dsconf

Manages Directory Server configuration

SYNOPSIS

install-path/bin/dsconf
 subcommand [global-options] [subcommand-options]
 [subcommand-operands]

Description

The dsconf command manages Directory Server configuration. It enables you to modify the configuration entries in cn=config.

The server must be running in order for you to run dsconf.

Subcommands

The following subcommands are supported:

dsconf accord-repl-agmt [-h host] [-p port] [-I USER_DN] [-W FILE] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Ensures the authentication properties of the destination suffix are in accord with those of the replication agreement.

dsconf analyze-index-filters [-h host] [-p port] SUFFIX_DN

Analyzes index filters and displays their statistics.

dsconf backup [-h host] [-p port] [-a] [-f FLAG]... ARCHIVE_DIR

Backs up Directory Server data (configuration data excluded).

dsconf change-repl-dest [-h host] [-p port] [-A NEW_PROTOCOL] [-J] SUFFIX_DN HOST:PORT NEW_HOST:NEW_PORT

Changes the remote replica pointed to by an existing replication agreement. The suffix DN and configuration of the existing agreement remain the same.

dsconf create-encrypted-attr [-h host] [-p port] [--desc DESC] SUFFIX_DN ATTR_NAME [ATTR_NAME ...] ENCRYPTION_ALGO

Declares that the values for an attribute are encrypted.

dsconf create-index [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

Declares that an attribute is indexed. The default index types for the attribute are equality and presence.

dsconf create-plugin [-h host] [-p port] -H LIB_PATH -F INIT_FUNCT -Y TYPE [-G ARG]... PLUGIN_NAME

Declares a new client plugin. The plugin state is disabled.

dsconf create-repl-agmt [-h host] [-p port] [-A PROTOCOL] [-J] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Creates a replication agreement for existing suffix.

dsconf create-repl-priority [-h host] [-p port] SUFFIX_DN PRIORITY_NAME PROP:VAL [PROP:VAL ...]

Creates a prioritized replication rule on a master.

dsconf create-suffix [-h host] [-p port] [-B NAME] [-L FILE] [-N] SUFFIX_DN [SUFFIX_DN ...]

Creates a suffix.

dsconf delete-encrypted-attr [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

Declares that the values for an attribute are no longer encrypted.

dsconf delete-index [-h host] [-p port] SUFFIX_DN ATTR_NAME [ATTR_NAME ...]

Declares that an attribute is no longer indexed.

dsconf delete-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

Declares that a plugin can not be used by the server any more.

dsconf delete-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Deletes a replication agreement.

dsconf delete-repl-priority [-h host] [-p port] SUFFIX_DN PRIORITY_NAME [PRIORITY_NAME ...]

Deletes a prioritized replication rule.

dsconf delete-suffix [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

Deletes suffix configuration and data.

dsconf demote-repl [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

Demotes the role of an existing replicated suffix. A master is demoted to a hub, a hub is demoted to a consumer. To demote a master to a consumer, run the command twice.

dsconf disable-index-filter-analyzer [-h host] [-p port] SUFFIX_DN

Disables the index filter analyzer.

dsconf disable-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

Disables a plugin.

dsconf disable-repl [-h host] [-p port] SUFFIX_DN [SUFFIX_DN ...]

Disables replication for a replicated suffix.

dsconf disable-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Disables replication with another Directory Server.

dsconf enable-plugin [-h host] [-p port] PLUGIN_NAME [PLUGIN_NAME ...]

Enables a plugin.

dsconf enable-repl [-h host] [-p port] [-d REPL_ID] ROLE SUFFIX_DN [SUFFIX_DN ...]

Enables replication by assigning a role to an existing suffix.

dsconf enable-index-filter-analyzer [-h host] [-p port] [--max-entries INT] SUFFIX_DN

Sets the index-filter-analyzer-enabled property on to enable you to analyze indexes. You can also set the index-filter-analyzer-max-entries property by specifying a value for --max-entries.

dsconf enable-repl-agmt [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Enables replication with another Directory Server.

dsconf export [-h host] [-p port] [-aQ] [-f FLAG]... [[-s DN]... |[-x DN]...] [-y [-C FILE]] SUFFIX_DN [SUFFIX_DN...] LDIF_FILE

OR

dsconf export [-h host] [-p port] [-aQ] [-f FLAG]... [-f FLAG=VAL] [[-s DN]... |[-x DN]...] [-y [-C FILE]] SUFFIX_DN [SUFFIX_DN...] GZ_LDIF_FILE

Exports suffix data to LDIF format as a compressed or uncompressed exported file.

dsconf get-index-prop [-h host] [-p port] [-T] SUFFIX_DN ATTR_NAME [PROP ...]

