locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD
823 Sets the DB lock exhaustion threshold in percentage (valid range
824 is 70-90). When the threshold is reached, all searches are
825 aborted until the number of active locks decreases below the
826 configured threshold and/or the administrator increases the num‐
827 ber of database locks (nsslapd-db-locks). This threshold is a
828 safeguard against DB corruption which might be caused by locks
829 exhaustion.
830 --locks-monitoring-pause LOCKS_MONITORING_PAUSE
833 Sets the DB lock monitoring value in milliseconds for the amount
834 of time that the monitoring thread spends waiting between
835 checks.
836 --import-cache-autosize IMPORT_CACHE_AUTOSIZE
839 Enables or disables to automatically set the size of the import
840 cache to be used during the import process of LDIF files
841 --cache-autosize CACHE_AUTOSIZE
844 Sets the percentage of free memory that is used in total for the
845 database and entry cache. "0" disables this feature.
846 --cache-autosize-split CACHE_AUTOSIZE_SPLIT
849 Sets the percentage of RAM that is used for the database cache.
850 The remaining percentage is used for the entry cache
851 --import-cachesize IMPORT_CACHESIZE
854 Sets the size in bytes of the database cache used in the import
855 process.
856 --exclude-from-export EXCLUDE_FROM_EXPORT
859 List of attributes to not include during database export opera‐
860 tions
861 --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT
864 Specifies the maximum number of entries that the server will
865 check when examining candidate entries for a search which uses
866 the simple paged results control
867 --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT
870 Specifies the number of entry IDs that are searched, specifi‐
871 cally, for a search operation using the simple paged results
872 control.
873 --rangelookthroughlimit RANGELOOKTHROUGHLIMIT
876 Specifies the maximum number of entries that the server will
877 check when examining candidate entries in response to a range
878 search request.
879 --backend-opt-level BACKEND_OPT_LEVEL
882 Sets the backend optimization level for write performance (0, 1,
883 2, or 4). WARNING: This parameter can trigger experimental
884 code.
885 --deadlock-policy DEADLOCK_POLICY
888 Adjusts the backend database deadlock policy (Advanced setting)
889 --db-home-directory DB_HOME_DIRECTORY
892 Sets the directory for the database mmapped files (Advanced set‐
893 ting)
894 --db-lib DB_LIB
897 Sets which db lib is used. Valid values are: bdb or mdb
898
901 usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]
902
905 --suffix SUFFIX
906 Displays monitoring information only for the specified suffix
907
910 usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
911 [-g GEN_UNIQ_ID] [-O]
912 [-s INCLUDE_SUFFIXES [IN‐
913 CLUDE_SUFFIXES ...]]
914 [-x EXCLUDE_SUFFIXES [EX‐
915 CLUDE_SUFFIXES ...]]
916 [--timeout TIMEOUT]
917 [be_name] [ldifs ...]
918 be_name
921 The backend name or the root suffix
922 ldifs Specifies the filename of the input LDIF files. Multiple files
925 are imported in the specified order.
926
929 -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE
930 The number of chunks to have during the import operation
931 -E, --encrypted
934 Encrypt attributes configured in the database for encryption
935 -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID
938 Generate a unique id. Set "none" for no unique ID to be gener‐
939 ated and "deterministic" for the generated unique ID to be
940 name-based. By default, a time-based unique ID is generated.
941 When using the deterministic generation to have a name-based
942 unique ID, it is also possible to specify the namespace for the
943 server to use. namespaceId is a string of characters in the for‐
944 mat 00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx.
945 -O, --only-core
948 Creates only the core database attribute indexes
949 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes IN‐
952 CLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
953 Specifies the suffixes or the subtrees to be included
954 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EX‐
957 CLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
958 Specifies the suffixes to be excluded
959 --timeout TIMEOUT
962 Set a timeout to wait for the export task. Default is 0 (no
963 timeout)
964
967 usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
968 [-N] [-r]
969 [-u] [-U]
970 [-s INCLUDE_SUFFIXES [IN‐
971 CLUDE_SUFFIXES ...]]
972 [-x EXCLUDE_SUFFIXES [EX‐
973 CLUDE_SUFFIXES ...]]
974 [--timeout TIMEOUT]
975 be_names [be_names ...]
976 be_names
979 The backend names or the root suffixes
980
983 -l LDIF, --ldif LDIF
984 Sets the filename of the output LDIF file. Separate multiple
985 file names with spaces.
986 -C, --use-id2entry
989 Uses only the main database file
990 -E, --encrypted
993 Decrypts encrypted data during export. This option is used only
994 if database encryption is enabled.
995 -m, --min-base64
998 Sets minimal base-64 encoding
999 -N, --no-seq-num
1002 Suppresses printing the sequence numbers
1003 -r, --replication
1006 Exports the data with information required to initialize a
1007 replica
1008 -u, --no-dump-uniq-id
1011 Omits exporting the unique ID
1012 -U, --not-folded
1015 Disables folding the output
1016 -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes IN‐
1019 CLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]
1020 Specifies the suffixes or the subtrees to be included
1021 -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EX‐
1024 CLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]
1025 Specifies the suffixes to be excluded
1026 --timeout TIMEOUT
1029 Set a timeout to wait for the export task. Default is 0 (no
1030 timeout)
1031
1034 usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUF‐
1035 FIX]
1036 --suffix SUFFIX --be-name BE_NAME
1037 [--create-entries] [--create-suf‐
1038 fix]
1039
1042 --parent-suffix PARENT_SUFFIX
1043 Sets the parent suffix only if this backend is a sub-suffix
1044 --suffix SUFFIX
1047 Sets the database suffix DN
1048 --be-name BE_NAME
1051 Sets the database backend name"
1052 --create-entries
1055 Adds sample entries to the database
1056 --create-suffix
1059 Creates the suffix object entry in the database. Only suffixes
1060 using the 'dc',
1061
1064 usage: dsconf instance backend delete [-h] [--do-it] be_name
1065 be_name
1068 The backend name or suffix
1069
1072 --do-it
1073 Remove backend and its subsuffixes
1074
1077 usage: dsconf instance backend get-tree [-h]
1078
1081 usage: dsconf instance backend compact-db [-h] [--only-changelog]
1082 [--timeout TIMEOUT]
1083
1086 --only-changelog
1087 Compacts only the replication change log
1088 --timeout TIMEOUT
1091 Set a timeout to wait for the compaction task. Default is 0 (no
1092 timeout)
1093
1096 usage: dsconf instance backup [-h] {create,restore} ...
1097
1100 dsconf backup create
1101 Creates a backup of the database
1102 dsconf backup restore
1104 Restores a database from a backup
1105
1108 usage: dsconf instance backup create [-h] [-t DB_TYPE] [--timeout TIME‐
1109 OUT]
1110 [archive]
1111 archive
1114 Sets the directory where to store the backup files. Format: in‐
1115 stance_name- year_month_date_hour_minutes_seconds. Default:
1116 /var/lib/dirsrv/slapd- instance/bak/
1117
1120 -t DB_TYPE, --db-type DB_TYPE
1121 Sets the database type. Default: ldbm database
1122 --timeout TIMEOUT
1125 Sets the task timeout. Default is 120 seconds,
1126
1129 usage: dsconf instance backup restore [-h] [-t DB_TYPE] [--timeout
1130 TIMEOUT]
1131 archive
1132 archive
1135 Set the directory that contains the backup files
1136
1139 -t DB_TYPE, --db-type DB_TYPE
1140 Sets the database type. Default: ldbm database
1141 --timeout TIMEOUT
1144 Sets the task timeout. Default is 120 seconds.
1145
1148 usage: dsconf instance chaining [-h]
1149 {config-get,config-set,con‐
1150 fig-get-def,config-set-def,link-cre‐
1151 ate,link-get,link-set,link-delete,monitor,link-list}
1152 ...
1153
1156 dsconf chaining config-get
1157 Display the chaining controls and server component lists
1158 dsconf chaining config-set
1160 Set the chaining controls and server component lists
1161 dsconf chaining config-get-def
1163 Display the default creation parameters for new database links
1164 dsconf chaining config-set-def
1166 Set the default creation parameters for new database links
1167 dsconf chaining link-create
1169 Create a database link to a remote server
1170 dsconf chaining link-get
1172 Displays chaining database links
1173 dsconf chaining link-set
1175 Edit a database link to a remote server
1176 dsconf chaining link-delete
1178 Delete a database link
1179 dsconf chaining monitor
1181 Display monitor information for a database chaining link
1182 dsconf chaining link-list
1184 List database links
1185
1188 usage: dsconf instance chaining config-get [-h] [--avail-controls]
1189 [--avail-comps]
1190
1193 --avail-controls
1194 Lists available chaining controls
1195 --avail-comps
1198 Lists available chaining plugin components
1199
1202 usage: dsconf instance chaining config-set [-h] [--add-control ADD_CON‐
1203 TROL]
1204 [--del-control DEL_CONTROL]
1205 [--add-comp ADD_COMP]
1206 [--del-comp DEL_COMP]
1207
1210 --add-control ADD_CONTROL
1211 Adds a transmitted control OID
1212 --del-control DEL_CONTROL
1215 Deletes a transmitted control OID
1216 --add-comp ADD_COMP
1219 Adds a chaining component
1220 --del-comp DEL_COMP
1223 Deletes a chaining component
1224
1227 usage: dsconf instance chaining config-get-def [-h]
1228
1231 usage: dsconf instance chaining config-set-def [-h]
1232 [--conn-bind-limit
1233 CONN_BIND_LIMIT]
1234 [--conn-op-limit
1235 CONN_OP_LIMIT]
1236 [--abandon-check-inter‐
1237 val ABANDON_CHECK_INTERVAL]
1238 [--bind-limit
1239 BIND_LIMIT]
1240 [--op-limit OP_LIMIT]
1241 [--proxied-auth PROX‐
1242 IED_AUTH]
1243 [--conn-lifetime
1244 CONN_LIFETIME]
1245 [--bind-timeout
1246 BIND_TIMEOUT]
1247 [--return-ref RE‐
1248 TURN_REF]
1249 [--check-aci CHECK_ACI]
1250 [--bind-attempts
1251 BIND_ATTEMPTS]
1252 [--size-limit
1253 SIZE_LIMIT]
1254 [--time-limit
1255 TIME_LIMIT]
1256 [--hop-limit HOP_LIMIT]
1257 [--response-delay RE‐
1258 SPONSE_DELAY]
1259 [--test-response-delay
1260 TEST_RESPONSE_DELAY]
1261 [--use-starttls
1262 USE_STARTTLS]
1263
1266 --conn-bind-limit CONN_BIND_LIMIT
1267 Sets the maximum number of BIND connections the database link
1268 establishes with the remote server
1269 --conn-op-limit CONN_OP_LIMIT
1272 Sets the maximum number of LDAP connections the database link
1273 establishes with the remote server
1274 --abandon-check-interval ABANDON_CHECK_INTERVAL
1277 Sets the number of seconds that pass before the server checks
1278 for abandoned operations
1279 --bind-limit BIND_LIMIT
1282 Sets the maximum number of concurrent bind operations per TCP
1283 connection
1284 --op-limit OP_LIMIT
1287 Sets the maximum number of concurrent operations allowed
1288 --proxied-auth PROXIED_AUTH
1291 Enables or disables proxied authorization. If set to "off", the
1292 server executes bind for chained operations as the user set in
1293 the nsMultiplexorBindDn attribute.
1294 --conn-lifetime CONN_LIFETIME
1297 Specifies connection lifetime in seconds. "0" keeps the connec‐
1298 tion open forever.
1299 --bind-timeout BIND_TIMEOUT
1302 Sets the amount of time in seconds before a bind attempt times
1303 out
1304 --return-ref RETURN_REF
1307 Enables or disables whether referrals are returned by scoped
1308 searches
1309 --check-aci CHECK_ACI
1312 Enables or disables whether the server evaluates ACIs on the
1313 database link as well as the remote data server
1314 --bind-attempts BIND_ATTEMPTS
1317 Sets the number of times the server tries to bind to the remote
1318 server
1319 --size-limit SIZE_LIMIT
1322 Sets the maximum number of entries to return from a search oper‐
1323 ation
1324 --time-limit TIME_LIMIT
1327 Sets the maximum number of seconds allowed for an operation
1328 --hop-limit HOP_LIMIT
1331 Sets the maximum number of times a database is allowed to chain.
1332 That is the number of times a request can be forwarded from one
1333 database link to another.
1334 --response-delay RESPONSE_DELAY
1337 Sets the maximum amount of time it can take a remote server to
1338 respond to an LDAP operation request made by a database link be‐
1339 fore an error is suspected
1340 --test-response-delay TEST_RESPONSE_DELAY
1343 Sets the duration of the test issued by the database link to
1344 check whether the remote server is responding
1345 --use-starttls USE_STARTTLS
1348 Configured that database links use StartTLS if set to "on"
1349
1352 usage: dsconf instance chaining link-create [-h]
1353 [--conn-bind-limit
1354 CONN_BIND_LIMIT]
1355 [--conn-op-limit
1356 CONN_OP_LIMIT]
1357 [--abandon-check-interval
1358 ABANDON_CHECK_INTERVAL]
1359 [--bind-limit BIND_LIMIT]
1360 [--op-limit OP_LIMIT]
1361 [--proxied-auth PROX‐
1362 IED_AUTH]
1363 [--conn-lifetime CONN_LIFE‐
1364 TIME]
1365 [--bind-timeout BIND_TIME‐
1366 OUT]
1367 [--return-ref RETURN_REF]
1368 [--check-aci CHECK_ACI]
1369 [--bind-attempts BIND_AT‐
1370 TEMPTS]
1371 [--size-limit SIZE_LIMIT]
1372 [--time-limit TIME_LIMIT]
1373 [--hop-limit HOP_LIMIT]
1374 [--response-delay RE‐
1375 SPONSE_DELAY]
1376 [--test-response-delay
1377 TEST_RESPONSE_DELAY]
1378 [--use-starttls USE_START‐
1379 TLS]
1380 --suffix SUFFIX
1381 --server-url
1382 SERVER_URL --bind-mech
1383 BIND_MECH
1384 --bind-dn BIND_DN
1385 [--bind-pw BIND_PW]
1386 [--bind-pw-file
1387 BIND_PW_FILE]
1388 [--bind-pw-prompt]
1389 CHAIN_NAME
1390 CHAIN_NAME
1393 The name of the database link
1394
1397 --conn-bind-limit CONN_BIND_LIMIT
1398 Sets the maximum number of BIND connections the database link
1399 establishes with the remote server
1400 --conn-op-limit CONN_OP_LIMIT
1403 Sets the maximum number of LDAP connections the database link
1404 establishes with the remote server
1405 --abandon-check-interval ABANDON_CHECK_INTERVAL
1408 Sets the number of seconds that pass before the server checks
1409 for abandoned operations
1410 --bind-limit BIND_LIMIT
1413 Sets the maximum number of concurrent bind operations per TCP
1414 connection
1415 --op-limit OP_LIMIT
1418 Sets the maximum number of concurrent operations allowed
1419 --proxied-auth PROXIED_AUTH
1422 Enables or disables proxied authorization. If set to "off", the
1423 server executes bind for chained operations as the user set in
1424 the nsMultiplexorBindDn attribute.
1425 --conn-lifetime CONN_LIFETIME
1428 Specifies connection lifetime in seconds. "0" keeps the connec‐
1429 tion open forever.
1430 --bind-timeout BIND_TIMEOUT
1433 Sets the amount of time in seconds before a bind attempt times
1434 out
1435 --return-ref RETURN_REF
1438 Enables or disables whether referrals are returned by scoped
1439 searches
1440 --check-aci CHECK_ACI
1443 Enables or disables whether the server evaluates ACIs on the
1444 database link as well as the remote data server
1445 --bind-attempts BIND_ATTEMPTS
1448 Sets the number of times the server tries to bind to the remote
1449 server
1450 --size-limit SIZE_LIMIT
1453 Sets the maximum number of entries to return from a search oper‐
1454 ation
1455 --time-limit TIME_LIMIT
1458 Sets the maximum number of seconds allowed for an operation
1459 --hop-limit HOP_LIMIT
1462 Sets the maximum number of times a database is allowed to chain.
1463 That is the number of times a request can be forwarded from one
1464 database link to another.
1465 --response-delay RESPONSE_DELAY
1468 Sets the maximum amount of time it can take a remote server to
1469 respond to an LDAP operation request made by a database link be‐
1470 fore an error is suspected
1471 --test-response-delay TEST_RESPONSE_DELAY
1474 Sets the duration of the test issued by the database link to
1475 check whether the remote server is responding
1476 --use-starttls USE_STARTTLS
1479 Configured that database links use StartTLS if set to "on"
1480 --suffix SUFFIX
1483 Sets the suffix managed by the database link
1484 --server-url SERVER_URL
1487 Sets the LDAP/LDAPS URL to the remote server
1488 --bind-mech BIND_MECH
1491 Sets the authentication method to use to authenticate to the re‐
1492 mote server. Valid values: "SIMPLE" (default), "EXTERNAL", "DI‐
1493 GEST-MD5", or "GSSAPI"
1494 --bind-dn BIND_DN
1497 Sets the DN of the administrative entry used to communicate with
1498 the remote server
1499 --bind-pw BIND_PW
1502 Sets the password of the administrative user
1503 --bind-pw-file BIND_PW_FILE
1506 File containing the password
1507 --bind-pw-prompt
1510 Prompt for password
1511
1514 usage: dsconf instance chaining link-get [-h] CHAIN_NAME
1515 CHAIN_NAME
1518 The chaining link name or suffix to retrieve
1519
1522 usage: dsconf instance chaining link-set [-h]
1523 [--conn-bind-limit
1524 CONN_BIND_LIMIT]
1525 [--conn-op-limit
1526 CONN_OP_LIMIT]
1527 [--abandon-check-interval
1528 ABANDON_CHECK_INTERVAL]
1529 [--bind-limit BIND_LIMIT]
1530 [--op-limit OP_LIMIT]
1531 [--proxied-auth PROXIED_AUTH]
1532 [--conn-lifetime CONN_LIFE‐
1533 TIME]
1534 [--bind-timeout BIND_TIMEOUT]
1535 [--return-ref RETURN_REF]
1536 [--check-aci CHECK_ACI]
1537 [--bind-attempts BIND_AT‐
1538 TEMPTS]
1539 [--size-limit SIZE_LIMIT]
1540 [--time-limit TIME_LIMIT]
1541 [--hop-limit HOP_LIMIT]
1542 [--response-delay RESPONSE_DE‐
1543 LAY]
1544 [--test-response-delay
1545 TEST_RESPONSE_DELAY]
1546 [--use-starttls USE_STARTTLS]
1547 [--suffix SUFFIX]
1548 [--server-url SERVER_URL]
1549 [--bind-mech BIND_MECH]
1550 [--bind-dn BIND_DN]
1551 [--bind-pw BIND_PW]
1552 [--bind-pw-file BIND_PW_FILE]
1553 [--bind-pw-prompt]
1554 CHAIN_NAME
1555 CHAIN_NAME
1558 The name of the database link
1559
1562 --conn-bind-limit CONN_BIND_LIMIT
1563 Sets the maximum number of BIND connections the database link
1564 establishes with the remote server
1565 --conn-op-limit CONN_OP_LIMIT
1568 Sets the maximum number of LDAP connections the database link
1569 establishes with the remote server
1570 --abandon-check-interval ABANDON_CHECK_INTERVAL
1573 Sets the number of seconds that pass before the server checks
1574 for abandoned operations
1575 --bind-limit BIND_LIMIT
1578 Sets the maximum number of concurrent bind operations per TCP
1579 connection
1580 --op-limit OP_LIMIT
1583 Sets the maximum number of concurrent operations allowed
1584 --proxied-auth PROXIED_AUTH
1587 Enables or disables proxied authorization. If set to "off", the
1588 server executes bind for chained operations as the user set in
1589 the nsMultiplexorBindDn attribute.
1590 --conn-lifetime CONN_LIFETIME
1593 Specifies connection lifetime in seconds. "0" keeps the connec‐
1594 tion open forever.
1595 --bind-timeout BIND_TIMEOUT
1598 Sets the amount of time in seconds before a bind attempt times
1599 out
1600 --return-ref RETURN_REF
1603 Enables or disables whether referrals are returned by scoped
1604 searches
1605 --check-aci CHECK_ACI
1608 Enables or disables whether the server evaluates ACIs on the
1609 database link as well as the remote data server
1610 --bind-attempts BIND_ATTEMPTS
1613 Sets the number of times the server tries to bind to the remote
1614 server
1615 --size-limit SIZE_LIMIT
1618 Sets the maximum number of entries to return from a search oper‐
1619 ation
1620 --time-limit TIME_LIMIT
1623 Sets the maximum number of seconds allowed for an operation
1624 --hop-limit HOP_LIMIT
1627 Sets the maximum number of times a database is allowed to chain.
1628 That is the number of times a request can be forwarded from one
1629 database link to another.
1630 --response-delay RESPONSE_DELAY
1633 Sets the maximum amount of time it can take a remote server to
1634 respond to an LDAP operation request made by a database link be‐
1635 fore an error is suspected
1636 --test-response-delay TEST_RESPONSE_DELAY
1639 Sets the duration of the test issued by the database link to
1640 check whether the remote server is responding
1641 --use-starttls USE_STARTTLS
1644 Configured that database links use StartTLS if set to "on"
1645 --suffix SUFFIX
1648 Sets the suffix managed by the database link
1649 --server-url SERVER_URL
1652 Sets the LDAP/LDAPS URL to the remote server
1653 --bind-mech BIND_MECH
1656 Sets the authentication method to use to authenticate to the re‐
1657 mote server: Valid values: "SIMPLE" (default), "EXTERNAL", "DI‐
1658 GEST-MD5", or "GSSAPI"
1659 --bind-dn BIND_DN
1662 Sets the DN of the administrative entry used to communicate with
1663 the remote server
1664 --bind-pw BIND_PW
1667 Sets the password of the administrative user
1668 --bind-pw-file BIND_PW_FILE
1671 File containing the password
1672 --bind-pw-prompt
1675 Prompt for password
1676
1679 usage: dsconf instance chaining link-delete [-h] CHAIN_NAME
1680 CHAIN_NAME
1683 The name of the database link
1684
1687 usage: dsconf instance chaining monitor [-h] CHAIN_NAME
1688 CHAIN_NAME
1691 The name of the database link
1692
1695 usage: dsconf instance chaining link-list [-h]
1696
1699 usage: dsconf instance config [-h] {get,add,replace,delete} ...
1700
1703 dsconf config get
1704 get
1705 dsconf config add
1707 Add attribute value to configuration
1708 dsconf config replace
1710 Replace attribute value in configuration
1711 dsconf config delete
1713 Delete attribute value in configuration
1714
1717 usage: dsconf instance config get [-h] [attrs ...]
1718 attrs Configuration attribute(s) to get
1721
1724 usage: dsconf instance config add [-h] [attr ...]
1725 attr Configuration attribute to add
1728
1731 usage: dsconf instance config replace [-h] [attr ...]
1732 attr Configuration attribute to replace
1735
1738 usage: dsconf instance config delete [-h] [attr ...]
1739 attr Configuration attribute to delete
1742
1745 usage: dsconf instance directory_manager [-h] {password_change} ...
1746
1749 dsconf directory_manager password_change
1750 Changes the password of the Directory Manager account
1751
1754 usage: dsconf instance directory_manager password_change [-h]
1755
1758 usage: dsconf instance monitor [-h]
1759 {server,dbmon,ldbm,backend,snmp,chain‐
1760 ing,disk}
1761 ...
1762
1765 dsconf monitor server
1766 Displays the server statistics, connections, and operations
1767 dsconf monitor dbmon
1769 Monitor all database statistics in a single report
1770 dsconf monitor ldbm
1772 Monitor the LDBM statistics, such as dbcache
1773 dsconf monitor backend
1775 Monitor the behavior of a backend database
1776 dsconf monitor snmp
1778 Displays the SNMP statistics
1779 dsconf monitor chaining
1781 Monitor database chaining statistics
1782 dsconf monitor disk
1784 Displays the disk space statistics. All values are in bytes.
1785
1788 usage: dsconf instance monitor server [-h]
1789
1792 usage: dsconf instance monitor dbmon [-h] [-b BACKENDS] [-x]
1793
1796 -b BACKENDS, --backends BACKENDS
1797 Specifies a list of space-separated backends to monitor. Default
1798 is all backends.
1799 -x, --indexes
1802 Shows index stats for each backend
1803
1806 usage: dsconf instance monitor ldbm [-h]
1807
1810 usage: dsconf instance monitor backend [-h] [backend]
1811 backend
1814 The optional name of the backend to monitor
1815
1818 usage: dsconf instance monitor snmp [-h]
1819
1822 usage: dsconf instance monitor chaining [-h] [backend]
1823 backend
1826 The optional name of the chaining backend to monitor
1827
1830 usage: dsconf instance monitor disk [-h]
1831
1834 usage: dsconf instance plugin [-h]
1835 {memberof,automember,referential-integ‐
1836 rity,root-dn,usn,account-pol‐
1837 icy,attr-uniq,dna,ldap-pass-through-auth,linked-attr,managed-en‐
1838 tries,pam-pass-through-auth,retro-changelog,posix-winsync,con‐
1839 tentsync,entryuuid,list,show,set}
1840 ...
