Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1) |
1. Starting and Stopping the Server
2. Configuring the Server Instance
3. Configuring the Proxy Components
4. Configuring Security Between Clients and Servers
5. Configuring Security Between the Proxy and the Data Source
6. Managing Oracle Unified Directory With Oracle Directory Services Manager
10. Managing Users and Groups With dsconfig
11. Managing Password Policies
13. Monitoring Oracle Unified Directory
Configuring Logs With the Log Publisher
To List Existing Log Publishers
Configuring Log Retention Policies
To View the Log Retention Policies
To Create a Log Retention Policy
To Modify a Log Retention Policy
Configuring Log Rotation Policies
To View the Log Rotation Policies
To Create a Log Rotation Policy
To Set Log Rotation or Retention for a Specific Log File
Configuring Alerts and Account Status Notification Handlers
To View All Configured Alert Handlers
Managing Account Status Notification Handlers
To View the Configured Account Status Notification Handlers
To Enable Account Status Notification Handlers
To Create a New Account Status Notification Handler
To Delete an Account Status Notification Handler
Monitoring the Server With LDAP
Viewing Monitoring Information Using the cn=monitor Entry
Monitored Attributes in the Oracle Unified Directory proxy
To View the Available Monitoring Information
To Monitor General-Purpose Server Information
To Monitor Version Information
To Monitor the User Root Back End
To Monitor the Backup Back End
To Monitor the monitor Back End
To Monitor the Schema Back End
To Monitor the adminRoot Back End
To Monitor the ads-truststore Back End
To Monitor the LDAP Connection Handler
To Monitor LDAP Connection Handler Statistics
To Monitor Connections on the LDAP Connection Handler
To Monitor the Administration Connector
To Monitor Administration Connector Statistics
To Monitor Connections on the Administration Connector
To Monitor the LDIF Connection Handler
To Monitor JVM Stack Trace Information
To Monitor the JVM Memory Usage
To Monitor the userRoot Database Environment
To Monitor Remote LDAP Servers
To Monitor a Global Index Catalog
Monitoring Using the manage-tasks Command
Monitoring the Server With JConsole
To Configure JMX on a Server Instance
Accessing a Server Instance From JConsole
Viewing Monitoring Information With JConsole
Monitoring the Server With SNMP
Configuring the SNMP Connection Handler and Its Dependencies
To Configure SNMP in the Server
To View the SNMP Connection Handler Properties
To Access SNMP on a Server Instance
SNMP Security Configuration: V1 and V2c
SNMP Security Configuration: V3
Monitoring a Replicated Topology
Monitoring Replication Status With dsreplication
Advanced Replication Monitoring
To Monitor the Topology and Its Connections
To Monitor Replication Latency
To Monitor Replication Security
To Monitor Replication Conflicts
Oracle Unified Directory provides a variety of methods to monitor the current state of the server for debugging or troubleshooting purposes.
The topics in this section assume that you have configured monitoring providers on the server. For more information, see Configuring Monitor Providers.
You can monitor the server over LDAP in the following ways:
The directory server records system, performance, and version information as an entry with the base DN of cn=monitor. This entry provides useful performance metrics and server state information that you can use to monitor and debug a directory server instance.
You can access the cn=monitor suffix over the regular LDAP port but there are advantages to using the administration port to access monitoring information. The main advantage of the administration connector is the separation of user traffic and administration traffic.
For example, if you monitor the number of connections on the LDAP Connection Handler ("cn=Client Connections,cn=LDAP Connection Handler 0.0.0.0 port port-number,cn=monitor") over the regular LDAP port, your monitoring data are "polluted" by the monitoring request itself. All of the examples in this section use the administration port, over SSL. For more information, see Managing Administration Traffic to the Server.
Monitoring information related to Oracle Unified Directory proxy can be collected at the level under cn=Monitor for dozens of attributes, including those relating to the following:
Workflows: cn=workflow,cn=monitor
Network Groups: cn=Network Groups,cn=monitor
Load balancers: cn=load balancing,cn=monitor
Distributions: cn=distribution,cn=monitor
Global Index Catalogs: cn=Global Index Catalogs,cn=monitor
Client Connections: cn=Client Connections,cn=monitor or under cn=Client Connections,cn=LDAP Connection Handler 0.0.0.0 portport number ,cn=monitor
LDAP Connection Handler: cn=LDAP Connection Handler 0.0.0.0 portport number ,cn=monitor
LDAP Connection Handler Statistics: cn=LDAP Connection Handler 0.0.0.0 portport number statistics,cn=monitor
SNMP Connection Handler: cn=SNMP Connection Handler,cn=Monitor
JMX Connection Handler: cn=JMX Connection Handler port number ,cn=monitor
Administration Connector: cn=Administration Connector 0.0.0.0 portport number ,cn=monitor
System Information: cn=System Information,cn=monitor
Version: cn=Version,cn=monitor
Back-end LDAP servers: cn=LDAP Servers,cn=monitor
JVM stack traces: cn=JVM Stack Trace,cn=monitor
JVM memory usage: cn=JVM Memory Usage,cn=Monitor
SNMP: cn=SNMP,cn=Monitor
Backend Backup: cn=backup Backend,cn=monitor
Monitoring of back-end data: cn=monitor Backend,cn=monitor
Tasks on the Backend Backup: cn=backup Backend,cn=monitor
Entry caches: cn=Entry Caches,cn=monitor
Work queues: cn=Work Queue,cn=monitor
Other attributes are monitored under each of the above in the dn tree. For example, client connections are monitored under both cn=Client Connections, 0.0.0.0 portport number ,cn=monitor and under cn=Client Connections,cn=Administration Connector 0.0.0.0 portport number ,cn=monitor
A workflow element is monitored under the part of the tree to which that workflow element relates. For example, a load balancing workflow element can be monitored as cn=load-bal-route1,cn=load balancing,cn=monitor
Hundreds of statistics are collected by the Oracle Unified Directory proxy for monitoring. For example, for the persistent search function, psearchCount lists the number of persistent search operations and psearchTotalCount lists the number of persistent search operations since the last restart of the Oracle Unified Directory proxy.