Displays the value of an index configuration property.

dsconf get-log-prop [-h host] [-p port] [-T] [-Z UNIT] LOG_TYPE [PROP ...]

Displays server log property values.

dsconf get-plugin-prop [-h host] [-p port] [-T] PLUGIN_NAME [PROP ...]

Displays plugin property values.

dsconf get-repl-agmt-prop [-h host] [-p port] [-T] SUFFIX_DN HOST:PORT [PROP ...]

Displays replication agreement property values.

dsconf get-server-prop [-h host] [-p port] [-T] [-M UNIT] [-Z UNIT] [PROP ...]

Displays server property values.

dsconf get-suffix-prop [-h host] [-p port] [-T] [-M UNIT] [-Z UNIT] SUFFIX_DN [PROP ...]

Displays suffix property values.

dsconf help-properties [-r]

Lists properties exposed by subcommands.

Following is an explanation of the keywords that are used in the dsconf help-properties output:

ETA     Encrypted Attribute
IDX     Index
LOG     Log
PLG     Plugin
RPR     Replication Priority Rules
RAG     Replication Agreement
SER     Server
SUF     Suffix

dsconf import [-h host] [-p port] [-aK] [-f FLAG=VAL]... [-x DN]... LDIF_FILE [LDIF_FILE...] SUFFIX_DN

OR

dsconf import [-h host] [-p port] [-aK] [-f FLAG=VAL]... [-xDN]... GZ_LDIF_FILE [GZ_LDIF_FILE...] SUFFIX_DN

Populates an existing suffix with LDIF data from a compressed or uncompressed LDIF file.

dsconf info [-h host] [-p port] [-c] [-D user-DN] [-e] [-i] [-j] [-w file]

Displays information about server configuration such as port number, suffix name, server mode and task states.

dsconf init-repl-dest [-h host] [-p port] [-a] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Launches a total update of the remote replica from a local suffix.

dsconf list-encrypted-attrs [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists encrypted attributes. When used with -v, this command displays additional information related to encrypted attributes.

dsconf list-indexes [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists indexed attribute configuration. When used with -v, this command displays additional information related to indexes.

dsconf list-plugins [-h host] [-p port] [-E] [-v]

Lists plugins. When used with -v, this command displays additional information related to plugins.

dsconf list-repl-agmts [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists replication agreements. When used with -v, this command displays additional information related to replication agreements.

dsconf list-repl-priorities [-h host] [-p port] [-E] [-v] [SUFFIX_DN ...]

Lists prioritized replication rules. When used with -v, this command displays additional information related to prioritized replication rules.

dsconf list-suffixes [-h host] [-p port] [-E] [-v]

Lists suffixes. When used with -v, this command displays additional information related to suffixes. This includes the number of entries, the suffix role and the number of replication agreements, replication priority rules, indexes and encrypted attributes.

dsconf promote-repl [-h host] [-p port] [-d REPL_ID] SUFFIX_DN [SUFFIX_DN ...]

Promotes the role of an existing replicated suffix. A consumer is promoted to a hub, a hub is promoted to a master. To promote a consumer to a master, run the command twice.

dsconf pwd-compat [-h host] [-p port] [-a] NEW_MODE

Changes Directory Server password compatibility state.

dsconf reindex [-h host] [-p port] [-a] [-t ATTR] ... SUFFIX_DN [SUFFIX_DN ...]

Rebuilds index(es) of an existing suffix.

dsconf restore [-h host] [-p port] [-a] [-f FLAG] ARCHIVE_DIR

Restores Directory Server data from backup archive.

dsconf rotate-log-now [-h host] [-p port] [-a] LOG_TYPE

Closes and renames current log and creates fresh log.

dsconf rewrite [-h host] [-p port][-a] [-f FLAG=VAL]... SUFFIX_DN [SUFFIX_DN... ]

Rewrites all entries according to the current database format, and depending upon the flag.

dsconf set-index-prop [-h host] [-p port] SUFFIX_DN ATTR_NAME PROP:VAL [PROP:VAL ...]

Sets the index property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-log-prop [-h host] [-p port] LOG_TYPE PROP:VAL [PROP:VAL ...]

Sets server log property value.

The specified target directory for log file must exist on all the platforms other than Windows. On Windows, if the target directory does not exist, it is created automatically.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-plugin-prop [-h host] [-p port] PLUGIN_NAME PROP:VAL [PROP:VAL ...]

