1DSCTL(8)                    Generated Python Manual                   DSCTL(8)
2
3
4

NAME

6       dsctl
7

SYNOPSIS

9       dsctl  [-h]  [-v]  [-j]  [-l] [instance] {restart,start,stop,status,re‐
10       move,db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ld‐
11       ifs,tls,healthcheck,get-nsstate,ldifgen,dsrc,cockpit,dblib} ...
12
13

POSITIONAL ARGUMENTS

15       dsctl restart
16              Restart  an instance of Directory Server, if it is running: else
17              start it.
18
19       dsctl start
20              Start an instance of Directory Server, if it  is  not  currently
21              running
22
23       dsctl stop
24              Stop an instance of Directory Server, if it is currently running
25
26       dsctl status
27              Check running status of an instance of Directory Server
28
29       dsctl remove
30              Destroy an instance of Directory Server, and remove all data.
31
32       dsctl db2index
33              Initialise  a reindex of the server database. The server must be
34              stopped for this to proceed.
35
36       dsctl db2bak
37              Initialise a BDB backup of the  database.  The  server  must  be
38              stopped for this to proceed.
39
40       dsctl db2ldif
41              Initialise  an  LDIF  dump  of  the database. The server must be
42              stopped for this to proceed.
43
44       dsctl dbverify
45              Perform a db verification. You should only do this at  direction
46              of support
47
48       dsctl bak2db
49              Restore a BDB backup of the database. The server must be stopped
50              for this to proceed.
51
52       dsctl ldif2db
53              Restore an LDIF dump of the database. The server must be stopped
54              for this to proceed.
55
56       dsctl backups
57              List backup's found in the server's default backup directory
58
59       dsctl ldifs
60              List all the LDIF files located in the server's LDIF directory
61
62       dsctl tls
63              Manage TLS certificates
64
65       dsctl healthcheck
66              Run  a  healthcheck report on a local Directory Server instance.
67              This is a safe and read-only operation.  Do not attempt  to  run
68              this  on  a remote Directory Server as this tool needs access to
69              local resources, otherwise the report may be inaccurate.
70
71       dsctl get-nsstate
72              Get the replication nsState in a human readable format
73
74              Replica DN:           The DN of  the  replication  configuration
75              entry  Replica  Suffix:        The replicated suffix Replica ID:
76              The Replica identifier Gen Time              The  time  the  CSN
77              generator  was  created Gen Time String:      The time string of
78              generator Gen as CSN:           The generation CSN Local Offset:
79              The  offset  due  to the local clock being set back Local Offset
80              String:  The offset  in  a  nice  human  format  Remote  Offset:
81              The  offset  due  to clock difference with remote systems Remote
82              Offset String: The offset in a  nice  human  format  Time  Skew:
83              The  time  skew  between  this server and its replicas Time Skew
84              String:     The time skew  in  a  nice  human  format  Seq  Num:
85              The  number  of  multiple  csns  within  a  second  System Time:
86              The local system time Diff in Seconds:      The time  difference
87              in  seconds  from  the  CSN  generator  creation  to now Diff in
88              days/secs:    The time difference broken up into days  and  sec‐
89              onds Endian:               Little/Big Endian
90
91       dsctl ldifgen
92              LDIF generator to make sample LDIF files for testing
93
94       dsctl dsrc
95              Manage the .dsrc file
96
97       dsctl cockpit
98              Enable the Cockpit interface/UI
99
100       dsctl dblib
101              database library (i.e bdb/lmdb) migration
102
103

COMMAND 'dsctl restart'

105       usage: dsctl [instance] restart [-h]
106
107

COMMAND 'dsctl start'

109       usage: dsctl [instance] start [-h]
110
111

COMMAND 'dsctl stop'

113       usage: dsctl [instance] stop [-h]
114
115

COMMAND 'dsctl status'

117       usage: dsctl [instance] status [-h]
118
119

COMMAND 'dsctl remove'

121       usage: dsctl [instance] remove [-h] [--do-it]
122
123

OPTIONS 'dsctl remove'