You can list all of these statistics by using the ldapsearch command on the cn=monitor entry, as described in To View the Available Monitoring Information.
The following procedures use the ldapsearch command at the command line interface.
To view status information on the replication of global indexes, you can use the gicadm status-replication command. For more information, see To View the Status of a Replicated Global Index Catalog Configuration.
Use the ldapsearch command to inspect the attributes of cn=monitor. This example lists the base DNs of each monitor entry.
This search attribute indicates that no attributes should be included in the matching entries.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s sub -b "cn=monitor" "(objectclass=*)" "1.1" dn: cn=monitor dn: cn=Client Connections,cn=monitor dn: cn=ads-truststore Backend,cn=monitor dn: cn=Network Groups,cn=monitor dn: cn=internal,cn=Network Groups,cn=monitor dn: cn=default,cn=Network Groups,cn=monitor dn: cn=LDAP Connection Handler 0.0.0.0 port 1389 Statistics,cn=monitor dn: cn=Administration Connector 0.0.0.0 port 4444,cn=monitor dn: cn=Client Connections,cn=Administration Connector 0.0.0.0 port 4444,cn=monitor dn: cn=backup Backend,cn=monitor dn: cn=Version,cn=monitor dn: cn=Work Queue,cn=monitor dn: cn=System Information,cn=monitor dn: cn=userRoot Database Environment,cn=monitor dn: cn=tasks Backend,cn=monitor dn: cn=adminRoot Backend,cn=monitor dn: cn=userRoot Backend,cn=monitor dn: cn=schema Backend,cn=monitor dn: cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor dn: cn=admin,cn=Network Groups,cn=monitor dn: cn=Client Connections,cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor dn: cn=JVM Memory Usage,cn=monitor dn: cn=Administration Connector 0.0.0.0 port 4444 Statistics,cn=monitor dn: cn=JVM Stack Trace,cn=monitor dn: cn=Entry Caches,cn=monitor dn: cn=monitor Backend,cn=monitor
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=monitor" "(objectclass=*)"
Output will be similar to the following:
dn: cn=monitor startTime: 20110119135658Z objectClass: extensibleObject objectClass: top objectClass: ds-monitor-entry cn: monitor vendorName: Oracle Corporation currentTime: 20110121121114Z vendorVersion: Oracle Unified Directory 11.1 (Oracle Unified Directory version = 11.1. 1.5.0) maxConnections: 3 productName: Oracle Unified Directory currentConnections: 1 totalConnections: 13 upTime: 1 days 22 hours 14 minutes 16 seconds
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=System Information,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=System Information,cn=monitor javaVersion: 1.6.0_10 jvmArchitecture: 32-bit jvmArguments: "-Dorg.opends.server.scriptName=start-ds" jvmVersion: 11.0-b15 classPath: /local/instances/OUD/classes: /local/instances/OUD/resources/resources.jar: /local/instances/OUD/lib/activation.jar: /local/instances/OUD/lib/aspectjrt.jar: /local/instances/OUD/lib/je.jar: /local/instances/OUD/lib/mail.jar: /local/instances/OUD/lib/OUD_de.jar: /local/instances/OUD/lib/OUD_es.jar: /local/instances/OUD/lib/OUD_fr.jar: /local/instances/OUD/lib/OUD_ja.jar: /local/instances/OUD/lib/OUD.jar: /local/instances/OUD/lib/OUD_zh_CN.jar: /local/instances/OUD/lib/quicksetup.jar usedMemory: 83361792 freeUsedMemory: 21020432 objectClass: extensibleObject objectClass: top objectClass: ds-monitor-entry javaVendor: Oracle Corporation operatingSystem: SunOS 5.11 x86 cn: System Information systemName: llandudno workingDirectory: /local/instances/OUD/bin maxMemory: 518717440 availableCPUs: 2 javaHome: /usr/jdk/instances/jdk1.6.0/jre jvmVendor: Oracle Corporation
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -b "cn=Version,cn=Monitor" "(objectclass=*)"
The beginning of the output will be similar to the following:
dn: cn=Version,cn=monitor labelNumber: 1012160831 shortName: OUD objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject compactVersion: OUD-11.1 pointVersion: 1 cn: Version buildID: 20101216222159Z majorVersion: 11 productName: Oracle Unified Directory minorVersion: 1 versionQualifier: .4.3 fullVersion: Oracle Unified Directory 11.1 (Oracle Unified Directory version = 11.1.1. 5.0)
The userRoot back end is the back-end database (the JE environment) for your data. The monitor displays the back end's general properties, such as writability mode, base DN, back-end IDs, entry count, and other properties.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=userRoot Backend,cn=monitor" "(objectclass=*)" dn: cn=userRoot Backend,cn=monitor
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: FALSE cn: userRoot Backend ds-backend-writability-mode: enabled ds-backend-entry-count: 2002 ds-backend-id: userRoot ds-base-dn-entry-count: 2002 dc=example,dc=com ds-backend-base-dn: dc=example,dc=com
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=backup Backend,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=backup Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: TRUE cn: backup Backend ds-backend-writability-mode: disabled ds-backend-entry-count: 1 ds-backend-id: backup ds-base-dn-entry-count: 1 cn=backups ds-backend-base-dn: cn=backups
