NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Description | Exit Status | Examples | Attributes | See Also
install-path/dps6/bin/dpconf subcommand [global-options] [subcommand-options] [subcommand-operands]
The dpconf command manages the configuration of Directory Proxy Server. An instance of Directory Proxy Server must be running in order for you to run the dpconf command.
The following subcommands are supported:
Add a JDBC attribute by using a SQL table.
Add a virtual transformation to a data view.
Attach one or more JDBC data sources to a JDBC data source pool.
Attach one or more LDAP data sources to an LDAP data source pool.
Create one or more new connection handlers.
Create one or more new custom search size limits for a resource limits policy.
Create a JDBC data source that corresponds to an existing JDBC database.
Create one or more JDBC data source pools.
Create a data view that enables LDAP applications to view JDBC tables.
Create a JDBC object class and attach it to a JDBC data view. At least one JDBC table, the primary table, must be specified. Additional tables can be specified if the JDBC data view is to be a join data view of more than one JDBC table.
Create a JDBC table.
Create a virtual data view that combines or aggregates two separate data views. One of these data views is the primary data view, and the other the secondary data view. Before you can create a join data view, you must define at least one join rule on the secondary data view. To define join rules, set the dn-join-rule or filter-join-rule properties of the secondary data view.
Create a new LDAP data source.
Create one or more new LDAP data source pools.
Create a new LDAP data view.
Create a new LDIF data view.
Create one or more new request filtering policies.
Create one or more new resource limits policies.
Create one or more new search data hiding rules for a request filtering policy.
Create a new user mapping.
Delete existing connection handlers.
Delete existing custom search size limit for a resource limits policy.
Delete one or more JDBC data sources.
Delete one or more JDBC data source pools.
Delete one or more JDBC data views.
Delete one or more JDBC object classes.
Delete one or more JDBC tables.
Delete a join data view.
Delete existing LDAP data sources.
Delete existing LDAP data source pools.
Delete existing LDAP data views.
Delete existing LDIF data views.
Delete existing request filtering policies.
Delete existing resource limits policies.
Delete an existing search data hiding rule.
Delete existing user mappings.
Detach JDBC data sources from a JDBC data source pool.
Detach LDAP data sources from an LDAP data source pool.
View the properties of the access log.
View the properties of an attached LDAP data source.
View the properties of a connection handler.
View the properties of custom search size limits for a resource limits policy.
View the properties of the error log.
View the properties of a JDBC attribute.
View the properties of a JDBC data source pool.
View the properties of a JDBC data source.
View the properties of a JDBC data view.
View the properties of a JDBC object class.
View the properties of a JDBC table.
View the properties of a join data view.
View the properties of an LDAP data source pool.
View the properties of an LDAP data source.
View the properties of an LDAP data view.
View the properties of the LDAP listener.
View the properties of the LDAPS listener.
View the properties of an LDIF data view.
View the properties of a request filtering policy.
View the properties of the resource limits policy
View the properties of search data hiding rules for a request filtering policy.
View the properties of a Directory Proxy Server.
View the properties of a user mapping.
View the properties of the data view defined to provide access to virtual ACIs.
View the properties of a virtual transformation. Virtual transformation properties that can be specified include action, attr-name, model, internal-value and view-value.
View information about the properties exposed by subcommands.
Display information about server configuration.
List JDBC data sources that are attached to a data source pool.
List LDAP data sources that are attached to a data source pool.
List the existing connection handlers.
List the existing custom search size limits for a resource limits policy.
List the JDBC attributes that have been defined using SQL tables.
List the existing JDBC data source pools.
List the existing JDBC data sources.
List the JDBC object classes that are attached to a JDBC data view.
List all JDBC tables.
List the existing join data views.
List the existing LDAP data source pools.
List the existing LDAP data sources.
List the existing LDAP data views.
List the existing LDIF data views.
List the existing request filtering policies.
List the existing resource limits policies.