1841
1844 dsconf plugin memberof
1845 Manage and configure MemberOf plugin
1846 dsconf plugin automember
1848 Manage and configure Automembership plugin
1849 dsconf plugin referential-integrity
1851 Manage and configure Referential Integrity Postoperation plugin
1852 dsconf plugin root-dn
1854 Manage and configure RootDN Access Control plugin
1855 dsconf plugin usn
1857 Manage and configure USN plugin
1858 dsconf plugin account-policy
1860 Manage and configure Account Policy plugin
1861 dsconf plugin attr-uniq
1863 Manage and configure Attribute Uniqueness plugin
1864 dsconf plugin dna
1866 Manage and configure DNA plugin
1867 dsconf plugin ldap-pass-through-auth
1869 Manage and configure LDAP Pass-Through Authentication Plugin
1870 dsconf plugin linked-attr
1872 Manage and configure Linked Attributes plugin
1873 dsconf plugin managed-entries
1875 Manage and configure Managed Entries Plugin
1876 dsconf plugin pam-pass-through-auth
1878 Manage and configure Pass-Through Authentication plugins (LDAP
1879 URLs and PAM)
1880 dsconf plugin retro-changelog
1882 Manage and configure Retro Changelog plugin
1883 dsconf plugin posix-winsync
1885 Manage and configure the Posix Winsync API plugin
1886 dsconf plugin contentsync
1888 Manage and configure Content Sync Plugin (aka syncrepl)
1889 dsconf plugin entryuuid
1891 Manage and configure EntryUUID plugin
1892 dsconf plugin list
1894 List current configured (enabled and disabled) plugins
1895 dsconf plugin show
1897 Show the plugin data
1898 dsconf plugin set
1900 Edit the plugin settings
1901
1904 usage: dsconf instance plugin memberof [-h]
1905 {show,enable,disable,sta‐
1906 tus,set,config-entry,fixup,fixup-status}
1907 ...
1908
1911 dsconf plugin memberof show
1912 Displays the plugin configuration
1913 dsconf plugin memberof enable
1915 Enables the plugin
1916 dsconf plugin memberof disable
1918 Disables the plugin
1919 dsconf plugin memberof status
1921 Displays the plugin status
1922 dsconf plugin memberof set
1924 Edit the plugin settings
1925 dsconf plugin memberof config-entry
1927 Manage the config entry
1928 dsconf plugin memberof fixup
1930 Run the fix-up task for memberOf plugin
1931 dsconf plugin memberof fixup-status
1933 Check the status of a fix-up task
1934
1937 usage: dsconf instance plugin memberof show [-h]
1938
1941 usage: dsconf instance plugin memberof enable [-h]
1942
1945 usage: dsconf instance plugin memberof disable [-h]
1946
1949 usage: dsconf instance plugin memberof status [-h]
1950
1953 usage: dsconf instance plugin memberof set [-h] [--attr ATTR]
1954 [--groupattr GROUPATTR
1955 [GROUPATTR ...]]
1956 [--allbackends {on,off}]
1957 [--skipnested {on,off}]
1958 [--scope SCOPE [SCOPE ...]]
1959 [--exclude EXCLUDE [EXCLUDE
1960 ...]]
1961 [--autoaddoc AUTOADDOC]
1962 [--config-entry CONFIG_EN‐
1963 TRY]
1964
1967 --attr ATTR
1968 Specifies the attribute in the user entry for the Directory
1969 Server to manage to reflect group membership (memberOfAttr)
1970 --groupattr GROUPATTR [GROUPATTR ...]
1973 Specifies the attribute in the group entry to use to identify
1974 the DNs of group members (memberOfGroupAttr)
1975 --allbackends {on,off}
1978 Specifies whether to search the local suffix for user entries on
1979 all available suffixes (memberOfAllBackends)
1980 --skipnested {on,off}
1983 Specifies whether to skip nested groups or not (memberOfSkip‐
1984 Nested)
1985 --scope SCOPE [SCOPE ...]
1988 Specifies backends or multiple-nested suffixes for the MemberOf
1989 plug-in to work on (memberOfEntryScope)
1990 --exclude EXCLUDE [EXCLUDE ...]
1993 Specifies backends or multiple-nested suffixes for the MemberOf
1994 plug-in to exclude (memberOfEntryScopeExcludeSubtree)
1995 --autoaddoc AUTOADDOC
1998 If an entry does not have an object class that allows the mem‐
1999 berOf attribute then the memberOf plugin will automatically add
2000 the object class listed in the memberOfAutoAddOC parameter
2001 --config-entry CONFIG_ENTRY
2004 The value to set as nsslapd-pluginConfigArea
2005
2008 usage: dsconf instance plugin memberof config-entry [-h]
2009 {add,set,show,delete}
2010 ...
2011
2014 dsconf plugin memberof config-entry add
2015 Add the config entry
2016 dsconf plugin memberof config-entry set
2018 Edit the config entry
2019 dsconf plugin memberof config-entry show
2021 Display the config entry
2022 dsconf plugin memberof config-entry delete
2024 Delete the config entry
2025
2028 usage: dsconf instance plugin memberof config-entry add [-h] [--attr
2029 ATTR]
2030 [--groupattr
2031 GROUPATTR [GROUPATTR ...]]
2032 [--allbackends
2033 {on,off}]
2034 [--skipnested
2035 {on,off}]
2036 [--scope SCOPE
2037 [SCOPE ...]]
2038 [--exclude EX‐
2039 CLUDE [EXCLUDE ...]]
2040 [--autoaddoc
2041 AUTOADDOC]
2042 DN
2043 DN The config entry full DN
2046
2049 --attr ATTR
2050 Specifies the attribute in the user entry for the Directory
2051 Server to manage to reflect group membership (memberOfAttr)
2052 --groupattr GROUPATTR [GROUPATTR ...]
2055 Specifies the attribute in the group entry to use to identify
2056 the DNs of group members (memberOfGroupAttr)
2057 --allbackends {on,off}
2060 Specifies whether to search the local suffix for user entries on
2061 all available suffixes (memberOfAllBackends)
2062 --skipnested {on,off}
2065 Specifies whether to skip nested groups or not (memberOfSkip‐
2066 Nested)
2067 --scope SCOPE [SCOPE ...]
2070 Specifies backends or multiple-nested suffixes for the MemberOf
2071 plug-in to work on (memberOfEntryScope)
2072 --exclude EXCLUDE [EXCLUDE ...]
2075 Specifies backends or multiple-nested suffixes for the MemberOf
2076 plug-in to exclude (memberOfEntryScopeExcludeSubtree)
2077 --autoaddoc AUTOADDOC
2080 If an entry does not have an object class that allows the mem‐
2081 berOf attribute then the memberOf plugin will automatically add
2082 the object class listed in the memberOfAutoAddOC parameter
2083
2086 usage: dsconf instance plugin memberof config-entry set [-h] [--attr
2087 ATTR]
2088 [--groupattr
2089 GROUPATTR [GROUPATTR ...]]
2090 [--allbackends
2091 {on,off}]
2092 [--skipnested
2093 {on,off}]
2094 [--scope SCOPE
2095 [SCOPE ...]]
2096 [--exclude EX‐
2097 CLUDE [EXCLUDE ...]]
2098 [--autoaddoc
2099 AUTOADDOC]
2100 DN
2101 DN The config entry full DN
2104
2107 --attr ATTR
2108 Specifies the attribute in the user entry for the Directory
2109 Server to manage to reflect group membership (memberOfAttr)
2110 --groupattr GROUPATTR [GROUPATTR ...]
2113 Specifies the attribute in the group entry to use to identify
2114 the DNs of group members (memberOfGroupAttr)
2115 --allbackends {on,off}
2118 Specifies whether to search the local suffix for user entries on
2119 all available suffixes (memberOfAllBackends)
2120 --skipnested {on,off}
2123 Specifies whether to skip nested groups or not (memberOfSkip‐
2124 Nested)
2125 --scope SCOPE [SCOPE ...]
2128 Specifies backends or multiple-nested suffixes for the MemberOf
2129 plug-in to work on (memberOfEntryScope)
2130 --exclude EXCLUDE [EXCLUDE ...]
2133 Specifies backends or multiple-nested suffixes for the MemberOf
2134 plug-in to exclude (memberOfEntryScopeExcludeSubtree)
2135 --autoaddoc AUTOADDOC
2138 If an entry does not have an object class that allows the mem‐
2139 berOf attribute then the memberOf plugin will automatically add
2140 the object class listed in the memberOfAutoAddOC parameter
2141
2144 usage: dsconf instance plugin memberof config-entry show [-h] DN
2145 DN The config entry full DN
2148
2151 usage: dsconf instance plugin memberof config-entry delete [-h] DN
2152 DN The config entry full DN
2155
2158 usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] [--wait]
2159 [--timeout TIMEOUT]
2160 DN
2161 DN Base DN that contains entries to fix up
2164
2167 -f FILTER, --filter FILTER
2168 Filter for entries to fix up. If omitted, all entries with ob‐
2169 jectclass inetuser/inetadmin/nsmemberof under the specified base
2170 will have their memberOf attribute regenerated.
2171 --wait Wait for the task to finish, this could take a long time
2174 --timeout TIMEOUT
2177 Sets the task timeout. ,Default is 0 (no timeout)
2178
2181 usage: dsconf instance plugin memberof fixup-status [-h] [--dn DN]
2182 [--show-log]
2183 [--watch]
2184
2187 --dn DN
2188 The task entry's DN
2189 --show-log
2192 Display the task log
2193 --watch
2196 Watch the task's status and wait for it to finish
2197
2200 usage: dsconf instance plugin automember [-h]
2201 {show,enable,disable,sta‐
2202 tus,list,definition,fixup,fixup-status,abort-fixup}
2203 ...
2204
2207 dsconf plugin automember show
2208 Displays the plugin configuration
2209 dsconf plugin automember enable
2211 Enables the plugin
2212 dsconf plugin automember disable
2214 Disables the plugin
2215 dsconf plugin automember status
2217 Displays the plugin status
2218 dsconf plugin automember list
2220 List Automembership definitions or regex rules.
2221 dsconf plugin automember definition
2223 Manage Automembership definition.
2224 dsconf plugin automember fixup
2226 Run a rebuild membership task.
2227 dsconf plugin automember fixup-status
2229 Check the status of a fix-up task
2230 dsconf plugin automember abort-fixup
2232 Abort the rebuild membership task.
2233
2236 usage: dsconf instance plugin automember show [-h]
2237
2240 usage: dsconf instance plugin automember enable [-h]
2241
2244 usage: dsconf instance plugin automember disable [-h]
2245
2248 usage: dsconf instance plugin automember status [-h]
2249
2252 usage: dsconf instance plugin automember list [-h] {defini‐
2253 tions,regexes} ...
2254
2257 dsconf plugin automember list definitions
2258 Lists Automembership definitions.
2259 dsconf plugin automember list regexes
2261 List Automembership regex rules.
2262
2265 usage: dsconf instance plugin automember list definitions [-h]
2266
2269 usage: dsconf instance plugin automember list regexes [-h] DEFNAME
2270 DEFNAME
2273 The definition entry CN
2274
2277 usage: dsconf instance plugin automember definition [-h]
2278 DEFNAME
2279 {add,set,delete,show,regex}
2280 ...
2281
2284 dsconf plugin automember definition add
2285 Creates Automembership definition.
2286 dsconf plugin automember definition set
2288 Edits Automembership definition.
2289 dsconf plugin automember definition delete
2291 Removes Automembership definition.
2292 dsconf plugin automember definition show
2294 Displays Automembership definition.
2295 dsconf plugin automember definition regex
2297 Manage Automembership regex rules.
2298
2301 usage: dsconf instance plugin automember definition DEFNAME add
2302 [-h] --grouping-attr GROUPING_ATTR [--default-group DE‐
2303 FAULT_GROUP]
2304 --scope SCOPE --filter FILTER
2305
2308 --grouping-attr GROUPING_ATTR
2309 Specifies the name of the member attribute in the group entry
2310 and the attribute in the object entry that supplies the member
2311 attribute value, in the format group_member_attr:entry_attr (au‐
2312 toMemberGroupingAttr)
2313 --default-group DEFAULT_GROUP
2316 Sets default or fallback group to add the entry to as a member
2317 attribute in group entry (autoMemberDefaultGroup)
2318 --scope SCOPE
2321 Sets the subtree DN to search for entries (autoMemberScope)
2322 --filter FILTER
2325 Sets a standard LDAP search filter to use to search for matching
2326 entries (autoMemberFilter)
2327
2330 usage: dsconf instance plugin automember definition DEFNAME set
2331 [-h] --grouping-attr GROUPING_ATTR [--default-group DE‐
2332 FAULT_GROUP]
2333 --scope SCOPE --filter FILTER
2334
2337 --grouping-attr GROUPING_ATTR
2338 Specifies the name of the member attribute in the group entry
2339 and the attribute in the object entry that supplies the member
2340 attribute value, in the format group_member_attr:entry_attr (au‐
2341 toMemberGroupingAttr)
2342 --default-group DEFAULT_GROUP
2345 Sets default or fallback group to add the entry to as a member
2346 attribute in group entry (autoMemberDefaultGroup)
2347 --scope SCOPE
2350 Sets the subtree DN to search for entries (autoMemberScope)
2351 --filter FILTER
2354 Sets a standard LDAP search filter to use to search for matching
2355 entries (autoMemberFilter)
2356
2359 usage: dsconf instance plugin automember definition DEFNAME delete [-h]
2360
2363 usage: dsconf instance plugin automember definition DEFNAME show [-h]
2364
2367 usage: dsconf instance plugin automember definition DEFNAME regex
2368 [-h] REGEXNAME {add,set,delete,show} ...
2369
2372 dsconf plugin automember definition regex add
2373 Creates Automembership regex.
2374 dsconf plugin automember definition regex set
2376 Edits Automembership regex.
2377 dsconf plugin automember definition regex delete
2379 Removes Automembership regex.
2380 dsconf plugin automember definition regex show
2382 Displays Automembership regex.
2383
2386 usage: dsconf instance plugin automember definition DEFNAME regex
2387 REGEXNAME add
2388 [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2389 [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TAR‐
2390 GET_GROUP
2391
2394 --exclusive EXCLUSIVE [EXCLUSIVE ...]
2395 Sets a single regular expression to use to identify entries to
2396 exclude (autoMemberExclusiveRegex)
2397 --inclusive INCLUSIVE [INCLUSIVE ...]
2400 Sets a single regular expression to use to identify entries to
2401 include (autoMemberInclusiveRegex)
2402 --target-group TARGET_GROUP
2405 Sets which group to add the entry to as a member, if it meets
2406 the regular expression conditions (autoMemberTargetGroup)
2407
2410 usage: dsconf instance plugin automember definition DEFNAME regex
2411 REGEXNAME set
2412 [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
2413 [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TAR‐
2414 GET_GROUP
2415
2418 --exclusive EXCLUSIVE [EXCLUSIVE ...]
2419 Sets a single regular expression to use to identify entries to
2420 exclude (autoMemberExclusiveRegex)
2421 --inclusive INCLUSIVE [INCLUSIVE ...]
2424 Sets a single regular expression to use to identify entries to
2425 include (autoMemberInclusiveRegex)
2426 --target-group TARGET_GROUP
2429 Sets which group to add the entry to as a member, if it meets
2430 the regular expression conditions (autoMemberTargetGroup)
2431
2434 usage: dsconf instance plugin automember definition DEFNAME regex
2435 REGEXNAME delete
2436 [-h]
2437
2440 usage: dsconf instance plugin automember definition DEFNAME regex
2441 REGEXNAME show
2442 [-h]
2443
2446 usage: dsconf instance plugin automember fixup [-h] -f FILTER -s
2447 {sub,base,one}
2448 [--cleanup]
2449 [--wait] [--timeout
2450 TIMEOUT]
2451 DN
2452 DN Base DN that contains entries to fix up
2455
2458 -f FILTER, --filter FILTER
2459 Sets the LDAP filter for entries to fix up
2460 -s {sub,base,one}, --scope {sub,base,one}
2463 Sets the LDAP search scope for entries to fix up
2464 --cleanup
2467 Clean up previous group memberships before rebuilding
2468 --wait Wait for the task to finish, this could take a long time
2471 --timeout TIMEOUT
2474 Set a timeout to wait for the fixup task. Default is 0 (no time‐
2475 out)
2476
2479 usage: dsconf instance plugin automember fixup-status [-h] [--dn DN]
2480 [--show-log]
2481 [--watch]
2482
2485 --dn DN
2486 The task entry's DN
2487 --show-log
2490 Display the task log
2491 --watch
2494 Watch the task's status and wait for it to finish
2495
2498 usage: dsconf instance plugin automember abort-fixup [-h] [--timeout
2499 TIMEOUT]
2500
2503 --timeout TIMEOUT
2504 Set a timeout to wait for the abort task. Default is 0 (no time‐
2505 out)
2506
2509 usage: dsconf instance plugin referential-integrity [-h]
2510 {show,enable,dis‐
2511 able,status,set,config-entry}
2512 ...
2513
2516 dsconf plugin referential-integrity show
2517 Displays the plugin configuration
2518 dsconf plugin referential-integrity enable
2520 Enables the plugin
2521 dsconf plugin referential-integrity disable
2523 Disables the plugin
2524 dsconf plugin referential-integrity status
2526 Displays the plugin status
2527 dsconf plugin referential-integrity set
2529 Edit the plugin settings
2530 dsconf plugin referential-integrity config-entry
2532 Manage the config entry
2533
2536 usage: dsconf instance plugin referential-integrity show [-h]
2537
2540 usage: dsconf instance plugin referential-integrity enable [-h]
2541
2544 usage: dsconf instance plugin referential-integrity disable [-h]
2545
2548 usage: dsconf instance plugin referential-integrity status [-h]
2549
2552 usage: dsconf instance plugin referential-integrity set [-h]
2553 [--update-delay
2554 UPDATE_DELAY]
2555 [--member‐
2556 ship-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2557 [--entry-scope
2558 ENTRY_SCOPE]
2559 [--exclude-en‐
2560 try-scope EXCLUDE_ENTRY_SCOPE]
2561 [--con‐
2562 tainer-scope CONTAINER_SCOPE]
2563 [--log-file
2564 LOG_FILE]
2565 [--config-entry
2566 CONFIG_ENTRY]
2567
2570 --update-delay UPDATE_DELAY
2571 Sets the update interval. Special values: 0 - The check is per‐
2572 formed immediately, -1 - No check is performed (referint-up‐
2573 date-delay)
2574 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2577 Specifies attributes to check for and update (referint-member‐
2578 ship-attr)
2579 --entry-scope ENTRY_SCOPE
2582 Defines the subtree in which the plug-in looks for the delete or
2583 rename operations of a user entry (nsslapd-pluginEntryScope)
2584 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2587 Defines the subtree in which the plug-in ignores any operations
2588 for deleting or renaming a user (nsslapd-pluginExcludeEn‐
2589 tryScope)
2590 --container-scope CONTAINER_SCOPE
2593 Specifies which branch the plug-in searches for the groups to
2594 which the user belongs. It only updates groups that are under
2595 the specified container branch, and leaves all other groups not
2596 updated (nsslapd-pluginContainerScope)
2597 --log-file LOG_FILE
2600 Specifies a path to the Referential integrity logfile.For exam‐
2601 ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2602 --config-entry CONFIG_ENTRY
2605 The value to set as nsslapd-pluginConfigArea
2606
2609 usage: dsconf instance plugin referential-integrity config-entry
2610 [-h] {add,set,show,delete} ...
2611
2614 dsconf plugin referential-integrity config-entry add
2615 Add the config entry
2616 dsconf plugin referential-integrity config-entry set
2618 Edit the config entry
2619 dsconf plugin referential-integrity config-entry show
2621 Display the config entry
2622 dsconf plugin referential-integrity config-entry delete
2624 Delete the config entry
2625
2628 usage: dsconf instance plugin referential-integrity config-entry add
2629 [-h] [--update-delay UPDATE_DELAY]
2630 [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2631 [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_EN‐
2632 TRY_SCOPE]
2633 [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2634 DN
2635 DN The config entry full DN
2638
2641 --update-delay UPDATE_DELAY
2642 Sets the update interval. Special values: 0 - The check is per‐
2643 formed immediately, -1 - No check is performed (referint-up‐
2644 date-delay)
2645 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2648 Specifies attributes to check for and update (referint-member‐
2649 ship-attr)
2650 --entry-scope ENTRY_SCOPE
2653 Defines the subtree in which the plug-in looks for the delete or
2654 rename operations of a user entry (nsslapd-pluginEntryScope)
2655 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2658 Defines the subtree in which the plug-in ignores any operations
2659 for deleting or renaming a user (nsslapd-pluginExcludeEn‐
2660 tryScope)
2661 --container-scope CONTAINER_SCOPE
2664 Specifies which branch the plug-in searches for the groups to
2665 which the user belongs. It only updates groups that are under
2666 the specified container branch, and leaves all other groups not
2667 updated (nsslapd-pluginContainerScope)
2668 --log-file LOG_FILE
2671 Specifies a path to the Referential integrity logfile.For exam‐
2672 ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2673
2676 usage: dsconf instance plugin referential-integrity config-entry set
2677 [-h] [--update-delay UPDATE_DELAY]
2678 [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
2679 [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_EN‐
2680 TRY_SCOPE]
2681 [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
2682 DN
2683 DN The config entry full DN
2686
2689 --update-delay UPDATE_DELAY
2690 Sets the update interval. Special values: 0 - The check is per‐
2691 formed immediately, -1 - No check is performed (referint-up‐
2692 date-delay)
2693 --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]
2696 Specifies attributes to check for and update (referint-member‐
2697 ship-attr)
2698 --entry-scope ENTRY_SCOPE
2701 Defines the subtree in which the plug-in looks for the delete or
2702 rename operations of a user entry (nsslapd-pluginEntryScope)
2703 --exclude-entry-scope EXCLUDE_ENTRY_SCOPE
2706 Defines the subtree in which the plug-in ignores any operations
2707 for deleting or renaming a user (nsslapd-pluginExcludeEn‐
2708 tryScope)
2709 --container-scope CONTAINER_SCOPE
2712 Specifies which branch the plug-in searches for the groups to
2713 which the user belongs. It only updates groups that are under
2714 the specified container branch, and leaves all other groups not
2715 updated (nsslapd-pluginContainerScope)
2716 --log-file LOG_FILE
2719 Specifies a path to the Referential integrity logfile.For exam‐
2720 ple: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint
2721
2724 usage: dsconf instance plugin referential-integrity config-entry show
2725 [-h] DN
2726 DN The config entry full DN
2729
2732 usage: dsconf instance plugin referential-integrity config-entry delete
2733 [-h] DN
2734 DN The config entry full DN
2737
2740 usage: dsconf instance plugin root-dn [-h]
2741 {show,enable,disable,status,set}
2742 ...
2743
2746 dsconf plugin root-dn show
2747 Displays the plugin configuration
2748 dsconf plugin root-dn enable
2750 Enables the plugin
2751 dsconf plugin root-dn disable
2753 Disables the plugin
2754 dsconf plugin root-dn status
2756 Displays the plugin status
2757 dsconf plugin root-dn set
2759 Edit the plugin settings
2760
2763 usage: dsconf instance plugin root-dn show [-h]
2764
2767 usage: dsconf instance plugin root-dn enable [-h]
2768
2771 usage: dsconf instance plugin root-dn disable [-h]
2772
2775 usage: dsconf instance plugin root-dn status [-h]
2776
2779 usage: dsconf instance plugin root-dn set [-h]
2780 [--allow-host ALLOW_HOST [AL‐
2781 LOW_HOST ...]]
2782 [--deny-host DENY_HOST
2783 [DENY_HOST ...]]
2784 [--allow-ip ALLOW_IP [AL‐
2785 LOW_IP ...]]
2786 [--deny-ip DENY_IP [DENY_IP
2787 ...]]
2788 [--open-time OPEN_TIME]
2789 [--close-time CLOSE_TIME]
2790 [--days-allowed DAYS_ALLOWED]
2791
2794 --allow-host ALLOW_HOST [ALLOW_HOST ...]
2795 Sets what hosts, by fully-qualified domain name, the root user
2796 is allowed to use to access Directory Server. Any hosts not
2797 listed are implicitly denied (rootdn-allow-host)
2798 --deny-host DENY_HOST [DENY_HOST ...]
2801 Sets what hosts, by fully-qualified domain name, the root user
2802 is not allowed to use to access Directory Server. Any hosts not
2803 listed are implicitly allowed (rootdn-deny-host). If a host ad‐
2804 dress is listed in both the rootdn-allow-host and
2805 rootdn-deny-host attributes, it is denied access.
2806 --allow-ip ALLOW_IP [ALLOW_IP ...]
2809 Sets what IP addresses, either IPv4 or IPv6, for machines the
2810 root user is allowed to use to access Directory Server. Any IP
2811 addresses not listed are implicitly denied (rootdn-allow-ip)
2812 --deny-ip DENY_IP [DENY_IP ...]
2815 Sets what IP addresses, either IPv4 or IPv6, for machines the
2816 root user is not allowed to use to access Directory Server. Any
2817 IP addresses not listed are implicitly allowed (rootdn-deny-ip).
2818 If an IP address is listed in both the rootdn-allow-ip and
2819 rootdn-deny-ip attributes, it is denied access.
