Configuring the Directory Server
Managing Administration Traffic to the Server
Overview of the Administration Connector
Accessing Administrative Suffixes
To Configure the Administration Connector
Configuring the Directory Server With dsconfig
Overview of the dsconfig Command
Using dsconfig in Interactive Mode
Configuring a Directory Server Instance
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers
To Display All Connection Handlers
Configuring the LDAP Connection Handler
To Control Which Clients Have LDAP Access to the Directory Server
Configuring the LDIF Connection Handler
To Enable the JMX Alert Handler Through the LDIF Connection Handler
Configuring the JMX Connection Handler
To Change the Port on Which the Server Listens for JMX Connections
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
To Display the List of Plug-Ins
To Enable or Disable a Plug-In
Utilities That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
Managing the Directory Server With the Control Panel
To Specify the Trust Manager Provider and Trust Store Algorithm Used by the Control Panel
Configuring and Testing the DSML Gateway
Deploying the DSML Gateway in Apache Tomcat
Deploying the DSML Gateway in Glassfish
Deploying the DSML Gateway in Sun Java System Web Server 7
Confirming the DSML Gateway Deployment
Confirming the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
The following sections show various examples of managing plug-in configuration using dsconfig. dsconfig uses the administration connector to access the server. All of the examples in this section assume that the administration connector is listening on the default port (4444) and that the command is accessing the server running on the local host. If this is not the case, the --port and --hostname options must be specified.
dsconfig always accesses the server over a secured connection with certificate authentication. If you run dsconfig in interactive mode, you are prompted as to how you want to trust the certificate. If you run dsconfig in non-interactive mode (that is, with the -n option, you must specify the -X or --trustAll option, otherwise the command will fail.
This example shows a directory server configured with the current supported plug-ins. For a description of these plug-ins and their purpose, see “The Plug-In Configuration” in Sun OpenDS Standard Edition 2.0 Configuration Reference.
$ dsconfig -D cn="Directory Manager" -w password -n list-plugins Plugin : Type : enabled --------------------------------:---------------------------------:-------- 7-Bit Clean : seven-bit-clean : false Entry UUID : entry-uuid : true LastMod : last-mod : true LDAP Attribute Description List : ldap-attribute-description-list : true Password Policy Import : password-policy-import : true Profiler : profiler : true Referential Integrity : referential-integrity : false UID Unique Attribute : unique-attribute : false
The output of the command shows (from left to right):
Plug-in. The name of the plug-in, usually descriptive of what it does.
Type. The type of plug-in. It is possible to have more then one plug-in of a specific type.
Enabled. Plug-ins can either be enabled of disabled. Disabled plug-ins remain in the server configuration but do not perform any processing.
The easiest way to configure plug-ins is to use dsconfig in interactive mode. Interactive mode walks you through the plug-in configuration, and is therefore not documented here.
This example creates a new Password Policy Import Plug-in by using dsconfig in non-interactive mode.
$ dsconfig -D "cn=directory manager" -w password -n create-plugin \ --type password-policy-import --plugin-name "My Password Policy Import Plugin" \ --set enabled:true
You can enable or disable a plug-in by setting the enabled property to true or false. This example disables the Password Policy Import plug-in created in the previous example.
$ dsconfig -D cn="Directory Manager" -w password -n set-plugin-prop \ --plugin-name "My Password Policy Import Plugin" --set enabled:false
To display the properties of a plug-in, use the get-plugin-prop subcommand. To change the properties of a plug-in, use the set-plugin-prop subcommand. This example displays the properties of the plug-in created in the previous example, then enables the plug-in and sets the default authentication password storage scheme to Salted SHA-512.
$ dsconfig -D cn="Directory Manager" -w password -n get-plugin-prop \ --plugin-name "My Password Policy Import Plugin" Property : Value(s) -------------------------------------:--------- default-auth-password-storage-scheme : - default-user-password-storage-scheme : - enabled : false
$ dsconfig -D cn="Directory Manager" -w password -n set-plugin-prop \ --plugin-name "My Password Policy Import Plugin" --set enabled:true\ --set default-auth-password-storage-scheme:"Salted SHA-512"
$ dsconfig -D cn="Directory Manager" -w password -n get-plugin-prop \ --plugin-name "My Password Policy Import Plugin" Property : Value(s) -------------------------------------:--------------- default-auth-password-storage-scheme : Salted SHA-512 default-user-password-storage-scheme : - enabled : true
By default, the order in which plug-ins are invoked is undefined. You can specify that plug-ins be invoked in a specific order by using the set-plugin-root-prop --set plugin-type:value subcommand. The value in this case is the plug-in order, expressed as a comma-delimited list of plug-in names. The plug-in order string should also include a single asterisk element, which is a wildcard that will match any plug-in that is not explicitly named.
This example specifies that the Entry UUID plug-in should be invoked before any other pre-operation add plug-ins.
$ dsconfig -D cn="Directory Manager" -w password -n get-plugin-root-prop Property : Value(s) --------------------------------------------:--------- plugin-order-intermediate-response : - plugin-order-ldif-export : - plugin-order-ldif-import : - plugin-order-post-connect : - ...
$ dsconfig -D cn="Directory Manager" -w password -n set-plugin-root-prop \ --set plugin-order-pre-operation-add:"Entry UUID,*"
Note - Plug-in order values are not validated. Values that do not match defined plug-ins are ignored.