The dsconfig command-line utility provides a simple mechanism for accessing the directory server configuration. dsconfig presents the server configuration as a set of components, each of which can be managed through one or more subcommands.
dsconfig can also be used interactively. In interactive mode, dsconfig functions much like a wizard, walking you through the server configuration. For more information, see Using dsconfig in Interactive Mode.
dsconfig can only be used to configure a running directory server instance. Offline configuration is not supported by dsconfig.
Like the other administration commands, dsconfig uses the administration connector to access the server. For more information, see Managing Administration Traffic to the Server. All of the examples in this section assume that the administration connector is listening on the default port (4444) and that the command is accessing the server running on the local host. If this is not the case, the --port and --hostname options must be specified.
dsconfig accesses the server over a secured connection with certificate authentication. If you run dsconfig in interactive mode, you are prompted as to how you want to trust the certificate.
If you run dsconfig in non-interactive mode (that is, with the -n option), specification of the trust store parameters depends on whether you run the command locally or remotely.
Running dsconfig locally. (The command is launched on the server that you are administering.) If you do not specify the trust store parameters, the server uses the local instance trust store by default. Unless you specify otherwise, the local instance trust is install-dir/OpenDS-version/config/admin-truststore.
Running dsconfig remotely. (The command is launched on a different server to the one you are administering.) You must specify the trust store parameters or the -X (--trustAll) option. The easiest way to specify the trust store parameters is to run the command once in interactive mode and to save the certificate that is presented by the server in your trust store.
$ dsconfig >>>> >>>> Specify OpenDS LDAP connection parameters Directory server hostname or IP address [host1.example.com]: Directory server administration port number : How do you want to trust the server certificate? 1) Automatically trust 2) Use a truststore 3) Manually validate Enter choice : 3 Administrator user bind DN [cn=Directory Manager]: Password for user 'cn=Directory Manager': Server Certificate: User DN : CN=host1.example.com, O=Administration Connector Self-Signed Certificate Validity : From 'Wed Apr 29 11:13:21 MEST 2009' To 'Fri Apr 29 11:13:21 MEST 2011' Issuer : CN=host1.example.com, O=Administration Connector Self-Signed Certificate Do you trust this server certificate? 1) No 2) Yes, for this session only 3) Yes, also add it to a truststore 4) View certificate details Enter choice : 3 Truststore path: /local/instances/certificates/jctruststore Password for keystore '/local/instances/certificates/jctruststore': ...
When you have saved the certificate in the trust store, you can specify those trust store parameters in non-interactive mode.
$ dsconfig list-connection-handlers -n --trustStorePath /local/instances/certificates/jctruststore --trustStorePasswordFile /local/instances/certificates/jctruststore.pin -w password Connection Handler : Type : enabled : listen-port : use-ssl -------------------------:------:---------:-------------:-------- JMX Connection Handler : jmx : false : 1689 : false LDAP Connection Handler : ldap : true : 1389 : false LDAPS Connection Handler : ldap : false : 636 : true LDIF Connection Handler : ldif : false : -
dsconfig provides an intuitive list of subcommands to manage various elements of the configuration.
For example, the following five subcommands are used to manage connection handlers:
Using these subcommands, you can add, delete, list, view, and modify connection handlers. The dsconfig command presents similar subcommands for other components, which follow similar naming conventions:
Not all types of components can be created and deleted. For example, a directory server has only a single global configuration. For this reason, the global configuration is managed with only two subcommands:
The configurable properties of all components can be queried and modified to change the behavior of the component. For example, an LDAP connection has properties that determine its IP listener address, its port, and its SSL configuration.
There are a number of directory server properties that are considered advanced properties. The advanced properties are not displayed by default. The advanced properties have default values that apply in most cases. If you want to modify the values or the advanced properties, use --advanced before the subcommand. For example:
$ dsconfig --advanced get-extension-prop