Tasks are administrative functions (such as import-ldif, export-ldif, backup, and restore) that can be scheduled for processing at some future date or on a recurring basis. The monitor displays the tasks back end's general properties, such as writability mode, base DN, back-end IDs, entry count, and other properties.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=Tasks Backend,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=tasks Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: TRUE cn: tasks Backend ds-backend-writability-mode: enabled ds-backend-entry-count: 3 ds-backend-id: tasks ds-base-dn-entry-count: 3 cn=tasks ds-backend-base-dn: cn=tasks
This monitor displays the back end's general properties, such as writability mode, base DN, back-end IDs, entry count, and other properties.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=monitor Backend,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=monitor Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: TRUE cn: monitor Backend ds-backend-writability-mode: disabled ds-backend-entry-count: 25 ds-backend-id: monitor ds-base-dn-entry-count: 25 cn=monitor ds-backend-base-dn: cn=monitor
This monitor displays the schema back end's general properties, such as writability mode, base DN, back-end IDs, entry count, and other properties.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=schema Backend,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=schema Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: TRUE cn: schema Backend ds-backend-writability-mode: enabled ds-backend-entry-count: 1 ds-backend-id: schema ds-base-dn-entry-count: 1 cn=schema ds-backend-base-dn: cn=schema
This monitor displays the adminRoot back end's general properties, such as writability mode, base DN, back-end IDs, entry count, and other properties.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=adminRoot Backend,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=adminRoot Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: TRUE cn: adminRoot Backend ds-backend-writability-mode: enabled ds-backend-entry-count: 7 ds-backend-id: adminRoot ds-base-dn-entry-count: 7 cn=admin data ds-backend-base-dn: cn=admin data
The ads-truststore holds a mirror, or copy, of the remote Administrative Directory Service (ADS) host's ADS key entry, so that the new instance can establish trust with existing servers in the ADS domain. The monitor displays the back end's general properties, such as writability mode, base DN, back-end IDs, entry count, and other properties.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=ads-truststore Backend,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=ads-truststore Backend,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-backend-monitor-entry ds-backend-is-private: TRUE cn: ads-truststore Backend ds-backend-writability-mode: enabled ds-backend-entry-count: 3 ds-backend-id: ads-truststore ds-base-dn-entry-count: 3 cn=ads-truststore ds-backend-base-dn: cn=ads-truststore
This monitor represents all of the open client connections. Its contents are different to those of the DN "cn=Client Connections,cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor", which describes the open client connections on the LDAP connection handler only.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=Client Connections,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=Client Connections,cn=monitor connection: connID="11" connectTime="20090702125632Z" source="127.0.0.1:54044" destination="127.0.0.1:1389" ldapVersion="3" authDN="cn=Directory Manager,cn=Root DNs, cn=config" security="none" opsInProgress="1" cn: Client Connections objectClass: extensibleObject objectClass: top objectClass: ds-monitor-entry
This connection handler is used to interact with clients over LDAP.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor" \ "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor ds-connectionhandler-listener: 0.0.0.0:1389 ds-connectionhandler-num-connections: 1 ds-connectionhandler-protocol: LDAP objectClass: top objectClass: ds-monitor-entry objectClass: ds-connectionhandler-monitor-entry ds-mon-config-dn: cn=ldap connection handler,cn=connection handlers,cn=config cn: LDAP Connection Handler 0.0.0.0 port 1389 ds-connectionhandler-connection: connID="22" connectTime="20090702133936Z" source="127.0.0.1:39574" destination="127.0.0.1:1389" ldapVersion="3" authDN="cn=Directory Manager,cn=Root DNs,cn=config" security="none" opsInProgress="1"
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=LDAP Connection Handler 0.0.0.0 port 1389 Statistics,cn=monitor" \ "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=LDAP Connection Handler 0.0.0.0 port 1389 Statistics,cn=monitor objectClass: ds-monitor-entry objectClass: top objectClass: extensibleObject operationsCompleted: 37 compareRequests: 0 bytesWritten: 99488 extendedRequests: 0 addRequests: 0 bindRequests: 19 ...(more output)