125       --do-it
126              By  default we do a dry run. This actually initiates the removal
127              of the instance.
128
129

COMMAND 'dsctl db2index'

131       usage: dsctl [instance] db2index [-h] [--attr [ATTR ...]] [backend]
132
133
134       backend
135              The backend to reindex. IE userRoot
136
137

OPTIONS 'dsctl db2index'

139       --attr [ATTR ...]
140              The attribute's to reindex. IE --attr aci cn givenname
141
142

COMMAND 'dsctl db2bak'

144       usage: dsctl [instance] db2bak [-h] [archive]
145
146
147       archive
148              The destination for the archive. This will be created during the
149              db2bak process.
150
151

COMMAND 'dsctl db2ldif'

153       usage: dsctl [instance] db2ldif [-h] [--replication] [--encrypted]
154                                       backend [ldif]
155
156
157       backend
158              The backend to output as an LDIF. IE userRoot
159
160
161       ldif   The path to the ldif output location.
162
163

OPTIONS 'dsctl db2ldif'

165       --replication
166              Export  replication information, suitable for importing on a new
167              consumer or backups.
168
169
170       --encrypted
171              Export encrypted attributes
172
173

COMMAND 'dsctl dbverify'

175       usage: dsctl [instance] dbverify [-h] backend
176
177
178       backend
179              The backend to verify. IE userRoot
180
181

COMMAND 'dsctl bak2db'

183       usage: dsctl [instance] bak2db [-h] archive
184
185
186       archive
187              The archive to restore. This will erase all current server data‐
188              bases.
189
190

COMMAND 'dsctl ldif2db'

192       usage: dsctl [instance] ldif2db [-h] [--encrypted] backend ldif
193
194
195       backend
196              The backend to restore from an LDIF. IE userRoot
197
198
199       ldif   The path to the ldif to import
200
201

OPTIONS 'dsctl ldif2db'

203       --encrypted
204              Import encrypted attributes
205
206

COMMAND 'dsctl backups'

208       usage: dsctl [instance] backups [-h] [--delete DELETE]
209
210

OPTIONS 'dsctl backups'

212       --delete DELETE
213              Delete backup directory
214
215

COMMAND 'dsctl ldifs'

217       usage: dsctl [instance] ldifs [-h] [--delete DELETE]
218
219

OPTIONS 'dsctl ldifs'

221       --delete DELETE
222              Delete LDIF file
223
224

COMMAND 'dsctl tls'

226       usage: dsctl [instance] tls [-h]
227                                   {list-ca,list-client-ca,show-server-cert,show-cert,gen‐
228       erate-server-cert-csr,import-client-ca,import-ca,import-server-cert,im‐
229       port-server-key-cert,remove-cert,export-cert}
230                                   ...
231
232

POSITIONAL ARGUMENTS 'dsctl tls'

234       dsctl tls list-ca
235              list server certificate authorities including intermediates
236
237       dsctl tls list-client-ca
238              list client certificate authorities including intermediates
239
240       dsctl tls show-server-cert
241              Show  the  active  server  certificate that clients will see and
242              verify
243
244       dsctl tls show-cert
245              Show a certificate's details referenced by it's  nickname.  This
246              is analogous to certutil -L -d <path> -n <nickname>
247
248       dsctl tls generate-server-cert-csr
249              Generate  a Server-Cert certificate signing request - the csr is
250              then submitted to a CA for verification, and when signed you im‐
251              port with import-ca and import-server-cert
252
253       dsctl tls import-client-ca
254              Import a CA trusted to issue user (client) certificates. This is
255              part of how client certificate authentication functions.
256
257       dsctl tls import-ca
258              Import a CA or intermediate CA for signing this servers certifi‐
259              cates  (aka  Server-Cert). You should import all the CA's in the
260              chain as required.  PEM bundles are accepted
261
262       dsctl tls import-server-cert
263              Import a new Server-Cert after the csr has been  signed  from  a
264              CA.
265
266       dsctl tls import-server-key-cert
267              Import a new key and Server-Cert after having been signed from a
268              CA. This is used if you have an external csr tool or  a  service
269              like lets encrypt that generates PEM keys externally.
270
271       dsctl tls remove-cert
272              Delete  a  certificate  from  this database. This will remove it
273              from acting as a CA, a client CA or the Server-Cert role.
274
275       dsctl tls export-cert
276              Export a certificate to PEM or DER/Binary format.  PEM format is
277              the default
278
279

