Configuring the Directory Server
Managing Administration Traffic to the Server
Overview of the Administration Connector
Accessing Administrative Suffixes
To Configure the Administration Connector
Configuring the Directory Server With dsconfig
Using dsconfig in Interactive Mode
Configuring a Directory Server Instance
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers
To Display All Connection Handlers
Configuring the LDAP Connection Handler
To Control Which Clients Have LDAP Access to the Directory Server
Configuring the LDIF Connection Handler
To Enable the JMX Alert Handler Through the LDIF Connection Handler
Configuring the JMX Connection Handler
To Change the Port on Which the Server Listens for JMX Connections
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
To Display the List of Plug-Ins
To Enable or Disable a Plug-In
To Display and Configure Plug-In Properties
To Configure Plug-In Invocation Order
Utilities That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
Managing the Directory Server With the Control Panel
To Specify the Trust Manager Provider and Trust Store Algorithm Used by the Control Panel
Configuring and Testing the DSML Gateway
Deploying the DSML Gateway in Apache Tomcat
Deploying the DSML Gateway in Glassfish
Deploying the DSML Gateway in Sun Java System Web Server 7
Confirming the DSML Gateway Deployment
Confirming the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
The dsconfig command-line utility provides a simple mechanism for accessing the directory server configuration. dsconfig presents the server configuration as a set of components, each of which can be managed through one or more subcommands.
dsconfig can also be used interactively. In interactive mode, dsconfig functions much like a wizard, walking you through the server configuration. For more information, see Using dsconfig in Interactive Mode.
Note -
dsconfig can only be used to configure a running directory server instance. Offline configuration is not supported by dsconfig.
Like the other administration commands, dsconfig uses the administration connector to access the server. For more information, see Managing Administration Traffic to the Server. All of the examples in this section assume that the administration connector is listening on the default port (4444) and that the command is accessing the server running on the local host. If this is not the case, the --port and --hostname options must be specified.
dsconfig accesses the server over a secured connection with certificate authentication. If you run dsconfig in interactive mode, you are prompted as to how you want to trust the certificate.
If you run dsconfig in non-interactive mode (that is, with the -n option), specification of the trust store parameters depends on whether you run the command locally or remotely.
Running dsconfig locally. (The command is launched on the server that you are administering.) If you do not specify the trust store parameters, the server uses the local instance trust store by default. Unless you specify otherwise, the local instance trust is install-dir/OpenDS-version/config/admin-truststore.
Running dsconfig remotely. (The command is launched on a different server to the one you are administering.) You must specify the trust store parameters or the -X (--trustAll) option. The easiest way to specify the trust store parameters is to run the command once in interactive mode and to save the certificate that is presented by the server in your trust store.
$ dsconfig >>>> >>>> Specify OpenDS LDAP connection parameters Directory server hostname or IP address [host1.example.com]: Directory server administration port number [4444]: How do you want to trust the server certificate? 1) Automatically trust 2) Use a truststore 3) Manually validate Enter choice [3]: 3 Administrator user bind DN [cn=Directory Manager]: Password for user 'cn=Directory Manager': Server Certificate: User DN : CN=host1.example.com, O=Administration Connector Self-Signed Certificate Validity : From 'Wed Apr 29 11:13:21 MEST 2009' To 'Fri Apr 29 11:13:21 MEST 2011' Issuer : CN=host1.example.com, O=Administration Connector Self-Signed Certificate Do you trust this server certificate? 1) No 2) Yes, for this session only 3) Yes, also add it to a truststore 4) View certificate details Enter choice [2]: 3 Truststore path: /local/instances/certificates/jctruststore Password for keystore '/local/instances/certificates/jctruststore': ...
When you have saved the certificate in the trust store, you can specify those trust store parameters in non-interactive mode.
$ dsconfig list-connection-handlers -n --trustStorePath /local/instances/certificates/jctruststore --trustStorePasswordFile /local/instances/certificates/jctruststore.pin -w password Connection Handler : Type : enabled : listen-port : use-ssl -------------------------:------:---------:-------------:-------- JMX Connection Handler : jmx : false : 1689 : false LDAP Connection Handler : ldap : true : 1389 : false LDAPS Connection Handler : ldap : false : 636 : true LDIF Connection Handler : ldif : false : -
dsconfig provides an intuitive list of subcommands to manage various elements of the configuration.
For example, the following five subcommands are used to manage connection handlers:
|
Using these subcommands, you can add, delete, list, view, and modify connection handlers. The dsconfig command presents similar subcommands for other components, which follow similar naming conventions:
|
Not all types of components can be created and deleted. For example, a directory server has only a single global configuration. For this reason, the global configuration is managed with only two subcommands:
|
The configurable properties of all components can be queried and modified to change the behavior of the component. For example, an LDAP connection has properties that determine its IP listener address, its port, and its SSL configuration.
There are a number of directory server properties that are considered advanced properties. The advanced properties are not displayed by default. The advanced properties have default values that apply in most cases. If you want to modify the values or the advanced properties, use --advanced before the subcommand. For example:
$ dsconfig --advanced get-extension-prop