This monitor represents the open client connections on the LDAP connection handler.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll \ -b "cn=Client Connections,cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor" \ "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=Client Connections,cn=LDAP Connection Handler 0.0.0.0 port 1389,cn=monitor connection: connID="0" connectTime="20090706084747Z" source="127.0.0.1:57523" de stination="127.0.0.1:1389" ldapVersion="3" authDN="" security="none" opsInProgr ess="0" connection: connID="1" connectTime="20090706084747Z" source="127.0.0.1:57524" de stination="127.0.0.1:1389" ldapVersion="3" authDN="" security="none" opsInProgr ess="0" connection: connID="2" connectTime="20090706084747Z" source="127.0.0.1:57525" de stination="127.0.0.1:1389" ldapVersion="3" authDN="" security="none" opsInProgr ess="0" connection: connID="3" connectTime="20090706084747Z" source="127.0.0.1:57526" de stination="127.0.0.1:1389" ldapVersion="3" authDN="" security="none" opsInProgr ess="0" connection: connID="4" connectTime="20090706084747Z" source="127.0.0.1:57527" de stination="127.0.0.1:1389" ldapVersion="3" authDN="" security="none" opsInProgr ess="0"
This monitor provides basic information about the administration connector. For more information, see Managing Administration Traffic to the Server.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -b "cn=Administration Connector 0.0.0.0 port 4444,cn=monitor" \ "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-connectionhandler-monitor-entry dn: cn=Administration Connector 0.0.0.0 port 4444,cn=monitor ds-connectionhandler-listener: 0.0.0.0:4444 ds-connectionhandler-num-connections: 0 ds-connectionhandler-protocol: LDAPS cn: Administration Connector 0.0.0.0 port 4444 ds-mon-config-dn: cn=administration connector,cn=config
This monitor provides extensive statistical information about operations that are performed through the administration connector. For more information, see Managing Administration Traffic to the Server.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -b "cn=Administration Connector 0.0.0.0 port 4444 Statistics,cn=monitor" \ "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=Administration Connector 0.0.0.0 port 4444 Statistics,cn=monitor compareResponses: 0 connectionsClosed: 1 searchResultsDone: 4 ds-mon-resident-time-mod-operations-total-time: 92257568 extendedResponses: 0 bindRequests: 2 operationsAbandoned: 0 bytesWritten: 45056 addResponses: 0 addRequests: 0 ds-mon-resident-time-moddn-operations-total-time: 0 ds-mon-extended-operations-total-count: 0 ds-mon-moddn-operations-total-count: 0 modifyResponses: 1 operationsCompleted: 7 ...(more output)...
This monitor represents the open client connections on the Administration Connector.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll \ -b "cn=Client Connections,cn=Administration Connector 0.0.0.0 port 4444,cn=monitor" \ "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject dn: cn=Client Connections,cn=Administration Connector 0.0.0.0 port 4444,cn=monitor connection: connID="339" connectTime="20090707075218Z" source="127.0.0.1:48213" destination="127.0.0.1:4444" ldapVersion="3" authDN="" security="TLS" opsInProgress="1" cn: Client Connections
The LDIF connection handler is used to process changes that are read from an LDIF file, using internal operations. Monitoring information for the LDIF connection handler is only available if the connection handler is enabled.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=LDIF Connection Handler,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-connectionhandler-monitor-entry dn: cn=LDIF Connection Handler,cn=monitor ds-connectionhandler-num-connections: 0 ds-connectionhandler-protocol: LDIF ds-mon-config-dn: cn=ldif connection handler,cn=connection handlers,cn=config cn: LDIF Connection Handler
The work queue keeps track of outstanding client requests and ensures that they are processed.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=Work Queue,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=Work Queue,cn=monitor currentRequestBacklog: 0 objectClass: extensibleObject objectClass: top objectClass: ds-monitor-entry requestsSubmitted: 25 cn: Work Queue maxRequestBacklog: 0 averageRequestBacklog: 0 requestsRejectedDueToQueueFull: 0
You can access JVM Stack Trace information for your directory server instance. This resource monitor is implemented in the org.opends.server.monitors.StackTraceMonitorProvider class and requires no custom configuration.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=JVM Stack Trace,cn=monitor" "(objectclass=*)"
Depending on your configuration, the beginning of the output will be similar to the following:
dn: cn=JVM Stack Trace,cn=monitor cn: JVM Stack Trace jvmThread: id=2 ---------- Reference Handler ---------- jvmThread: id=2 frame[0]=java.lang.Object.wait(Object.java:native) jvmThread: id=2 frame[1]=java.lang.Object.wait(Object.java:485) jvmThread: id=2 frame[2]=java.lang.ref.Reference$ReferenceHandler.run(Reference. java:116) jvmThread: id=3 ---------- Finalizer ---------- jvmThread: id=3 frame[0]=java.lang.Object.wait(Object.java:native) jvmThread: id=3 frame[1]=java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java :116) jvmThread: id=3 frame[2]=java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java :132) jvmThread: id=3 frame[3]=java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.j ava:159) jvmThread: id=4 ---------- Signal Dispatcher ---------- jvmThread: id=10 ---------- Time Thread ---------- jvmThread: id=10 frame[0]=sun.misc.Unsafe.park(Unsafe.java:native) jvmThread: id=10 frame[1]=java.util.concurrent.locks.LockSupport.parkNanos(LockS upport.java:198) ...(more output)...