COMMAND 'dsctl tls list-ca'

281       usage: dsctl [instance] tls list-ca [-h]
282
283

COMMAND 'dsctl tls list-client-ca'

285       usage: dsctl [instance] tls list-client-ca [-h]
286
287

COMMAND 'dsctl tls show-server-cert'

289       usage: dsctl [instance] tls show-server-cert [-h]
290
291

COMMAND 'dsctl tls show-cert'

293       usage: dsctl [instance] tls show-cert [-h] nickname
294
295
296       nickname
297              The nickname (friendly name) of the certificate to display
298
299

COMMAND 'dsctl tls generate-server-cert-csr'

301       usage:  dsctl  [instance]  tls generate-server-cert-csr [-h] [--subject
302       SUBJECT]
303                                                            [alt_names ...]
304
305
306       alt_names
307              Certificate  requests  subject  alternative  names.  These   are
308              auto-detected if not provided
309
310

OPTIONS 'dsctl tls generate-server-cert-csr'

312       --subject SUBJECT, -s SUBJECT
313              Certificate Subject field to use
314
315

COMMAND 'dsctl tls import-client-ca'

317       usage: dsctl [instance] tls import-client-ca [-h] cert_path nickname
318
319
320       cert_path
321              The path to the x509 cert to import as a client trust root
322
323
324       nickname
325              The name of the certificate once imported
326
327

COMMAND 'dsctl tls import-ca'

329       usage: dsctl [instance] tls import-ca [-h] cert_path nickname [nickname
330       ...]
331
332
333       cert_path
334              The path to the x509 cert to import as a server CA
335
336
337       nickname
338              The name of the certificate once imported
339
340

COMMAND 'dsctl tls import-server-cert'

342       usage: dsctl [instance] tls import-server-cert [-h] cert_path
343
344
345       cert_path
346              The path to the x509 cert to import as Server-Cert
347
348

COMMAND 'dsctl tls import-server-key-cert'

350       usage:  dsctl  [instance]  tls  import-server-key-cert  [-h]  cert_path
351       key_path
352
353
354       cert_path
355              The path to the x509 cert to import as Server-Cert
356
357
358       key_path
359              The path to the x509 key to import associated to Server-Cert
360
361

COMMAND 'dsctl tls remove-cert'

363       usage: dsctl [instance] tls remove-cert [-h] nickname
364
365
366       nickname
367              The name of the certificate to delete
368
369

COMMAND 'dsctl tls export-cert'

371       usage: dsctl [instance] tls export-cert [-h] [--binary-format]
372                                               [--output-file OUTPUT_FILE]
373                                               nickname
374
375
376       nickname
377              The name of the certificate to export
378
379

OPTIONS 'dsctl tls export-cert'

381       --binary-format
382              Export certificate in DER/binary format
383
384
385       --output-file OUTPUT_FILE
386              The  name for the exported certificate. Default name is the cer‐
387              tificate nickname with an extension of ".pem" or ".crt"
388
389

COMMAND 'dsctl healthcheck'

391       usage: dsctl [instance] healthcheck  [-h]  [--list-checks]  [--list-er‐
392       rors]
393                                           [--dry-run]  [--check  CHECK [CHECK
394       ...]]
395
396

OPTIONS 'dsctl healthcheck'

398       --list-checks
399              List of known checks
400
401
402       --list-errors
403              List of known error codes
404
405
406       --dry-run
407              Do not execute the actual check, only list what would be done
408
409
410       --check CHECK [CHECK ...]
411              Areas to check. These can be obtained  by  --list-checks.  Every
412              element  on  the left of the colon (:) may be replaced by an as‐
413              terisk if multiple options on the right are available.
414
415

COMMAND 'dsctl get-nsstate'

