Configuring the Directory Server
Managing Administration Traffic to the Server
Overview of the Administration Connector
Accessing Administrative Suffixes
To Configure the Administration Connector
Configuring the Directory Server With dsconfig
Overview of the dsconfig Command
Using dsconfig in Interactive Mode
Configuring a Directory Server Instance
To Display the Properties of a Component
To Modify the Properties of a Component
Configuring the Connection Handlers
To Display All Connection Handlers
Configuring the LDAP Connection Handler
To Control Which Clients Have LDAP Access to the Directory Server
Configuring the LDIF Connection Handler
To Enable the JMX Alert Handler Through the LDIF Connection Handler
Configuring the JMX Connection Handler
To Change the Port on Which the Server Listens for JMX Connections
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
To Display the List of Plug-Ins
To Enable or Disable a Plug-In
To Display and Configure Plug-In Properties
To Configure Plug-In Invocation Order
Utilities That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
Managing the Directory Server With the Control Panel
To Specify the Trust Manager Provider and Trust Store Algorithm Used by the Control Panel
Configuring and Testing the DSML Gateway
Deploying the DSML Gateway in Apache Tomcat
Deploying the DSML Gateway in Glassfish
Deploying the DSML Gateway in Sun Java System Web Server 7
Confirming the DSML Gateway Deployment
Confirming the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
The dsconfig command is the recommended utility for accessing the server configuration. Accessing the configuration directly over LDAP, using the ldap* utilities is discouraged.
Each component has one or more properties that can be displayed by using the component's get-xxx-prop subcommand. Each component is associated with a single LDAP entry in the server configuration, and each property is associated with a single LDAP attribute.
$ dsconfig -D "cn=directory manager" -w password -n get-connection-handler-prop \ --handler-name "LDAP Connection Handler" Property : Value(s) ------------------------:------------------------------------------------------- allow-ldap-v2 : true allow-start-tls : false allowed-client : - denied-client : - enabled : true keep-stats : true key-manager-provider : - listen-address : 0.0.0.0 listen-port : 1389 ssl-cert-nickname : server-cert ssl-cipher-suite : - ssl-client-auth-policy : optional ssl-protocol : - trust-manager-provider : - use-ssl : false
Note - The dsconfig command displays the default values or behavior for properties that have not been customized.
Where more than one instance of a component can exist (for example, it is possible to have more than one connection handler), a summary of the instances can be obtained by using the component's list-xxxs subcommand.
$ dsconfig -D "cn=directory manager" -w password -n list-connection-handlers Connection Handler : Type : enabled : listen-port : use-ssl -------------------------:------:---------:-------------:-------- JMX Connection Handler : jmx : false : 1689 : false LDAP Connection Handler : ldap : true : 1389 : false LDAPS Connection Handler : ldap : true : 1636 : true LDIF Connection Handler : ldif : true : - : -
The properties of a component can be modified by using the component's set-xxx-prop subcommand. Multiple properties can be modified at the same time by using multiple occurrences of the --set option. The following example uses the set-connection-handler-prop subcommand to modify the properties of a connection handler.
Note - Many components have a Java class property that specifies the name of a Java class to be used as the implementation of the component. Do not modify this property, as doing so could prevent your server from operating correctly. These properties are treated as advanced properties and hidden from view unless you run dsconfig with the --advanced option.
$ dsconfig -D "cn=directory manager" -w password -n set-connection-handler-prop \ --handler-name="LDAP Connection Handler" --set allow-ldap-v2:true
You can set multiple values for a property by using the --set and --add options in successive dsconfig commands.
Note - You cannot use the --set and --add options simultaneously in the same command.
To set more than one value for a property that currently has no values, use the --set option to set the first value, and the --add option (in a separate command) for subsequent values. You cannot use the --add option if the property does not have an existing value, either a default value or a value that you have already set.
Note - Many components have a Java class property that specifies the name of a Java class to be used as the implementation of the component. Do not modify this property, as doing so could prevent your server from operating correctly. These properties are treated as advanced properties and hidden from view unless you run dsconfig with the --advanced option.
The following example sets multiple values for the allowed-client property.
$ dsconfig -D "cn=directory manager" -w password -n set-connection-handler-prop \ --handler-name "LDAP Connection Handler" --set allowed-client:myhost $ dsconfig -D "cn=directory manager" -w password -n set-connection-handler-prop \ --handler-name "LDAP Connection Handler" \ --add allowed-client:myhost.example --add allowed-client:myhost.example.com
New instances of a component can be created by using the component's create-xxx subcommand. Often there are several subtypes of the component. For example, there are currently three types of connection handler: LDAP, JMX, and LDIF. Because all of these are created by using the same subcommand, you must specify the type of component that you want to create. Do this by using the subcommand's -t or --type.
When you create a new component, you must specify the component's mandatory properties. The mandatory properties depend on the type of component that is being created. For example, an LDAP connection handler might have different mandatory properties to a JMX connection handler. If a mandatory property is left undefined, dsconfig enters interactive mode and prompts you for the undefined properties. If you include the -n (non-interactive) option, dsconfig fails to create the component and displays an error message indicating which properties need to be defined.
$ dsconfig create-connection-handler --help Usage: dsconfig create-connection-handler {options} Creates Connection Handlers Global Options: See "dsconfig --help" SubCommand Options: --handler-name {NAME} The name of the new Connection Handler --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VAL is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it -t, --type {TYPE} The type of Connection Handler which should be created. The value for TYPE can be one of: custom | jmx | ldap | ldif
$ dsconfig -D "cn=directory manager" -w password -n create-connection-handler \ -t ldap --handler-name "My LDAP Connection Handler" The LDAP Connection Handler could not be created because the following mandatory properties were not defined: Property Syntax ---------------------------------- enabled false | true listen-port 1 <= INTEGER <= 65535
Existing instances of a component can be removed using the component's delete-xxx.
$ dsconfig -D "cn=directory manager" -w password -X -n delete-connection-handler \ --handler-name "My LDAP Connection Handler"