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=JVM Memory Usage,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=JVM Memory Usage,cn=monitor ps-eden-space-bytes-used-after-last-collection: 0 ps-mark-sweep-total-collection-count: 0 code-cache-bytes-used-after-last-collection: 0 ps-old-gen-current-bytes-used: 25260472 ps-perm-gen-bytes-used-after-last-collection: 0 ps-scavenge-recent-collection-duration: 3 ps-scavenge-total-collection-count: 17 ps-eden-space-current-bytes-used: 32001992 ps-perm-gen-current-bytes-used: 21179960 ps-old-gen-bytes-used-after-last-collection: 0 ps-mark-sweep-total-collection-duration: 0 ps-mark-sweep-average-collection-duration: 0 ps-scavenge-average-collection-duration: 26 ps-scavenge-total-collection-duration: 443 objectClass: extensibleObject objectClass: top objectClass: ds-monitor-entry ps-mark-sweep-recent-collection-duration: 0 ps-survivor-space-bytes-used-after-last-collection: 622592 cn: JVM Memory Usage code-cache-current-bytes-used: 2143680 ps-survivor-space-current-bytes-used: 622592
The userRoot database environment utilizes the Berkeley DB Java Edition back end. JE monitoring data (data under cn=*Database Environment,cn=monitor) is reliable only in the short term. During high server activity (for example, anywhere from an hour to several days depending on the counter), this data can overflow. In such cases, the JE monitoring data can reflect negative values or positive but incorrect values. This is a known issue and is expected to be fixed in the next major release of the Berkeley DB Java Edition. Oracle SR numbers 15979 and 15985 correspond to this issue.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=userRoot Database Environment,cn=monitor" "(objectclass=*)" dn: cn=userRoot Database Environment,cn=monitor
Depending on your configuration, output will be similar to the following:
EnvironmentNTempBufferWrites: 0 EnvironmentNNodesExplicitlyEvicted: 0 EnvironmentCleanerBacklog: 0 EnvironmentTotalLogSize: 5386067 EnvironmentLockBytes: 2000 EnvironmentNFullBINFlush: 2 EnvironmentNBINsStripped: 0 EnvironmentLastCheckpointEnd: 5385359 TransactionNCommits: 24 EnvironmentNCleanerEntriesRead: 0 EnvironmentNRepeatFaultReads: 2 TransactionNXACommits: 0 EnvironmentNClusterLNsProcessed: 0 TransactionNBegins: 24 LockNOwners: 25 ...(more output)...
You can access the aggregated state of all active entry caches for your directory server instance by accessing the cn=Entry Caches,cn=Monitor entry. The server can also request the "per cache" monitor data for a given instance if the entry cache instances are enabled in the directory server configuration:
cn=FIFO Entry Cache,cn=Monitor
cn=Soft Reference Entry Cache,cn=Monitor
cn=File System Entry Cache,cn=Monitor
Additionally, any arbitrarily named active entry cache instance should provide a monitor, which can be accessed by that instance name, for example cn=Any Arbitrary Name Entry Cache,cn=Monitor.
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password --useSSL \ --trustAll -s base -b "cn=Entry Caches,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=Entry Caches,cn=monitor entryCacheHits: 0 entryCacheTries: 0 currentEntryCacheCount: 0 objectClass: extensibleObject objectClass: top objectClass: ds-monitor-entry entryCacheHitRatio: 0 cn: Entry Caches ...
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password \ --useSSL --trustAll -b "cn=Network Groups,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-mon-branch dn: cn=Network Groups,cn=monitor dn: cn=admin,cn=Network Groups,cn=monitor ds-mon-compare-operations-total-count: 0 ds-mon-failed-referrals-total-count: 15 ds-mon-unbind-operations-total-count: 13 ds-mon-followed-referrals-total-count: 34 ds-mon-violations-schema-total-count: Not implemented ds-mon-bind-operations-total-count: 98 ds-mon-persistent-searchs-count: Not implemented ds-mon-add-operations-total-count: 37 ds-mon-abandon-operations-total-count: 0 ds-mon-moddn-operations-total-count: 0 ds-mon-extended-operations-total-count: 0 ds-mon-searchsubtree-operations-total-count: 310 objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject ds-mon-discarded-referrals-total-count: Not implemented ds-mon-mod-operations-total-count: 1 ds-mon-forwarded-referrals-total-count: Not implemented cn: admin ds-mon-searchonelevel-operations-total-count: 92966 ds-mon-delete-operations-total-count: 0 dn: cn=default,cn=Network Groups,cn=monitor ...
$ ldapsearch -h localhost -p 4444 -D "cn=directory manager" -w password \ --useSSL --trustAll -b "cn=Distribution,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-mon-branch dn: cn=distribution,cn=monitor cn: distrib-we ds-mon-searchonelevel-operations-total-count: 0 ds-mon-residenttime-bind-operations-max-time: 0 ... ds-mon-delete-operations-total-count: 0 dn: cn=algorithm,cn=distrib-we,cn=distribution,cn=monitor ds-mon-residenttime-total-time: 0 ds-mon-residenttime-max-time: 0 cn: algorithm ds-mon-runs-total-count: 0 ds-mon-residenttime-min-time: 0 objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject dn: cn=partitions,cn=algorithm,cn=distrib-we,cn=distribution,cn=monitor objectClass: top objectClass: ds-monitor-entry objectClass: ds-mon-branch dn: cn=distrib-part1,cn=partitions,cn=algorithm,cn=distrib-we,cn=distribution,cn =monitor ... objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject ds-mon-modify-operations-total-count: 0 cn: distrib-part1 ds-mon-searchonelevel-operations-total-count: 0 ds-mon-delete-operations-total-count: 0 dn: cn=distrib-part2,cn=partitions,cn=algorithm,cn=distrib-we,cn=distribution,cn =monitor ...
