Sun ONE Directory Server 5.2 Reference Manual: Appendix B ns-slapd and slapd.exe Command-Line Utilities

Sun ONE Directory Server 5.2 Reference Manual

Appendix B ns-slapd and slapd.exe Command-Line Utilities

In Chapter 2, we looked at the scripts for performing routine administration tasks on the Directory Server. This appendix describes how ns-slapd (UNIX and Linux) and slapd.exe (Windows) can be used to perform some of these tasks. It contains the following sections:

Overview of ns-slapd and slapd.exe

Finding and Executing the ns-slapd and slapd.exe Command-Line Utilities

Exporting Databases

Restoring and Backing up Databases

Creating and Regenerating Indexes

Overview of ns-slapd and slapd.exe

The ns-slapd and slapd.exe binaries perform server administration tasks. While it can be argued that they allow a greater degree of flexibility for users, we strongly recommend that you use the command-line scripts described in Chapter 2 "Command-Line Scripts."

ns-slapd (UNIX)

ns-slapd is used on a UNIX operating system to start the directory server process, to build a directory database from an LDIF file, or to convert an existing database to an LDIF file. For more information on starting and stopping the Directory Server, importing from LDIF using the command line, and exporting to LDIF using the command line, see Chapter 4, "Populating Directory Contents" in the Sun ONE Directory Server Administration Guide.

slapd.exe (Windows)

slapd.exe is the Windows equivalent of ns-slapd.

Note
You must stop the server before running the ns-slapd and slapd.exe command-line utilities.

Finding and Executing the ns-slapd and slapd.exe Command-Line Utilities

The ns-slapd utility is delivered in both 64-bit and 32-bit versions.

After a default installation, the ns-slapd (64-bit) utility is stored under the following paths:

Platform

Location

Solaris Packages

ServerRoot/bin/slapd/server/sparcv9/ns-slapd

Compressed Archive Installation on Solaris

ServerRoot/bin/slapd/server/64/ns-slapd

HP-UX

ServerRoot/bin/slapd/server/pa20_64/ns-slapd

After a default installation, the ns-slapd (32-bit) and slapd.exe utilities are stored under the following paths:

Platform

Location

UNIX platforms

ServerRoot/bin/slapd/server/ns-slapd

Windows platforms

ServerRoot\bin\slapd\server\slapd.exe

The ServerRoot is the location of the Sun ONE Directory Server product. This path contains the shared binary files of the directory server, the administration server, and LDAP commands. For more information on your default ServerRoot path, see Table 1. Do not mistake ns-slapd.exe, the slapd process watchdog, for slapd.exe on Windows.

Caution

In order to execute the command-line utilities, you must change to the directory in which the command-line utilities are stored. Although it is possible to set command path and library path variables to execute the utilities, this is not recommended procedure. You run the risk of disrupting the correct execution of other utilities and of compromising the security of the system, particularly when you have more than one server version installed.

Exporting Databases

db2ldif

Exports the contents of a database to LDIF.

Shell Script Syntax (UNIX)

ns-slapd db2ldif -D instancedir [-n backend_instance] [-d debug_level] [-N] [-a output_file] [-r] [-C] [-1] [{-s include_suffix}*] [-x exclude_suffix}*] [-u] [-U] [-m] [-M] [-Y keydb-pwd] [-y keydb-pwd-file]

where instancedir is the location of your server configuration directory. Enter the full path to the slapd-serverID directory.

Batch File Syntax (Windows)

slapd db2ldif -D instancedir [-n backend_instance] [-d debug_level] [-N] [-a output_file] [-r] [-C] [-1] [{-s include_suffix}*] [{-x exclude_suffix}*] [-u] [-U] [-m] [-M] [-Y keydb-pwd] [-y keydb-pwd-file]

Note

You must specify either the -n or the -s option.

db2ldif -r cannot be used if another slapd process is running, because replication writes the RUV entry into the database during export. To export the database while a slapd process is running, use db2ldif.pl -r instead.

Options

Option

Meaning

-D

The full path to the slapd-serverID directory

-a

File name of the output LDIF file.

-d

Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.l

-1

For reasons of backward compatibility, delete the first line of the LDIF file which gives the version of the LDIF standard.

-C

Only the main db file is used.

-m

Minimal base64 encoding.

-M

Use of several files for storing the output LDIF, with each instance stored in instance_output_file (where output_file is the file name specified for -a option).

-n

Instance to be exported.

-N

Specifies that entry IDs are not to be included in the LDIF output. The entry IDs are necessary only if the db2ldif output is to be used as input to db2index.

-r

Export replica.

-s

Suffix(es) to be included or to specify the subtree(s) to be included if -n has been used.

