Configuring the Directory Server
Managing Administration Traffic to the Server
Overview of the Administration Connector
Accessing Administrative Suffixes
To Configure the Administration Connector
Configuring the Directory Server With dsconfig
Overview of the dsconfig Command
Using dsconfig in Interactive Mode
Configuring a Directory Server Instance
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers
To Display All Connection Handlers
Configuring the LDAP Connection Handler
To Control Which Clients Have LDAP Access to the Directory Server
Configuring the LDIF Connection Handler
To Enable the JMX Alert Handler Through the LDIF Connection Handler
Configuring the JMX Connection Handler
To Change the Port on Which the Server Listens for JMX Connections
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
To Display the List of Plug-Ins
To Enable or Disable a Plug-In
To Display and Configure Plug-In Properties
To Configure Plug-In Invocation Order
Utilities That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
Managing the Directory Server With the Control Panel
To Specify the Trust Manager Provider and Trust Store Algorithm Used by the Control Panel
Configuring and Testing the DSML Gateway
Deploying the DSML Gateway in Apache Tomcat
Deploying the DSML Gateway in Glassfish
Deploying the DSML Gateway in Sun Java System Web Server 7
Confirming the DSML Gateway Deployment
Confirming the DSML Gateway Deployment with JXplorer
The Directory Server Resource Kit (DSRK) is a collection of utilities that may be used in conjunction with directory servers. It is originally intended for use with the Sun Java System Directory Server, but in most cases the applications also work with Sun OpenDS Standard Edition. The most recent version of the DSRK is included as part of DSEE 6.0, and it contains dsmlsearch and dsmlmodify tools that can interact with a directory server using DSML rather than LDAP.
Note that even though an older version of these DSML tools was provided with earlier versions of the Directory Server Resource Kit, the version provided with DSEE 6 is strongly recommended because it is easier to use.
The dsmlsearch command is a DSML-based counterpart to the ldapsearch command. dsmlsearch operates in a similar manner to ldapsearch but there are certain key differences. To see usage information, invoke the command with no arguments, as in the following example:
$ ./dsmlsearch usage: dsmlsearch -h http://host:port -b basedn [options] filter [attributes...] where: -h hostURL URL of the directory server -b basedn base dn for search -D binddn bind dn -w passwd bind password (for simple HTTP authentication) use "-w - " to prompt for a password -j pwfile file where password is stored -s scope specify the scope of the search baseObject - For searching only the base entry singleLevel - For searching only the children wholeSubtree - For searching the base entry and all childrens -a deref specify how aliases are deferenced neverDerefAliases - Aliases are never dereferenced derefFindingBaseObj - Dereferenced when finding the base DN derefAlways - Dereferenced when finding below the base DN -l seconds specify the maximum number of seconds to wait for the search -z number specify the maximum number of entries to return for the search -f file specify the name of the file containing the search filter
The dsmlsearch command differs in usage from ldapsearch:
The -h argument is used to provide a URL to use to access the server. It should include the host and port number, as well as the URI for the gateway servlet (for example, http://127.0.0.1:8080/dsml/DSMLServlet).
The -b argument is used to specify the search scope, but note that the values you provide are different (baseObjectinstead of base, singleLevelinstead of one, and wholeSubtreeinstead of sub).
The results are output in DSML format, which is not as user-friendly or human-readable as the LDIF output provided by ldapsearch.
An example usage of this tool is as follows. Note that the DSML output does not contain any line breaks, but line breaks are added here for readability.
$ ./dsmlsearch -h http://127.0.0.1:8080/dsml/DSMLServlet \ -b "dc=example,dc=com" -s baseObject \"(objectClass=*)" <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body><dsml:batchResponse xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core"> <dsml:searchResponse><dsml:searchResultEntry dn="dc=example,dc=com"><dsml:attr name="objectClass"><dsml:value>domain</dsml:value><dsml:value>top</dsml:value> </dsml:attr><dsml:attr name="dc"><dsml:value>example</dsml:value></dsml:attr> </dsml:searchResultEntry><dsml:searchResultDone><dsml:resultCode code="0"/> </dsml:searchResultDone></dsml:searchResponse></dsml:batchResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
The dsmlmodify utility is a DSML-based counterpart to the ldapmodify tool, and it can perform add, delete, modify, and modify DN operations over DSML. To see the usage information for this tool, run it with no arguments, as shown in this example:
$ ./dsmlmodify usage: dsmlmodify -h http://host:port [options] -f file where: -h hostURL URL of the directory server -D binddn bind dn -w passwd bind password (for simple HTTP authentication) use "-w - " to prompt for a password -j pwfile file where password is stored -f file specify the name of the file containing the modifications
As with the dsmlsearch utility, the -h argument specifies a URL, and the output is returned in DSML form. Unlike ldapmodify, the dsmlmodify tool does not accept the changes through standard input. Changes must be specified in a file, and that file must be in DSML format instead of than LDIF, and the changes cannot contain an outer batchRequest wrapper. The following example shows a typical input file.
<addRequest dn="uid=test.user,dc=example,dc=com"> <attr name="objectClass"> <value>top</value> <value>person</value> <value>organizationalPerson</value> <value>inetOrgPerson</value> </attr> <attr name="uid"> <value>test.user</value> </attr> <attr name="givenName"> <value>Test</value> </attr> <attr name="sn"> <value>User</value> </attr> <attr name="cn"> <value>Test User</value> </attr> <attr name="userPassword"> <value>password</value> </attr> </addRequest> <modifyRequest dn="uid=test.user,dc=example,dc=com"> <modification name="description" operation="replace"> <value>This is the new description</value> </modification> </modifyRequest> <modDNRequest dn="uid=test.user,dc=example,dc=com" newrdn="cn=Test User" deleteoldrdn="false" newSuperior="ou=People,dc=example,dc=com" /> <delRequest dn="cn=Test User,ou=People,dc=example,dc=com" />
The following example shows the output from applying these changes. Line breaks have been added to the output to make it more readable:
$ ./dsmlmodify -h http://127.0.0.1:8080/dsml/DSMLServlet \ -D "cn=Directory Manager" -w password -f /tmp/test.dsml <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body><dsml:batchResponse xmlns:dsml="urn:oasis:names:tc:DSML:2:0:core"> <dsml:addResponse><dsml:resultCode code="0"/></dsml:addResponse> <dsml:modifyResponse><dsml:resultCode code="0"/></dsml:modifyResponse> <dsml:modDNResponse><dsml:resultCode code="0"/></dsml:modDNResponse> <dsml:delResponse><dsml:resultCode code="0"/><dsml:errorMessage>The number of entries deleted was 1</dsml:errorMessage></dsml:delResponse></dsml:batchResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
$ dsmlmodify -h http://localhost:8080/dsml/DSMLServlet \ -D "cn=directory manager" -w password -f /tmp/dsml.ldif <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body><batchResponse xmlns="urn:oasis:names:tc:DSML:2:0:core"> <addResponse><resultCode code="0"/></addResponse> <modifyResponse><resultCode code="0"/></modifyResponse> <modDNResponse><resultCode code="0"/></modDNResponse> <delResponse><resultCode code="0"/></delResponse></batchResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>