List the existing search data hiding rules for a request filtering policy.
List the existing user mappings.
List the virtual transformations that are defined on a data view.
Delete a JDBC attribute.
Delete a virtual transformation.
Launch the rotation of a log file.
Change the properties of the access log. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of an attached LDAP data source. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a connection handler. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of custom search size limits for a resource limits policy. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of the error log. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a JDBC attribute. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a JDBC data source pool. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a JDBC data source. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a JDBC data view. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a JDBC object class. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a JDBC table. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a join data view. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of an LDAP data source pool. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of an LDAP data source. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of an LDAP data view. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of the LDAP listener. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of the LDAPS listener. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of an LDIF data view. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a request filtering policy. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a resource limits policy. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of search data hiding rules for a request filtering policy. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a Directory Proxy Server instance. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a user mapping. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of the data view defined to provide access to virtual ACIs. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Change the properties of a virtual transformation that was defined on the data view. If you do not specify a VAL, the value of the property is reset.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
The following options are global to all commands and subcommands:
Displays help information for a command or subcommand.
Does not ask for confirmation before accepting untrusted server certificates.
Binds as USER_DN. The dpconf command searches for a USER_DN value in the following order:
A USER_DN specified in the command line
A USER_DN set by using the $LDAP_ADMIN_USER environment variable
If none of these are found, the default is to bind as the cn=Proxy Manager user.
Connects over LDAP with no secure connection. To connect over a clear connection by default, set the DIR_PROXY_UNSECURED environment variable.
Connects to the proxy server on HOST. The dpconf command searches for a HOST value in the following order:
A HOST specified in the command line
A HOST set by using the $DIR_PROXY_HOST environment variable
If none of these are found, the default is to use the local host.
Does not ask for confirmation or passwords.
Does not ask for confirmation before rejecting untrusted server certificates in this session.
Connects to the proxy on PORT. The dpconf command searches for a PORT value in the following order:
A PORT specified in the command line
A PORT set by using the $DIR_PROXY_PORT environment variable
If none of these are found, the default is to use port 389.
This option is mutually exclusive with -P,--secure-port.
Connects over SSL to the proxy on PORT. The dpconf command searches for a PORT value in the following order:
A PORT specified in the command line
A PORT set by using the $DIR_PROXY_PORT environment variable
If none of these are found, the default is to use port 1636.
This option is mutually exclusive with -p,--port.
Displays help properties and their corresponding attributes in cn=config.
Displays extra information. This option is especially useful in the list subcommands. For an example of the use of the verbose option, see Example 5.
Displays the current version of dpconf. The version is provided in the format year.monthday.time. So version number 2007.1204.0035 was built on December 4th, 2007 at 00h35. If the components used by dpconf are not aligned, the version of each individual component is displayed.
Specifies that the LDAP password is read from FILE. The dpconf command searches for a password FILE value in the following order:
A password or password file specified in the command line
A password file set by using the $LDAP_ADMIN_PWF environment variable
If none of these are found, the default is to prompt for the password.
The following options can be used with the subcommands:
The name of the JDBC database for which you create a JDBC data source.
The URL to the JDBC database for which you create a JDBC data source.
Modifies the display output to show one property value per line.
The URL to the JDBC driver.
Display time data with UNIT unit. The value for UNIT can be M, w, d, h, m, s, or ms (month, week, day, hour, minute, second, or milisecond).
The class of the JDBC driver.
Display memory size data with UNIT unit. The value for UNIT can be T, G, M, k, or b (Terabyte, Gigabyte, Megabyte, kilobyte, or byte).
The following operands can be used with the subcommands:
Describes what a transformation does to its target entry or entries. The following transformation actions are possible:
add-attr Add a new attribute. The value of the new attribute is defined by the PARAM operand.
add-attr-value Add a calculated value to an existing attribute. The value that must be added is defined by the PARAM operand.
attr-value-mapping Map one attribute to another attribute to provide the attribute value. The value is defined by the internal-value and view-value PARAM operands.
def-value Add a default value to an existing attribute. The value that must be added is defined by the PARAM operand.
remove-attr Remove an attribute.
remove-attr-value Remove a value from an existing attribute. This action is usually used in the case of multi-value attributes when one of the values should be removed.