-u

Request that the unique id is not exported.

-U

Request that the output LDIF is not folded.

-x

Suffix(es) to be excluded.

-Y

The password to the certificate key database (used for certificate-based client authentication).

-y

The file containing the certificate key database passwords (used for certificate-based client authentication).

Restoring and Backing up Databases

ldif2db

Imports LDIF files to the database.

Shell Script Syntax (UNIX)

ns-slapd ldif2db -D instancedir [-d debug_level] [-n backend_instance] [-O] [-g uniqueid_type] [--namespaceid uniqueID] [-Y keydb-pwd] [-y keydb-pwd-file] [{-s include_suffix}*] [{-x exclude_suffix}*] {-i ldif_file}*

where ldif_file is the name of the file containing the LDIF to be imported and instancedir is the location of your server configuration directory.

Batch File Syntax (Windows)

slapd ldif2db -D instancedir [-d debug_level] [-n backend_instance] [-O] [-g uniqueid_type] [--namespaceid uniqueID] [-Y keydb-pwd] [-y keydb-pwd-file] [{-s include_suffix}*] [{-x exclude_suffix}*] {-i ldif_file}*

Note
You must specify either the -n or the -s option.

Options

Option

Meaning

-D

The full path to the slapd-serverID directory

-d

Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.

--namespaceid

Generates a namespace ID as a name-based unique ID. This is the same as specifying the -g deterministic option.

-g uniqueid_type

Generation of a unique ID. Type none for no unique ID to be generated and deterministic for the generated unique ID to be name-based. By default, a time-based unique ID is generated.

If you use the deterministic generation to have a name-based unique ID, you can also specify the namespace you want the server to use as follows:

-g deterministic namespace_id

where namespace_id is a string of characters in the following format

00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx

Use this option if you want to import the same LDIF file into two different directory servers, and if you want the contents of both directories to have the same set of unique IDs. If unique IDs already exist in the LDIF file you are importing, then the existing IDs are imported to the server regardless of the options you have specified.

-i

File name of the input ldif file(s). When you import multiple files, they are imported in the order in which you specify them on the command line.

-n

Instance to be imported. Ensure that you specify an instance that corresponds to the suffix contained by the LDIF file. Otherwise the data contained by the database is deleted and the import fails.

-O

Request that only the core db is created without attribute indexes.

-s

Suffix(es) to be included or to specify the subtree(s) to be included if -n has been used.

-x

Suffix(es) to be included.

-Y

The password to the certificate key database (used for certificate-based client authentication).

-y

The file containing the certificate key database passwords (used for certificate-based client authentication).

Caution

If you are importing the LDIF file into your configuration directory, make sure the o=NetscapeRoot suffix and its contents are included in the LDIF file before you import. Do not exclude the suffix o=NetscapeRoot using -s, -x, or combination of the two. The Sun ONE Administration Server uses this suffix to store information about installed Sun ONE servers. Failure to import o=NetscapeRoot into your configuration directory could force you to reinstall (or restore from backup) all of your Sun ONE servers, including the Directory Server.

archive2db

Restores database from the archives.

Shell Script Syntax (UNIX)

ns-slapd archive2db -D instancedir [-d debuglevel] -a archivedir [-R]

Batch File Syntax (NT)

slapd archive2db -D instancedir [-d debuglevel] -a archivedir [-R]

Options

Option

Meaning

-D

Specifies the server configuration directory that contains the configuration information for the index creation process. You must specify the full path to the slapd-serverID directory.

-d

Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.

-a

Specifies the archive directory.

-R

Restores the database without restoring the changelog. If this option is used, the restored database will not include the list of changes made prior to the archive. Use this option with caution.

db2archive

Backs up all databases to the archives.

Shell Script Syntax (UNIX)

ns-slapd db2archive -D instancedir [-d debuglevel] -a archivedir

Batch File Syntax (Windows)

slapd db2archive -D instancedir [-d debuglevel] -a archivedir

Options

Option

Meaning

-D

Specifies the server configuration directory that contains the configuration information for the index creation process. You must specify the full path to the slapd-serverID directory.

-d

Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.

-a

Specifies the archive directory.

Creating and Regenerating Indexes

db2index

Creates and regenerates indexes.

Shell Script Syntax (UNIX)

ns-slapd db2index -D instancedir [-d debug_level] -n backend_name {-t attribute_type}* {-T VLVSearchName}*

Batch File Syntax (Windows)

slapd db2index -D instancedir [-d debug_level] -n backend_name {-t attribute_type}* {-T VLVSearchName}*

Options

Option

Meaning

-d

Specifies the debug level to use during index creation. For further information see "nsslapd-errorlog-level (Error Log Level)" on page 104.