417       usage: dsctl [instance]  get-nsstate  [-h]  [--suffix  SUFFIX]  [--flip
418       FLIP]
419
420

OPTIONS 'dsctl get-nsstate'

422       --suffix SUFFIX
423              The DN of the replication suffix to read the state from
424
425
426       --flip FLIP
427              Flip  between Little/Big Endian, this might be required for cer‐
428              tain architectures
429
430

COMMAND 'dsctl ldifgen'

432       usage: dsctl [instance] ldifgen [-h]
433                                       {users,groups,cos-def,cos-tem‐
434       plate,roles,mod-load,nested}
435                                       ...
436
437

POSITIONAL ARGUMENTS 'dsctl ldifgen'

439       dsctl ldifgen users
440              Generate a LDIF containing user entries
441
442       dsctl ldifgen groups
443              Generate a LDIF containing groups and members
444
445       dsctl ldifgen cos-def
446              Generate  a  LDIF containing a COS definition (classic, pointer,
447              or indirect)
448
449       dsctl ldifgen cos-template
450              Generate a LDIF containing a COS template
451
452       dsctl ldifgen roles
453              Generate a LDIF containing a role entry (managed,  filtered,  or
454              indirect)
455
456       dsctl ldifgen mod-load
457              Generate  a LDIF containing modify operations.  This is intended
458              to be consumed by ldapmodify.
459
460       dsctl ldifgen nested
461              Generate a heavily nested database LDIF in  a  cascading/fractal
462              tree design
463
464

COMMAND 'dsctl ldifgen users'

466       usage:  dsctl [instance] ldifgen users [-h] [--number NUMBER] [--suffix
467       SUFFIX]
468                                             [--parent PARENT] [--generic]
469                                             [--start-idx           START_IDX]
470       [--rdn-cn]
471                                             [--localize]         [--ldif-file
472       LDIF_FILE]
473
474

OPTIONS 'dsctl ldifgen users'

476       --number NUMBER
477              The number of users to create.
478
479
480       --suffix SUFFIX
481              The database suffix where the entries will be created.
482
483
484       --parent PARENT
485              The parent entry that the user entries should be created  under.
486              If  not specified, the entries are stored under random Organiza‐
487              tional Units.
488
489
490       --generic
491              Create generic entries in the format  of  "uid=user####".  These
492              entries are also compatible with ldclt.
493
494
495       --start-idx START_IDX
496              For  generic  LDIF's  you  can choose the starting index for the
497              user entries. The default is "0".
498
499
500       --rdn-cn
501              Use the attribute "cn" as the RDN attribute in the DN instead of
502              "uid"
503
504
505       --localize
506              Localize the LDIF data
507
508
509       --ldif-file LDIF_FILE
510              The LDIF file name. Default location is the server's LDIF direc‐
511              tory using the name 'ldifgen.ldif'
512
513

COMMAND 'dsctl ldifgen groups'

515       usage: dsctl [instance] ldifgen groups [-h] [--number NUMBER]
516                                              [--suffix SUFFIX] [--parent PAR‐
517       ENT]
518                                              [--num-members NUM_MEMBERS]
519                                              [--create-members]
520                                              [--member-parent MEMBER_PARENT]
521                                              [--member-attr MEMBER_ATTR]
522                                              [--ldif-file LDIF_FILE]
523                                              NAME
524
525
526       NAME   The group name.
527
528

OPTIONS 'dsctl ldifgen groups'

530       --number NUMBER
531              The number of groups to create.
532
533
534       --suffix SUFFIX
535              The database suffix where the groups will be created.
536
537
538       --parent PARENT
539              The parent entry that the group entries should be created under.
540              If not specified the groups are stored under the suffix.
541
542
543       --num-members NUM_MEMBERS
544              The number of members in the group. Default is 10000
545
546
547       --create-members
548              Create the member user entries.
549
550
551       --member-parent MEMBER_PARENT
552              The entry DN that the members should be created under.  The  de‐
553              fault is the suffix entry.
554
555
556       --member-attr MEMBER_ATTR
557              The  membership  attribute  to  use  in  the  group.  Default is
558              "uniquemember".
559
560
561       --ldif-file LDIF_FILE
562              The LDIF file name. Default location is the server's LDIF direc‐
563              tory using the name 'ldifgen.ldif'
564
565