Sets plugin property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-repl-agmt-prop [-h host] [-p port] SUFFIX_DN HOST:PORT PROP:VAL [PROP:VAL ...]

Sets replication agreement property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-server-prop [-h host] [-p port] PROP:VAL [PROP:VAL ...]

Sets server property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf set-suffix-prop [-h host] [-p port] SUFFIX_DN PROP:VAL [PROP:VAL ...]

Sets suffix property value.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

dsconf show-repl-agmt-status [-h host] [-p port] [-I USER_DN] [-W FILE] SUFFIX_DN HOST:PORT

Displays a comparison of a source and destination suffix configuration and the status of the replication agreement. When used with v, this command displays additional replication agreement information such as pending changes and delayed maximum duration.

dsconf show-task-status [-h host] [-p port]

Displays status of current directory server tasks. When used with v, this command displays additional information related to the task type.

dsconf update-repl-dest-now [-h host] [-p port] SUFFIX_DN HOST:PORT [HOST:PORT ...]

Restarts replication updates after the destination server has been down by forcing updates to the remote replica from the local suffix.

Global Options

The following options are global, and are applicable to all commands and subcommands. The global options must follow their respective commands or subcommands to execute successfully.

-?

--help

Displays help information for a command or subcommand.

-c

--accept-cert

Does not ask for confirmation before accepting non-trusted server certificates.

-D user-DN

--user-dn user-DN

Binds as user_DN. dsconf searches for a user-DN value in the following order: First a USER_DN specified in the command line, then a user-DN set by using the environment variable $LDAP_ADMIN_USER. If none of these are found, the default is to bind as the user cn=Directory Manager.

-e

--unsecured

Connects over LDAP with no secure connection. To connect over a clear connection by default, set the DIRSERV_UNSECURED environment variable.

-h host

--hostname host

Connects to the directory on host. dsconf contacts the LDAP server on the specified host, which can be a host name or an IP address. dsconf searches for a host value in the following order: First a host specified on the command line, then a host set by using the environment variable $DIRSERV_HOST. If none of these are found, the default is to use the local host.

For example, when mapping the IPv4 address 192.168.0.99 to IPv6, specify the HOST:PORT as follows: ::ffff:192.168.0.99.

-i

--no-inter

Does not prompt for confirmation before performing the operation.

-j

--reject-cert

Does not ask for confirmation before rejecting non-trusted server certificates (for current session only).

-p port

--port port

Connects to directory on port. dsconf searches for a port value in the following order: First aport specified in the command line, then a port set by using the environment variable $DIRSERV_PORT. If none of these are found, the default is to use port 389.

This option is mutually exclusive with -P,--secure-port.

-P port

--secure-port port

Connects over SSL to the directory on port. dsconf searches for a port value in the following order:

A port specified in the command line
A port set by using the $DIR_SERV_PORT environment variable

If none of these are found, the default is to use port 636.

This option is mutually exclusive with -p,--port.

-v

--verbose

Displays extra information.

-V --version

Displays the current version of dsconf. The version is provided in the format year.monthday.time. So version number 2007.1204.0035 was built on December 4th, 2007 at 00h35. If the components used by dsconf are not aligned, the version of each individual component is displayed.

-w FILE

--pwd-file FILE

Binds using an LDAP password is read from FILE. dsconf searches for a password FILE value in the following order: A password or password file specified in the command line. A password file set by using the environment variable $LDAP_ADMIN_PWF. If none of these are found, the default is to prompt for the password.

-y

--decrypt-attr

Decrypts encrypted attributes. The --decrypt-attr option is a boolean and is optional.

Subcommands Options

The following options are applicable to the subcommands where they are specified.

-A PROTOCOL

--auth-protocol PROTOCOL

Sets authentication protocol for replication agreements to PROTOCOL. For the create-repl-dest subcommand, the default value is clear. Other possible values are ssl-simple and ssl-client. For the change-repl-dest subcommand, the default value is the same as that of the HOST:PORT to which you are changing.

-a

--async

Launches a task and returns the command line accessible immediately.

-B NAME

--db-name NAME

Specifies a database name.

-C FILE

--cert-pwd-file FILE

Reads certificate database password from FILE. The default is to prompt for password.

-d REPL_ID

--repl-id REPL_ID

Specifies a replication ID for a master. It is only used when ROLE = master.

--desc DESC

Specifies a description DESC.

-E

--record

Modifies the display output to show one property value per line.

-F INIT_FUNC

--init-func INIT_FUNC

Sets initialization function for a plugin to INIT_FUNC.