-D

Specifies the server configuration directory that contains the configuration information for the index creation process. You must specify the full path to the slapd-serverID directory.

-n

Specifies the name of the backend containing the entries to index.

-t

Specifies the attribute to be indexed as well as the types of indexes to create and matching rules to apply (if any). If you want to specify a matching rule, you must specify an index type. You cannot use this option with option -T.

-T

Specifies the VLV tag to use to create VLV indexes. You can use the console to specify VLV tags for each database supporting your directory tree. You can also define additional VLV tags by creating them in LDIF, and adding them to the directory server configuration. You cannot use this option with option -t.

Option	Meaning
-D	The full path to the slapd-serverID directory
-a	File name of the output LDIF file.
-d	Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.l
-1	For reasons of backward compatibility, delete the first line of the LDIF file which gives the version of the LDIF standard.
-C	Only the main db file is used.
-m	Minimal base64 encoding.
-M	Use of several files for storing the output LDIF, with each instance stored in instance_output_file (where output_file is the file name specified for -a option).
-n	Instance to be exported.
-N	Specifies that entry IDs are not to be included in the LDIF output. The entry IDs are necessary only if the db2ldif output is to be used as input to db2index.
-r	Export replica.
-s	Suffix(es) to be included or to specify the subtree(s) to be included if -n has been used.
-u	Request that the unique id is not exported.
-U	Request that the output LDIF is not folded.
-x	Suffix(es) to be excluded.
-Y	The password to the certificate key database (used for certificate-based client authentication).
-y	The file containing the certificate key database passwords (used for certificate-based client authentication).

Option	Meaning
-D	The full path to the slapd-serverID directory
-d	Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.
--namespaceid	Generates a namespace ID as a name-based unique ID. This is the same as specifying the -g deterministic option.
-g uniqueid_type	Generation of a unique ID. Type none for no unique ID to be generated and deterministic for the generated unique ID to be name-based. By default, a time-based unique ID is generated. If you use the deterministic generation to have a name-based unique ID, you can also specify the namespace you want the server to use as follows: -g deterministic namespace_id where namespace_id is a string of characters in the following format 00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx Use this option if you want to import the same LDIF file into two different directory servers, and if you want the contents of both directories to have the same set of unique IDs. If unique IDs already exist in the LDIF file you are importing, then the existing IDs are imported to the server regardless of the options you have specified.
-i	File name of the input ldif file(s). When you import multiple files, they are imported in the order in which you specify them on the command line.
-n	Instance to be imported. Ensure that you specify an instance that corresponds to the suffix contained by the LDIF file. Otherwise the data contained by the database is deleted and the import fails.
-O	Request that only the core db is created without attribute indexes.
-s	Suffix(es) to be included or to specify the subtree(s) to be included if -n has been used.
-x	Suffix(es) to be included.
-Y	The password to the certificate key database (used for certificate-based client authentication).
-y	The file containing the certificate key database passwords (used for certificate-based client authentication).

Previous Contents Index Next
Copyright 2003 Sun Microsystems, Inc. All rights reserved.

Platform	Location
Solaris Packages	ServerRoot/bin/slapd/server/sparcv9/ns-slapd
Compressed Archive Installation on Solaris	ServerRoot/bin/slapd/server/64/ns-slapd
HP-UX	ServerRoot/bin/slapd/server/pa20_64/ns-slapd

Platform	Location
UNIX platforms	ServerRoot/bin/slapd/server/ns-slapd
Windows platforms	ServerRoot\bin\slapd\server\slapd.exe

Option	Meaning
-D	Specifies the server configuration directory that contains the configuration information for the index creation process. You must specify the full path to the slapd-serverID directory.
-d	Specifies the debug level. For more information, see "nsslapd-errorlog-level (Error Log Level)" on page 104.
-a	Specifies the archive directory.
-R	Restores the database without restoring the changelog. If this option is used, the restored database will not include the list of changes made prior to the archive. Use this option with caution.

Option	Meaning
-d	Specifies the debug level to use during index creation. For further information see "nsslapd-errorlog-level (Error Log Level)" on page 104.
-D	Specifies the server configuration directory that contains the configuration information for the index creation process. You must specify the full path to the slapd-serverID directory.
-n	Specifies the name of the backend containing the entries to index.
-t	Specifies the attribute to be indexed as well as the types of indexes to create and matching rules to apply (if any). If you want to specify a matching rule, you must specify an index type. You cannot use this option with option -T.
-T	Specifies the VLV tag to use to create VLV indexes. You can use the console to specify VLV tags for each database supporting your directory tree. You can also define additional VLV tags by creating them in LDIF, and adding them to the directory server configuration. You cannot use this option with option -t.