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password \ --useSSL --trustAll -b "cn=load balancing,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-mon-branch dn: cn=load balancing,cn=monitor dn: cn=load-bal-we1,cn=load balancing,cn=monitor ds-mon-aborted-add-operations-total-count: 0 ... dn: cn=algorithm,cn=load-bal-we1,cn=load balancing,cn=monitor dn: cn=routes,cn=algorithm,cn=load-bal-we1,cn=load balancing,cn=monitor ... dn: cn=load-bal-route1,cn=routes,cn=algorithm,cn=load-bal-we1,cn=load balancing, cn=monitor ... dn: cn=load-bal-we2,cn=load balancing,cn=monitor ... dn: cn=algorithm,cn=load-bal-we2,cn=load balancing,cn=monitor ... dn: cn=routes,cn=algorithm,cn=load-bal-we2,cn=load balancing,cn=monitor dn: cn=load-bal-route1,cn=routes,cn=algorithm,cn=load-bal-we2,cn=load balancing, cn=monitor ... cn: load-bal-route1 dn: cn=load-bal-route2,cn=routes,cn=algorithm,cn=load-bal-we1,cn=load balancing, cn=monitor ... cn: load-bal-route2 dn: cn=load-bal-route2,cn=routes,cn=algorithm,cn=load-bal-we2,cn=load balancing, cn=monitor cn: load-bal-route2 ds-mon-searchonelevel-operations-total-count: 9 ds-mon-delete-operations-total-count: 0
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password \ --useSSL --trustAll -b "cn=LDAP Servers,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
objectClass: top objectClass: ds-monitor-entry objectClass: ds-mon-branch dn: cn=LDAP Servers,cn=monitor dn: cn=proxy1,cn=LDAP Servers,cn=monitor ds-mon-aborted-add-operations-total-count: 0 ... cn: proxy1 ds-mon-searchonelevel-operations-total-count: 0 ... objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject dn: cn=proxy2,cn=LDAP Servers,cn=monitor ds-mon-aborted-add-operations-total-count: 0 ... cn: proxy2 ds-mon-searchonelevel-operations-total-count: 0 ... objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject ... dn: cn=proxy3,cn=LDAP Servers,cn=monitor ... cn: proxy3 ds-mon-searchonelevel-operations-total-count: 0 ... objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject ... dn: cn=proxy4,cn=LDAP Servers,cn=monitor ... cn: proxy4 ... objectClass: top objectClass: ds-monitor-entry objectClass: extensibleObject
Ensure that givenname corresponds to the name of the indexed attribute (for example cn, if you indexed cn), and that gi-catalog corresponds to the name of the global index catalog.
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password --useSSL \ --trustAll -b "cn=givenname,cn=gi-catalog,cn=Global Index Catalogs,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=givenname,cn=gi-catalog,cn=Global Index Catalogs,cn=monitor ds-mon-add-operations-min-time: 0 ds-mon-add-operations-aborted-count: 0 ds-mon-lookup-operations-min-time: 0 ds-mon-getpartitions-operations-total-count: 0 ds-mon-add-operations-max-time: 0 ds-mon-lookup-operations-total-count: 0 ds-mon-memorized-remove-operations-count: 0 ds-mon-remove-operations-aborted-count: 0 ds-mon-add-operations-total-time: 0 ds-mon-getpartitions-operations-aborted-count: 0 ds-mon-lookup-operations-total-time: 0 ds-mon-index-entries: 0 ds-mon-remove-operations-failed-count: 0 ds-mon-getpartitions-operations-min-time: 0 ds-mon-lookup-operations-max-time: 0 ds-mon-getpartitions-operations-average-time: 0 ds-mon-index-creation-date: 1252483187019 ds-mon-getpartitions-operations-last-access-date: 0 ds-mon-remove-operations-total-count: 0 ds-mon-lookup-operations-failed-count: 0 ds-mon-add-operations-failed-count: 0 ds-mon-remove-operations-min-time: 0 ds-mon-add-operations-average-time: 0 ds-mon-lookup-operations-aborted-count: 0 ds-mon-getpartitions-operations-total-time: 0 ds-mon-remove-operations-max-time: 0 ds-mon-getpartitions-operations-max-time: 0 ds-mon-lookup-operations-last-access-date: 0 ds-mon-add-operations-total-count: 0 ds-mon-remove-operations-total-time: 0 ds-mon-remove-operations-average-time: 0 ds-mon-getpartitions-operations-failed-count: 0 objectClass: ds-monitor-entry objectClass: top objectClass: extensibleObject ds-mon-lookup-operations-average-time: 0 ds-mon-remove-operations-last-access-date: 0 cn: givenname ds-mon-add-operations-last-access-date: 0
Ensure that givenname corresponds to the name of the indexed attribute (for example cn, if you indexed cn), and that gi-catalog corresponds to the name of the global index catalog.
$ ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password --useSSL \ --trustAll -b "cn=gi-catalog,cn=Global Index Catalogs,cn=monitor" "(objectclass=*)"
Depending on your configuration, output will be similar to the following:
dn: cn=gi-catalog,cn=Global Index Catalogs,cn=monitor ds-mon-replication-received-update-message-errors: 0 ds-mon-configured-index-number: 1 ds-mon-replication-full-update-pending-attribute: ds-mon-replication-full-update-status: NONE ds-mon-state: RUNNING_STANDALONE ds-mon-replication-published-update-message-number: 0 ds-mon-replication-active: false ds-mon-replication-auto-sync-retries: 0 ds-mon-replication-published-update-message-errors: 0 ds-mon-replication-full-update-errors: 0 ds-mon-replication-received-update-message-number: 0 ds-mon-replication-auto-sync-is-running: false objectClass: ds-monitor-entry objectClass: top objectClass: extensibleObject ds-mon-replication-configured: false cn: gi-catalog
Oracle Unified Directory provides a tasks back end that provides a mechanism for scheduling and processing certain tasks, such as import-ldif, export-ldif, backup, and restore. You can schedule a task to run at specific times and at recurring periods. To monitor scheduled tasks, use the manage-tasks command. For more information, see Configuring Commands As Tasks.
The JConsole (jconsole) Java utility is a JMX-compliant, graphical tool that connects to a running Java Virtual Machine that has been started with the management agent. This generic tool can be used to access server monitoring information.
Choose a port that is not in use and to which the user that is running the server has access rights.
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-connection-handler-prop \ --handler-name "JMX Connection Handler" --set enabled:true --set listen-port:1689
$ dsconfig -h localhost -p 4444 -D "cn=directory manager" -w password -n \ set-root-dn-prop \ --add default-root-privilege-name:jmx-read \ --add default-root-privilege-name:jmx-write \ --add default-root-privilege-name:jmx-notify
Start the console by typing jconsole in a terminal window.
To run jconsole from the command line, you might have to add JAVA_HOME/bin to your path, where JAVA_HOME is the directory containing the JDK. Alternatively, you can enter the full path when you type the command.
For more information about using JConsole, see Using JConsole.
To connect JConsole to a server instance, use the Remote Process fields.
Figure 13-1 New Connection to a Server
The following fields are required:
JMX URL:
service:jmx:rmi:///jndi/rmi://''host'':''port''/org.opends.server.protocols.jmx.client-unknown
host is a host name, an IPv4 numeric host address, or an IPv6 numeric address enclosed in square brackets.
port is the decimal port number of the JMX connector. (See Configuring Alerts and Account Status Notification Handlers).
The default JMX URL is:
service:jmx:rmi:///jndi/rmi://127.0.0.1:1689/org.opends.server.protocols.jmx.client-unknown
User Name. A valid LDAP user name.
The default Directory Manager user name is cn=Directory Manager.
Password. The user's LDAP password.
When JConsole is connected to a server instance, it displays management objects (MBeans). The tree on the left pane shows all MBeans currently available. You can access server monitoring information in the right hand pane by selecting the associated MBean.
The following figure shows the attribute list for a server cn=LDAP Connection Handler 0.0.0.0 port 1389 Statistics,cn=monitor.
Figure 13-2 Java Monitoring and Management Console
The server provides logging mechanisms to record access, error, or debugging information for the server instance. Multiple loggers of a given type can be active at any time, which makes it possible to create logs for specific subtrees or different repositories. The server does not currently provide logging filters to restrict the type of information in the logs.
The following logs are provided:
Access logs. Access logs record information about the types of operations processed by the directory server.
Audit logs. Audit logs are a type of access log and record all activity on the directory server.
Debug logs. Debug logs record information that can be used for troubleshooting directory server problems or for providing detailed information about the directory server's processing.
Error logs. Error logs record all warnings, errors, or significant events that occur during directory server processing.
Replication repair logs. Replication repair logs record inconsistencies on a single directory server in a topology.
The replication repair log is read-only and its use is restricted to enabling replication conflict resolution.
vdp-setup logs. The vdp-setup logs record the equivalent command line arguments executed during the installation of the Oracle Unified Directory proxy using the graphical or command line versions of vdp-setup.
server.out logs. The server.out logs record the bootstrapping configuration process, list extensions loaded from jar files, and indicate connection and alert notification activity.
$ cd install-dir/logs
$ cat access | more [24/Oct/2008:16:02:52 -0500] CONNECT conn=0 from=127.0.0.1 to=127.0.0.1 protocol=LDAP [24/Oct/2008:16:02:52 -0500] BIND conn=0 op=0 msgID=1 type=SIMPLE dn="cn=Directory Manager" [24/Oct/2008:16:02:53 -0500] BIND conn=0 op=0 msgID=1 result="Success" authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=57 ...(more output)...