-f FLAG or -f FLAG=VAL

--flags FLAG or --flags FLAG=VAL

Customizes specific subcommand.

Import flags:

chunk-size=INTEGER: Sets the merge chunk size. Overrides the detection of when to start a new pass during import.
incremental-output: Specifies whether an output file will be generated for later use in importing to large replicated suffixes. Default is yes. Possible values are yes and no. This flag can only be used when the -K option is used. If this flag is not used, an output file will automatically be generated.
incremental-output-file=PATH: Sets the path of the generated output file for an incremental (appended) import. The output file is used for updating a replication topology. It is an LDIF file containing the difference between the replicated suffix and the LDIF file, and replication information.

Export flags:

compression-level: Compression level to use when a GZ_LDIF_FILE is given as operand. Default level is 3, level range is from 1 to 9.
multiple-output-file: Exports each suffix to a separate file.
use-main-db-file: Exports the main database file only.
not-export-unique-id: Does not export unique id values.
output-not-folded: Does not wrap long lines.
not-print-entry-ids: Does not export entry IDs.

Backup flags:

verify-db: Check integrity of the backed up database.
no-recovery: Skip recovery of the backed up database.

Restore flags:

move-archive: Performs restore by moving files in place of copying them.

Rewrite flags:

purge-csn

Purge the Change Sequence Number (CSN). The purge-csn flag is set to off by default. Setting purge-csn to on prevents old CSN data from being kept by the operation. This reduces the size of entries by removing traces of previous updates.

convert-pwp-opattr-to-DS6

Converts DS5 mode password policy operational attributes to run in D6-mode.

The convert-pwp-opattr-to-DS6 flag is set to off by default. When a server is DS6-migration-mode enabled, setting convert-pwp-opattr-to-DS6 to on, permits DS5 mode password policy operational attributes to be migrated using their ID (Internet Draft) and to run in DS6-mode. DS6-migration-mode is the only mode in which you can migrate operational attributes safely. When the migration has been successfully performed, run the server in DS6-mode when you are ready.

Note that the dsconf rewrite -f convert-pwp-opattr-to-DS6=on subcommand must be run on all servers in the topology that are in DS6-migration-mode in order to migrate their DS5 mode password policy operational attributes.

-G ARG

--arguments ARG

Sets plugin argument property to ARG.

-H LIB_PATH

--lib-path LIB_PATH

Sets plugin library path to LIB_PATH.

-I USER_DN

--dest-bind-dn USER_DN

Binds as USER_DN on destination suffix (Default: same as the DN used for source suffix)

-J

--no-accord

For use with the create-repl-agmt and change-repl-dest subcommands. When the --no-accord option is used with either create-repl-agmt and change-repl-dest subcommands, the accord-repl-agmt subcommand is not performed.

When creating a new replication agreement or when changing the destination server of a replication agreement, dsconf tries to run the accord-repl-agmt operation to ensure the authentication properties of the destination suffix are in accord with those of replication agreement. If the destination server is unavailable or takes time to respond, the time to operate the command would be longer than necessary unless the --no-accord subcommand option is used.

-K

--incremental

Specifies that the contents of the imported LDIF file are appended to the existing LDAP entries. If this option is not specified, the contents of the imported file replace the existing entries.

-L FILE

--db-path FILE

Specifies database directory and path.

-M UNIT

--unit-time UNIT

Displays time in UNIT, where UNIT is one of: w, d, h, m, s (week, day, hour, minute, second).

--max-entries INT

Specifies the maximum number of entries for index-filter-analyzer-max-entries.

-N

--no-top-entry

Does not create a top entry for the suffix. By default, a top-level entry is created when a new suffix is created (on the condition that the suffix starts with dc=, c=, o= or ou=). This option changes the default behavior.

-Q

--no-repl

Does not export additional data needed for replication.

-r

--attr-map

Displays help properties and their corresponding attributes in cn=config.

-s DN

--include DN

Exports all data under specified DN.

-T

--tab

Displays information in a table format.

-t ATTR

--attr ATTR

Reindexes the attribute ATTR (Default: All attributes).

-W FILE

--dest-pwd-file FILE

Binds on a destination suffix using the password read from FILE. The default is the same FILE used for the source suffix.

-x DN

--exclude DN

Does not import or export data contained under the specified DN.

-Y TYPE

--type TYPE

Sets plugin type to TYPE, where TYPE is one of: database, extendedop, preoperation, postoperation, matchingrule, syntax, internalpreoperation, internalpostoperation, object, pwdstoragescheme, reverpwdstoragescheme, ldbmentryfetchstore, beprecommit, archive2ldbm.