2820 --open-time OPEN_TIME
2823 Sets part of a time period or range when the root user is al‐
2824 lowed to access Directory Server. This sets when the time-based
2825 access begins (rootdn-open- time)
2826 --close-time CLOSE_TIME
2829 Sets part of a time period or range when the root user is al‐
2830 lowed to access Directory Server. This sets when the time-based
2831 access ends (rootdn-close- time)
2832 --days-allowed DAYS_ALLOWED
2835 Sets a comma-separated list of what days the root user is al‐
2836 lowed to use to access Directory Server. Any days listed are im‐
2837 plicitly denied (rootdn-days- allowed)
2838
2841 usage: dsconf instance plugin usn [-h]
2842 {show,enable,disable,sta‐
2843 tus,global,cleanup}
2844 ...
2845
2848 dsconf plugin usn show
2849 Displays the plugin configuration
2850 dsconf plugin usn enable
2852 Enables the plugin
2853 dsconf plugin usn disable
2855 Disables the plugin
2856 dsconf plugin usn status
2858 Displays the plugin status
2859 dsconf plugin usn global
2861 Get or manage global USN mode (nsslapd-entryusn-global)
2862 dsconf plugin usn cleanup
2864 Runs the USN tombstone cleanup task
2865
2868 usage: dsconf instance plugin usn show [-h]
2869
2872 usage: dsconf instance plugin usn enable [-h]
2873
2876 usage: dsconf instance plugin usn disable [-h]
2877
2880 usage: dsconf instance plugin usn status [-h]
2881
2884 usage: dsconf instance plugin usn global [-h] {on,off} ...
2885
2888 dsconf plugin usn global on
2889 Enables USN global mode
2890 dsconf plugin usn global off
2892 Disables USN global mode
2893
2896 usage: dsconf instance plugin usn global on [-h]
2897
2900 usage: dsconf instance plugin usn global off [-h]
2901
2904 usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
2905 [-m MAX_USN] [--timeout TIME‐
2906 OUT]
2907
2910 -s SUFFIX, --suffix SUFFIX
2911 Sets the suffix or subtree in Directory Server to run the
2912 cleanup operation against. If the suffix is not specified, then
2913 the back end must be specified (suffix).
2914 -n BACKEND, --backend BACKEND
2917 Sets the Directory Server instance back end, or database, to run
2918 the cleanup operation against. If the back end is not specified,
2919 then the suffix must be specified. Backend instance in which USN
2920 tombstone entries (backend)
2921 -m MAX_USN, --max-usn MAX_USN
2924 Sets the highest USN value to delete when removing tombstone en‐
2925 tries (max_usn_to_delete)
2926 --timeout TIMEOUT
2929 Sets the cleanup task timeout. Default is 120 seconds,
2930
2933 usage: dsconf instance plugin account-policy [-h]
2934 {show,enable,disable,sta‐
2935 tus,set,config-entry}
2936 ...
2937
2940 dsconf plugin account-policy show
2941 Displays the plugin configuration
2942 dsconf plugin account-policy enable
2944 Enables the plugin
2945 dsconf plugin account-policy disable
2947 Disables the plugin
2948 dsconf plugin account-policy status
2950 Displays the plugin status
2951 dsconf plugin account-policy set
2953 Edit the plugin settings
2954 dsconf plugin account-policy config-entry
2956 Manage the config entry
2957
2960 usage: dsconf instance plugin account-policy show [-h]
2961
2964 usage: dsconf instance plugin account-policy enable [-h]
2965
2968 usage: dsconf instance plugin account-policy disable [-h]
2969
2972 usage: dsconf instance plugin account-policy status [-h]
2973
2976 usage: dsconf instance plugin account-policy set [-h]
2977 [--config-entry CON‐
2978 FIG_ENTRY]
2979
2982 --config-entry CONFIG_ENTRY
2983 Sets the nsslapd-pluginConfigArea attribute
2984
2987 usage: dsconf instance plugin account-policy config-entry [-h]
2988 {add,set,show,delete}
2989 ...
2990
2993 dsconf plugin account-policy config-entry add
2994 Add the config entry
2995 dsconf plugin account-policy config-entry set
2997 Edit the config entry
2998 dsconf plugin account-policy config-entry show
3000 Display the config entry
3001 dsconf plugin account-policy config-entry delete
3003 Delete the config entry
3004
3007 usage: dsconf instance plugin account-policy config-entry add
3008 [-h] [--always-record-login {yes,no}] [--alt-state-attr
3009 ALT_STATE_ATTR]
3010 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
3011 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
3012 [--state-attr STATE_ATTR] [--login-history-size LOGIN_HIS‐
3013 TORY_SIZE]
3014 [--check-all-state-attrs {yes,no}]
3015 DN
3016 DN The full DN of the config entry
3019
3022 --always-record-login {yes,no}
3023 Sets that every entry records its last login time (alwaysRecord‐
3024 Login)
3025 --alt-state-attr ALT_STATE_ATTR
3028 Provides a backup attribute for the server to reference to eval‐
3029 uate the expiration time (altStateAttrName)
3030 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
3033 Specifies the attribute to store the time of the last successful
3034 login in this attribute in the users directory entry (al‐
3035 waysRecordLoginAttr)
3036 --limit-attr LIMIT_ATTR
3039 Specifies the attribute within the policy to use for the account
3040 inactivation limit (limitAttrName)
3041 --spec-attr SPEC_ATTR
3044 Specifies the attribute to identify which entries are account
3045 policy configuration entries (specAttrName)
3046 --state-attr STATE_ATTR
3049 Specifies the primary time attribute used to evaluate an account
3050 policy (stateAttrName)
3051 --login-history-size LOGIN_HISTORY_SIZE
3054 Specifies the number of login timestamps to store (lastLogin‐
3055 HistSize) )
3056 --check-all-state-attrs {yes,no}
3059 Check both state and alternate state attributes for account
3060 state
3061
3064 usage: dsconf instance plugin account-policy config-entry set
3065 [-h] [--always-record-login {yes,no}] [--alt-state-attr
3066 ALT_STATE_ATTR]
3067 [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
3068 [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
3069 [--state-attr STATE_ATTR] [--login-history-size LOGIN_HIS‐
3070 TORY_SIZE]
3071 [--check-all-state-attrs {yes,no}]
3072 DN
3073 DN The full DN of the config entry
3076
3079 --always-record-login {yes,no}
3080 Sets that every entry records its last login time (alwaysRecord‐
3081 Login)
3082 --alt-state-attr ALT_STATE_ATTR
3085 Provides a backup attribute for the server to reference to eval‐
3086 uate the expiration time (altStateAttrName)
3087 --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR
3090 Specifies the attribute to store the time of the last successful
3091 login in this attribute in the users directory entry (al‐
3092 waysRecordLoginAttr)
3093 --limit-attr LIMIT_ATTR
3096 Specifies the attribute within the policy to use for the account
3097 inactivation limit (limitAttrName)
3098 --spec-attr SPEC_ATTR
3101 Specifies the attribute to identify which entries are account
3102 policy configuration entries (specAttrName)
3103 --state-attr STATE_ATTR
3106 Specifies the primary time attribute used to evaluate an account
3107 policy (stateAttrName)
3108 --login-history-size LOGIN_HISTORY_SIZE
3111 Specifies the number of login timestamps to store (lastLogin‐
3112 HistSize) )
3113 --check-all-state-attrs {yes,no}
3116 Check both state and alternate state attributes for account
3117 state
3118
3121 usage: dsconf instance plugin account-policy config-entry show [-h] DN
3122 DN The full DN of the config entry
3125
3128 usage: dsconf instance plugin account-policy config-entry delete [-h]
3129 DN
3130 DN The full DN of the config entry
3133
3136 usage: dsconf instance plugin attr-uniq [-h]
3137 {list,add,set,show,delete,en‐
3138 able,disable,status}
3139 ...
3140
3143 dsconf plugin attr-uniq list
3144 Lists available plugin configs
3145 dsconf plugin attr-uniq add
3147 Add the config entry
3148 dsconf plugin attr-uniq set
3150 Edit the config entry
3151 dsconf plugin attr-uniq show
3153 Display the config entry
3154 dsconf plugin attr-uniq delete
3156 Delete the config entry
3157 dsconf plugin attr-uniq enable
3159 enable plugin
3160 dsconf plugin attr-uniq disable
3162 disable plugin
3163 dsconf plugin attr-uniq status
3165 display plugin status
3166
3169 usage: dsconf instance plugin attr-uniq list [-h]
3170
3173 usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}]
3174 [--attr-name ATTR_NAME
3175 [ATTR_NAME ...]]
3176 [--subtree SUBTREE [SUBTREE
3177 ...]]
3178 [--across-all-subtrees
3179 {on,off}]
3180 [--top-entry-oc TOP_EN‐
3181 TRY_OC]
3182 [--subtree-entries-oc SUB‐
3183 TREE_ENTRIES_OC]
3184 NAME
3185 NAME The name of the plug-in configuration record. (cn) You can use
3188 any string, but "attribute_name Attribute Uniqueness" is recom‐
3189 mended.
3190
3193 --enabled {on,off}
3194 Identifies whether or not the config is enabled.
3195 --attr-name ATTR_NAME [ATTR_NAME ...]
3198 Sets the name of the attribute whose values must be unique. This
3199 attribute is multi-valued. (uniqueness-attribute-name)
3200 --subtree SUBTREE [SUBTREE ...]
3203 Sets the DN under which the plug-in checks for uniqueness of the
3204 attributes value. This attribute is multi-valued (unique‐
3205 ness-subtrees)
3206 --across-all-subtrees {on,off}
3209 If enabled (on), the plug-in checks that the attribute is unique
3210 across all subtrees set. If you set the attribute to off,
3211 uniqueness is only enforced within the subtree of the updated
3212 entry (uniqueness-across-all-subtrees)
3213 --top-entry-oc TOP_ENTRY_OC
3216 Verifies that the value of the attribute set in uniqueness-at‐
3217 tribute-name is unique in this subtree (uniqueness-top-entry-oc)
3218 --subtree-entries-oc SUBTREE_ENTRIES_OC
3221 Verifies if an attribute is unique, if the entry contains the
3222 object class set in this parameter (uniqueness-subtree-en‐
3223 tries-oc)
3224
3227 usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}]
3228 [--attr-name ATTR_NAME
3229 [ATTR_NAME ...]]
3230 [--subtree SUBTREE [SUBTREE
3231 ...]]
3232 [--across-all-subtrees
3233 {on,off}]
3234 [--top-entry-oc TOP_EN‐
3235 TRY_OC]
3236 [--subtree-entries-oc SUB‐
3237 TREE_ENTRIES_OC]
3238 NAME
3239 NAME The name of the plug-in configuration record. (cn) You can use
3242 any string, but "attribute_name Attribute Uniqueness" is recom‐
3243 mended.
3244
3247 --enabled {on,off}
3248 Identifies whether or not the config is enabled.
3249 --attr-name ATTR_NAME [ATTR_NAME ...]
3252 Sets the name of the attribute whose values must be unique. This
3253 attribute is multi-valued. (uniqueness-attribute-name)
3254 --subtree SUBTREE [SUBTREE ...]
3257 Sets the DN under which the plug-in checks for uniqueness of the
3258 attributes value. This attribute is multi-valued (unique‐
3259 ness-subtrees)
3260 --across-all-subtrees {on,off}
3263 If enabled (on), the plug-in checks that the attribute is unique
3264 across all subtrees set. If you set the attribute to off,
3265 uniqueness is only enforced within the subtree of the updated
3266 entry (uniqueness-across-all-subtrees)
3267 --top-entry-oc TOP_ENTRY_OC
3270 Verifies that the value of the attribute set in uniqueness-at‐
3271 tribute-name is unique in this subtree (uniqueness-top-entry-oc)
3272 --subtree-entries-oc SUBTREE_ENTRIES_OC
3275 Verifies if an attribute is unique, if the entry contains the
3276 object class set in this parameter (uniqueness-subtree-en‐
3277 tries-oc)
3278
3281 usage: dsconf instance plugin attr-uniq show [-h] NAME
3282 NAME The name of the plug-in configuration record
3285
3288 usage: dsconf instance plugin attr-uniq delete [-h] NAME
3289 NAME The name of the plug-in configuration record
3292
3295 usage: dsconf instance plugin attr-uniq enable [-h] NAME
3296 NAME The name of the plug-in configuration record
3299
3302 usage: dsconf instance plugin attr-uniq disable [-h] NAME
3303 NAME The name of the plug-in configuration record
3306
3309 usage: dsconf instance plugin attr-uniq status [-h] NAME
3310 NAME The name of the plug-in configuration record
3313
3316 usage: dsconf instance plugin dna [-h]
3317 {show,enable,disable,status,list,con‐
3318 fig} ...
3319
3322 dsconf plugin dna show
3323 Displays the plugin configuration
3324 dsconf plugin dna enable
3326 Enables the plugin
3327 dsconf plugin dna disable
3329 Disables the plugin
3330 dsconf plugin dna status
3332 Displays the plugin status
3333 dsconf plugin dna list
3335 List available plugin configs
3336 dsconf plugin dna config
3338 Manage plugin configs
3339
3342 usage: dsconf instance plugin dna show [-h]
3343
3346 usage: dsconf instance plugin dna enable [-h]
3347
3350 usage: dsconf instance plugin dna disable [-h]
3351
3354 usage: dsconf instance plugin dna status [-h]
3355
3358 usage: dsconf instance plugin dna list [-h] {configs,shared-configs}
3359 ...
3360
3363 dsconf plugin dna list configs
3364 List main DNA plugin config entries
3365 dsconf plugin dna list shared-configs
3367 List DNA plugin shared config entries
3368
3371 usage: dsconf instance plugin dna list configs [-h]
3372
3375 usage: dsconf instance plugin dna list shared-configs [-h] BASEDN
3376 BASEDN The search DN
3379
3382 usage: dsconf instance plugin dna config [-h]
3383 NAME
3384 {add,set,show,delete,shared-con‐
3385 fig-entry}
3386 ...
3387
3390 dsconf plugin dna config add
3391 Add the config entry
3392 dsconf plugin dna config set
3394 Edit the config entry
3395 dsconf plugin dna config show
3397 Display the config entry
3398 dsconf plugin dna config delete
3400 Delete the config entry
3401 dsconf plugin dna config shared-config-entry
3403 Manage the shared config entry
3404
3407 usage: dsconf instance plugin dna config NAME add [-h]
3408 [--type TYPE [TYPE
3409 ...]]
3410 [--prefix PREFIX]
3411 [--next-value
3412 NEXT_VALUE]
3413 [--max-value
3414 MAX_VALUE]
3415 [--interval INTERVAL]
3416 [--magic-regen
3417 MAGIC_REGEN]
3418 [--filter FILTER]
3419 [--scope SCOPE]
3420 [--remote-bind-dn RE‐
3421 MOTE_BIND_DN]
3422 [--remote-bind-cred
3423 REMOTE_BIND_CRED]
3424 [--shared-config-en‐
3425 try SHARED_CONFIG_ENTRY]
3426 [--threshold THRESH‐
3427 OLD]
3428 [--next-range
3429 NEXT_RANGE]
3430 [--range-re‐
3431 quest-timeout RANGE_REQUEST_TIMEOUT]
3432
3435 --type TYPE [TYPE ...]
3436 Sets which attributes have unique numbers being generated for
3437 them (dnaType)
3438 --prefix PREFIX
3441 Defines a prefix that can be prepended to the generated number
3442 values for the attribute (dnaPrefix)
3443 --next-value NEXT_VALUE
3446 Sets the next available number which can be assigned
3447 (dnaNextValue)
3448 --max-value MAX_VALUE
3451 Sets the maximum value that can be assigned for the range (dna‐
3452 MaxValue)
3453 --interval INTERVAL
3456 Sets an interval to use to increment through numbers in a range
3457 (dnaInterval)
3458 --magic-regen MAGIC_REGEN
3461 Sets a user-defined value that instructs the plug-in to assign a
3462 new value for the entry (dnaMagicRegen)
3463 --filter FILTER
3466 Sets an LDAP filter to use to search for and identify the en‐
3467 tries to which to apply the distributed numeric assignment range
3468 (dnaFilter)
3469 --scope SCOPE
3472 Sets the base DN to search for entries to which to apply the
3473 distributed numeric assignment (dnaScope)
3474 --remote-bind-dn REMOTE_BIND_DN
3477 Specifies the Replication Manager DN (dnaRemoteBindDN)
3478 --remote-bind-cred REMOTE_BIND_CRED
3481 Specifies the Replication Manager's password (dnaRemoteBindCred)
3482 --shared-config-entry SHARED_CONFIG_ENTRY
3485 Defines a shared identity that the servers can use to transfer
3486 ranges to one another (dnaSharedCfgDN)
3487 --threshold THRESHOLD
3490 Sets a threshold of remaining available numbers in the range.
3491 When the server hits the threshold, it sends a request for a new
3492 range (dnaThreshold)
3493 --next-range NEXT_RANGE
3496 Defines the next range to use when the current range is ex‐
3497 hausted (dnaNextRange)
3498 --range-request-timeout RANGE_REQUEST_TIMEOUT
3501 Sets a timeout period, in seconds, for range requests so that
3502 the server does not stall waiting on a new range from one server
3503 and can request a range from a new server (dnaRangeRequestTime‐
3504 out)
3505
3508 usage: dsconf instance plugin dna config NAME set [-h]
3509 [--type TYPE [TYPE
3510 ...]]
3511 [--prefix PREFIX]
3512 [--next-value
3513 NEXT_VALUE]
3514 [--max-value
3515 MAX_VALUE]
3516 [--interval INTERVAL]
3517 [--magic-regen
3518 MAGIC_REGEN]
3519 [--filter FILTER]
3520 [--scope SCOPE]
3521 [--remote-bind-dn RE‐
3522 MOTE_BIND_DN]
3523 [--remote-bind-cred
3524 REMOTE_BIND_CRED]
3525 [--shared-config-en‐
3526 try SHARED_CONFIG_ENTRY]
3527 [--threshold THRESH‐
3528 OLD]
3529 [--next-range
3530 NEXT_RANGE]
3531 [--range-re‐
3532 quest-timeout RANGE_REQUEST_TIMEOUT]
3533
3536 --type TYPE [TYPE ...]
3537 Sets which attributes have unique numbers being generated for
3538 them (dnaType)
3539 --prefix PREFIX
3542 Defines a prefix that can be prepended to the generated number
3543 values for the attribute (dnaPrefix)
3544 --next-value NEXT_VALUE
3547 Sets the next available number which can be assigned
3548 (dnaNextValue)
3549 --max-value MAX_VALUE
3552 Sets the maximum value that can be assigned for the range (dna‐
3553 MaxValue)
3554 --interval INTERVAL
3557 Sets an interval to use to increment through numbers in a range
3558 (dnaInterval)
3559 --magic-regen MAGIC_REGEN
3562 Sets a user-defined value that instructs the plug-in to assign a
3563 new value for the entry (dnaMagicRegen)
3564 --filter FILTER
3567 Sets an LDAP filter to use to search for and identify the en‐
3568 tries to which to apply the distributed numeric assignment range
3569 (dnaFilter)
3570 --scope SCOPE
3573 Sets the base DN to search for entries to which to apply the
3574 distributed numeric assignment (dnaScope)
3575 --remote-bind-dn REMOTE_BIND_DN
3578 Specifies the Replication Manager DN (dnaRemoteBindDN)
3579 --remote-bind-cred REMOTE_BIND_CRED
3582 Specifies the Replication Manager's password (dnaRemoteBindCred)
3583 --shared-config-entry SHARED_CONFIG_ENTRY
3586 Defines a shared identity that the servers can use to transfer
3587 ranges to one another (dnaSharedCfgDN)
3588 --threshold THRESHOLD
3591 Sets a threshold of remaining available numbers in the range.
3592 When the server hits the threshold, it sends a request for a new
3593 range (dnaThreshold)
3594 --next-range NEXT_RANGE
3597 Defines the next range to use when the current range is ex‐
3598 hausted (dnaNextRange)
3599 --range-request-timeout RANGE_REQUEST_TIMEOUT
3602 Sets a timeout period, in seconds, for range requests so that
3603 the server does not stall waiting on a new range from one server
3604 and can request a range from a new server (dnaRangeRequestTime‐
3605 out)
3606
3609 usage: dsconf instance plugin dna config NAME show [-h]
3610
3613 usage: dsconf instance plugin dna config NAME delete [-h]
3614
3617 usage: dsconf instance plugin dna config NAME shared-config-entry
3618 [-h] SHARED_CFG {set,show,delete} ...
3619
3622 dsconf plugin dna config shared-config-entry set
3623 Edit the shared config entry
3624 dsconf plugin dna config shared-config-entry show
3626 Display the shared config entry
3627 dsconf plugin dna config shared-config-entry delete
3629 Delete the shared config entry
3630
3633 usage: dsconf instance plugin dna config NAME shared-config-entry
3634 SHARED_CFG set
3635 [-h] [--remote-bind-method REMOTE_BIND_METHOD]
3636 [--remote-conn-protocol REMOTE_CONN_PROTOCOL]
3637
3640 --remote-bind-method REMOTE_BIND_METHOD
3641 Specifies the remote bind method "SIMPLE", "SSL" (for SSL client
3642 auth), "SASL/GSSAPI", or "SASL/DIGEST-MD5" (dnaRemoteBindMethod)
3643 --remote-conn-protocol REMOTE_CONN_PROTOCOL
3646 Specifies the remote connection protocol "LDAP", or "TLS"
3647 (dnaRemoteConnProtocol)
3648
3651 usage: dsconf instance plugin dna config NAME shared-config-entry
3652 SHARED_CFG show
3653 [-h]
3654
3657 usage: dsconf instance plugin dna config NAME shared-config-entry
3658 SHARED_CFG delete
3659 [-h]
3660
3663 usage: dsconf instance plugin ldap-pass-through-auth [-h]
3664 {show,enable,dis‐
3665 able,status,list,add,modify,delete}
3666 ...
3667
3670 dsconf plugin ldap-pass-through-auth show
3671 Displays the plugin configuration
3672 dsconf plugin ldap-pass-through-auth enable
3674 Enables the plugin
3675 dsconf plugin ldap-pass-through-auth disable
3677 Disables the plugin
3678 dsconf plugin ldap-pass-through-auth status
3680 Displays the plugin status
3681 dsconf plugin ldap-pass-through-auth list
3683 Lists LDAP URLs
3684 dsconf plugin ldap-pass-through-auth add
3686 Add an LDAP url to the config entry
3687 dsconf plugin ldap-pass-through-auth modify
3689 Edit the LDAP pass through config entry
3690 dsconf plugin ldap-pass-through-auth delete
3692 Delete a URL from the config entry
3693
3696 usage: dsconf instance plugin ldap-pass-through-auth show [-h]
3697
3700 usage: dsconf instance plugin ldap-pass-through-auth enable [-h]
3701
3704 usage: dsconf instance plugin ldap-pass-through-auth disable [-h]
3705
3708 usage: dsconf instance plugin ldap-pass-through-auth status [-h]
3709
3712 usage: dsconf instance plugin ldap-pass-through-auth list [-h]
3713
3716 usage: dsconf instance plugin ldap-pass-through-auth add [-h] URL
3717 URL The full LDAP URL in format "ldap|ldaps://authDS/subtree max‐
3720 conns,maxops,timeout,ldver,connlifetime,startTLS". If one op‐
3721 tional parameter is specified the rest should be specified too
3722
3725 usage: dsconf instance plugin ldap-pass-through-auth modify
3726 [-h] OLD_URL NEW_URL
3727 OLD_URL
3730 The full LDAP URL you get from the "list" command
3731 NEW_URL
3734 Sets the full LDAP URL in format "ldap|ldaps://authDS/subtree
3735 maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one op‐
3736 tional parameter is specified the rest should be specified too.
3737
3740 usage: dsconf instance plugin ldap-pass-through-auth delete [-h] URL
3741 URL The full LDAP URL you get from the "list" command
3744
3747 usage: dsconf instance plugin linked-attr [-h]
3748 {show,enable,disable,sta‐
3749 tus,fixup,fixup-status,list,config}
3750 ...
3751
3754 dsconf plugin linked-attr show
3755 Displays the plugin configuration
3756 dsconf plugin linked-attr enable
3758 Enables the plugin
3759 dsconf plugin linked-attr disable
3761 Disables the plugin
3762 dsconf plugin linked-attr status
3764 Displays the plugin status
3765 dsconf plugin linked-attr fixup
3767 Run the fix-up task for linked attributes plugin
3768 dsconf plugin linked-attr fixup-status
3770 Check the status of a fix-up task
3771 dsconf plugin linked-attr list
3773 List available plugin configs
3774 dsconf plugin linked-attr config
3776 Manage plugin configs
3777
3780 usage: dsconf instance plugin linked-attr show [-h]
3781
3784 usage: dsconf instance plugin linked-attr enable [-h]
3785
3788 usage: dsconf instance plugin linked-attr disable [-h]
3789
3792 usage: dsconf instance plugin linked-attr status [-h]
3793
3796 usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN]
3797 [--wait]
3798
3801 -l LINKDN, --linkdn LINKDN
3802 Sets the base DN that contains entries to fix up
3803 --wait Wait for the task to finish, this could take a long time
3806
3809 usage: dsconf instance plugin linked-attr fixup-status [-h] [--dn DN]
3810 [--show-log]
3811 [--watch]
3812
3815 --dn DN
3816 The task entry's DN
3817 --show-log
3820 Display the task log
3821 --watch
3824 Watch the task's status and wait for it to finish
3825
3828 usage: dsconf instance plugin linked-attr list [-h]
3829
3832 usage: dsconf instance plugin linked-attr config [-h]
3833 NAME
3834 {add,set,show,delete}
3835 ...