The name of a virtual attribute or JDBC attribute to be added or removed.
The name of a column in an SQL table.
The name of an SQL table.
The pattern that should be used to construct a DN from a JDBC table.
Contacts the LDAP server on the specified host, which may be a host name or an IP address.
For example, when mapping the IPv4 address 192.168.0.99 to IPv6, pass the -h option with its argument as -h ::ffff:192.168.0.99.
The name of a JDBC data view.
The name of a join data view.
The name of a file on the Directory Proxy Server that contains the LDIF data.
The name of a custom search size limit.
The type of log, log type can be access or error.
The direction in which a transformation action will be applied. The transformation model can be one of mapping, read, or write.
A mapping transformation is applied during the request, and its inverse is applied during the response. A write transformation is applied during the request, but not during the response. A write transformation changes the physical data in storage. A read transformation is applied only during the response to a request.
The name of an object to be created or deleted, or the name of an object for which you are getting or setting properties.
The name of a JDBC object class.
The parameters to be applied to a virtual transformation. Depending on the transformation, PARAM can be one or more of the following:
value specifies the value of the virtual attribute for all transformation actions other than attrValueMapping.
internal-value:value used only with the attrValueMapping transformation action. Specifies the value of the virtual attribute that should be written to the physical data source.
view-value:value used only with the attrValueMapping transformation action. Specifies the value of the virtual attribute that should be returned to the client.
The name of the resource limits policy or request filtering policy to which limits or rules are to be applied.
The name of an existing LDAP or JDBC data source pool.
The port number of the object to be created.
The name of the primary data view that is the source for a join data view.
The name of the primary table in a JDBC database.
The name of the property. For a list of property names and values, use this command:
dpconf help-properties.
The rws and rwd keywords of a property indicate whether changes to the property require the server to be restarted. If a property has an rws (read, write, static) keyword, the server must be restarted when the property is changed. If a property has an rwd (read, write, dynamic) keyword, modifications to the property are implemented dynamically (without restarting the server).
For multi-valued properties, use the syntax PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Multi-valued properties are identified by the M keyword. For a list of multi-valued properties, use this command:
dpconf help-properties | grep " M "
The name of a search data hiding rule.
The name of the secondary data view that is the source for a join data view.
The name of the secondary table in a JDBC database.
The name of an LDAP or JDBC data source.
The DN of the suffix represented by the data view.
The name of a JDBC table.
The name of a virtual transformation.
The DN of the user to be mapped.
The name of the password file, or the value - meaning to prompt for the password.
The new value of the property. For a complete list of property names and values, use the command dpconf help-properties -v.
When the VAL operand is used for passwords, it can have the following values:
The name of the password file.
The value -, meaning to prompt for the password.
The name of a data view.
Syntax values shown in lower case or partly in lower case are literal values.
Those shown in upper case are syntax types, defined as follows:
A valid attribute type name such as cn or objectClass.
true or false.
A valid distinguished name such as ou=People,dc=example,dc=com.
A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.
DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.
A valid e-mail address.
An IP address or host name.
A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.
An interval value of the form hhmm-hhmm 0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).
An IP address or range of address in one of the following formats:
IP address in dotted decimal form.
IP address and bits, in the form of network number/mask bits.
IP address and quad, in the form of a pair of dotted decimal quads.
All address. A catch-all for clients that are note placed into other, higher priority groups.
0.0.0.0. This address is for groups to which initial membership is not considered. For example, for groups that clients switch to after their initial bind.
IP address of the local host.
A valid LDAP URL as specified by RFC 2255.