$ cd install-dir/logs
$ cat audit | more # 05/Nov/2008:13:32:58 -0600; conn=21; op=51 dn: cn=File-Based Audit Logger,cn=Loggers,cn=config changetype: modify replace: ds-cfg-enabled ds-cfg-enabled: true - replace: modifiersName modifiersName: cn=Directory Manager,cn=Root DNs,cn=config - replace: modifyTimestamp modifyTimestamp: 20081105193257Z # 05/Nov/2008:13:33:17 -0600; conn=21; op=57 dn: cn=File-Based Debug Logger,cn=Loggers,cn=config changetype: modify replace: ds-cfg-enabled ds-cfg-enabled: true - replace: modifiersName modifiersName: cn=Directory Manager,cn=Root DNs,cn=config - replace: modifyTimestamp modifyTimestamp: 20081105193316Z ...(more output)...
$ cd install-dir/logs
$ cat debug | more [24/Oct/2008:16:02:52 -0500] CONNECT conn=0 from=127.0.0.1 to=127.0.0.1 protocol=LDAP [24/Oct/2008:16:02:52 -0500] BIND conn=0 op=0 msgID=1 type=SIMPLE dn="cn=Directory Manager" [24/Oct/2008:16:02:53 -0500] BIND conn=0 op=0 msgID=1 result="Success" authDN="cn=Directory Manager,cn=Root DNs,cn=config" etime=57 ...(more output)...
$ cd install-dir/logs
$ cat errors | more [24/Oct/2007:16:02:10 -0500] category=CONFIG severity=NOTICE msgID=3605006 msg=Access control has been enabled and will use the org.opends.server.authorization.dseecompat.AciHandler implementation [24/Oct/2007:16:02:17 -0500] category=JEB severity=NOTICE msgID=8847402 msg=The database backend userRoot containing 160 entries has started [24/Oct/2007:16:02:21 -0500] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully ...(more output)...
$ cd install-dir/logs
$ cat replication | more [09/Oct/2007:11:02:22 -0500] category=SYNC severity=NOTICE msgID=15138878 msg=Replication Server sr1-carb-08/129.123.131.98:8989 now used for Replication Domain cn=admin data [09/Oct/2007:11:02:23 -0500] category=SYNC severity=NOTICE msgID=15138878 msg=Replication Server sr1-carb-08/129.123.131.98:8989 now used for Replication Domain cn=schema [09/Oct/2007:11:02:23 -0500] category=SYNC severity=NOTICE msgID=15138878 msg=Replication Server sr1-carb-08/129.123.131.98:8989 now used for Replication Domain dc=example,dc=com ...(more output)...
$ cd install-dir/logs
$ cat server.out | more [19/Jan/2011:14:56:53 +0100] category=CORE severity=INFORMATION msgID=132 msg=The Directory Server is beginning the configuration bootstrapping process [19/Jan/2011:14:56:55 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/distribution.jar' (build 1.0.0, revision unknown) [19/Jan/2011:14:56:55 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/globalindex.jar' (build 1.0.0, revision unknown) [19/Jan/2011:14:56:55 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/loadbalancing.jar' (build 1.0.0, revision unknown) [19/Jan/2011:14:56:56 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/proxyldap.jar' (build 1.0.0, revision unknown) [19/Jan/2011:14:56:56 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/replication-gateway.jar' (build 1.0.0, revision unknown) [19/Jan/2011:14:56:56 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/snmp-mib2605.jar' (build 11.1.1.4.3, revision unknown) [19/Jan/2011:14:56:56 +0100] category=EXTENSIONS severity=INFORMATION msgID=1049147 msg=Loaded extension from file '/local/instances/OracleJavaDirectory.11.1.1.4.3/lib/ extensions/virtualization.jar' (build 1.0.0, revision unknown>) [19/Jan/2011:14:56:58 +0100] category=CORE severity=NOTICE msgID=458886 msg=Oracle Unified Directory 11.1 (Oracle Unified Directory version = 11.1.1.4.3) (build 20101216222159Z, R1012160831) starting up [19/Jan/2011:14:57:09 +0100] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory: /local/instances/OracleJavaDirectory.11.1.1.4.3 [19/Jan/2011:14:57:09 +0100] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory: /local/instances/OracleJavaDirectory.11.1.1.4.3 ... more output ...
$ cd install-dir/logs
$ cat vdp-setup | more Jun 24, 2009 6:22:12 PM com.sun.dps.ui.deploy.SetupLog initLogFileHandler INFO: vdp-setup application launched June 24, 2009 6:22:12 PM MEST Jun 24, 2009 6:32:08 PM com.sun.dps.ui.deploy.step.ProgressThread executeConfigPhase INFO: /installationdir/vdp-setup --cli --ldapPort 5389 --adminConnectorPort 4454 --rootUserDN cn=Directory\ Manager --rootUserPassword ****** --doNotStart Jun 24, 2009 6:33:00 PM com.sun.dps.ui.deploy.step.ProgressThread executeConfigPhase INFO: /installationdir/bin/start-ds --timeout 0 Jun 24, 2009 6:33:06 PM com.sun.dps.ui.deploy.step.ProgressThread executeConfigPhase INFO: /installationdir/bin/dsconfig create-trust-manager-provider --provider-name Backend\ Servers --type file-based --set enabled:true --set trust-store-file:/installationdir/co nfig/backend-servers-truststore --set trust-store-type:JKS --set trust-store-pin-file:/installationdir/config/backend-servers-truststore.pin --hostname midgard --port 4454 --bind DN cn=Directory\ Manager --bindPassword ****** --trustAll --no-prompt ...(more output)...