3836
3839 dsconf plugin linked-attr config add
3840 Add the config entry
3841 dsconf plugin linked-attr config set
3843 Edit the config entry
3844 dsconf plugin linked-attr config show
3846 Display the config entry
3847 dsconf plugin linked-attr config delete
3849 Delete the config entry
3850
3853 usage: dsconf instance plugin linked-attr config NAME add [-h]
3854 [--link-type
3855 LINK_TYPE]
3856 [--man‐
3857 aged-type MANAGED_TYPE]
3858 [--link-scope
3859 LINK_SCOPE]
3860
3863 --link-type LINK_TYPE
3864 Sets the attribute that is managed manually by administrators
3865 (linkType)
3866 --managed-type MANAGED_TYPE
3869 Sets the attribute that is created dynamically by the plugin
3870 (managedType)
3871 --link-scope LINK_SCOPE
3874 Sets the scope that restricts the plugin to a specific part of
3875 the directory tree (linkScope)
3876
3879 usage: dsconf instance plugin linked-attr config NAME set [-h]
3880 [--link-type
3881 LINK_TYPE]
3882 [--man‐
3883 aged-type MANAGED_TYPE]
3884 [--link-scope
3885 LINK_SCOPE]
3886
3889 --link-type LINK_TYPE
3890 Sets the attribute that is managed manually by administrators
3891 (linkType)
3892 --managed-type MANAGED_TYPE
3895 Sets the attribute that is created dynamically by the plugin
3896 (managedType)
3897 --link-scope LINK_SCOPE
3900 Sets the scope that restricts the plugin to a specific part of
3901 the directory tree (linkScope)
3902
3905 usage: dsconf instance plugin linked-attr config NAME show [-h]
3906
3909 usage: dsconf instance plugin linked-attr config NAME delete [-h]
3910
3913 usage: dsconf instance plugin managed-entries [-h]
3914 {show,enable,disable,sta‐
3915 tus,set,list,config,template}
3916 ...
3917
3920 dsconf plugin managed-entries show
3921 Displays the plugin configuration
3922 dsconf plugin managed-entries enable
3924 Enables the plugin
3925 dsconf plugin managed-entries disable
3927 Disables the plugin
3928 dsconf plugin managed-entries status
3930 Displays the plugin status
3931 dsconf plugin managed-entries set
3933 Edit the plugin settings
3934 dsconf plugin managed-entries list
3936 List Managed Entries Plugin configs and templates
3937 dsconf plugin managed-entries config
3939 Handle Managed Entries Plugin configs
3940 dsconf plugin managed-entries template
3942 Handle Managed Entries Plugin templates
3943
3946 usage: dsconf instance plugin managed-entries show [-h]
3947
3950 usage: dsconf instance plugin managed-entries enable [-h]
3951
3954 usage: dsconf instance plugin managed-entries disable [-h]
3955
3958 usage: dsconf instance plugin managed-entries status [-h]
3959
3962 usage: dsconf instance plugin managed-entries set [-h]
3963 [--config-area CON‐
3964 FIG_AREA]
3965
3968 --config-area CONFIG_AREA
3969 Sets the value of the nsslapd-pluginConfigArea attribute
3970
3973 usage: dsconf instance plugin managed-entries list [-h]
3974 {configs,templates}
3975 ...
3976
3979 dsconf plugin managed-entries list configs
3980 List Managed Entries Plugin configs (list config-area if speci‐
3981 fied in the main plugin entry)
3982 dsconf plugin managed-entries list templates
3984 List Managed Entries Plugin templates in the directory
3985
3988 usage: dsconf instance plugin managed-entries list configs [-h]
3989
3992 usage: dsconf instance plugin managed-entries list templates [-h]
3993 [BASEDN]
3994 BASEDN The base DN where to search the templates
3997
4000 usage: dsconf instance plugin managed-entries config [-h]
4001 NAME
4002 {add,set,show,delete}
4003 ...
4004
4007 dsconf plugin managed-entries config add
4008 Add the config entry
4009 dsconf plugin managed-entries config set
4011 Edit the config entry
4012 dsconf plugin managed-entries config show
4014 Display the config entry
4015 dsconf plugin managed-entries config delete
4017 Delete the config entry
4018
4021 usage: dsconf instance plugin managed-entries config NAME add
4022 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
4023 AGED_BASE]
4024 [--managed-template MANAGED_TEMPLATE]
4025
4028 --scope SCOPE
4029 Sets the scope of the search to use to see which entries the
4030 plug-in monitors (originScope)
4031 --filter FILTER
4034 Sets the search filter to use to search for and identify the en‐
4035 tries within the subtree which require a managed entry (origin‐
4036 Filter)
4037 --managed-base MANAGED_BASE
4040 Sets the subtree under which to create the managed entries (man‐
4041 agedBase)
4042 --managed-template MANAGED_TEMPLATE
4045 Identifies the template entry to use to create the managed entry
4046 (managedTemplate)
4047
4050 usage: dsconf instance plugin managed-entries config NAME set
4051 [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MAN‐
4052 AGED_BASE]
4053 [--managed-template MANAGED_TEMPLATE]
4054
4057 --scope SCOPE
4058 Sets the scope of the search to use to see which entries the
4059 plug-in monitors (originScope)
4060 --filter FILTER
4063 Sets the search filter to use to search for and identify the en‐
4064 tries within the subtree which require a managed entry (origin‐
4065 Filter)
4066 --managed-base MANAGED_BASE
4069 Sets the subtree under which to create the managed entries (man‐
4070 agedBase)
4071 --managed-template MANAGED_TEMPLATE
4074 Identifies the template entry to use to create the managed entry
4075 (managedTemplate)
4076
4079 usage: dsconf instance plugin managed-entries config NAME show [-h]
4080
4083 usage: dsconf instance plugin managed-entries config NAME delete [-h]
4084
4087 usage: dsconf instance plugin managed-entries template [-h]
4088 DN
4089 {add,set,show,delete}
4090 ...
4091
4094 dsconf plugin managed-entries template add
4095 Add the template entry
4096 dsconf plugin managed-entries template set
4098 Edit the template entry
4099 dsconf plugin managed-entries template show
4101 Display the template entry
4102 dsconf plugin managed-entries template delete
4104 Delete the template entry
4105
4108 usage: dsconf instance plugin managed-entries template DN add
4109 [-h] [--rdn-attr RDN_ATTR]
4110 [--static-attr STATIC_ATTR [STATIC_ATTR ...]]
4111 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
4112
4115 --rdn-attr RDN_ATTR
4116 Sets which attribute to use as the naming attribute in the auto‐
4117 matically- generated entry (mepRDNAttr)
4118 --static-attr STATIC_ATTR [STATIC_ATTR ...]
4121 Sets an attribute with a defined value that must be added to the
4122 automatically-generated entry (mepStaticAttr)
4123 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
4126 Sets attributes in the Managed Entries template entry which must
4127 exist in the generated entry (mepMappedAttr)
4128
4131 usage: dsconf instance plugin managed-entries template DN set
4132 [-h] [--rdn-attr RDN_ATTR]
4133 [--static-attr STATIC_ATTR [STATIC_ATTR ...]]
4134 [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
4135
4138 --rdn-attr RDN_ATTR
4139 Sets which attribute to use as the naming attribute in the auto‐
4140 matically- generated entry (mepRDNAttr)
4141 --static-attr STATIC_ATTR [STATIC_ATTR ...]
4144 Sets an attribute with a defined value that must be added to the
4145 automatically-generated entry (mepStaticAttr)
4146 --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]
4149 Sets attributes in the Managed Entries template entry which must
4150 exist in the generated entry (mepMappedAttr)
4151
4154 usage: dsconf instance plugin managed-entries template DN show [-h]
4155
4158 usage: dsconf instance plugin managed-entries template DN delete [-h]
4159
4162 usage: dsconf instance plugin pam-pass-through-auth [-h]
4163 {show,enable,dis‐
4164 able,status,list,config}
4165 ...
4166
4169 dsconf plugin pam-pass-through-auth show
4170 Displays the plugin configuration
4171 dsconf plugin pam-pass-through-auth enable
4173 Enables the plugin
4174 dsconf plugin pam-pass-through-auth disable
4176 Disables the plugin
4177 dsconf plugin pam-pass-through-auth status
4179 Displays the plugin status
4180 dsconf plugin pam-pass-through-auth list
4182 Lists PAM configurations
4183 dsconf plugin pam-pass-through-auth config
4185 Manage PAM PTA configurations.
4186
4189 usage: dsconf instance plugin pam-pass-through-auth show [-h]
4190
4193 usage: dsconf instance plugin pam-pass-through-auth enable [-h]
4194
4197 usage: dsconf instance plugin pam-pass-through-auth disable [-h]
4198
4201 usage: dsconf instance plugin pam-pass-through-auth status [-h]
4202
4205 usage: dsconf instance plugin pam-pass-through-auth list [-h]
4206
4209 usage: dsconf instance plugin pam-pass-through-auth config [-h]
4210 NAME
4211 {add,set,show,delete}
4212 ...
4213
4216 dsconf plugin pam-pass-through-auth config add
4217 Add the config entry
4218 dsconf plugin pam-pass-through-auth config set
4220 Edit the config entry
4221 dsconf plugin pam-pass-through-auth config show
4223 Display the config entry
4224 dsconf plugin pam-pass-through-auth config delete
4226 Delete the config entry
4227
4230 usage: dsconf instance plugin pam-pass-through-auth config NAME add
4231 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4232 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4233 [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FIL‐
4234 TER]
4235 [--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD]
4236 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4237 SERVICE]
4238
4241 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4242 Specifies a suffix to exclude from PAM authentication (pamEx‐
4243 cludeSuffix)
4244 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4247 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4248 fix)
4249 --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4252 Identifies how to handle missing include or exclude suffixes
4253 (pamMissingSuffix)
4254 --filter FILTER
4257 Sets an LDAP filter to use to identify specific entries within
4258 the included suffixes for which to use PAM pass-through authen‐
4259 tication (pamFilter)
4260 --id-attr ID_ATTR
4263 Contains the attribute name which is used to hold the PAM user
4264 ID (pamIDAttr)
4265 --id_map_method ID_MAP_METHOD
4268 Sets the method to use to map the LDAP bind DN to a PAM identity
4269 (pamIDMapMethod)
4270 --fallback {TRUE,FALSE}
4273 Sets whether to fallback to regular LDAP authentication if PAM
4274 authentication fails (pamFallback)
4275 --secure {TRUE,FALSE}
4278 Requires secure TLS connection for PAM authentication (pamSe‐
4279 cure)
4280 --service SERVICE
4283 Contains the service name to pass to PAM (pamService)
4284
4287 usage: dsconf instance plugin pam-pass-through-auth config NAME set
4288 [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
4289 [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
4290 [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FIL‐
4291 TER]
4292 [--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD]
4293 [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service
4294 SERVICE]
4295
4298 --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]
4299 Specifies a suffix to exclude from PAM authentication (pamEx‐
4300 cludeSuffix)
4301 --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]
4304 Sets a suffix to include for PAM authentication (pamIncludeSuf‐
4305 fix)
4306 --missing-suffix {ERROR,ALLOW,IGNORE,delete,}
4309 Identifies how to handle missing include or exclude suffixes
4310 (pamMissingSuffix)
4311 --filter FILTER
4314 Sets an LDAP filter to use to identify specific entries within
4315 the included suffixes for which to use PAM pass-through authen‐
4316 tication (pamFilter)
4317 --id-attr ID_ATTR
4320 Contains the attribute name which is used to hold the PAM user
4321 ID (pamIDAttr)
4322 --id_map_method ID_MAP_METHOD
4325 Sets the method to use to map the LDAP bind DN to a PAM identity
4326 (pamIDMapMethod)
4327 --fallback {TRUE,FALSE}
4330 Sets whether to fallback to regular LDAP authentication if PAM
4331 authentication fails (pamFallback)
4332 --secure {TRUE,FALSE}
4335 Requires secure TLS connection for PAM authentication (pamSe‐
4336 cure)
4337 --service SERVICE
4340 Contains the service name to pass to PAM (pamService)
4341
4344 usage: dsconf instance plugin pam-pass-through-auth config NAME show
4345 [-h]
4346
4349 usage: dsconf instance plugin pam-pass-through-auth config NAME delete
4350 [-h]
4351
4354 usage: dsconf instance plugin retro-changelog [-h]
4355 {show,enable,disable,sta‐
4356 tus,set,add,del}
4357 ...
4358
4361 dsconf plugin retro-changelog show
4362 Displays the plugin configuration
4363 dsconf plugin retro-changelog enable
4365 Enables the plugin
4366 dsconf plugin retro-changelog disable
4368 Disables the plugin
4369 dsconf plugin retro-changelog status
4371 Displays the plugin status
4372 dsconf plugin retro-changelog set
4374 Edit the plugin
4375 dsconf plugin retro-changelog add
4377 Add attributes to the plugin
4378 dsconf plugin retro-changelog del
4380 Delete an attribute from plugin scope
4381
4384 usage: dsconf instance plugin retro-changelog show [-h]
4385
4388 usage: dsconf instance plugin retro-changelog enable [-h]
4389
4392 usage: dsconf instance plugin retro-changelog disable [-h]
4393
4396 usage: dsconf instance plugin retro-changelog status [-h]
4397
4400 usage: dsconf instance plugin retro-changelog set [-h]
4401 [--is-replicated
4402 {TRUE,FALSE}]
4403 [--attribute ATTRI‐
4404 BUTE]
4405 [--directory DIREC‐
4406 TORY]
4407 [--max-age MAX_AGE]
4408 [--trim-interval
4409 TRIM_INTERVAL]
4410 [--exclude-suffix
4411 [EXCLUDE_SUFFIX ...]]
4412 [--exclude-attrs [EX‐
4413 CLUDE_ATTRS ...]]
4414
4417 --is-replicated {TRUE,FALSE}
4418 Sets a flag to indicate on a change in the changelog whether the
4419 change is newly made on that server or whether it was replicated
4420 over from another server (isReplicated)
4421 --attribute ATTRIBUTE
4424 Specifies another Directory Server attribute which must be in‐
4425 cluded in the retro changelog entries (nsslapd-attribute)
4426 --directory DIRECTORY
4429 Specifies the name of the directory in which the changelog data‐
4430 base is created the first time the plug-in is run
4431 --max-age MAX_AGE
4434 Specifies the maximum age of any entry in the changelog. Used to
4435 trim the changelog (nsslapd-changelogmaxage)
4436 --trim-interval TRIM_INTERVAL
4439 --exclude-suffix [EXCLUDE_SUFFIX ...]
4442 Specifies the suffix which will be excluded from the scope of
4443 the plugin (nsslapd-exclude-suffix)
4444 --exclude-attrs [EXCLUDE_ATTRS ...]
4447 Specifies the attributes which will be excluded from the scope
4448 of the plugin (nsslapd-exclude-attrs)
4449
4452 usage: dsconf instance plugin retro-changelog add [-h]
4453 [--is-replicated
4454 {TRUE,FALSE}]
4455 [--attribute ATTRI‐
4456 BUTE]
4457 [--directory DIREC‐
4458 TORY]
4459 [--max-age MAX_AGE]
4460 [--trim-interval
4461 TRIM_INTERVAL]
4462 [--exclude-suffix
4463 [EXCLUDE_SUFFIX ...]]
4464 [--exclude-attrs [EX‐
4465 CLUDE_ATTRS ...]]
4466
4469 --is-replicated {TRUE,FALSE}
4470 Sets a flag to indicate on a change in the changelog whether the
4471 change is newly made on that server or whether it was replicated
4472 over from another server (isReplicated)
4473 --attribute ATTRIBUTE
4476 Specifies another Directory Server attribute which must be in‐
4477 cluded in the retro changelog entries (nsslapd-attribute)
4478 --directory DIRECTORY
4481 Specifies the name of the directory in which the changelog data‐
4482 base is created the first time the plug-in is run
4483 --max-age MAX_AGE
4486 Specifies the maximum age of any entry in the changelog. Used to
4487 trim the changelog (nsslapd-changelogmaxage)
4488 --trim-interval TRIM_INTERVAL
4491 --exclude-suffix [EXCLUDE_SUFFIX ...]
4494 Specifies the suffix which will be excluded from the scope of
4495 the plugin (nsslapd-exclude-suffix)
4496 --exclude-attrs [EXCLUDE_ATTRS ...]
4499 Specifies the attributes which will be excluded from the scope
4500 of the plugin (nsslapd-exclude-attrs)
4501
4504 usage: dsconf instance plugin retro-changelog del [-h]
4505 [--is-replicated
4506 {TRUE,FALSE}]
4507 [--attribute ATTRI‐
4508 BUTE]
4509 [--directory DIREC‐
4510 TORY]
4511 [--max-age MAX_AGE]
4512 [--trim-interval
4513 TRIM_INTERVAL]
4514 [--exclude-suffix
4515 [EXCLUDE_SUFFIX ...]]
4516 [--exclude-attrs [EX‐
4517 CLUDE_ATTRS ...]]
4518
4521 --is-replicated {TRUE,FALSE}
4522 Sets a flag to indicate on a change in the changelog whether the
4523 change is newly made on that server or whether it was replicated
4524 over from another server (isReplicated)
4525 --attribute ATTRIBUTE
4528 Specifies another Directory Server attribute which must be in‐
4529 cluded in the retro changelog entries (nsslapd-attribute)
4530 --directory DIRECTORY
4533 Specifies the name of the directory in which the changelog data‐
4534 base is created the first time the plug-in is run
4535 --max-age MAX_AGE
4538 Specifies the maximum age of any entry in the changelog. Used to
4539 trim the changelog (nsslapd-changelogmaxage)
4540 --trim-interval TRIM_INTERVAL
4543 --exclude-suffix [EXCLUDE_SUFFIX ...]
4546 Specifies the suffix which will be excluded from the scope of
4547 the plugin (nsslapd-exclude-suffix)
4548 --exclude-attrs [EXCLUDE_ATTRS ...]
4551 Specifies the attributes which will be excluded from the scope
4552 of the plugin (nsslapd-exclude-attrs)
4553
4556 usage: dsconf instance plugin posix-winsync [-h]
4557 {show,enable,disable,sta‐
4558 tus,set,fixup}
4559 ...
4560
4563 dsconf plugin posix-winsync show
4564 Displays the plugin configuration
4565 dsconf plugin posix-winsync enable
4567 Enables the plugin
4568 dsconf plugin posix-winsync disable
4570 Disables the plugin
4571 dsconf plugin posix-winsync status
4573 Displays the plugin status
4574 dsconf plugin posix-winsync set
4576 Edit the plugin settings
4577 dsconf plugin posix-winsync fixup
4579 Run the memberOf fix-up task to correct mismatched member and
4580 uniquemember values for synced users
4581
4584 usage: dsconf instance plugin posix-winsync show [-h]
4585
4588 usage: dsconf instance plugin posix-winsync enable [-h]
4589
4592 usage: dsconf instance plugin posix-winsync disable [-h]
4593
4596 usage: dsconf instance plugin posix-winsync status [-h]
4597
4600 usage: dsconf instance plugin posix-winsync set [-h]
4601 [--create-memberof-task
4602 {true,false}]
4603 [--lower-case-uid
4604 {true,false}]
4605 [--map-member-uid
4606 {true,false}]
4607 [--map-nested-grouping
4608 {true,false}]
4609 [--ms-sfu-schema
4610 {true,false}]
4611
4614 --create-memberof-task {true,false}
4615 Sets whether to run the memberUID fix-up task immediately after
4616 a sync run in order to update group memberships for synced users
4617 (posixWinsyncCreateMemberOfTask)
4618 --lower-case-uid {true,false}
4621 Sets whether to store (and, if necessary, convert) the UID value
4622 in the memberUID attribute in lower case.(posixWinsyncLower‐
4623 CaseUID)
4624 --map-member-uid {true,false}
4627 Sets whether to map the memberUID attribute in an Active Direc‐
4628 tory group to the uniqueMember attribute in a Directory Server
4629 group (posixWinsyncMapMemberUID)
4630 --map-nested-grouping {true,false}
4633 Manages if nested groups are updated when memberUID attributes
4634 in an Active Directory POSIX group change (posixWinsyncMapNest‐
4635 edGrouping)
4636 --ms-sfu-schema {true,false}
4639 Sets whether to the older Microsoft System Services for Unix 3.0
4640 (msSFU30) schema when syncing Posix attributes from Active Di‐
4641 rectory (posixWinsyncMsSFUSchema)
4642
4645 usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER]
4646 [--timeout TIMEOUT]
4647 DN
4648 DN Set the base DN that contains entries to fix up
4651
4654 -f FILTER, --filter FILTER
4655 Filter for entries to fix up. If omitted, all entries with ob‐
4656 jectclass inetuser/inetadmin/nsmemberof under the specified base
4657 will have their memberOf attribute regenerated.
4658 --timeout TIMEOUT
4661 Set a timeout to wait for the fixup task. Default is 120 seconds
4662
4665 usage: dsconf instance plugin contentsync [-h]
4666 {show,enable,disable,sta‐
4667 tus,set,add}
4668 ...
4669
4672 dsconf plugin contentsync show
4673 Displays the plugin configuration
4674 dsconf plugin contentsync enable
4676 Enables the plugin
4677 dsconf plugin contentsync disable
4679 Disables the plugin
4680 dsconf plugin contentsync status
4682 Displays the plugin status
4683 dsconf plugin contentsync set
4685 Edit the plugin settings
4686 dsconf plugin contentsync add
4688 Add attributes to the plugin
4689
4692 usage: dsconf instance plugin contentsync show [-h]
4693
4696 usage: dsconf instance plugin contentsync enable [-h]
4697
4700 usage: dsconf instance plugin contentsync disable [-h]
4701
4704 usage: dsconf instance plugin contentsync status [-h]
4705
4708 usage: dsconf instance plugin contentsync set [-h] [--allow-openldap
4709 {on,off}]
4710
4713 --allow-openldap {on,off}
4714 Allows openldap servers to act as read only consumers of this
4715 server via syncrepl
4716
4719 usage: dsconf instance plugin contentsync add [-h] [--allow-openldap
4720 {on,off}]
4721
4724 --allow-openldap {on,off}
4725 Allows openldap servers to act as read only consumers of this
4726 server via syncrepl
4727
4730 usage: dsconf instance plugin entryuuid [-h]
4731 {show,enable,disable,sta‐
4732 tus,fixup,fixup-status}
4733 ...
4734
4737 dsconf plugin entryuuid show
4738 Displays the plugin configuration
4739 dsconf plugin entryuuid enable
4741 Enables the plugin
4742 dsconf plugin entryuuid disable
4744 Disables the plugin
4745 dsconf plugin entryuuid status
4747 Displays the plugin status
4748 dsconf plugin entryuuid fixup
4750 Run the fix-up task for EntryUUID plugin
4751 dsconf plugin entryuuid fixup-status
4753 Check the status of a fix-up task
4754
4757 usage: dsconf instance plugin entryuuid show [-h]
4758
4761 usage: dsconf instance plugin entryuuid enable [-h]
4762
4765 usage: dsconf instance plugin entryuuid disable [-h]
4766
4769 usage: dsconf instance plugin entryuuid status [-h]
4770
4773 usage: dsconf instance plugin entryuuid fixup [-h] [-f FILTER] [--wait]
4774 [--timeout TIMEOUT]
4775 DN
4776 DN Base DN that contains entries to fix up
4779
4782 -f FILTER, --filter FILTER
4783 Filter for entries to fix up. If omitted, all entries under base
4784 DNwill have their EntryUUID attribute regenerated if not
4785 present.
4786 --wait Wait for the task to finish, this could take a long time
4789 --timeout TIMEOUT
4792 Sets the task timeout. Default is 0 (no timeout)
4793
4796 usage: dsconf instance plugin entryuuid fixup-status [-h] [--dn DN]
4797 [--show-log]
4798 [--watch]
4799
4802 --dn DN
4803 The task entry's DN
4804 --show-log
4807 Display the task log
4808 --watch
4811 Watch the task's status and wait for it to finish
4812
4815 usage: dsconf instance plugin list [-h]
4816
4819 usage: dsconf instance plugin show [-h] [selector]
4820 selector
4823 The plugin to search for
4824
4827 usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled
4828 {on,off}]
4829 [--path PATH] [--initfunc INITFUNC]
4830 [--id ID] [--vendor VENDOR]
4831 [--version VERSION]
4832 [--description DESCRIPTION]
4833 [--depends-on-type DEPENDS_ON_TYPE]
4834 [--depends-on-named DEPENDS_ON_NAMED]
4835 [--precedence PRECEDENCE]
4836 [selector]
4837 selector
4840 The plugin to edit
4841
4844 --type TYPE
4845 The type of plugin.
4846 --enabled {on,off}
4849 Identifies whether or not the plugin is enabled.
4850 --path PATH
4853 The plugin library name (without the library suffix).
4854 --initfunc INITFUNC
4857 An initialization function of the plugin.
4858 --id ID
4861 The plugin ID.
4862 --vendor VENDOR
4865 The vendor of plugin.
4866 --version VERSION
4869 The version of plugin.
4870 --description DESCRIPTION
4873 The description of the plugin.
4874 --depends-on-type DEPENDS_ON_TYPE
4877 All plug-ins with a type value which matches one of the values
4878 in the following valid range will be started by the server prior
4879 to this plug-in.
4880 --depends-on-named DEPENDS_ON_NAMED
4883 The plug-in name matching one of the following values will be
4884 started by the server prior to this plug-in
4885 --precedence PRECEDENCE
4888 The priority it has in the execution order of plug-ins
4889
4892 usage: dsconf instance pwpolicy [-h] {get,set,list-schemes} ...