COMMAND 'dsctl ldifgen cos-def'

567       usage:  dsctl  [instance]  ldifgen cos-def [-h] [--type TYPE] [--parent
568       PARENT]
569                                               [--create-parent]
570                                               [--cos-specifier COS_SPECIFIER]
571                                               [--cos-template COS_TEMPLATE]
572                                               [--cos-attr [COS_ATTR ...]]
573                                               [--ldif-file LDIF_FILE]
574                                               NAME
575
576
577       NAME   The COS definition name.
578
579

OPTIONS 'dsctl ldifgen cos-def'

581       --type TYPE
582              The COS definition type: "classic", "pointer", or "indirect".
583
584
585       --parent PARENT
586              The parent entry that the COS definition should be  created  un‐
587              der.
588
589
590       --create-parent
591              Create the parent entry
592
593
594       --cos-specifier COS_SPECIFIER
595              Used  in a classic COS definition, this attribute located in the
596              user entry is used to select which COS template to use.
597
598
599       --cos-template COS_TEMPLATE
600              The DN of the COS template entry, only used  for  "classic"  and
601              "pointer" COS definitions.
602
603
604       --cos-attr [COS_ATTR ...]
605              A  list of attributes which defines which attribute the COS gen‐
606              erates values for.
607
608
609       --ldif-file LDIF_FILE
610              The LDIF file name. Default location is the server's LDIF direc‐
611              tory using the name 'ldifgen.ldif'
612
613

COMMAND 'dsctl ldifgen cos-template'

615       usage: dsctl [instance] ldifgen cos-template [-h] [--parent PARENT]
616                                                    [--create-parent]
617                                                    [--cos-priority COS_PRIOR‐
618       ITY]
619                                                    [--cos-attr-val
620       COS_ATTR_VAL]
621                                                    [--ldif-file LDIF_FILE]
622                                                    NAME
623
624
625       NAME   The COS template name.
626
627

OPTIONS 'dsctl ldifgen cos-template'

629       --parent PARENT
630              The DN of the entry to store the COS template entry under.
631
632
633       --create-parent
634              Create the parent entry
635
636
637       --cos-priority COS_PRIORITY
638              Sets the priority of this conflicting/competing COS templates.
639
640
641       --cos-attr-val COS_ATTR_VAL
642              defines the attribute and value that the template provides.
643
644
645       --ldif-file LDIF_FILE
646              The LDIF file name. Default location is the server's LDIF direc‐
647              tory using the name 'ldifgen.ldif'
648
649

COMMAND 'dsctl ldifgen roles'

651       usage: dsctl [instance] ldifgen roles [-h] [--type TYPE] [--parent PAR‐
652       ENT]
653                                             [--create-parent]  [--filter FIL‐
654       TER]
655                                             [--role-dn [ROLE_DN ...]]
656                                             [--ldif-file LDIF_FILE]
657                                             NAME
658
659
660       NAME   The Role name.
661
662

OPTIONS 'dsctl ldifgen roles'

664       --type TYPE
665              The Role type: "managed", "filtered", or "nested".
666
667
668       --parent PARENT
669              The DN of the entry to store the Role entry under
670
671
672       --create-parent
673              Create the parent entry
674
675
676       --filter FILTER
677              A search filter for gathering Role members. Required for a "fil‐
678              tered" role.
679
680
681       --role-dn [ROLE_DN ...]
682              A  DN of a role entry that should be included in this role. Used
683              for "nested" roles only.
684
685
686       --ldif-file LDIF_FILE
687              The LDIF file name. Default location is the server's LDIF direc‐
688              tory using the name 'ldifgen.ldif'
689
690

COMMAND 'dsctl ldifgen mod-load'

