| Exit Print View | |
Sun OpenDS Standard Edition 2.2 Administration Guide |
|
|
|
Starting and Stopping Your Server Instance
Configuring the Server Instance
Managing Administration Traffic to the Server
Overview of the Administration Connector
Accessing Administrative Suffixes
To Configure the Administration Connector
Configuring the Server With dsconfig
Using dsconfig in Interactive Mode
To Display the Properties of a Component
To Modify the Properties of a Component
To Modify the Values of a Multi-Valued Property
Configuring the Connection Handlers
To Display All Connection Handlers
Configuring the LDAP Connection Handler
To Control Which Clients Have LDAP Access to the Directory Server
Configuring the LDIF Connection Handler
To Enable the JMX Alert Handler Through the LDIF Connection Handler
Configuring the JMX Connection Handler
To Change the Port on Which the Server Listens for JMX Connections
Configuring Plug-Ins With dsconfig
Modifying the Plug-In Configuration
To Display the List of Plug-Ins
To Enable or Disable a Plug-In
To Display and Configure Plug-In Properties
To Configure Plug-In Invocation Order
Utilities That Can Schedule Tasks
Controlling Which Tasks Can Be Run
Scheduling and Configuring Tasks
To Configure Task Notification
To Configure Task Dependencies
Managing and Monitoring Scheduled Tasks
To Obtain Information About Scheduled Tasks
To Manage Tasks by Using the Control Panel
Deploying and Configuring the DSML Gateway
Deploying the DSML Gateway in Apache Tomcat
Deploying the DSML Gateway in Glassfish
Deploying the DSML Gateway in Sun Java System Web Server 7
Confirming the DSML Gateway Deployment
To Confirm the DSML Gateway Deployment with JXplorer
Confirming the DSML Gateway Deployment with the Directory Server Resource Kit
Deploying and Configuring the NameFinder Application
Deploying NameFinder in Apache Tomcat
Deploying NameFinder in Glassfish
Deploying NameFinder in Sun Java System Web Server 7
Confirming the NameFinder Deployment
To Confirm the NameFinder Deployment
Configuring the Proxy Components
Configuring Security Between Clients and Servers
Configuring Security Between the Proxy and the Data Source
Configuring Servers With the Control Panel
The dsconfig command-line utility provides a simple mechanism for accessing the directory server configuration. dsconfig presents the server configuration as a set of components, each of which can be managed through one or more subcommands.
dsconfig can also be used interactively. In interactive mode, dsconfig functions much like a wizard, walking you through the server configuration. For more information, see Using dsconfig in Interactive Mode.
Note -
dsconfig can only be used to configure a running directory server instance. Offline configuration is not supported by dsconfig.
Like the other administration commands, dsconfig uses the administration connector to access the server. For more information, see Managing Administration Traffic to the Server. All of the examples in this section assume that the administration connector is listening on the default port (4444) and that the command is accessing the server running on the local host. If this is not the case, the --port and --hostname options must be specified.
dsconfig also allows you to configure a number of the proxy components. If you have installed a Sun OpenDS Standard Edition proxy, refer to dsconfig in Sun OpenDS Standard Edition 2.2 Command-Line Usage Guide for a list of the supported dsconfig subcommands
dsconfig accesses the server over a secured connection with certificate authentication. If you run dsconfig in interactive mode, you are prompted as to how you want to trust the certificate.
If you run dsconfig in non-interactive mode (that is, with the -n option), specification of the trust store parameters depends on whether you run the command locally or remotely.
Running dsconfig locally. (The command is launched on the server that you are administering.) If you do not specify the trust store parameters, the server uses the local instance trust store by default. Unless you specify otherwise, the local instance trust is install-dir/OpenDS-version/config/admin-truststore.
Running dsconfig remotely. (The command is launched on a different server to the one you are administering.) You must specify the trust store parameters or the -X (--trustAll) option. The easiest way to specify the trust store parameters is to run the command once in interactive mode and to save the certificate that is presented by the server in your trust store.
$ dsconfig
>>>> >>>> Specify OpenDS LDAP connection parameters
Directory server hostname or IP address [host1.example.com]:
Directory server administration port number [4444]:
How do you want to trust the server certificate?
1) Automatically trust
2) Use a truststore
3) Manually validate
Enter choice [3]: 3
Administrator user bind DN [cn=Directory Manager]:
Password for user 'cn=Directory Manager':
Server Certificate:
User DN : CN=host1.example.com, O=Administration Connector Self-Signed Certificate
Validity : From 'Wed Apr 29 11:13:21 MEST 2009'
To 'Fri Apr 29 11:13:21 MEST 2011'
Issuer : CN=host1.example.com, O=Administration Connector Self-Signed Certificate
Do you trust this server certificate?
1) No
2) Yes, for this session only
3) Yes, also add it to a truststore
4) View certificate details
Enter choice [2]: 3
Truststore path: /local/instances/certificates/jctruststore
Password for keystore '/local/instances/certificates/jctruststore':
...
When you have saved the certificate in the trust store, you can specify those trust store parameters in non-interactive mode.
$ dsconfig -h localhost -p 4444 list-connection-handlers -n \ --trustStorePath /local/instances/certificates/jctruststore \ --trustStorePasswordFile /local/instances/certificates/jctruststore.pin -w password Connection Handler : Type : enabled : listen-port : use-ssl -------------------------:------:---------:-------------:-------- JMX Connection Handler : jmx : false : 1689 : false LDAP Connection Handler : ldap : true : 1389 : false LDAPS Connection Handler : ldap : false : 636 : true LDIF Connection Handler : ldif : false : -
dsconfig provides an intuitive list of subcommands to manage various elements of the configuration.
Using these subcommands, you can add, delete, list, view, and modify different components:
|
For example, the following five subcommands are used to manage connection handlers:
|
Not all types of components can be created and deleted. For example, a directory server has only a single global configuration. For this reason, the global configuration is managed with only two subcommands:
|
The configurable properties of all components can be queried and modified to change the behavior of the component. For example, an LDAP connection has properties that determine its IP listener address, its port, and its SSL configuration.
There are a number of the Sun OpenDS Standard Edition component properties that are considered advanced properties. The advanced properties are not displayed by default. The advanced properties have default values that apply in most cases. If you want to modify the values or the advanced properties, use --advanced before the subcommand. For example:
$ dsconfig --advanced get-extension-prop
|
|