4893
4896 dsconf pwpolicy get
4897 Get the global password policy entry
4898 dsconf pwpolicy set
4900 Set an attribute in a global password policy
4901 dsconf pwpolicy list-schemes
4903 Get a list of the current password storage schemes
4904
4907 usage: dsconf instance pwpolicy get [-h]
4908
4911 usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
4912 [--pwdchange PWDCHANGE]
4913 [--pwdmustchange PWDMUSTCHANGE]
4914 [--pwdhistory PWDHISTORY]
4915 [--pwdhistorycount PWDHISTORYCOUNT]
4916 [--pwdadmin PWDADMIN]
4917 [--pwdadminskipupdates PWDADMIN‐
4918 SKIPUPDATES]
4919 [--pwdtrack PWDTRACK]
4920 [--pwdwarning PWDWARNING]
4921 [--pwdexpire PWDEXPIRE]
4922 [--pwdmaxage PWDMAXAGE]
4923 [--pwdminage PWDMINAGE]
4924 [--pwdgracelimit PWDGRACELIMIT]
4925 [--pwdsendexpiring PWDSENDEXPIRING]
4926 [--pwdlockout PWDLOCKOUT]
4927 [--pwdunlock PWDUNLOCK]
4928 [--pwdlockoutduration PWDLOCKOUTDU‐
4929 RATION]
4930 [--pwdmaxfailures PWDMAXFAILURES]
4931 [--pwdresetfailcount PWDRESETFAIL‐
4932 COUNT]
4933 [--pwdchecksyntax PWDCHECKSYNTAX]
4934 [--pwdminlen PWDMINLEN]
4935 [--pwdmindigits PWDMINDIGITS]
4936 [--pwdminalphas PWDMINALPHAS]
4937 [--pwdminuppers PWDMINUPPERS]
4938 [--pwdminlowers PWDMINLOWERS]
4939 [--pwdminspecials PWDMINSPECIALS]
4940 [--pwdmin8bits PWDMIN8BITS]
4941 [--pwdmaxrepeats PWDMAXREPEATS]
4942 [--pwdpalindrome PWDPALINDROME]
4943 [--pwdmaxseq PWDMAXSEQ]
4944 [--pwdmaxseqsets PWDMAXSEQSETS]
4945 [--pwdmaxclasschars PWDMAXCLASS‐
4946 CHARS]
4947 [--pwdmincatagories PWDMIN‐
4948 CATAGORIES]
4949 [--pwdmintokenlen PWDMINTOKENLEN]
4950 [--pwdbadwords PWDBADWORDS]
4951 [--pwduserattrs PWDUSERATTRS]
4952 [--pwddictcheck PWDDICTCHECK]
4953 [--pwddictpath PWDDICTPATH]
4954 [--pwptprmaxuse PWPTPRMAXUSE]
4955 [--pwptprdelayexpireat PWPTPRDELAY‐
4956 EXPIREAT]
4957 [--pwptprdelayvalidfrom PWPTPRDE‐
4958 LAYVALIDFROM]
4959 [--pwdlocal PWDLOCAL]
4960 [--pwdisglobal PWDISGLOBAL]
4961 [--pwdallowhash PWDALLOWHASH]
4962 [--pwpinheritglobal PWPINHERIT‐
4963 GLOBAL]
4964
4967 --pwdscheme PWDSCHEME
4968 The password storage scheme
4969 --pwdchange PWDCHANGE
4972 Allow users to change their passwords
4973 --pwdmustchange PWDMUSTCHANGE
4976 Users must change their password after it was reset by an admin‐
4977 istrator
4978 --pwdhistory PWDHISTORY
4981 To enable password history set this to "on", otherwise "off"
4982 --pwdhistorycount PWDHISTORYCOUNT
4985 The number of passwords to keep in history
4986 --pwdadmin PWDADMIN
4989 The DN of an entry or a group of account that can bypass pass‐
4990 word policy constraints
4991 --pwdadminskipupdates PWDADMINSKIPUPDATES
4994 Set to "on" if the Password Admin's password update should not
4995 trigger updates to the password state attributes (passwordExpi‐
4996 rationtime, passwordHistory, etc).
4997 --pwdtrack PWDTRACK
5000 Set to "on" to track the time the password was last changed
5001 --pwdwarning PWDWARNING
5004 Send an expiring warning if password expires within this time
5005 (in seconds)
5006 --pwdexpire PWDEXPIRE
5009 Set to "on" to enable password expiration
5010 --pwdmaxage PWDMAXAGE
5013 The password expiration time in seconds
5014 --pwdminage PWDMINAGE
5017 The number of seconds that must pass before a user can change
5018 their password
5019 --pwdgracelimit PWDGRACELIMIT
5022 The number of allowed logins after the password has expired
5023 --pwdsendexpiring PWDSENDEXPIRING
5026 Set to "on" to always send the expiring control regardless of
5027 the warning period
5028 --pwdlockout PWDLOCKOUT
5031 Set to "on" to enable account lockout
5032 --pwdunlock PWDUNLOCK
5035 Set to "on" to allow an account to become unlocked after the
5036 lockout duration
5037 --pwdlockoutduration PWDLOCKOUTDURATION
5040 The number of seconds an account stays locked out
5041 --pwdmaxfailures PWDMAXFAILURES
5044 The maximum number of allowed failed password attempts before
5045 the account gets locked
5046 --pwdresetfailcount PWDRESETFAILCOUNT
5049 The number of seconds to wait before reducing the failed login
5050 count on an account
5051 --pwdchecksyntax PWDCHECKSYNTAX
5054 Set to "on" to enable password syntax checking
5055 --pwdminlen PWDMINLEN
5058 The minimum number of characters required in a password
5059 --pwdmindigits PWDMINDIGITS
5062 The minimum number of digit/number characters in a password
5063 --pwdminalphas PWDMINALPHAS
5066 The minimum number of alpha characters required in a password
5067 --pwdminuppers PWDMINUPPERS
5070 The minimum number of uppercase characters required in a pass‐
5071 word
5072 --pwdminlowers PWDMINLOWERS
5075 The minimum number of lowercase characters required in a pass‐
5076 word
5077 --pwdminspecials PWDMINSPECIALS
5080 The minimum number of special characters required in a password
5081 --pwdmin8bits PWDMIN8BITS
5084 The minimum number of 8-bit characters required in a password
5085 --pwdmaxrepeats PWDMAXREPEATS
5088 The maximum number of times the same character can appear se‐
5089 quentially in the password
5090 --pwdpalindrome PWDPALINDROME
5093 Set to "on" to reject passwords that are palindromes
5094 --pwdmaxseq PWDMAXSEQ
5097 The maximum number of allowed monotonic character sequences in a
5098 password
5099 --pwdmaxseqsets PWDMAXSEQSETS
5102 The maximum number of allowed monotonic character sequences that
5103 can be duplicated in a password
5104 --pwdmaxclasschars PWDMAXCLASSCHARS
5107 The maximum number of sequential characters from the same char‐
5108 acter class that is allowed in a password
5109 --pwdmincatagories PWDMINCATAGORIES
5112 The minimum number of syntax category checks
5113 --pwdmintokenlen PWDMINTOKENLEN
5116 Sets the smallest attribute value length that is used for triv‐
5117 ial/user words checking. This also impacts "--pwduserattrs"
5118 --pwdbadwords PWDBADWORDS
5121 A space-separated list of words that can not be in a password
5122 --pwduserattrs PWDUSERATTRS
5125 A space-separated list of attributes whose values can not appear
5126 in the password (See "--pwdmintokenlen")
5127 --pwddictcheck PWDDICTCHECK
5130 Set to "on" to enforce CrackLib dictionary checking
5131 --pwddictpath PWDDICTPATH
5134 Filesystem path to specific/custom CrackLib dictionary files
5135 --pwptprmaxuse PWPTPRMAXUSE
5138 Number of times a reset password can be used for authentication
5139 --pwptprdelayexpireat PWPTPRDELAYEXPIREAT
5142 Number of seconds after which a reset password expires
5143 --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
5146 Number of seconds to wait before using a reset password to au‐
5147 thenticated
5148 --pwdlocal PWDLOCAL
5151 Set to "on" to enable fine-grained (subtree/user-level) password
5152 policies
5153 --pwdisglobal PWDISGLOBAL
5156 Set to "on" to enable password policy state attributes to be
5157 replicated
5158 --pwdallowhash PWDALLOWHASH
5161 Set to "on" to allow adding prehashed passwords
5162 --pwpinheritglobal PWPINHERITGLOBAL
5165 Set to "on" to allow local policies to inherit the global policy
5166
5169 usage: dsconf instance pwpolicy list-schemes [-h]
5170
5173 usage: dsconf instance localpwp [-h]
5174 {list,get,set,remove,adduser,addsub‐
5175 tree} ...
5176
5179 dsconf localpwp list
5180 List all the local password policies
5181 dsconf localpwp get
5183 Get local password policy entry
5184 dsconf localpwp set
5186 Set an attribute in a local password policy
5187 dsconf localpwp remove
5189 Remove a local password policy
5190 dsconf localpwp adduser
5192 Add new user password policy
5193 dsconf localpwp addsubtree
5195 Add new subtree password policy
5196
5199 usage: dsconf instance localpwp list [-h] [DN]
5200 DN Suffix to search for local password policies
5203
5206 usage: dsconf instance localpwp get [-h] DN
5207 DN Get the local policy for this entry DN
5210
5213 usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
5214 [--pwdchange PWDCHANGE]
5215 [--pwdmustchange PWDMUSTCHANGE]
5216 [--pwdhistory PWDHISTORY]
5217 [--pwdhistorycount PWDHISTORYCOUNT]
5218 [--pwdadmin PWDADMIN]
5219 [--pwdadminskipupdates PWDADMIN‐
5220 SKIPUPDATES]
5221 [--pwdtrack PWDTRACK]
5222 [--pwdwarning PWDWARNING]
5223 [--pwdexpire PWDEXPIRE]
5224 [--pwdmaxage PWDMAXAGE]
5225 [--pwdminage PWDMINAGE]
5226 [--pwdgracelimit PWDGRACELIMIT]
5227 [--pwdsendexpiring PWDSENDEXPIRING]
5228 [--pwdlockout PWDLOCKOUT]
5229 [--pwdunlock PWDUNLOCK]
5230 [--pwdlockoutduration PWDLOCKOUTDU‐
5231 RATION]
5232 [--pwdmaxfailures PWDMAXFAILURES]
5233 [--pwdresetfailcount PWDRESETFAIL‐
5234 COUNT]
5235 [--pwdchecksyntax PWDCHECKSYNTAX]
5236 [--pwdminlen PWDMINLEN]
5237 [--pwdmindigits PWDMINDIGITS]
5238 [--pwdminalphas PWDMINALPHAS]
5239 [--pwdminuppers PWDMINUPPERS]
5240 [--pwdminlowers PWDMINLOWERS]
5241 [--pwdminspecials PWDMINSPECIALS]
5242 [--pwdmin8bits PWDMIN8BITS]
5243 [--pwdmaxrepeats PWDMAXREPEATS]
5244 [--pwdpalindrome PWDPALINDROME]
5245 [--pwdmaxseq PWDMAXSEQ]
5246 [--pwdmaxseqsets PWDMAXSEQSETS]
5247 [--pwdmaxclasschars PWDMAXCLASS‐
5248 CHARS]
5249 [--pwdmincatagories PWDMIN‐
5250 CATAGORIES]
5251 [--pwdmintokenlen PWDMINTOKENLEN]
5252 [--pwdbadwords PWDBADWORDS]
5253 [--pwduserattrs PWDUSERATTRS]
5254 [--pwddictcheck PWDDICTCHECK]
5255 [--pwddictpath PWDDICTPATH]
5256 [--pwptprmaxuse PWPTPRMAXUSE]
5257 [--pwptprdelayexpireat PWPTPRDELAY‐
5258 EXPIREAT]
5259 [--pwptprdelayvalidfrom PWPTPRDE‐
5260 LAYVALIDFROM]
5261 DN
5262 DN Set the local policy for this entry DN
5265
5268 --pwdscheme PWDSCHEME
5269 The password storage scheme
5270 --pwdchange PWDCHANGE
5273 Allow users to change their passwords
5274 --pwdmustchange PWDMUSTCHANGE
5277 Users must change their password after it was reset by an admin‐
5278 istrator
5279 --pwdhistory PWDHISTORY
5282 To enable password history set this to "on", otherwise "off"
5283 --pwdhistorycount PWDHISTORYCOUNT
5286 The number of passwords to keep in history
5287 --pwdadmin PWDADMIN
5290 The DN of an entry or a group of account that can bypass pass‐
5291 word policy constraints
5292 --pwdadminskipupdates PWDADMINSKIPUPDATES
5295 Set to "on" if the Password Admin's password update should not
5296 trigger updates to the password state attributes (passwordExpi‐
5297 rationtime, passwordHistory, etc).
5298 --pwdtrack PWDTRACK
5301 Set to "on" to track the time the password was last changed
5302 --pwdwarning PWDWARNING
5305 Send an expiring warning if password expires within this time
5306 (in seconds)
5307 --pwdexpire PWDEXPIRE
5310 Set to "on" to enable password expiration
5311 --pwdmaxage PWDMAXAGE
5314 The password expiration time in seconds
5315 --pwdminage PWDMINAGE
5318 The number of seconds that must pass before a user can change
5319 their password
5320 --pwdgracelimit PWDGRACELIMIT
5323 The number of allowed logins after the password has expired
5324 --pwdsendexpiring PWDSENDEXPIRING
5327 Set to "on" to always send the expiring control regardless of
5328 the warning period
5329 --pwdlockout PWDLOCKOUT
5332 Set to "on" to enable account lockout
5333 --pwdunlock PWDUNLOCK
5336 Set to "on" to allow an account to become unlocked after the
5337 lockout duration
5338 --pwdlockoutduration PWDLOCKOUTDURATION
5341 The number of seconds an account stays locked out
5342 --pwdmaxfailures PWDMAXFAILURES
5345 The maximum number of allowed failed password attempts before
5346 the account gets locked
5347 --pwdresetfailcount PWDRESETFAILCOUNT
5350 The number of seconds to wait before reducing the failed login
5351 count on an account
5352 --pwdchecksyntax PWDCHECKSYNTAX
5355 Set to "on" to enable password syntax checking
5356 --pwdminlen PWDMINLEN
5359 The minimum number of characters required in a password
5360 --pwdmindigits PWDMINDIGITS
5363 The minimum number of digit/number characters in a password
5364 --pwdminalphas PWDMINALPHAS
5367 The minimum number of alpha characters required in a password
5368 --pwdminuppers PWDMINUPPERS
5371 The minimum number of uppercase characters required in a pass‐
5372 word
5373 --pwdminlowers PWDMINLOWERS
5376 The minimum number of lowercase characters required in a pass‐
5377 word
5378 --pwdminspecials PWDMINSPECIALS
5381 The minimum number of special characters required in a password
5382 --pwdmin8bits PWDMIN8BITS
5385 The minimum number of 8-bit characters required in a password
5386 --pwdmaxrepeats PWDMAXREPEATS
5389 The maximum number of times the same character can appear se‐
5390 quentially in the password
5391 --pwdpalindrome PWDPALINDROME
5394 Set to "on" to reject passwords that are palindromes
5395 --pwdmaxseq PWDMAXSEQ
5398 The maximum number of allowed monotonic character sequences in a
5399 password
5400 --pwdmaxseqsets PWDMAXSEQSETS
5403 The maximum number of allowed monotonic character sequences that
5404 can be duplicated in a password
5405 --pwdmaxclasschars PWDMAXCLASSCHARS
5408 The maximum number of sequential characters from the same char‐
5409 acter class that is allowed in a password
5410 --pwdmincatagories PWDMINCATAGORIES
5413 The minimum number of syntax category checks
5414 --pwdmintokenlen PWDMINTOKENLEN
5417 Sets the smallest attribute value length that is used for triv‐
5418 ial/user words checking. This also impacts "--pwduserattrs"
5419 --pwdbadwords PWDBADWORDS
5422 A space-separated list of words that can not be in a password
5423 --pwduserattrs PWDUSERATTRS
5426 A space-separated list of attributes whose values can not appear
5427 in the password (See "--pwdmintokenlen")
5428 --pwddictcheck PWDDICTCHECK
5431 Set to "on" to enforce CrackLib dictionary checking
5432 --pwddictpath PWDDICTPATH
5435 Filesystem path to specific/custom CrackLib dictionary files
5436 --pwptprmaxuse PWPTPRMAXUSE
5439 Number of times a reset password can be used for authentication
5440 --pwptprdelayexpireat PWPTPRDELAYEXPIREAT
5443 Number of seconds after which a reset password expires
5444 --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
5447 Number of seconds to wait before using a reset password to au‐
5448 thenticated
5449
5452 usage: dsconf instance localpwp remove [-h] DN
5453 DN Remove local policy for this entry DN
5456
5459 usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
5460 [--pwdchange PWDCHANGE]
5461 [--pwdmustchange PWDMUSTCHANGE]
5462 [--pwdhistory PWDHISTORY]
5463 [--pwdhistorycount PWDHISTO‐
5464 RYCOUNT]
5465 [--pwdadmin PWDADMIN]
5466 [--pwdadminskipupdates PWDAD‐
5467 MINSKIPUPDATES]
5468 [--pwdtrack PWDTRACK]
5469 [--pwdwarning PWDWARNING]
5470 [--pwdexpire PWDEXPIRE]
5471 [--pwdmaxage PWDMAXAGE]
5472 [--pwdminage PWDMINAGE]
5473 [--pwdgracelimit PWDGRACELIMIT]
5474 [--pwdsendexpiring PWDSENDEX‐
5475 PIRING]
5476 [--pwdlockout PWDLOCKOUT]
5477 [--pwdunlock PWDUNLOCK]
5478 [--pwdlockoutduration PWDLOCK‐
5479 OUTDURATION]
5480 [--pwdmaxfailures PWDMAXFAIL‐
5481 URES]
5482 [--pwdresetfailcount PWDRESET‐
5483 FAILCOUNT]
5484 [--pwdchecksyntax PWDCHECKSYN‐
5485 TAX]
5486 [--pwdminlen PWDMINLEN]
5487 [--pwdmindigits PWDMINDIGITS]
5488 [--pwdminalphas PWDMINALPHAS]
5489 [--pwdminuppers PWDMINUPPERS]
5490 [--pwdminlowers PWDMINLOWERS]
5491 [--pwdminspecials PWDMINSPE‐
5492 CIALS]
5493 [--pwdmin8bits PWDMIN8BITS]
5494 [--pwdmaxrepeats PWDMAXREPEATS]
5495 [--pwdpalindrome PWDPALINDROME]
5496 [--pwdmaxseq PWDMAXSEQ]
5497 [--pwdmaxseqsets PWDMAXSEQSETS]
5498 [--pwdmaxclasschars PWDMAX‐
5499 CLASSCHARS]
5500 [--pwdmincatagories PWDMIN‐
5501 CATAGORIES]
5502 [--pwdmintokenlen PWDMINTO‐
5503 KENLEN]
5504 [--pwdbadwords PWDBADWORDS]
5505 [--pwduserattrs PWDUSERATTRS]
5506 [--pwddictcheck PWDDICTCHECK]
5507 [--pwddictpath PWDDICTPATH]
5508 [--pwptprmaxuse PWPTPRMAXUSE]
5509 [--pwptprdelayexpireat PWPT‐
5510 PRDELAYEXPIREAT]
5511 [--pwptprdelayvalidfrom PWPT‐
5512 PRDELAYVALIDFROM]
5513 DN
5514 DN Add/replace the local password policy for this entry DN
5517
5520 --pwdscheme PWDSCHEME
5521 The password storage scheme
5522 --pwdchange PWDCHANGE
5525 Allow users to change their passwords
5526 --pwdmustchange PWDMUSTCHANGE
5529 Users must change their password after it was reset by an admin‐
5530 istrator
5531 --pwdhistory PWDHISTORY
5534 To enable password history set this to "on", otherwise "off"
5535 --pwdhistorycount PWDHISTORYCOUNT
5538 The number of passwords to keep in history
5539 --pwdadmin PWDADMIN
5542 The DN of an entry or a group of account that can bypass pass‐
5543 word policy constraints
5544 --pwdadminskipupdates PWDADMINSKIPUPDATES
5547 Set to "on" if the Password Admin's password update should not
5548 trigger updates to the password state attributes (passwordExpi‐
5549 rationtime, passwordHistory, etc).
5550 --pwdtrack PWDTRACK
5553 Set to "on" to track the time the password was last changed
5554 --pwdwarning PWDWARNING
5557 Send an expiring warning if password expires within this time
5558 (in seconds)
5559 --pwdexpire PWDEXPIRE
5562 Set to "on" to enable password expiration
5563 --pwdmaxage PWDMAXAGE
5566 The password expiration time in seconds
5567 --pwdminage PWDMINAGE
5570 The number of seconds that must pass before a user can change
5571 their password
5572 --pwdgracelimit PWDGRACELIMIT
5575 The number of allowed logins after the password has expired
5576 --pwdsendexpiring PWDSENDEXPIRING
5579 Set to "on" to always send the expiring control regardless of
5580 the warning period
5581 --pwdlockout PWDLOCKOUT
5584 Set to "on" to enable account lockout
5585 --pwdunlock PWDUNLOCK
5588 Set to "on" to allow an account to become unlocked after the
5589 lockout duration
5590 --pwdlockoutduration PWDLOCKOUTDURATION
5593 The number of seconds an account stays locked out
5594 --pwdmaxfailures PWDMAXFAILURES
5597 The maximum number of allowed failed password attempts before
5598 the account gets locked
5599 --pwdresetfailcount PWDRESETFAILCOUNT
5602 The number of seconds to wait before reducing the failed login
5603 count on an account
5604 --pwdchecksyntax PWDCHECKSYNTAX
5607 Set to "on" to enable password syntax checking
5608 --pwdminlen PWDMINLEN
5611 The minimum number of characters required in a password
5612 --pwdmindigits PWDMINDIGITS
5615 The minimum number of digit/number characters in a password
5616 --pwdminalphas PWDMINALPHAS
5619 The minimum number of alpha characters required in a password
5620 --pwdminuppers PWDMINUPPERS
5623 The minimum number of uppercase characters required in a pass‐
5624 word
5625 --pwdminlowers PWDMINLOWERS
5628 The minimum number of lowercase characters required in a pass‐
5629 word
5630 --pwdminspecials PWDMINSPECIALS
5633 The minimum number of special characters required in a password
5634 --pwdmin8bits PWDMIN8BITS
5637 The minimum number of 8-bit characters required in a password
5638 --pwdmaxrepeats PWDMAXREPEATS
5641 The maximum number of times the same character can appear se‐
5642 quentially in the password
5643 --pwdpalindrome PWDPALINDROME
5646 Set to "on" to reject passwords that are palindromes
5647 --pwdmaxseq PWDMAXSEQ
5650 The maximum number of allowed monotonic character sequences in a
5651 password
5652 --pwdmaxseqsets PWDMAXSEQSETS
5655 The maximum number of allowed monotonic character sequences that
5656 can be duplicated in a password
5657 --pwdmaxclasschars PWDMAXCLASSCHARS
5660 The maximum number of sequential characters from the same char‐
5661 acter class that is allowed in a password
5662 --pwdmincatagories PWDMINCATAGORIES
5665 The minimum number of syntax category checks
5666 --pwdmintokenlen PWDMINTOKENLEN
5669 Sets the smallest attribute value length that is used for triv‐
5670 ial/user words checking. This also impacts "--pwduserattrs"
5671 --pwdbadwords PWDBADWORDS
5674 A space-separated list of words that can not be in a password
5675 --pwduserattrs PWDUSERATTRS
5678 A space-separated list of attributes whose values can not appear
5679 in the password (See "--pwdmintokenlen")
5680 --pwddictcheck PWDDICTCHECK
5683 Set to "on" to enforce CrackLib dictionary checking
5684 --pwddictpath PWDDICTPATH
5687 Filesystem path to specific/custom CrackLib dictionary files
5688 --pwptprmaxuse PWPTPRMAXUSE
5691 Number of times a reset password can be used for authentication
5692 --pwptprdelayexpireat PWPTPRDELAYEXPIREAT
5695 Number of seconds after which a reset password expires
5696 --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
5699 Number of seconds to wait before using a reset password to au‐
5700 thenticated
5701
5704 usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
5705 [--pwdchange PWDCHANGE]
5706 [--pwdmustchange PWD‐
5707 MUSTCHANGE]
5708 [--pwdhistory PWDHISTORY]
5709 [--pwdhistorycount PWDHISTO‐
5710 RYCOUNT]
5711 [--pwdadmin PWDADMIN]
5712 [--pwdadminskipupdates PW‐
5713 DADMINSKIPUPDATES]
5714 [--pwdtrack PWDTRACK]
5715 [--pwdwarning PWDWARNING]
5716 [--pwdexpire PWDEXPIRE]
5717 [--pwdmaxage PWDMAXAGE]
5718 [--pwdminage PWDMINAGE]
5719 [--pwdgracelimit PWDGRACE‐
5720 LIMIT]
5721 [--pwdsendexpiring PWDSEND‐
5722 EXPIRING]
5723 [--pwdlockout PWDLOCKOUT]
5724 [--pwdunlock PWDUNLOCK]
5725 [--pwdlockoutduration PWD‐
5726 LOCKOUTDURATION]
5727 [--pwdmaxfailures PWDMAX‐
5728 FAILURES]
5729 [--pwdresetfailcount PW‐
5730 DRESETFAILCOUNT]
5731 [--pwdchecksyntax PWD‐
5732 CHECKSYNTAX]
5733 [--pwdminlen PWDMINLEN]
5734 [--pwdmindigits PWDMINDIG‐
5735 ITS]
5736 [--pwdminalphas PWDMINAL‐
5737 PHAS]
5738 [--pwdminuppers PWDMINUP‐
5739 PERS]
5740 [--pwdminlowers PWDMINLOW‐
5741 ERS]
5742 [--pwdminspecials PWDMINSPE‐
5743 CIALS]
5744 [--pwdmin8bits PWDMIN8BITS]
5745 [--pwdmaxrepeats PWDMAXRE‐
5746 PEATS]
5747 [--pwdpalindrome PWDPALIN‐
5748 DROME]
5749 [--pwdmaxseq PWDMAXSEQ]
5750 [--pwdmaxseqsets PWDMAXSE‐
5751 QSETS]
5752 [--pwdmaxclasschars PWDMAX‐
5753 CLASSCHARS]
5754 [--pwdmincatagories PWDMIN‐
5755 CATAGORIES]
5756 [--pwdmintokenlen PWDMINTO‐
5757 KENLEN]
5758 [--pwdbadwords PWDBADWORDS]
5759 [--pwduserattrs PWDUSERAT‐
5760 TRS]
5761 [--pwddictcheck PWD‐
5762 DICTCHECK]
5763 [--pwddictpath PWDDICTPATH]
5764 [--pwptprmaxuse PWPT‐
5765 PRMAXUSE]
5766 [--pwptprdelayexpireat PWPT‐
5767 PRDELAYEXPIREAT]
5768 [--pwptprdelayvalidfrom PW‐
5769 PTPRDELAYVALIDFROM]
5770 DN
5771 DN Add/replace the subtree policy for this entry DN
5774
5777 --pwdscheme PWDSCHEME
5778 The password storage scheme
5779 --pwdchange PWDCHANGE
5782 Allow users to change their passwords
5783 --pwdmustchange PWDMUSTCHANGE
5786 Users must change their password after it was reset by an admin‐
5787 istrator
5788 --pwdhistory PWDHISTORY
5791 To enable password history set this to "on", otherwise "off"
5792 --pwdhistorycount PWDHISTORYCOUNT
5795 The number of passwords to keep in history
5796 --pwdadmin PWDADMIN
5799 The DN of an entry or a group of account that can bypass pass‐
5800 word policy constraints
5801 --pwdadminskipupdates PWDADMINSKIPUPDATES
5804 Set to "on" if the Password Admin's password update should not
5805 trigger updates to the password state attributes (passwordExpi‐
5806 rationtime, passwordHistory, etc).
