Starting and Stopping Your Server Instance
Configuring the Server Instance
Managing Administration Traffic to the Server
Overview of the Administration Connector
Accessing Administrative Suffixes
To Configure the Administration Connector
Configuring the Server With dsconfig
Overview of the dsconfig Command
Using dsconfig in Interactive Mode
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers
To Display All Connection Handlers
Configuring the LDAP Connection Handler
To Control Which Clients Have LDAP Access to the Directory Server
Configuring the LDIF Connection Handler
To Enable the JMX Alert Handler Through the LDIF Connection Handler
Configuring the JMX Connection Handler
To Change the Port on Which the Server Listens for JMX Connections
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
To Display the List of Plug-Ins
To Enable or Disable a Plug-In
Utilities That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
To Manage Tasks by Using the Control Panel
Deploying and Configuring the DSML Gateway
Deploying the DSML Gateway in Apache Tomcat
Deploying the DSML Gateway in Glassfish
Deploying the DSML Gateway in Sun Java System Web Server 7
Confirming the DSML Gateway Deployment
To Confirm the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
Deploying and Configuring the NameFinder Application
Deploying NameFinder in Apache Tomcat
Deploying NameFinder in Glassfish
Deploying NameFinder in Sun Java System Web Server 7
Confirming the NameFinder Deployment
To Confirm the NameFinder Deployment
Configuring the Proxy Components
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
The following sections show various examples of managing plug-in configuration using dsconfig. dsconfig uses the administration connector to access the server. All of the examples in this section assume that the administration connector is listening on the default port (4444) and that the command is accessing the server running on the local host. If this is not the case, the --port and --hostname options must be specified.
dsconfig always accesses the server over a secured connection with certificate authentication. If you run dsconfig in interactive mode, you are prompted as to how you want to trust the certificate. If you run dsconfig in non-interactive mode (that is, with the -n option) you must specify the -X or --trustAll option, otherwise the command will fail.
This example shows a directory server configured with the current supported plug-ins. For a description of these plug-ins and their purpose, see “The Plug-In Configuration” in .
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ list-plugins
Depending on your installation, the output will be similar to the following.
Plugin : Type : enabled --------------------------------:---------------------------------:-------- 7-Bit Clean : seven-bit-clean : false Entry UUID : entry-uuid : true LastMod : last-mod : true LDAP Attribute Description List : ldap-attribute-description-list : true Password Policy Import : password-policy-import : true Profiler : profiler : true Referential Integrity : referential-integrity : false UID Unique Attribute : unique-attribute : false
The output of the command shows (from left to right):
Plug-in. The name of the plug-in, usually descriptive of what it does.
Type. The type of plug-in. It is possible to have more then one plug-in of a specific type.
Enabled. Plug-ins can either be enabled of disabled. Disabled plug-ins remain in the server configuration but do not perform any processing.
The easiest way to configure plug-ins is to use dsconfig in interactive mode. Interactive mode walks you through the plug-in configuration, and is therefore not documented here.
This example creates a new Password Policy Import Plug-in by using dsconfig in non-interactive mode.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ create-plugin \ --type password-policy-import --plugin-name "My Password Policy Import Plugin" \ --set enabled:true
You can enable or disable a plug-in by setting the enabled property to true or false. This example disables the Password Policy Import plug-in created in the previous example.
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ set-plugin-prop \ --plugin-name "My Password Policy Import Plugin" --set enabled:false
To display the properties of a plug-in, use the get-plugin-prop subcommand. To change the properties of a plug-in, use the set-plugin-prop subcommand. This example displays the properties of the plug-in created in the previous example, then enables the plug-in and sets the default authentication password storage scheme to Salted SHA-512.
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ get-plugin-prop \ --plugin-name "My Password Policy Import Plugin"
Depending on your installation, the output will be similar to the following.
Property : Value(s) -------------------------------------:--------- default-auth-password-storage-scheme : - default-user-password-storage-scheme : - enabled : false
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ set-plugin-prop \ --plugin-name "My Password Policy Import Plugin" --set enabled:true\ --set default-auth-password-storage-scheme:"Salted SHA-512"
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ get-plugin-prop \ --plugin-name "My Password Policy Import Plugin" Property : Value(s) -------------------------------------:--------------- default-auth-password-storage-scheme : Salted SHA-512 default-user-password-storage-scheme : - enabled : true
By default, the order in which plug-ins are invoked is undefined. You can specify that plug-ins be invoked in a specific order by using the set-plugin-root-prop --set plugin-type:value subcommand. The value in this case is the plug-in order, expressed as a comma-delimited list of plug-in names. The plug-in order string should also include a single asterisk element, which is a wildcard that will match any plug-in that is not explicitly named.
This example specifies that the Entry UUID plug-in should be invoked before any other pre-operation add plug-ins.
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ get-plugin-root-prop Property : Value(s) --------------------------------------------:--------- plugin-order-intermediate-response : - plugin-order-ldif-export : - plugin-order-ldif-import : - plugin-order-post-connect : - ...
$ dsconfig -h localhost -p 4444 -D cn="Directory Manager" -w password -n \ set-plugin-root-prop \ --set plugin-order-pre-operation-add:"Entry UUID,*"
Note - Plug-in order values are not validated. Values that do not match defined plug-ins are ignored.