692       usage: dsctl [instance] ldifgen mod-load [-h] [--create-users]
693                                                [--delete-users]
694                                                [--num-users NUM_USERS]
695                                                [--parent    PARENT]   [--cre‐
696       ate-parent]
697                                                [--add-users ADD_USERS]
698                                                [--del-users DEL_USERS]
699                                                [--modrdn-users MODRDN_USERS]
700                                                [--mod-users MOD_USERS]
701                                                [--mod-attrs [MOD_ATTRS ...]]
702                                                [--randomize]     [--ldif-file
703       LDIF_FILE]
704
705

OPTIONS 'dsctl ldifgen mod-load'

707       --create-users
708              Create  the entries that will be modified or deleted. By default
709              the script assumes the user entries already exist.
710
711
712       --delete-users
713              Delete all the user entries at the end of the LDIF.
714
715
716       --num-users NUM_USERS
717              The number of user entries that will be modified or deleted
718
719
720       --parent PARENT
721              The DN of the parent entry where the user entries are located.
722
723
724       --create-parent
725              Create the parent entry
726
727
728       --add-users ADD_USERS
729              The number of additional entries to add during the load.
730
731
732       --del-users DEL_USERS
733              The number of entries to delete during the load.
734
735
736       --modrdn-users MODRDN_USERS
737              The number of entries to perform a modrdn operation on.
738
739
740       --mod-users MOD_USERS
741              The number of entries to modify.
742
743
744       --mod-attrs [MOD_ATTRS ...]
745              List of attributes the script will  randomly  choose  from  when
746              modifying an entry. The default is "description".
747
748
749       --randomize
750              Randomly  perform the specified add, mod, delete, and modrdn op‐
751              erations
752
753
754       --ldif-file LDIF_FILE
755              The LDIF file name. Default location is the server's LDIF direc‐
756              tory using the name 'ldifgen.ldif'
757
758

COMMAND 'dsctl ldifgen nested'

760       usage: dsctl [instance] ldifgen nested [-h] [--num-users NUM_USERS]
761                                              [--node-limit NODE_LIMIT]
762                                              [--suffix SUFFIX]
763                                              [--ldif-file LDIF_FILE]
764
765

OPTIONS 'dsctl ldifgen nested'

767       --num-users NUM_USERS
768              The  total  number  of user entries to create in the entire LDIF
769              (does not include the container entries).
770
771
772       --node-limit NODE_LIMIT
773              The total number of user entries to create under each  node/sub‐
774              tree
775
776
777       --suffix SUFFIX
778              The suffix DN for the LDIF
779
780
781       --ldif-file LDIF_FILE
782              The LDIF file name. Default location is the server's LDIF direc‐
783              tory using the name 'ldifgen.ldif'
784
785

COMMAND 'dsctl dsrc'

787       usage:   dsctl   [instance]   dsrc   [-h]    {create,modify,delete,dis‐
788       play,repl-mon} ...
789
790

POSITIONAL ARGUMENTS 'dsctl dsrc'

792       dsctl dsrc create
793              Generate the .dsrc file
794
795       dsctl dsrc modify
796              Modify the .dsrc file
797
798       dsctl dsrc delete
799              Delete instance configuration from the .dsrc file.
800
801       dsctl dsrc display
802              Display the contents of the .dsrc file.
803
804       dsctl dsrc repl-mon
805              Display the contents of the .dsrc file.
806
807

COMMAND 'dsctl dsrc create'

809       usage: dsctl [instance] dsrc create [-h] [--uri URI] [--basedn BASEDN]
810                                           [--people-rdn PEOPLE_RDN]
811                                           [--groups-rdn GROUPS_RDN]
812                                           [--binddn    BINDDN]    [--saslmech
813       SASLMECH]
814                                           [--tls-cacertdir TLS_CACERTDIR]
815                                           [--tls-cert  TLS_CERT]   [--tls-key
816       TLS_KEY]
817                                           [--tls-reqcert         TLS_REQCERT]
818       [--starttls]
819                                           [--pwdfile PWDFILE] [--do-it]
820
821

OPTIONS 'dsctl dsrc create'