5807 --pwdtrack PWDTRACK
5810 Set to "on" to track the time the password was last changed
5811 --pwdwarning PWDWARNING
5814 Send an expiring warning if password expires within this time
5815 (in seconds)
5816 --pwdexpire PWDEXPIRE
5819 Set to "on" to enable password expiration
5820 --pwdmaxage PWDMAXAGE
5823 The password expiration time in seconds
5824 --pwdminage PWDMINAGE
5827 The number of seconds that must pass before a user can change
5828 their password
5829 --pwdgracelimit PWDGRACELIMIT
5832 The number of allowed logins after the password has expired
5833 --pwdsendexpiring PWDSENDEXPIRING
5836 Set to "on" to always send the expiring control regardless of
5837 the warning period
5838 --pwdlockout PWDLOCKOUT
5841 Set to "on" to enable account lockout
5842 --pwdunlock PWDUNLOCK
5845 Set to "on" to allow an account to become unlocked after the
5846 lockout duration
5847 --pwdlockoutduration PWDLOCKOUTDURATION
5850 The number of seconds an account stays locked out
5851 --pwdmaxfailures PWDMAXFAILURES
5854 The maximum number of allowed failed password attempts before
5855 the account gets locked
5856 --pwdresetfailcount PWDRESETFAILCOUNT
5859 The number of seconds to wait before reducing the failed login
5860 count on an account
5861 --pwdchecksyntax PWDCHECKSYNTAX
5864 Set to "on" to enable password syntax checking
5865 --pwdminlen PWDMINLEN
5868 The minimum number of characters required in a password
5869 --pwdmindigits PWDMINDIGITS
5872 The minimum number of digit/number characters in a password
5873 --pwdminalphas PWDMINALPHAS
5876 The minimum number of alpha characters required in a password
5877 --pwdminuppers PWDMINUPPERS
5880 The minimum number of uppercase characters required in a pass‐
5881 word
5882 --pwdminlowers PWDMINLOWERS
5885 The minimum number of lowercase characters required in a pass‐
5886 word
5887 --pwdminspecials PWDMINSPECIALS
5890 The minimum number of special characters required in a password
5891 --pwdmin8bits PWDMIN8BITS
5894 The minimum number of 8-bit characters required in a password
5895 --pwdmaxrepeats PWDMAXREPEATS
5898 The maximum number of times the same character can appear se‐
5899 quentially in the password
5900 --pwdpalindrome PWDPALINDROME
5903 Set to "on" to reject passwords that are palindromes
5904 --pwdmaxseq PWDMAXSEQ
5907 The maximum number of allowed monotonic character sequences in a
5908 password
5909 --pwdmaxseqsets PWDMAXSEQSETS
5912 The maximum number of allowed monotonic character sequences that
5913 can be duplicated in a password
5914 --pwdmaxclasschars PWDMAXCLASSCHARS
5917 The maximum number of sequential characters from the same char‐
5918 acter class that is allowed in a password
5919 --pwdmincatagories PWDMINCATAGORIES
5922 The minimum number of syntax category checks
5923 --pwdmintokenlen PWDMINTOKENLEN
5926 Sets the smallest attribute value length that is used for triv‐
5927 ial/user words checking. This also impacts "--pwduserattrs"
5928 --pwdbadwords PWDBADWORDS
5931 A space-separated list of words that can not be in a password
5932 --pwduserattrs PWDUSERATTRS
5935 A space-separated list of attributes whose values can not appear
5936 in the password (See "--pwdmintokenlen")
5937 --pwddictcheck PWDDICTCHECK
5940 Set to "on" to enforce CrackLib dictionary checking
5941 --pwddictpath PWDDICTPATH
5944 Filesystem path to specific/custom CrackLib dictionary files
5945 --pwptprmaxuse PWPTPRMAXUSE
5948 Number of times a reset password can be used for authentication
5949 --pwptprdelayexpireat PWPTPRDELAYEXPIREAT
5952 Number of seconds after which a reset password expires
5953 --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM
5956 Number of seconds to wait before using a reset password to au‐
5957 thenticated
5958
5961 usage: dsconf instance replication [-h]
5962 {enable,disable,get-ruv,list,sta‐
5963 tus,winsync-status,promote,create-manager,delete-manager,de‐
5964 mote,get,set-changelog,get-changelog,export-changelog,im‐
5965 port-changelog,set,monitor}
5966 ...
5967
5970 dsconf replication enable
5971 Enable replication for a suffix
5972 dsconf replication disable
5974 Disable replication for a suffix
5975 dsconf replication get-ruv
5977 Display the database RUV entry for a suffix
5978 dsconf replication list
5980 Lists all the replicated suffixes
5981 dsconf replication status
5983 Display the current status of all the replication agreements
5984 dsconf replication winsync-status
5986 Display the current status of all the replication agreements
5987 dsconf replication promote
5989 Promote a replica to a hub or supplier
5990 dsconf replication create-manager
5992 Create a replication manager entry
5993 dsconf replication delete-manager
5995 Delete a replication manager entry
5996 dsconf replication demote
5998 Demote replica to a hub or consumer
5999 dsconf replication get
6001 Display the replication configuration
6002 dsconf replication set-changelog
6004 Set replication changelog attributes
6005 dsconf replication get-changelog
6007 Display replication changelog attributes
6008 dsconf replication export-changelog
6010 Export the Directory Server replication changelog to an LDIF
6011 file
6012 dsconf replication import-changelog
6014 Restore/import Directory Server replication change log from an
6015 LDIF file. This is typically used when managing changelog en‐
6016 cryption
6017 dsconf replication set
6019 Set an attribute in the replication configuration
6020 dsconf replication monitor
6022 Display the full replication topology report
6023
6026 usage: dsconf instance replication enable [-h] --suffix SUFFIX --role
6027 ROLE
6028 [--replica-id REPLICA_ID]
6029 [--bind-group-dn
6030 BIND_GROUP_DN]
6031 [--bind-dn BIND_DN]
6032 [--bind-passwd BIND_PASSWD]
6033 [--bind-passwd-file
6034 BIND_PASSWD_FILE]
6035 [--bind-passwd-prompt]
6036
6039 --suffix SUFFIX
6040 Sets the DN of the suffix to be enabled for replication
6041 --role ROLE
6044 Sets the replication role: "supplier", "hub", or "consumer"
6045 --replica-id REPLICA_ID
6048 Sets the replication identifier for a "supplier". Values range
6049 from 1 - 65534
6050 --bind-group-dn BIND_GROUP_DN
6053 Sets a group entry DN containing members that are "bind/sup‐
6054 plier" DNs
6055 --bind-dn BIND_DN
6058 Sets the bind or supplier DN that can make replication updates
6059 --bind-passwd BIND_PASSWD
6062 Sets the password for replication manager (--bind-dn). This will
6063 create the manager entry if a value is set
6064 --bind-passwd-file BIND_PASSWD_FILE
6067 File containing the password
6068 --bind-passwd-prompt
6071 Prompt for password
6072
6075 usage: dsconf instance replication disable [-h] --suffix SUFFIX
6076
6079 --suffix SUFFIX
6080 Sets the DN of the suffix to have replication disabled
6081
6084 usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX
6085
6088 --suffix SUFFIX
6089 Sets the DN of the replicated suffix
6090
6093 usage: dsconf instance replication list [-h]
6094
6097 usage: dsconf instance replication status [-h] --suffix SUFFIX
6098 [--bind-dn BIND_DN]
6099 [--bind-passwd BIND_PASSWD]
6100 [--bind-passwd-file
6101 BIND_PASSWD_FILE]
6102 [--bind-passwd-prompt]
6103
6106 --suffix SUFFIX
6107 Sets the DN of the replication suffix
6108 --bind-dn BIND_DN
6111 Sets the DN to use to authenticate to the consumer
6112 --bind-passwd BIND_PASSWD
6115 Sets the password for the bind DN
6116 --bind-passwd-file BIND_PASSWD_FILE
6119 File containing the password
6120 --bind-passwd-prompt
6123 Prompt for password
6124
6127 usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX
6128 [--bind-dn BIND_DN]
6129 [--bind-passwd
6130 BIND_PASSWD]
6131 [--bind-passwd-file
6132 BIND_PASSWD_FILE]
6133 [--bind-passwd-prompt]
6134
6137 --suffix SUFFIX
6138 Sets the DN of the replication suffix
6139 --bind-dn BIND_DN
6142 Sets the DN to use to authenticate to the consumer
6143 --bind-passwd BIND_PASSWD
6146 Sets the password of the bind DN
6147 --bind-passwd-file BIND_PASSWD_FILE
6150 File containing the password
6151 --bind-passwd-prompt
6154 Prompt for password
6155
6158 usage: dsconf instance replication promote [-h] --suffix SUFFIX --new‐
6159 role
6160 NEWROLE [--replica-id
6161 REPLICA_ID]
6162 [--bind-group-dn
6163 BIND_GROUP_DN]
6164 [--bind-dn BIND_DN]
6165
6168 --suffix SUFFIX
6169 Sets the DN of the replication suffix to promote
6170 --newrole NEWROLE
6173 Sets the new replica role to "hub" or "supplier"
6174 --replica-id REPLICA_ID
6177 Sets the replication identifier for a "supplier". Values range
6178 from 1 - 65534
6179 --bind-group-dn BIND_GROUP_DN
6182 Sets a group entry DN containing members that are "bind/sup‐
6183 plier" DNs
6184 --bind-dn BIND_DN
6187 Sets the bind or supplier DN that can make replication updates
6188
6191 usage: dsconf instance replication create-manager [-h] [--name NAME]
6192 [--passwd PASSWD]
6193 [--passwd-file
6194 PASSWD_FILE]
6195 [--suffix SUFFIX]
6196
6199 --name NAME
6200 Sets the name of the new replication manager entry.For example,
6201 if the name is "replication manager" then the new manager en‐
6202 try's DN would be "cn=replication manager,cn=config".
6203 --passwd PASSWD
6206 Sets the password for replication manager. If not provided, you
6207 will be prompted for the password
6208 --passwd-file PASSWD_FILE
6211 File containing the password
6212 --suffix SUFFIX
6215 The DN of the replication suffix whose replication configuration
6216 you want to add this new manager to (OPTIONAL)
6217
6220 usage: dsconf instance replication delete-manager [-h] [--name NAME]
6221 [--suffix SUFFIX]
6222
6225 --name NAME
6226 Sets the name of the replication manager entry under cn=config:
6227 "cn=NAME,cn=config"
6228 --suffix SUFFIX
6231 Sets the DN of the replication suffix whose replication configu‐
6232 ration you want to remove this manager from (OPTIONAL)
6233
6236 usage: dsconf instance replication demote [-h] --suffix SUFFIX --new‐
6237 role
6238 NEWROLE
6239
6242 --suffix SUFFIX
6243 Sets the DN of the replication suffix
6244 --newrole NEWROLE
6247 Sets the new replication role to "hub", or "consumer"
6248
6251 usage: dsconf instance replication get [-h] --suffix SUFFIX
6252
6255 --suffix SUFFIX
6256 Sets the suffix DN for the replication configuration to display
6257
6260 usage: dsconf instance replication set-changelog [-h] --suffix SUFFIX
6261 [--max-entries MAX_EN‐
6262 TRIES]
6263 [--max-age MAX_AGE]
6264 [--trim-interval
6265 TRIM_INTERVAL]
6266 [--encrypt]
6267 [--disable-encrypt]
6268
6271 --suffix SUFFIX
6272 Sets the suffix that uses the changelog
6273 --max-entries MAX_ENTRIES
6276 Sets the maximum number of entries to get in the replication
6277 changelog
6278 --max-age MAX_AGE
6281 Set the maximum age of a replication changelog entry
6282 --trim-interval TRIM_INTERVAL
6285 Sets the interval to check if the replication changelog can be
6286 trimmed
6287 --encrypt
6290 Sets the replication changelog to use encryption. You must ex‐
6291 port and import the changelog after setting this.
6292 --disable-encrypt
6295 Sets the replication changelog to not use encryption. You must
6296 export and import the changelog after setting this.
6297
6300 usage: dsconf instance replication get-changelog [-h] --suffix SUFFIX
6301
6304 --suffix SUFFIX
6305 Sets the suffix that uses the changelog
6306
6309 usage: dsconf instance replication export-changelog [-h] {to-ldif,de‐
6310 fault} ...
6311
6314 dsconf replication export-changelog to-ldif
6315 Sets the LDIF file name. This is typically used for setting up
6316 changelog encryption
6317 dsconf replication export-changelog default
6319 Export the replication changelog to the server's default LDIF
6320 directory
6321
6324 usage: dsconf instance replication export-changelog to-ldif
6325 [-h] [-c] [-d] [-l] [-i CHANGELOG_LDIF] -o OUTPUT_FILE -r
6326 REPLICA_ROOT
6327
6330 -c, --csn-only
6331 Enables to export and interpret CSN only. This option can be
6332 used with or without -i option. The LDIF file that is generated
6333 can not be imported and is only used for debugging purposes.
6334 -d, --decode
6337 Decodes the base64 values in each changelog entry. The LDIF file
6338 that is generated can not be imported and is only used for de‐
6339 bugging purposes.
6340 -l, --preserve-ldif-done
6343 Preserves generated LDIF "files.done" files in changelog direc‐
6344 tory.
6345 -i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF
6348 Decodes changes in an LDIF file. Use this option if you already
6349 have a changelog LDIF file, but the changes in that file are en‐
6350 coded.
6351 -o OUTPUT_FILE, --output-file OUTPUT_FILE
6354 Sets the path name for the final result
6355 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6358 Specifies the replica root whose changelog you want to export
6359
6362 usage: dsconf instance replication export-changelog default
6363 [-h] -r REPLICA_ROOT
6364
6367 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6368 Specifies the replica root whose changelog you want to export
6369
6372 usage: dsconf instance replication import-changelog [-h]
6373 {from-ldif,default}
6374 ...
6375
6378 dsconf replication import-changelog from-ldif
6379 Restore/import a specific single LDIF file
6380 dsconf replication import-changelog default
6382 Import the default changelog LDIF file created by the server
6383
6386 usage: dsconf instance replication import-changelog from-ldif
6387 [-h] -r REPLICA_ROOT LDIF_PATH
6388 LDIF_PATH
6391 The path of the changelog LDIF file
6392
6395 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6396 Specifies the replica root whose changelog you want to import
6397
6400 usage: dsconf instance replication import-changelog default
6401 [-h] -r REPLICA_ROOT
6402
6405 -r REPLICA_ROOT, --replica-root REPLICA_ROOT
6406 Specifies the replica root whose changelog you want to import
6407
6410 usage: dsconf instance replication set [-h] --suffix SUFFIX
6411 [--repl-add-bind-dn
6412 REPL_ADD_BIND_DN]
6413 [--repl-del-bind-dn
6414 REPL_DEL_BIND_DN]
6415 [--repl-add-ref REPL_ADD_REF]
6416 [--repl-del-ref REPL_DEL_REF]
6417 [--repl-purge-delay
6418 REPL_PURGE_DELAY]
6419 [--repl-tombstone-purge-interval
6420 REPL_TOMBSTONE_PURGE_INTERVAL]
6421 [--repl-fast-tombstone-purging
6422 REPL_FAST_TOMBSTONE_PURGING]
6423 [--repl-bind-group
6424 REPL_BIND_GROUP]
6425 [--repl-bind-group-interval
6426 REPL_BIND_GROUP_INTERVAL]
6427 [--repl-protocol-timeout
6428 REPL_PROTOCOL_TIMEOUT]
6429 [--repl-backoff-max REPL_BACK‐
6430 OFF_MAX]
6431 [--repl-backoff-min REPL_BACK‐
6432 OFF_MIN]
6433 [--repl-release-timeout REPL_RE‐
6434 LEASE_TIMEOUT]
6435 [--repl-keepalive-update-inter‐
6436 val REPL_KEEPALIVE_UPDATE_INTERVAL]
6437
6440 --suffix SUFFIX
6441 Sets the DN of the replication suffix
6442 --repl-add-bind-dn REPL_ADD_BIND_DN
6445 Adds a bind (supplier) DN
6446 --repl-del-bind-dn REPL_DEL_BIND_DN
6449 Removes a bind (supplier) DN
6450 --repl-add-ref REPL_ADD_REF
6453 Adds a replication referral (for consumers only)
6454 --repl-del-ref REPL_DEL_REF
6457 Removes a replication referral (for conusmers only)
6458 --repl-purge-delay REPL_PURGE_DELAY
6461 Sets the replication purge delay
6462 --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL
6465 Sets the interval in seconds to check for tombstones that can be
6466 purged
6467 --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING
6470 Enables or disables improving the tombstone purging performance
6471 --repl-bind-group REPL_BIND_GROUP
6474 Sets a group entry DN containing members that are "bind/sup‐
6475 plier" DNs
6476 --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL
6479 Sets an interval in seconds to check if the bind group has been
6480 updated
6481 --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT
6484 Sets a timeout in seconds on how long to wait before stopping
6485 replication when the server is under load
6486 --repl-backoff-max REPL_BACKOFF_MAX
6489 The maximum time in seconds a replication agreement should stay
6490 in a backoff state while waiting to acquire the consumer. De‐
6491 fault is 300 seconds
6492 --repl-backoff-min REPL_BACKOFF_MIN
6495 The starting time in seconds a replication agreement should stay
6496 in a backoff state while waiting to acquire the consumer. De‐
6497 fault is 3 seconds
6498 --repl-release-timeout REPL_RELEASE_TIMEOUT
6501 A timeout in seconds a replication supplier should send updates
6502 before it yields its replication session
6503 --repl-keepalive-update-interval REPL_KEEPALIVE_UPDATE_INTERVAL
6506 Interval in seconds for how often the server will apply an in‐
6507 ternal update to keep the RUV from getting stale. The default is
6508 1 hour (3600 seconds)
6509
6512 usage: dsconf instance replication monitor [-h] [-c [CONNECTIONS ...]]
6513 [-a [ALIASES ...]]
6514
6517 -c [CONNECTIONS ...], --connections [CONNECTIONS ...]
6518 Sets the connection values for monitoring other not connected
6519 topologies. The format: 'host:port:binddn:bindpwd'. You can use
6520 regex for host and port. You can set bindpwd to * and it will be
6521 requested at the runtime or you can include the path to the
6522 password file in square brackets - [~/pwd.txt]
6523 -a [ALIASES ...], --aliases [ALIASES ...]
6526 Enables displaying an alias instead of host:port, if an alias is
6527 assigned to a host:port combination. The format: alias=host:port
6528
6531 usage: dsconf instance repl-agmt [-h]
6532 {list,enable,disable,init,init-sta‐
6533 tus,poke,status,delete,create,set,get}
6534 ...
6535
6538 dsconf repl-agmt list
6539 List all replication agreements
6540 dsconf repl-agmt enable
6542 Enable replication agreement
6543 dsconf repl-agmt disable
6545 Disable replication agreement
6546 dsconf repl-agmt init
6548 Initialize replication agreement
6549 dsconf repl-agmt init-status
6551 Check the agreement initialization status
6552 dsconf repl-agmt poke
6554 Trigger replication to send updates now
6555 dsconf repl-agmt status
6557 Displays the current status of the replication agreement
6558 dsconf repl-agmt delete
6560 Delete replication agreement
6561 dsconf repl-agmt create
6563 Initialize replication agreement
6564 dsconf repl-agmt set
6566 Set an attribute in the replication agreement
6567 dsconf repl-agmt get
6569 Get replication configuration
6570
6573 usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry EN‐
6574 TRY]
6575
6578 --suffix SUFFIX
6579 Sets the DN of the suffix to look up replication agreements for
6580 --entry ENTRY
6583 Returns the entire entry for each agreement
6584
6587 usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME
6588 AGMT_NAME
6591 The name of the replication agreement
6592
6595 --suffix SUFFIX
6596 Sets the DN of the replication suffix
6597
6600 usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME
6601 AGMT_NAME
6604 The name of the replication agreement
6605
6608 --suffix SUFFIX
6609 Sets the DN of the replication suffix
6610
6613 usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME
6614 AGMT_NAME
6617 The name of the replication agreement
6618
6621 --suffix SUFFIX
6622 Sets the DN of the replication suffix
6623
6626 usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX
6627 AGMT_NAME
6628 AGMT_NAME
6631 The name of the replication agreement
6632
6635 --suffix SUFFIX
6636 Sets the DN of the replication suffix
6637
6640 usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME
6641 AGMT_NAME
6644 The name of the replication agreement
6645
6648 --suffix SUFFIX
6649 Sets the DN of the replication suffix
6650
6653 usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
6654 [--bind-dn BIND_DN]
6655 [--bind-passwd BIND_PASSWD]
6656 [--bind-passwd-file
6657 BIND_PASSWD_FILE]
6658 [--bind-passwd-prompt]
6659 AGMT_NAME
6660 AGMT_NAME
6663 The name of the replication agreement
6664
6667 --suffix SUFFIX
6668 Sets the DN of the replication suffix
6669 --bind-dn BIND_DN
6672 Sets the DN to use to authenticate to the consumer
6673 --bind-passwd BIND_PASSWD
6676 Sets the password for the bind DN
6677 --bind-passwd-file BIND_PASSWD_FILE
6680 File containing the password
6681 --bind-passwd-prompt
6684 Prompt for password
6685
6688 usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME
6689 AGMT_NAME
6692 The name of the replication agreement
6693
6696 --suffix SUFFIX
6697 Sets the DN of the replication suffix
6698
6701 usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host
6702 HOST
6703 --port PORT --conn-protocol
6704 CONN_PROTOCOL [--bind-dn
6705 BIND_DN]
6706 [--bind-passwd BIND_PASSWD]
6707 [--bind-passwd-file
6708 BIND_PASSWD_FILE]
6709 [--bind-passwd-prompt]
6710 --bind-method
6711 BIND_METHOD [--frac-list
6712 FRAC_LIST]
6713 [--frac-list-total
6714 FRAC_LIST_TOTAL]
6715 [--strip-list STRIP_LIST]
6716 [--schedule SCHEDULE]
6717 [--conn-timeout CONN_TIMEOUT]
6718 [--protocol-timeout PROTO‐
6719 COL_TIMEOUT]
6720 [--wait-async-results
6721 WAIT_ASYNC_RESULTS]
6722 [--busy-wait-time
6723 BUSY_WAIT_TIME]
6724 [--session-pause-time SES‐
6725 SION_PAUSE_TIME]
6726 [--flow-control-window
6727 FLOW_CONTROL_WINDOW]
6728 [--flow-control-pause FLOW_CON‐
6729 TROL_PAUSE]
6730 [--bootstrap-bind-dn BOOT‐
6731 STRAP_BIND_DN]
6732 [--bootstrap-bind-passwd BOOT‐
6733 STRAP_BIND_PASSWD]
6734 [--bootstrap-bind-passwd-file
6735 BOOTSTRAP_BIND_PASSWD_FILE]
6736 [--boot‐
6737 strap-bind-passwd-prompt]
6738 [--bootstrap-conn-protocol
6739 BOOTSTRAP_CONN_PROTOCOL]
6740 [--bootstrap-bind-method BOOT‐
6741 STRAP_BIND_METHOD]
6742 [--init]
6743 AGMT_NAME
6744 AGMT_NAME
6747 The name of the replication agreement
6748
6751 --suffix SUFFIX
6752 Sets the DN of the replication suffix
6753 --host HOST
6756 Sets the hostname of the remote replica
6757 --port PORT
6760 Sets the port number of the remote replica
6761 --conn-protocol CONN_PROTOCOL
6764 Sets the replication connection protocol: LDAP, LDAPS, or Start‐
6765 TLS
6766 --bind-dn BIND_DN
6769 Sets the bind DN the agreement uses to authenticate to the
6770 replica
6771 --bind-passwd BIND_PASSWD
6774 Sets the credentials for the bind DN
6775 --bind-passwd-file BIND_PASSWD_FILE
6778 File containing the password
6779 --bind-passwd-prompt
6782 Prompt for password
6783 --bind-method BIND_METHOD
6786 Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST",
6787 or "SASL/GSSAPI"
6788 --frac-list FRAC_LIST
6791 Sets the list of attributes to NOT replicate to the consumer
6792 during incremental updates
6793 --frac-list-total FRAC_LIST_TOTAL
6796 Sets the list of attributes to NOT replicate during a total ini‐
6797 tialization
6798 --strip-list STRIP_LIST
6801 Sets a list of attributes that are removed from updates only if
6802 the event would otherwise be empty. Typically this is set to
6803 "modifiersname" and "modifytimestmap"
6804 --schedule SCHEDULE
6807 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6808 0-6 (Sunday - Saturday).
