Exit Print View

Sun OpenDS Standard Edition 2.0 Administration Guide

Get PDF Book Print View
 

Document Information

Configuring the Directory Server

Managing Administration Traffic to the Server

Overview of the Administration Connector

Accessing Administrative Suffixes

To Configure the Administration Connector

Configuring the Directory Server With dsconfig

Overview of the dsconfig Command

Using dsconfig in Interactive Mode

Getting Help With dsconfig

Configuring a Directory Server Instance

To Display the Properties of a Component

To List Components

To Modify the Properties of a Component

To Modify the Values of a Multi-Valued Property

To Create a Component

To Delete a Component

Configuring the Connection Handlers

To Display All Connection Handlers

Configuring the LDAP Connection Handler

To Control Which Clients Have LDAP Access to the Directory Server

Configuring the LDIF Connection Handler

To Enable the JMX Alert Handler Through the LDIF Connection Handler

Configuring the JMX Connection Handler

To Change the Port on Which the Server Listens for JMX Connections

Configuring Plug-Ins With dsconfig

Overview of Plug-In Types

Modifying the Plug-In Configuration

To Display the List of Plug-Ins

To Create a New Plug-In

To Enable or Disable a Plug-In

To Display and Configure Plug-In Properties

To Configure Plug-In Invocation Order

Configuring Commands As Tasks

Utilities That Can Schedule Tasks

Controlling Which Tasks Can Be Run

Scheduling and Configuring Tasks

To Schedule a Task

To Schedule a Recurring Task

To Configure Task Notification

To Configure Task Dependencies

Managing and Monitoring Scheduled Tasks

To Obtain Information About Scheduled Tasks

To Cancel a Scheduled Task

To Cancel a Recurring Task

Managing the Directory Server With the Control Panel

To Start the Control Panel

To Specify the Trust Manager Provider and Trust Store Algorithm Used by the Control Panel

Configuring and Testing the DSML Gateway

Deploying the DSML Gateway

Deploying the DSML Gateway in Apache Tomcat

Deploying the DSML Gateway in Glassfish

Deploying the DSML Gateway in Sun Java System Web Server 7

Configuring the DSML Gateway

Confirming the DSML Gateway Deployment

Confirming the DSML Gateway Deployment with JXplorer

Confirming the DSML Gateway Deployment with the Directory Server Resource Kit

Configuring Security in the Directory Server

Managing Directory Data

Controlling Access To Data

Replicating Data

Managing Users and Groups

Directory Server Monitoring

Improving Performance

Advanced Administration

Configuring a Directory Server Instance

The dsconfig command is the recommended utility for accessing the server configuration. Accessing the configuration directly over LDAP, using the ldap* utilities is discouraged.

To Display the Properties of a Component

Each component has one or more properties that can be displayed by using the component's get-xxx-prop subcommand. Each component is associated with a single LDAP entry in the server configuration, and each property is associated with a single LDAP attribute.

To List Components

Where more than one instance of a component can exist (for example, it is possible to have more than one connection handler), a summary of the instances can be obtained by using the component's list-xxxs subcommand.

To Modify the Properties of a Component

The properties of a component can be modified by using the component's set-xxx-prop subcommand. Multiple properties can be modified at the same time by using multiple occurrences of the --set option. The following example uses the set-connection-handler-prop subcommand to modify the properties of a connection handler.


Note - Many components have a Java class property that specifies the name of a Java class to be used as the implementation of the component. Do not modify this property, as doing so could prevent your server from operating correctly. These properties are treated as advanced properties and hidden from view unless you run dsconfig with the --advanced option.


To Modify the Values of a Multi-Valued Property

You can set multiple values for a property by using the --set and --add options in successive dsconfig commands.


Note - You cannot use the --set and --add options simultaneously in the same command.


To set more than one value for a property that currently has no values, use the --set option to set the first value, and the --add option (in a separate command) for subsequent values. You cannot use the --add option if the property does not have an existing value, either a default value or a value that you have already set.


Note - Many components have a Java class property that specifies the name of a Java class to be used as the implementation of the component. Do not modify this property, as doing so could prevent your server from operating correctly. These properties are treated as advanced properties and hidden from view unless you run dsconfig with the --advanced option.


The following example sets multiple values for the allowed-client property.

To Create a Component

New instances of a component can be created by using the component's create-xxx subcommand. Often there are several subtypes of the component. For example, there are currently three types of connection handler: LDAP, JMX, and LDIF. Because all of these are created by using the same subcommand, you must specify the type of component that you want to create. Do this by using the subcommand's -t or --type.

When you create a new component, you must specify the component's mandatory properties. The mandatory properties depend on the type of component that is being created. For example, an LDAP connection handler might have different mandatory properties to a JMX connection handler. If a mandatory property is left undefined, dsconfig enters interactive mode and prompts you for the undefined properties. If you include the -n (non-interactive) option, dsconfig fails to create the component and displays an error message indicating which properties need to be defined.

  1. Display the types of connection handler that can be created by accessing the help for the connection handler component.
    $ dsconfig create-connection-handler --help
    
    Usage: dsconfig create-connection-handler {options}
    Creates Connection Handlers
    
    Global Options:
    See "dsconfig --help"
    
    SubCommand Options:
    --handler-name {NAME}
    The name of the new Connection Handler
    --set {PROP:VALUE}
    Assigns a value to a property where PROP is the name of the property and
    VAL is the single value to be assigned. Specify the same property multiple
    times in order to assign more than one value to it
    -t, --type {TYPE}
    The type of Connection Handler which should be created. The value for TYPE
    can be one of: custom | jmx | ldap | ldif
  2. Create a new LDAP connection handler, specifying values for the mandatory enabled and the listen-port properties.
    $ dsconfig -D "cn=directory manager" -w password -n create-connection-handler \
      -t ldap --handler-name "My LDAP Connection Handler"
    
    The LDAP Connection Handler could not be created because the following
    mandatory properties were not defined:
    
    Property     Syntax
    ----------------------------------
    enabled      false | true
    listen-port  1 <= INTEGER <= 65535

To Delete a Component

Existing instances of a component can be removed using the component's delete-xxx.