823       --uri URI
824              The URI (LDAP URL) for the Directory Server instance.
825
826
827       --basedn BASEDN
828              The default database suffix.
829
830
831       --people-rdn PEOPLE_RDN
832              Set the RDN for the 'people' subtree. Default is "ou=people"
833
834
835       --groups-rdn GROUPS_RDN
836              Set the RDN for the 'groups' subtree. Default is "ou=groups"
837
838
839       --binddn BINDDN
840              The default Bind DN used or authentication.
841
842
843       --saslmech SASLMECH
844              The SASL mechanism to use: PLAIN or EXTERNAL.
845
846
847       --tls-cacertdir TLS_CACERTDIR
848              The directory containing the Trusted Certificate Authority  cer‐
849              tificate.
850
851
852       --tls-cert TLS_CERT
853              The absolute file name to the server certificate.
854
855
856       --tls-key TLS_KEY
857              The absolute file name to the server certificate key.
858
859
860       --tls-reqcert TLS_REQCERT
861              Request certificate strength: 'never', 'allow', 'hard'
862
863
864       --starttls
865              Use startTLS for connection to the server.
866
867
868       --pwdfile PWDFILE
869              The absolute path to a file containing the Bind DN's password.
870
871
872       --do-it
873              Create the file without any confirmation.
874
875

COMMAND 'dsctl dsrc modify'

877       usage:  dsctl  [instance]  dsrc  modify  [-h]  [--uri  [URI]] [--basedn
878       [BASEDN]]
879                                           [--people-rdn [PEOPLE_RDN]]
880                                           [--groups-rdn [GROUPS_RDN]]
881                                           [--binddn [BINDDN]]
882                                           [--saslmech [SASLMECH]]
883                                           [--tls-cacertdir [TLS_CACERTDIR]]
884                                           [--tls-cert [TLS_CERT]]
885                                           [--tls-key [TLS_KEY]]
886                                           [--tls-reqcert       [TLS_REQCERT]]
887       [--starttls]
888                                           [--cancel-starttls]      [--pwdfile
889       [PWDFILE]]
890                                           [--do-it]
891
892

OPTIONS 'dsctl dsrc modify'

894       --uri [URI]
895              The URI (LDAP URL) for the Directory Server instance.
896
897
898       --basedn [BASEDN]
899              The default database suffix.
900
901
902       --people-rdn [PEOPLE_RDN]
903              Sets the RDN used for the 'people' container
904
905
906       --groups-rdn [GROUPS_RDN]
907              Sets the RDN used for the 'groups' container
908
909
910       --binddn [BINDDN]
911              The default Bind DN used or authentication.
912
913
914       --saslmech [SASLMECH]
915              The SASL mechanism to use: PLAIN or EXTERNAL.
916
917
918       --tls-cacertdir [TLS_CACERTDIR]
919              The directory containing the Trusted Certificate Authority  cer‐
920              tificate.
921
922
923       --tls-cert [TLS_CERT]
924              The absolute file name to the server certificate.
925
926
927       --tls-key [TLS_KEY]
928              The absolute file name to the server certificate key.
929
930
931       --tls-reqcert [TLS_REQCERT]
932              Request certificate strength: 'never', 'allow', 'hard'
933
934
935       --starttls
936              Use startTLS for connection to the server.
937
938
939       --cancel-starttls
940              Do not use startTLS for connection to the server.
941
942
943       --pwdfile [PWDFILE]
944              The absolute path to a file containing the Bind DN's password.
945
946
947       --do-it
948              Update the file without any confirmation.
949
950

COMMAND 'dsctl dsrc delete'

952       usage: dsctl [instance] dsrc delete [-h] [--do-it]
953
954

OPTIONS 'dsctl dsrc delete'

956       --do-it
957              Delete this instance's configuration from the .dsrc file.
958
959

COMMAND 'dsctl dsrc display'

961       usage: dsctl [instance] dsrc display [-h]
962
963

COMMAND 'dsctl dsrc repl-mon'