6809 --conn-timeout CONN_TIMEOUT
6812 Sets the timeout used for replication connections
6813 --protocol-timeout PROTOCOL_TIMEOUT
6816 Sets a timeout in seconds on how long to wait before stopping
6817 replication when the server is under load
6818 --wait-async-results WAIT_ASYNC_RESULTS
6821 Sets the amount of time in milliseconds the server waits if the
6822 consumer is not ready before resending data
6823 --busy-wait-time BUSY_WAIT_TIME
6826 Sets the amount of time in seconds a supplier should wait after
6827 a consumer sends back a busy response before making another at‐
6828 tempt to acquire access.
6829 --session-pause-time SESSION_PAUSE_TIME
6832 Sets the amount of time in seconds a supplier should wait be‐
6833 tween update sessions.
6834 --flow-control-window FLOW_CONTROL_WINDOW
6837 Sets the maximum number of entries and updates sent by a sup‐
6838 plier, which are not acknowledged by the consumer.
6839 --flow-control-pause FLOW_CONTROL_PAUSE
6842 Sets the time in milliseconds to pause after reaching the number
6843 of entries and updates set in "--flow-control-window"
6844 --bootstrap-bind-dn BOOTSTRAP_BIND_DN
6847 Sets an optional bind DN the agreement can use to bootstrap ini‐
6848 tialization when bind groups are being used
6849 --bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD
6852 Sets the bootstrap credentials for the bind DN
6853 --bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE
6856 File containing the password
6857 --bootstrap-bind-passwd-prompt
6860 File containing the password
6861 --bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL
6864 Sets the replication bootstrap connection protocol: LDAP, LDAPS,
6865 or StartTLS
6866 --bootstrap-bind-method BOOTSTRAP_BIND_METHOD
6869 Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH"
6870 --init Initializes the agreement after creating it
6873
6876 usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
6877 [--port PORT]
6878 [--conn-protocol CONN_PROTOCOL]
6879 [--bind-dn BIND_DN]
6880 [--bind-passwd BIND_PASSWD]
6881 [--bind-passwd-file
6882 BIND_PASSWD_FILE]
6883 [--bind-passwd-prompt]
6884 [--bind-method BIND_METHOD]
6885 [--frac-list FRAC_LIST]
6886 [--frac-list-total FRAC_LIST_TO‐
6887 TAL]
6888 [--strip-list STRIP_LIST]
6889 [--schedule SCHEDULE]
6890 [--conn-timeout CONN_TIMEOUT]
6891 [--protocol-timeout PROTOCOL_TIME‐
6892 OUT]
6893 [--wait-async-results
6894 WAIT_ASYNC_RESULTS]
6895 [--busy-wait-time BUSY_WAIT_TIME]
6896 [--session-pause-time SES‐
6897 SION_PAUSE_TIME]
6898 [--flow-control-window FLOW_CON‐
6899 TROL_WINDOW]
6900 [--flow-control-pause FLOW_CON‐
6901 TROL_PAUSE]
6902 [--bootstrap-bind-dn BOOT‐
6903 STRAP_BIND_DN]
6904 [--bootstrap-bind-passwd BOOT‐
6905 STRAP_BIND_PASSWD]
6906 [--bootstrap-bind-passwd-file
6907 BOOTSTRAP_BIND_PASSWD_FILE]
6908 [--bootstrap-bind-passwd-prompt]
6909 [--bootstrap-conn-protocol BOOT‐
6910 STRAP_CONN_PROTOCOL]
6911 [--bootstrap-bind-method BOOT‐
6912 STRAP_BIND_METHOD]
6913 AGMT_NAME
6914 AGMT_NAME
6917 The name of the replication agreement
6918
6921 --suffix SUFFIX
6922 Sets the DN of the replication suffix
6923 --host HOST
6926 Sets the hostname of the remote replica
6927 --port PORT
6930 Sets the port number of the remote replica
6931 --conn-protocol CONN_PROTOCOL
6934 Sets the replication connection protocol: LDAP, LDAPS, or Start‐
6935 TLS
6936 --bind-dn BIND_DN
6939 Sets the Bind DN the agreement uses to authenticate to the
6940 replica
6941 --bind-passwd BIND_PASSWD
6944 Sets the credentials for the bind DN
6945 --bind-passwd-file BIND_PASSWD_FILE
6948 File containing the password
6949 --bind-passwd-prompt
6952 Prompt for password
6953 --bind-method BIND_METHOD
6956 Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST",
6957 or "SASL/GSSAPI"
6958 --frac-list FRAC_LIST
6961 Sets a list of attributes to NOT replicate to the consumer dur‐
6962 ing incremental updates
6963 --frac-list-total FRAC_LIST_TOTAL
6966 Sets a list of attributes to NOT replicate during a total ini‐
6967 tialization
6968 --strip-list STRIP_LIST
6971 Sets a list of attributes that are removed from updates only if
6972 the event would otherwise be empty. Typically this is set to
6973 "modifiersname" and "modifytimestmap"
6974 --schedule SCHEDULE
6977 Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D =
6978 0-6 (Sunday - Saturday).
6979 --conn-timeout CONN_TIMEOUT
6982 Sets the timeout used for replication connections
6983 --protocol-timeout PROTOCOL_TIMEOUT
6986 Sets a timeout in seconds on how long to wait before stopping
6987 replication when the server is under load
6988 --wait-async-results WAIT_ASYNC_RESULTS
6991 Sets the amount of time in milliseconds the server waits if the
6992 consumer is not ready before resending data
6993 --busy-wait-time BUSY_WAIT_TIME
6996 Sets the amount of time in seconds a supplier should wait after
6997 a consumer sends back a busy response before making another at‐
6998 tempt to acquire access.
6999 --session-pause-time SESSION_PAUSE_TIME
7002 Sets the amount of time in seconds a supplier should wait be‐
7003 tween update sessions.
7004 --flow-control-window FLOW_CONTROL_WINDOW
7007 Sets the maximum number of entries and updates sent by a sup‐
7008 plier, which are not acknowledged by the consumer.
7009 --flow-control-pause FLOW_CONTROL_PAUSE
7012 Sets the time in milliseconds to pause after reaching the number
7013 of entries and updates set in "--flow-control-window"
7014 --bootstrap-bind-dn BOOTSTRAP_BIND_DN
7017 Sets an optional bind DN the agreement can use to bootstrap ini‐
7018 tialization when bind groups are being used
7019 --bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD
7022 sets the bootstrap credentials for the bind DN
7023 --bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE
7026 File containing the password
7027 --bootstrap-bind-passwd-prompt
7030 Prompt for password
7031 --bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL
7034 Sets the replication bootstrap connection protocol: LDAP, LDAPS,
7035 or StartTLS
7036 --bootstrap-bind-method BOOTSTRAP_BIND_METHOD
7039 Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH"
7040
7043 usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME
7044 AGMT_NAME
7047 The suffix DN for which to display the replication configuration
7048
7051 --suffix SUFFIX
7052 Sets the DN of the replication suffix
7053
7056 usage: dsconf instance repl-winsync-agmt [-h]
7057 {list,enable,dis‐
7058 able,init,init-status,poke,status,delete,create,set,get}
7059 ...
7060
7063 dsconf repl-winsync-agmt list
7064 List all the replication winsync agreements
7065 dsconf repl-winsync-agmt enable
7067 Enable replication winsync agreement
7068 dsconf repl-winsync-agmt disable
7070 Disable replication winsync agreement
7071 dsconf repl-winsync-agmt init
7073 Initialize replication winsync agreement
7074 dsconf repl-winsync-agmt init-status
7076 Check the agreement initialization status
7077 dsconf repl-winsync-agmt poke
7079 Trigger replication to send updates now
7080 dsconf repl-winsync-agmt status
7082 Display the current status of the replication agreement
7083 dsconf repl-winsync-agmt delete
7085 Delete replication winsync agreement
7086 dsconf repl-winsync-agmt create
7088 Initialize replication winsync agreement
7089 dsconf repl-winsync-agmt set
7091 Set an attribute in the replication winsync agreement
7092 dsconf repl-winsync-agmt get
7094 Display replication configuration
7095
7098 usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX
7099
7102 --suffix SUFFIX
7103 Sets the DN of the suffix to look up replication winsync agree‐
7104 ments
7105
7108 usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX
7109 AGMT_NAME
7110 AGMT_NAME
7113 The name of the replication winsync agreement
7114
7117 --suffix SUFFIX
7118 Sets the DN of the replication winsync suffix
7119
7122 usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
7123 AGMT_NAME
7124 AGMT_NAME
7127 The name of the replication winsync agreement
7128
7131 --suffix SUFFIX
7132 Sets the DN of the replication winsync suffix
7133
7136 usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX
7137 AGMT_NAME
7138 AGMT_NAME
7141 The name of the replication winsync agreement
7142
7145 --suffix SUFFIX
7146 Sets the DN of the replication winsync suffix
7147
7150 usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUF‐
7151 FIX
7152 AGMT_NAME
7153 AGMT_NAME
7156 The name of the replication agreement
7157
7160 --suffix SUFFIX
7161 Sets the DN of the replication suffix
7162
7165 usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX
7166 AGMT_NAME
7167 AGMT_NAME
7170 The name of the replication winsync agreement
7171
7174 --suffix SUFFIX
7175 Sets the DN of the replication winsync suffix
7176
7179 usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX
7180 AGMT_NAME
7181 AGMT_NAME
7184 The name of the replication agreement
7185
7188 --suffix SUFFIX
7189 Sets the DN of the replication suffix
7190
7193 usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX
7194 AGMT_NAME
7195 AGMT_NAME
7198 The name of the replication winsync agreement
7199
7202 --suffix SUFFIX
7203 Sets the DN of the replication winsync suffix
7204
7207 usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX
7208 --host
7209 HOST --port PORT
7210 --conn-protocol
7211 CONN_PROTOCOL
7212 --bind-dn BIND_DN
7213 [--bind-passwd
7214 BIND_PASSWD]
7215 [--bind-passwd-file
7216 BIND_PASSWD_FILE]
7217 [--bind-passwd-prompt]
7218 [--frac-list FRAC_LIST]
7219 [--schedule SCHEDULE]
7220 --win-subtree WIN_SUB‐
7221 TREE
7222 --ds-subtree DS_SUBTREE
7223 --win-domain WIN_DOMAIN
7224 [--sync-users
7225 SYNC_USERS]
7226 [--sync-groups
7227 SYNC_GROUPS]
7228 [--sync-interval
7229 SYNC_INTERVAL]
7230 [--one-way-sync
7231 ONE_WAY_SYNC]
7232 [--move-action MOVE_AC‐
7233 TION]
7234 [--win-filter WIN_FIL‐
7235 TER]
7236 [--ds-filter DS_FILTER]
7237 [--subtree-pair SUB‐
7238 TREE_PAIR]
7239 [--conn-timeout
7240 CONN_TIMEOUT]
7241 [--busy-wait-time
7242 BUSY_WAIT_TIME]
7243 [--session-pause-time
7244 SESSION_PAUSE_TIME]
7245 [--flatten-tree]
7246 [--init]
7247 AGMT_NAME
7248 AGMT_NAME
7251 The name of the replication winsync agreement
7252
7255 --suffix SUFFIX
7256 Sets the DN of the replication winsync suffix
7257 --host HOST
7260 Sets the hostname of the AD server
7261 --port PORT
7264 Sets the port number of the AD server
7265 --conn-protocol CONN_PROTOCOL
7268 Sets the replication winsync connection protocol: LDAP, LDAPS,
7269 or StartTLS
7270 --bind-dn BIND_DN
7273 Sets the bind DN the agreement uses to authenticate to the AD
7274 Server
7275 --bind-passwd BIND_PASSWD
7278 Sets the credentials for the Bind DN
7279 --bind-passwd-file BIND_PASSWD_FILE
7282 File containing the password
7283 --bind-passwd-prompt
7286 Prompt for password
7287 --frac-list FRAC_LIST
7290 Sets a list of attributes to NOT replicate to the consumer dur‐
7291 ing incremental updates
7292 --schedule SCHEDULE
7295 Sets the replication update schedule
7296 --win-subtree WIN_SUBTREE
7299 Sets the suffix of the AD Server
7300 --ds-subtree DS_SUBTREE
7303 Sets the Directory Server suffix
7304 --win-domain WIN_DOMAIN
7307 Sets the AD Domain
7308 --sync-users SYNC_USERS
7311 Synchronizes users between AD and DS
7312 --sync-groups SYNC_GROUPS
7315 Synchronizes groups between AD and DS
7316 --sync-interval SYNC_INTERVAL
7319 Sets the interval that DS checks AD for changes in entries
7320 --one-way-sync ONE_WAY_SYNC
7323 Sets which direction to perform synchronization: "toWindows", or
7324 "fromWindows". By default sync occurs in both directions.
7325 --move-action MOVE_ACTION
7328 Sets instructions on how to handle moved or deleted entries:
7329 "none", "unsync", or "delete"
7330 --win-filter WIN_FILTER
7333 Sets a custom filter for finding users in AD Server
7334 --ds-filter DS_FILTER
7337 Sets a custom filter for finding AD users in DS
7338 --subtree-pair SUBTREE_PAIR
7341 Sets the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
7342 --conn-timeout CONN_TIMEOUT
7345 Sets the timeout used for replicaton connections
7346 --busy-wait-time BUSY_WAIT_TIME
7349 Sets the amount of time in seconds a supplier should wait after
7350 a consumer sends back a busy response before making another at‐
7351 tempt to acquire access
7352 --session-pause-time SESSION_PAUSE_TIME
7355 Sets the amount of time in seconds a supplier should wait be‐
7356 tween update sessions
7357 --flatten-tree
7360 By default, the tree structure of AD is preserved into 389. This
7361 MAY cause replication to fail in some cases, as you may need to
7362 create missing OU's to recreate the same treestructure. This
7363 setting when enabled, removes the tree structure of AD and flat‐
7364 tens all entries into the ds-subtree. This does NOT affect or
7365 change the tree structure of the AD directory.
7366 --init Initializes the agreement after creating it
7369
7372 usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
7373 [--host HOST] [--port
7374 PORT]
7375 [--conn-protocol CONN_PRO‐
7376 TOCOL]
7377 [--bind-dn BIND_DN]
7378 [--bind-passwd
7379 BIND_PASSWD]
7380 [--bind-passwd-file
7381 BIND_PASSWD_FILE]
7382 [--bind-passwd-prompt]
7383 [--frac-list FRAC_LIST]
7384 [--schedule SCHEDULE]
7385 [--win-subtree WIN_SUB‐
7386 TREE]
7387 [--ds-subtree DS_SUBTREE]
7388 [--win-domain WIN_DOMAIN]
7389 [--sync-users SYNC_USERS]
7390 [--sync-groups
7391 SYNC_GROUPS]
7392 [--sync-interval SYNC_IN‐
7393 TERVAL]
7394 [--one-way-sync
7395 ONE_WAY_SYNC]
7396 [--move-action MOVE_AC‐
7397 TION]
7398 [--win-filter WIN_FILTER]
7399 [--ds-filter DS_FILTER]
7400 [--subtree-pair SUB‐
7401 TREE_PAIR]
7402 [--conn-timeout CONN_TIME‐
7403 OUT]
7404 [--busy-wait-time
7405 BUSY_WAIT_TIME]
7406 [--session-pause-time SES‐
7407 SION_PAUSE_TIME]
7408 AGMT_NAME
7409 AGMT_NAME
7412 The name of the replication winsync agreement
7413
7416 --suffix SUFFIX
7417 Sets the DN of the replication winsync suffix
7418 --host HOST
7421 Sets the hostname of the AD server
7422 --port PORT
7425 Sets the port number of the AD server
7426 --conn-protocol CONN_PROTOCOL
7429 Sets the replication winsync connection protocol: LDAP, LDAPS,
7430 or StartTLS
7431 --bind-dn BIND_DN
7434 Sets the bind DN the agreement uses to authenticate to the AD
7435 Server
7436 --bind-passwd BIND_PASSWD
7439 Sets the credentials for the Bind DN
7440 --bind-passwd-file BIND_PASSWD_FILE
7443 File containing the password
7444 --bind-passwd-prompt
7447 Prompt for password
7448 --frac-list FRAC_LIST
7451 Sets a list of attributes to NOT replicate to the consumer dur‐
7452 ing incremental updates
7453 --schedule SCHEDULE
7456 Sets the replication update schedule
7457 --win-subtree WIN_SUBTREE
7460 Sets the suffix of the AD Server
7461 --ds-subtree DS_SUBTREE
7464 Sets the Directory Server suffix
7465 --win-domain WIN_DOMAIN
7468 Sets the AD Domain
7469 --sync-users SYNC_USERS
7472 Synchronizes users between AD and DS
7473 --sync-groups SYNC_GROUPS
7476 Synchronizes groups between AD and DS
7477 --sync-interval SYNC_INTERVAL
7480 Sets the interval that DS checks AD for changes in entries
7481 --one-way-sync ONE_WAY_SYNC
7484 Sets which direction to perform synchronization: "toWindows", or
7485 "fromWindows". By default sync occurs in both directions.
7486 --move-action MOVE_ACTION
7489 Sets instructions on how to handle moved or deleted entries:
7490 "none", "unsync", or "delete"
7491 --win-filter WIN_FILTER
7494 Sets a custom filter for finding users in AD Server
7495 --ds-filter DS_FILTER
7498 Sets a custom filter for finding AD users in DS
7499 --subtree-pair SUBTREE_PAIR
7502 Sets the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>
7503 --conn-timeout CONN_TIMEOUT
7506 Sets the timeout used for replicaton connections
7507 --busy-wait-time BUSY_WAIT_TIME
7510 Sets the amount of time in seconds a supplier should wait after
7511 a consumer sends back a busy response before making another at‐
7512 tempt to acquire access
7513 --session-pause-time SESSION_PAUSE_TIME
7516 Sets the amount of time in seconds a supplier should wait be‐
7517 tween update sessions
7518
7521 usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX
7522 AGMT_NAME
7523 AGMT_NAME
7526 The suffix DN for the replication configuration to display
7527
7530 --suffix SUFFIX
7531 Sets the DN of the replication suffix
7532
7535 usage: dsconf instance repl-tasks [-h]
7536 {cleanallruv,list-clean‐
7537 ruv-tasks,abort-cleanallruv,list-abortruv-tasks}
7538 ...
7539
7542 dsconf repl-tasks cleanallruv
7543 Cleanup old/removed replica IDs
7544 dsconf repl-tasks list-cleanruv-tasks
7546 List all the running CleanAllRUV tasks
7547 dsconf repl-tasks abort-cleanallruv
7549 Abort cleanallruv tasks
7550 dsconf repl-tasks list-abortruv-tasks
7552 List all the running CleanAllRUV abort tasks
7553
7556 usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
7557 --replica-id REPLICA_ID
7558 [--force-cleaning]
7559
7562 --suffix SUFFIX
7563 Sets the Directory Server suffix
7564 --replica-id REPLICA_ID
7567 Sets the replica ID to remove/clean
7568 --force-cleaning
7571 Ignores errors and make a best attempt to clean all replicas
7572
7575 usage: dsconf instance repl-tasks list-cleanruv-tasks [-h] [--suffix
7576 SUFFIX]
7577
7580 --suffix SUFFIX
7581 Lists only tasks for the specified suffix
7582
7585 usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUF‐
7586 FIX
7587 --replica-id
7588 REPLICA_ID
7589 [--certify]
7590
7593 --suffix SUFFIX
7594 Sets the Directory Server suffix
7595 --replica-id REPLICA_ID
7598 Sets the replica ID of the cleaning task to abort
7599 --certify
7602 Enforces that the abort task completed on all replicas
7603
7606 usage: dsconf instance repl-tasks list-abortruv-tasks [-h] [--suffix
7607 SUFFIX]
7608
7611 --suffix SUFFIX
7612 Lists only tasks for the specified suffix
7613
7616 usage: dsconf instance sasl [-h]
7617 {list,get-mechs,get-avail‐
7618 able-mechs,get,create,delete}
7619 ...
7620
7623 dsconf sasl list
7624 Display available SASL mappings
7625 dsconf sasl get-mechs
7627 Display the SASL mechanisms that the server will accept
7628 dsconf sasl get-available-mechs
7630 Display the SASL mechanisms that are available to the server
7631 dsconf sasl get
7633 Displays SASL mappings
7634 dsconf sasl create
7636 Create a SASL mapping
7637 dsconf sasl delete
7639 Deletes the SASL object
7640
7643 usage: dsconf instance sasl list [-h] [--details]
7644
7647 --details
7648 Displays each SASL mapping in detail
7649
7652 usage: dsconf instance sasl get-mechs [-h]
7653
7656 usage: dsconf instance sasl get-available-mechs [-h]
7657
7660 usage: dsconf instance sasl get [-h] [selector]
7661 selector
7664 The SASL mapping name to display
7665
7668 usage: dsconf instance sasl create [-h] [--cn [CN]]
7669 [--nsSaslMapRegexString
7670 [NSSASLMAPREGEXSTRING]]
7671 [--nsSaslMapBaseDNTemplate
7672 [NSSASLMAPBASEDNTEMPLATE]]
7673 [--nsSaslMapFilterTemplate
7674 [NSSASLMAPFILTERTEMPLATE]]
7675 [--nsSaslMapPriority [NSSASLMAPPRI‐
7676 ORITY]]
7677
7680 --cn [CN]
7681 Value of cn
7682 --nsSaslMapRegexString [NSSASLMAPREGEXSTRING]
7685 Value of nsSaslMapRegexString
7686 --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]
7689 Value of nsSaslMapBaseDNTemplate
7690 --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]
7693 Value of nsSaslMapFilterTemplate
7694 --nsSaslMapPriority [NSSASLMAPPRIORITY]
7697 Value of nsSaslMapPriority
7698
7701 usage: dsconf instance sasl delete [-h] map_name
7702 map_name
7705 The SASL mapping name ("cn" value)
7706
7709 usage: dsconf instance security [-h]
7710 {set,get,enable,disable,dis‐
7711 able_plain_port,certificate,ca-certificate,rsa,ciphers,csr,key,ex‐
7712 port-cert}
7713 ...
7714
7717 dsconf security set
7718 Set general security options
7719 dsconf security get
7721 Display general security options
7722 dsconf security enable
7724 Enable security
7725 dsconf security disable
7727 Disable security
7728 dsconf security disable_plain_port
7730 Disables the plain text LDAP port, allowing only LDAPS to func‐
7731 tion
7732 dsconf security certificate
7734 Manage TLS certificates
7735 dsconf security ca-certificate
7737 Manage TLS certificate authorities
7738 dsconf security rsa
7740 Query and update RSA security options
7741 dsconf security ciphers
7743 Manage secure ciphers
7744 dsconf security csr
7746 Manage certificate signing requests
7747 dsconf security key
7749 Manage keys in NSS DB
7750 dsconf security export-cert
7752 Export a certificate to PEM or DER/Binary format. PEM format is
7753 the default
7754
7757 usage: dsconf instance security set [-h] [--security SECURITY]
7758 [--listen-host LISTEN_HOST]
7759 [--secure-port SECURE_PORT]
7760 [--tls-client-auth TLS_CLIENT_AUTH]
7761 [--tls-client-renegotiation
7762 TLS_CLIENT_RENEGOTIATION]
7763 [--require-secure-authentication
7764 REQUIRE_SECURE_AUTHENTICATION]
7765 [--check-hostname CHECK_HOSTNAME]
7766 [--verify-cert-chain-on-startup
7767 VERIFY_CERT_CHAIN_ON_STARTUP]
7768 [--session-timeout SESSION_TIMEOUT]
7769 [--tls-protocol-min TLS_PROTO‐
7770 COL_MIN]
7771 [--tls-protocol-max TLS_PROTO‐
7772 COL_MAX]
7773 [--allow-insecure-ciphers ALLOW_IN‐
7774 SECURE_CIPHERS]
7775 [--allow-weak-dh-param AL‐
7776 LOW_WEAK_DH_PARAM]
7777 [--cipher-pref CIPHER_PREF]
7778 Use this command for setting security related options located in
7780 cn=config and cn=encryption,cn=config.