A memory size specified in gigabytes (G), megabytes (M),kilobytes (k), or bytes (b). Unlike DURATION properties, MEMORY_SIZE properties cannot combine multiple specifiers. However, MEMORY_SIZE properties allow decimal values, for example, 1.5M.
A valid cn (common name).
A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.
The full path to the file from which the bind password should be read.
A valid, absolute file system path.
A DirectoryString value, as specified by RFC 2252.
An SSL cipher supported by the server. See the Reference for a list of supported ciphers.
An SSL protocol supported by the server. See the Reference for a list of supported protocols.
A time of the form hhmm in 24-hour format, where hh stands for hours and mm stands for minutes.
This section contains examples of how the dpconf command is used.
This example shows how to get help for using a subcommand:
$ dpconf create-connection-handler -? Usage: dpconf create-connection-handler NAME [NAME ...] Create new connection handlers For global options, use dpconf --help. NAME The name of a connection handler For more information, see dpconf(1M). |
This example shows how to get information about the properties of the resource limits policy.
To view the properties exposed by all of the dpconf subcommands, run this command:
$ dpconf help-properties |
This example shows how to get the access log properties, specifying that the log-rotation-size property is quoted in bytes.
$ dpconf get-access-log-prop -h host -p port -Z b default-log-level : info log-file-name : logs/access log-file-perm : 600 log-level-client-connections : - log-level-client-disconnections : - log-level-client-operations : - log-level-connection-handlers : - log-level-data-sources : - log-level-data-sources-detailed : - log-rotation-frequency : 1h log-rotation-policy : size log-rotation-size : 104,857,600b log-rotation-start-day : 1 log-rotation-start-time : 0000 log-search-filters : false max-log-files : 10 |
This example shows how to define customized limits for search operations, based on the search base and search scope.
Create a custom search limit.
$ dpconf create-custom-search-size-limit -h host -p port POLICY-NAME LIMIT-NAME |
Set the criteria for the custom search limit.
$ dpconf set-custom-search-size-limit-prop -h host -p port POLICY-NAME LIMIT-NAME one-level-search-base-dn:VALUE subtree-search-base-dn:VALUE |
Define the limit for the number of results returned when a search meets one of the above criteria.
$ dpconf set-custom-search-size-limit-prop -h host -p port POLICY-NAME CUSTOM-SEARCH-LIMIT-NAME search-size-limit:VALUE |
View the properties of a custom search limit.
$ dpconf get-custom-search-size-limit-prop -h host -p port POLICY-NAME LIMIT-NAME |
This example shows how to view the properties of one connection handler and how to compare the properties of a set of connection handlers.
View all of the properties of one connection handler.
$ dpconf get-connection-handler-prop -h host -p port CONNECTION-HANDLER-NAME |
These are the default properties of a connection handler:
allowed-auth-methods : anonymous allowed-auth-methods : sasl allowed-auth-methods : simple allowed-ldap-ports : ldap allowed-ldap-ports : ldaps bind-dn-filters : any data-view-routing-custom-list : - data-view-routing-policy : all-routable description : - domain-name-filters : any enable-data-view-affinity : false ip-address-filters : any is-enabled : false is-ssl-mandatory : false priority : 99 request-filtering-policy : no-filtering resource-limits-policy : no-limits user-filter : any |
View the key properties and relative priorities of all of the connection handlers.
$ dpconf list-connection-handlers -v Name is-enabled priority description -------------------------- ---------- -------- --------------------------- anonymous false 99 unauthenticated connections myconnectionhandler true 99 - default connection handler true 100 default connection handler |
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWldap-proxy |
Stability Level |
Evolving |
dpadm(1M), dsconf(1M), and dsadm(1M)
NAME | Synopsis | Description | SUBCOMMANDS | GLOBAL OPTIONS | SUBCOMMAND OPTIONS | SUBCOMMAND OPERANDS | Description | Exit Status | Examples | Attributes | See Also