965       usage: dsctl [instance] dsrc repl-mon [-h]
966                                             [--add-conn   ADD_CONN  [ADD_CONN
967       ...]]
968                                             [--del-conn  DEL_CONN   [DEL_CONN
969       ...]]
970                                             [--add-alias ADD_ALIAS [ADD_ALIAS
971       ...]]
972                                             [--del-alias DEL_ALIAS [DEL_ALIAS
973       ...]]
974
975

OPTIONS 'dsctl dsrc repl-mon'

977       --add-conn ADD_CONN [ADD_CONN ...]
978              Add a replica connection: 'NAME:HOST:PORT:BINDDN:CREDENTIAL'
979
980
981       --del-conn DEL_CONN [DEL_CONN ...]
982              delete a replica connection by its NAME
983
984
985       --add-alias ADD_ALIAS [ADD_ALIAS ...]
986              Add a host/port alias: 'ALIAS_NAME:HOST:PORT'
987
988
989       --del-alias DEL_ALIAS [DEL_ALIAS ...]
990              delete a host/port alias by its ALIAS_NAME
991
992

COMMAND 'dsctl cockpit'

994       usage: dsctl [instance] cockpit [-h]
995                                       {enable,open-firewall,dis‐
996       able,close-firewall}
997                                       ...
998
999

POSITIONAL ARGUMENTS 'dsctl cockpit'

1001       dsctl cockpit enable
1002              Enable the Cockpit socket
1003
1004       dsctl cockpit open-firewall
1005              Open the firewall for the "cockpit" service
1006
1007       dsctl cockpit disable
1008              Disable the Cockpit socket
1009
1010       dsctl cockpit close-firewall
1011              Remove the "cockpit" service from the firewall settings
1012
1013

COMMAND 'dsctl cockpit enable'

1015       usage: dsctl [instance] cockpit enable [-h]
1016
1017

COMMAND 'dsctl cockpit open-firewall'

1019       usage: dsctl [instance] cockpit open-firewall [-h] [--zone ZONE]
1020
1021

OPTIONS 'dsctl cockpit open-firewall'

1023       --zone ZONE
1024              The firewall zone
1025
1026

COMMAND 'dsctl cockpit disable'

1028       usage: dsctl [instance] cockpit disable [-h]
1029
1030

COMMAND 'dsctl cockpit close-firewall'

1032       usage: dsctl [instance] cockpit close-firewall [-h]
1033
1034

COMMAND 'dsctl dblib'

1036       usage: dsctl [instance] dblib [-h] {bdb2mdb,mdb2bdb,cleanup} ...
1037
1038

POSITIONAL ARGUMENTS 'dsctl dblib'

1040       dsctl dblib bdb2mdb
1041              Migrate bdb databases to lmdb
1042
1043       dsctl dblib mdb2bdb
1044              Migrate lmdb databases to bdb
1045
1046       dsctl dblib cleanup
1047              Remove migration ldif file and old database
1048
1049

COMMAND 'dsctl dblib bdb2mdb'

1051       usage: dsctl [instance] dblib bdb2mdb [-h] [--tmpdir TMPDIR]
1052
1053

OPTIONS 'dsctl dblib bdb2mdb'

1055       --tmpdir TMPDIR
1056              ldif migration files directory path.
1057
1058

COMMAND 'dsctl dblib mdb2bdb'

1060       usage: dsctl [instance] dblib mdb2bdb [-h] [--tmpdir TMPDIR]
1061
1062

OPTIONS 'dsctl dblib mdb2bdb'

1064       --tmpdir TMPDIR
1065              ldif migration files directory path.
1066
1067

COMMAND 'dsctl dblib cleanup'

1069       usage: dsctl [instance] dblib cleanup [-h]
1070
1071

OPTIONS

1073       -v, --verbose
1074              Display verbose operation tracing during command execution
1075
1076
1077       -j, --json
1078              Return result in JSON object
1079
1080
1081       -l, --list
1082              List available Directory Server instances
1083
1084

AUTHOR

1086       Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
1087
1088

DISTRIBUTION

1090       The   latest   version   of   lib389    may    be    downloaded    from
1091http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
1092
1093
1094
1095lib389 1.4.0.1                    2023-10-07                          DSCTL(8)
Impressum