7781 To enable/disable security you can use enable and disable commands in‐
7783 stead.
7784
7787 --security SECURITY
7788 Enables or disables security (nsslapd-security)
7789 --listen-host LISTEN_HOST
7792 Sets the host or IP address to listen on for LDAPS (nsslapd-se‐
7793 curelistenhost)
7794 --secure-port SECURE_PORT
7797 Sets the port for LDAPS to listen on (nsslapd-securePort)
7798 --tls-client-auth TLS_CLIENT_AUTH
7801 Configures client authentication requirement (nsSSLClientAuth)
7802 --tls-client-renegotiation TLS_CLIENT_RENEGOTIATION
7805 Allows client TLS renegotiation (nsTLSAllowClientRenegotiation)
7806 --require-secure-authentication REQUIRE_SECURE_AUTHENTICATION
7809 Configures whether binds over LDAPS, StartTLS, or SASL are re‐
7810 quired (nsslapd- require-secure-binds)
7811 --check-hostname CHECK_HOSTNAME
7814 Checks the subject of remote certificate against the hostname
7815 (nsslapd-ssl- check-hostname)
7816 --verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP
7819 Validates the server certificate during startup (nsslapd-vali‐
7820 date-cert)
7821 --session-timeout SESSION_TIMEOUT
7824 Sets the secure session timeout (nsSSLSessionTimeout)
7825 --tls-protocol-min TLS_PROTOCOL_MIN
7828 Sets the minimal allowed secure protocol version (sslVersionMin)
7829 --tls-protocol-max TLS_PROTOCOL_MAX
7832 Sets the maximal allowed secure protocol version (sslVersionMax)
7833 --allow-insecure-ciphers ALLOW_INSECURE_CIPHERS
7836 Allows weak ciphers for legacy use (allowWeakCipher)
7837 --allow-weak-dh-param ALLOW_WEAK_DH_PARAM
7840 Allows short DH params for legacy use (allowWeakDHParam)
7841 --cipher-pref CIPHER_PREF
7844 Directly sets the nsSSL3Ciphers attribute. It is a comma-sepa‐
7845 rated list of cipher names (prefixed with + or -), optionally
7846 including +all or -all. The attribute may optionally be prefixed
7847 by keyword "default". Please refer to documentation of the at‐
7848 tribute for a more detailed description. (nsSSL3Ciphers)
7849
7852 usage: dsconf instance security get [-h]
7853
7856 usage: dsconf instance security enable [-h] [--cert-name CERT_NAME]
7857 If missing, create security database, then turn on security functional‐
7859 ity. Please note this is usually not enough for TLS connections to work
7860 - proper setup of CA and server certificate is necessary.
7861
7864 --cert-name CERT_NAME
7865 Sets the name of the certificate the server should use
7866
7869 usage: dsconf instance security disable [-h]
7870 Turn off security functionality. The rest of the configuration will be
7872 left untouched.
7873
7876 usage: dsconf instance security disable_plain_port [-h]
7877
7880 usage: dsconf instance security certificate [-h]
7881 {add,set-trust-flags,del,get,list}
7882 ...
7883
7886 dsconf security certificate add
7887 Add a server certificate
7888 dsconf security certificate set-trust-flags
7890 Set the Trust flags
7891 dsconf security certificate del
7893 Delete a certificate
7894 dsconf security certificate get
7896 Display a server certificate's information
7897 dsconf security certificate list
7899 List the server certificates
7900
7903 usage: dsconf instance security certificate add [-h] --file FILE --name
7904 NAME
7905 [--primary-cert]
7906 Add a server certificate to the NSS database
7908
7911 --file FILE
7912 Sets the file name of the certificate
7913 --name NAME
7916 Sets the name/nickname of the certificate
7917 --primary-cert
7920 Sets this certificate as the server's certificate
7921
7924 usage: dsconf instance security certificate set-trust-flags
7925 [-h] --flags FLAGS name
7926 Change the trust flags of a server certificate
7928 name The name/nickname of the certificate
7931
7934 --flags FLAGS
7935 Sets the trust flags for the server certificate
7936
7939 usage: dsconf instance security certificate del [-h] name
7940 Delete a certificate from the NSS database
7942 name The name/nickname of the certificate
7945
7948 usage: dsconf instance security certificate get [-h] name
7949 Displays detailed information about a certificate, such as trust at‐
7951 tributes, expiration dates, Subject and Issuer DNs
7952 name Set the name/nickname of the certificate
7955
7958 usage: dsconf instance security certificate list [-h]
7959 Lists the server certificates in the NSS database
7961
7964 usage: dsconf instance security ca-certificate [-h]
7965 {add,set-trust-flags,del,get,list}
7966 ...
7967
7970 dsconf security ca-certificate add
7971 Add a Certificate Authority
7972 dsconf security ca-certificate set-trust-flags
7974 Set the Trust flags
7975 dsconf security ca-certificate del
7977 Delete a certificate
7978 dsconf security ca-certificate get
7980 Displays a Certificate Authority's information
7981 dsconf security ca-certificate list
7983 List the Certificate Authorities
7984
7987 usage: dsconf instance security ca-certificate add [-h] --file FILE
7988 --name
7989 NAME [NAME ...]
7990 Add a Certificate Authority to the NSS database
7992
7995 --file FILE
7996 Sets the file name of the CA certificate
7997 --name NAME [NAME ...]
8000 Sets the name/nickname of the CA certificate, if adding a PEM
8001 bundle then specify multiple names one for each certificate,
8002 otherwise a number increment will be added to the previous name.
8003
8006 usage: dsconf instance security ca-certificate set-trust-flags
8007 [-h] --flags FLAGS name
8008 Change the trust attributes of a CA certificate. Certificate Authori‐
8010 ties typically use "CT,,"
8011 name The name/nickname of the CA certificate
8014
8017 --flags FLAGS
8018 Sets the trust flags for the CA certificate
8019
8022 usage: dsconf instance security ca-certificate del [-h] name
8023 Delete a CA certificate from the NSS database
8025 name The name/nickname of the CA certificate
8028
8031 usage: dsconf instance security ca-certificate get [-h] name
8032 Get detailed information about a CA certificate, like trust attributes,
8034 expiration dates, Subject and Issuer DN
8035 name The name/nickname of the CA certificate
8038
8041 usage: dsconf instance security ca-certificate list [-h]
8042 List the CA certificates in the NSS database
8044
8047 usage: dsconf instance security rsa [-h] {set,get,enable,disable} ...
8048
8051 dsconf security rsa set
8052 Set RSA security options
8053 dsconf security rsa get
8055 Get RSA security options
8056 dsconf security rsa enable
8058 Enable RSA
8059 dsconf security rsa disable
8061 Disable RSA
8062
8065 usage: dsconf instance security rsa set [-h]
8066 [--tls-allow-rsa-certificates
8067 TLS_ALLOW_RSA_CERTIFICATES]
8068 [--nss-cert-name NSS_CERT_NAME]
8069 [--nss-token NSS_TOKEN]
8070 Use this command for setting RSA (private key) related options located
8072 in cn=RSA,cn=encryption,cn=config.
8073 To enable/disable RSA you can use enable and disable commands instead.
8075
8078 --tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES
8079 Activates the use of RSA certificates (nsSSLActivation)
8080 --nss-cert-name NSS_CERT_NAME
8083 Sets the server certificate name in NSS DB (nsSSLPersonalitySSL)
8084 --nss-token NSS_TOKEN
8087 Sets the security token name (module of NSS DB) (nsSSLToken)
8088
8091 usage: dsconf instance security rsa get [-h]
8092
8095 usage: dsconf instance security rsa enable [-h]
8096
8099 usage: dsconf instance security rsa disable [-h]
8100
8103 usage: dsconf instance security ciphers [-h] {enable,dis‐
8104 able,get,set,list} ...
8105
8108 dsconf security ciphers enable
8109 Enable ciphers
8110 dsconf security ciphers disable
8112 Disable ciphers
8113 dsconf security ciphers get
8115 Get ciphers attribute
8116 dsconf security ciphers set
8118 Set ciphers attribute
8119 dsconf security ciphers list
8121 List ciphers
8122
8125 usage: dsconf instance security ciphers enable [-h] cipher [cipher ...]
8126 Use this command to enable specific ciphers.
8128 cipher
8131
8134 usage: dsconf instance security ciphers disable [-h] cipher [cipher
8135 ...]
8136 Use this command to disable specific ciphers.
8138 cipher
8141
8144 usage: dsconf instance security ciphers get [-h]
8145 Use this command to get contents of nsSSL3Ciphers attribute.
8147
8150 usage: dsconf instance security ciphers set [-h] cipher-string
8151 Use this command to directly set nsSSL3Ciphers attribute. It is a comma
8153 separated list of cipher names (prefixed with + or -), optionally in‐
8154 cluding +all or -all. The attribute may optionally be set to keyword
8155 default. Please refer to documentation of the attribute for a more de‐
8156 tailed description.
8157 cipher-string
8160
8163 usage: dsconf instance security ciphers list [-h]
8164 [--enabled | --supported |
8165 --disabled]
8166 List secure ciphers. Without arguments, list ciphers as configured in
8168 nsSSL3Ciphers attribute.
8169
8172 --enabled
8173 Lists only enabled ciphers
8174 --supported
8177 Lists only supported ciphers
8178 --disabled
8181 Lists only supported ciphers but without enabled ciphers
8182
8185 usage: dsconf instance security csr [-h] {list,get,req,del} ...
8186
8189 dsconf security csr list
8190 List CSRs
8191 dsconf security csr get
8193 Display CSR content
8194 dsconf security csr req
8196 Generate a Certificate Signing Request
8197 dsconf security csr del
8199 Delete a CSR file
8200
8203 usage: dsconf instance security csr list [-h] [--path PATH]
8204 List all CSR files in instance configuration directiory
8206
8209 --path PATH, -p PATH
8210 Directory contanining CSR file
8211
8214 usage: dsconf instance security csr get [-h] name
8215 Displays the contents of a CSR, which can be used for submittal to CA
8217 name Name of the CSR file to display
8220
8223 usage: dsconf instance security csr req [-h] --subject SUBJECT --name
8224 NAME
8225 [alt_names ...]
8226 Generate a CSR that can be submitted to a CA for verification
8228 alt_names
8231 CSR alternative names. These are auto-detected if not provided
8232
8235 --subject SUBJECT, -s SUBJECT
8236 Subject field
8237 --name NAME, -n NAME
8240 Name
8241
8244 usage: dsconf instance security csr del [-h] name
8245 Delete a CSR file
8247 name Name of the CSR file to delete
8250
8253 usage: dsconf instance security key [-h] {list,del} ...
8254
8257 dsconf security key list
8258 List all keys in NSS DB
8259 dsconf security key del
8261 Delete a key from NSS DB
8262
8265 usage: dsconf instance security key list [-h] [--orphan]
8266
8269 --orphan
8270 List orphan keys (An orphan key is a private key in the NSS DB
8271 for which there is NO cert with the corresponding public key).
8272 An orphan key is created during CSR generation, when the associ‐
8273 ated certificate is imported into the NSS DB, its orphan state
8274 will be removed.
8275
8278 usage: dsconf instance security key del [-h] key_id
8279 Remove a key from the NSS DB. Make sure the key is not in use before
8281 you delete
8282 key_id This is the key ID displayed when listing keys
8285
8288 usage: dsconf instance security export-cert [-h] [--binary-format]
8289 [--output-file OUTPUT_FILE]
8290 nickname
8291 nickname
8294 The name of the certificate to export
8295
8298 --binary-format
8299 Export certificate in DER/binary format
8300 --output-file OUTPUT_FILE
8303 The name for the exported certificate. Default name is the cer‐
8304 tificate nickname with an extension of ".pem" or ".crt"
8305
8308 usage: dsconf instance schema [-h]
8309 {list,attributetypes,objectclasses,match‐
8310 ingrules,reload,validate-syntax,import-openldap-file}
8311 ...
8312
8315 dsconf schema list
8316 List all schema objects on this system
8317 dsconf schema attributetypes
8319 Work with attribute types on this system
8320 dsconf schema objectclasses
8322 Work with objectClasses on this system
8323 dsconf schema matchingrules
8325 Work with matching rules on this system
8326 dsconf schema reload
8328 Dynamically reload schema while server is running
8329 dsconf schema validate-syntax
8331 Run a task to check that all attributes in an entry have the
8332 correct syntax
8333 dsconf schema import-openldap-file
8335 Import an openldap formatted dynamic schema ldifs. These will
8336 contain values like olcAttributeTypes and olcObjectClasses.
8337
8340 usage: dsconf instance schema list [-h]
8341
8344 usage: dsconf instance schema attributetypes [-h]
8345 {get_syn‐
8346 taxes,list,query,add,replace,remove}
8347 ...
8348
8351 dsconf schema attributetypes get_syntaxes
8352 List all available attribute type syntaxes
8353 dsconf schema attributetypes list
8355 List available attribute types on this system
8356 dsconf schema attributetypes query
8358 Query an attribute to determine object classes that may or must
8359 take it
8360 dsconf schema attributetypes add
8362 Add an attribute type to this system
8363 dsconf schema attributetypes replace
8365 Replace an attribute type on this system
8366 dsconf schema attributetypes remove
8368 Remove an attribute type on this system
8369
8372 usage: dsconf instance schema attributetypes get_syntaxes [-h]
8373
8376 usage: dsconf instance schema attributetypes list [-h]
8377
8380 usage: dsconf instance schema attributetypes query [-h] [name]
8381 name Attribute type to query
8384
8387 usage: dsconf instance schema attributetypes add [-h] [--oid OID]
8388 [--desc DESC]
8389 [--x-origin X_ORIGIN]
8390 [--aliases ALIASES
8391 [ALIASES ...]]
8392 [--single-value]
8393 [--multi-value]
8394 [--no-user-mod]
8395 [--user-mod]
8396 [--equality EQUALITY]
8397 [--substr SUBSTR]
8398 [--ordering ORDERING]
8399 [--usage USAGE] [--sup
8400 SUP]
8401 --syntax SYNTAX
8402 name
8403 name NAME of the object
8406
8409 --oid OID
8410 OID assigned to the object
8411 --desc DESC
8414 Description text(DESC) of the object
8415 --x-origin X_ORIGIN
8418 Provides information about where the attribute type is defined
8419 --aliases ALIASES [ALIASES ...]
8422 Additional NAMEs of the object.
8423 --single-value
8426 True if the matching rule must have only one valueOnly one of
8427 the flags this or --multi-value should be specified
8428 --multi-value
8431 True if the matching rule may have multiple values (default)Only
8432 one of the flags this or --single-value should be specified
8433 --no-user-mod
8436 True if the attribute is not modifiable by a client applica‐
8437 tionOnly one of the flags this or --user-mod should be specified
8438 --user-mod
8441 True if the attribute is modifiable by a client application (de‐
8442 fault)Only one of the flags this or --no-user-mode should be
8443 specified
8444 --equality EQUALITY
8447 NAME or OID of the matching rule used for checkingwhether attri‐
8448 bute values are equal
8449 --substr SUBSTR
8452 NAME or OID of the matching rule used for checkingwhether an at‐
8453 tribute value contains another value
8454 --ordering ORDERING
8457 NAME or OID of the matching rule used for checkingwhether attri‐
8458 bute values are lesser - equal than
8459 --usage USAGE
8462 The flag indicates how the attribute type is to be used. Choose
8463 from the list: userApplications (default), directoryOperation,
8464 distributedOperation, dSAOperation
8465 --sup SUP
8468 The NAME or OID of attribute type this attribute type is derived
8469 from
8470 --syntax SYNTAX
8473 OID of the LDAP syntax assigned to the attribute
8474
8477 usage: dsconf instance schema attributetypes replace [-h] [--oid OID]
8478 [--desc DESC]
8479 [--x-origin X_ORI‐
8480 GIN]
8481 [--aliases ALIASES
8482 [ALIASES ...]]
8483 [--single-value]
8484 [--multi-value]
8485 [--no-user-mod]
8486 [--user-mod]
8487 [--equality EQUAL‐
8488 ITY]
8489 [--substr SUBSTR]
8490 [--ordering ORDER‐
8491 ING]
8492 [--usage USAGE]
8493 [--sup SUP]
8494 [--syntax SYNTAX]
8495 name
8496 name NAME of the object
8499
8502 --oid OID
8503 OID assigned to the object
8504 --desc DESC
8507 Description text(DESC) of the object
8508 --x-origin X_ORIGIN
8511 Provides information about where the attribute type is defined
8512 --aliases ALIASES [ALIASES ...]
8515 Additional NAMEs of the object.
8516 --single-value
8519 True if the matching rule must have only one valueOnly one of
8520 the flags this or --multi-value should be specified
8521 --multi-value
8524 True if the matching rule may have multiple values (default)Only
8525 one of the flags this or --single-value should be specified
8526 --no-user-mod
8529 True if the attribute is not modifiable by a client applica‐
8530 tionOnly one of the flags this or --user-mod should be specified
8531 --user-mod
8534 True if the attribute is modifiable by a client application (de‐
8535 fault)Only one of the flags this or --no-user-mode should be
8536 specified
8537 --equality EQUALITY
8540 NAME or OID of the matching rule used for checkingwhether attri‐
8541 bute values are equal
8542 --substr SUBSTR
8545 NAME or OID of the matching rule used for checkingwhether an at‐
8546 tribute value contains another value
8547 --ordering ORDERING
8550 NAME or OID of the matching rule used for checkingwhether attri‐
8551 bute values are lesser - equal than
8552 --usage USAGE
8555 The flag indicates how the attribute type is to be used. Choose
8556 from the list: userApplications (default), directoryOperation,
8557 distributedOperation, dSAOperation
8558 --sup SUP
8561 The NAME or OID of attribute type this attribute type is derived
8562 from
8563 --syntax SYNTAX
8566 OID of the LDAP syntax assigned to the attribute
8567
8570 usage: dsconf instance schema attributetypes remove [-h] name
8571 name NAME of the object
8574
8577 usage: dsconf instance schema objectclasses [-h]
8578 {list,query,add,replace,re‐
8579 move}
8580 ...
8581
8584 dsconf schema objectclasses list
8585 List available objectClasses on this system
8586 dsconf schema objectclasses query
8588 Query an objectClass
8589 dsconf schema objectclasses add
8591 Add an objectClass to this system
8592 dsconf schema objectclasses replace
8594 Replace an objectClass on this system
8595 dsconf schema objectclasses remove
8597 Remove an objectClass on this system
8598
8601 usage: dsconf instance schema objectclasses list [-h]
8602
8605 usage: dsconf instance schema objectclasses query [-h] [name]
8606 name ObjectClass to query
8609
8612 usage: dsconf instance schema objectclasses add [-h] [--oid OID]
8613 [--desc DESC]
8614 [--x-origin X_ORIGIN]
8615 [--must MUST [MUST
8616 ...]]
8617 [--may MAY [MAY ...]]
8618 [--kind KIND]
8619 [--sup SUP [SUP ...]]
8620 name
8621 name NAME of the object
8624
8627 --oid OID
8628 OID assigned to the object
8629 --desc DESC
8632 Description text(DESC) of the object
8633 --x-origin X_ORIGIN
8636 Provides information about where the attribute type is defined
8637 --must MUST [MUST ...]
8640 NAMEs or OIDs of all attributes an entry of the object must have
8641 --may MAY [MAY ...]
8644 NAMEs or OIDs of additional attributes an entry of the object
8645 may have
8646 --kind KIND
8649 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8650 --sup SUP [SUP ...]
8653 NAME or OIDs of object classes this object is derived from
8654
8657 usage: dsconf instance schema objectclasses replace [-h] [--oid OID]
8658 [--desc DESC]
8659 [--x-origin X_ORI‐
8660 GIN]
8661 [--must MUST [MUST
8662 ...]]
8663 [--may MAY [MAY
8664 ...]]
8665 [--kind KIND]
8666 [--sup SUP [SUP
8667 ...]]
8668 name
8669 name NAME of the object
8672
8675 --oid OID
8676 OID assigned to the object
8677 --desc DESC
8680 Description text(DESC) of the object
8681 --x-origin X_ORIGIN
8684 Provides information about where the attribute type is defined
8685 --must MUST [MUST ...]
8688 NAMEs or OIDs of all attributes an entry of the object must have
8689 --may MAY [MAY ...]
8692 NAMEs or OIDs of additional attributes an entry of the object
8693 may have
8694 --kind KIND
8697 Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY
8698 --sup SUP [SUP ...]
8701 NAME or OIDs of object classes this object is derived from
8702
8705 usage: dsconf instance schema objectclasses remove [-h] name
8706 name NAME of the object
8709
8712 usage: dsconf instance schema matchingrules [-h] {list,query} ...
8713
8716 dsconf schema matchingrules list
8717 List available matching rules on this system
8718 dsconf schema matchingrules query
8720 Query a matching rule
8721
8724 usage: dsconf instance schema matchingrules list [-h]
8725
8728 usage: dsconf instance schema matchingrules query [-h] [name]
8729 name Matching rule to query
8732
8735 usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]
8736 [--timeout TIMEOUT]
8737
8740 -d SCHEMADIR, --schemadir SCHEMADIR
8741 directory where schema files are located
8742 --wait Wait for the reload task to complete
8745 --timeout TIMEOUT
8748 Set a timeout to wait for the reload task. Default is 120 sec‐
8749 onds
8750
8753 usage: dsconf instance schema validate-syntax [-h] [-f FILTER]
8754 [--timeout TIMEOUT]
8755 DN
8756 DN Base DN that contains entries to validate
8759
8762 -f FILTER, --filter FILTER
8763 Filter for entries to validate. If omitted, all entries with
8764 filter "(objectclass=*)" are validated
8765 --timeout TIMEOUT
8768 Set a timeout to wait for the validation task. Default is 120
8769 seconds
8770
8773 usage: dsconf instance schema import-openldap-file [-h] [--confirm]
8774 schema_file
8775 schema_file
8778 Path to the openldap dynamic schema ldif to import
8779
8782 --confirm
8783 Confirm that you want to apply these schema migration actions to
8784 the 389-ds instance. By default no actions are taken.
8785
8788 usage: dsconf instance repl-conflict [-h]
8789 {list,compare,delete,swap,con‐
8790 vert,list-glue,delete-glue,convert-glue}
8791 ...
8792
8795 dsconf repl-conflict list
8796 List conflict entries
8797 dsconf repl-conflict compare
8799 Compare the conflict entry with its valid counterpart
8800 dsconf repl-conflict delete
8802 Delete a conflict entry
8803 dsconf repl-conflict swap
8805 Replace the valid entry with the conflict entry
8806 dsconf repl-conflict convert
8808 Convert the conflict entry to a valid entry, while keeping the
8809 original valid entry counterpart. This requires that the con‐
8810 verted conflict entry have a new RDN value. For example:
8811 "cn=my_new_rdn_value".
8812 dsconf repl-conflict list-glue
8814 List replication glue entries
8815 dsconf repl-conflict delete-glue
8817 Delete the glue entry and its child entries
8818 dsconf repl-conflict convert-glue
8820 Convert the glue entry into a regular entry
8821
8824 usage: dsconf instance repl-conflict list [-h] suffix
8825 suffix Sets the backend name, or suffix, to look for conflict entries
8828
8831 usage: dsconf instance repl-conflict compare [-h] DN
8832 DN The DN of the conflict entry
8835
8838 usage: dsconf instance repl-conflict delete [-h] DN
8839 DN The DN of the conflict entry
8842
8845 usage: dsconf instance repl-conflict swap [-h] DN
8846 DN The DN of the conflict entry
8849
8852 usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN
8853 DN The DN of the conflict entry
8856
8859 --new-rdn NEW_RDN
8860 Sets the new RDN for the converted conflict entry. For example:
8861 "cn=my_new_rdn_value"
8862
8865 usage: dsconf instance repl-conflict list-glue [-h] suffix
8866 suffix The backend name, or suffix, to look for glue entries
8869
8872 usage: dsconf instance repl-conflict delete-glue [-h] DN
8873 DN The DN of the glue entry
8876
8879 usage: dsconf instance repl-conflict convert-glue [-h] DN
8880 DN The DN of the glue entry
8883
8886 -v, --verbose
8887 Display verbose operation tracing during command execution
8888 -D BINDDN, --binddn BINDDN
8891 The account to bind as for executing operations
8892 -w BINDPW, --bindpw BINDPW
8895 Password for the bind DN
8896 -W, --prompt
8899 Prompt for password of the bind DN
8900 -y PWDFILE, --pwdfile PWDFILE
8903 Specifies a file containing the password of the bind DN
8904 -b BASEDN, --basedn BASEDN
8907 Base DN (root naming context) of the instance to manage
8908 -Z, --starttls
8911 Connect with StartTLS
8912 -j, --json
8915 Return result in JSON object
8916
8919 Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
8920
8923 The latest version of lib389 may be downloaded from
8924 ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩
8925lib389 1.4.0.1 2023-10-07 DSCONF(8)