-Z UNIT

--unit-size UNIT

Displays memory size data in UNIT, where UNIT is one of: G, M, k, b (Gigabyte, Megabyte, kilobyte, byte).

Operands

The following operands are supported:

ARCHIVE_DIR

Directory Server instance backup archive directory.

ATTR_NAME

Attribute name.

ENCRYPTION_ALGO

Algorithm to use for encryption. Possible values are: des, des3, rc2, rc4, aes128, aes256, camellia128, and camellia256. These values signify respectively DES block cipher, Triple DES block cipher, RC2 block cipher, RC4 stream cipher, AES 128-bit block cipher, AES 256-bit block cipher, CAMELLIA 128-bit block cipher, and CAMELLIA 256-bit block cipher.

GZIP_LDIF_FILE

Path and filename for file in gzip compressed LDIF format.

HOST:PORT

Destination replicated suffix, defined by HOST and destination PORT.

LDIF_FILE

Path and filename for file in LDIF format.

LOG_TYPE

Type of log, where LOG_TYPE is one of: access, error, audit.

NEW_MODE

Desired mode for password compatibility policy. The default mode is DS5–compatible-mode. You can change it to to-DS6-migration-mode and then to to-DS6-mode.

PLUGIN_NAME

Plugin name. The plugin name is defined when the plugin is created.

PRIORITY_NAME

Name used to define or identify a prioritized replication rule.

PROP

Property name. For a list of PROP names and default values, use the command dsconf help-properties -v.

PROP:VAL

Property and corresponding value. For a list of PROP names and default values, use the command dsconf help-properties -v.

For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.

Multi-valued properties are identified by the M keyword. For a list of multi-valued properties, use the command dsconf help-properties | grep " M "

Allowed values that are too wide for the help-properties output are listed below:

RAG transport-compression: no-compression | default-compression | best-speed | best-compression

SER dsml-client-auth-mode: client-cert-first | http-basic-only | client-cert-only

ROLE

Role of the replicated suffix , where ROLE is one of: master, hub, consumer.

SUFFIX_DN

Suffix DN (Distinguished Name)

Syntax Values

Syntax values shown in lower case or partly in lower case are literal values.

Those shown in upper case are syntax types, defined as follows:

ATTR_NAME

A valid attribute type name such as cn or objectClass.

DN

A valid distinguished name such as ou=People,dc=example,dc=com.

DURATION

A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.

DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.

INTEGER

A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.

INTERVAL

An interval value of the form hhmm-hhmm 0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).

LDAP_URL

A valid LDAP URL as specified by RFC 2255 (http://www.ietf.org/rfc/rfc2255.txt).

MEMORY_SIZE

A memory size specified in gigabytes (G), megabytes (M),kilobytes (k), or bytes (b). Unlike DURATION properties, MEMORY_SIZE properties cannot combine multiple specifiers. However, MEMORY_SIZE properties allow decimal values, for example, 1.5M.

OCTAL_MODE

A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.

PATH

A valid, absolute file system path.

STRING

A DirectoryString value, as specified by RFC 2252 (http://www.ietf.org/rfc/rfc2252.txt).

TIME

A time of the form hhmm in 24-hour format, where hh stands for hours and mm stands for minutes.

EXIT STATUS

The following exit status values are returned:

0: Successful completion.
non-zero: An error occurred.

Examples

The following examples show how the dsconf command is used.

Example 1 Create a Suffix

$ dsconf create-suffix -h host -p port 
dc=example,dc=com

In this example, non-default ports are specified.

Check to see if the suffix has been created.

$ dsconf list-suffixes -h host -p port -v

Example 2 Import LDIF Data into the Suffix

$ dsconf import -h host -p port
/opt/SUNWdsee7/resources/ldif/example.ldif dc=example,dc=com

Example 3 Index an Attribute

In this example, the preferredLanguage attribute is going to be indexed.

Create an index entry for the attribute. By default, the index matching types are equity and presence.
```
$ dsconf create-index -h host -p port 
dc=example,dc=com preferredLanguage
```

Check that the index entry has been created

$ dsconf get-index-prop -h host -p port 
dc=example,dc=com preferredLanguage

Generate the index for the attribute.

$ dsconf reindex -h host -p port 
-t preferredLanguage dc=example,dc=com

Example 4 Back Up the Directory Server Data

$ dsconf backup -h host -p port 
/tmp/backupArchiveDir

For complete backup procedures, see the Directory Server Enterprise Edition Administration Guide.

Example 5 Monitor and Change Cache Size for a Suffix

Search for the string cache within the dsconf help properties:
```
$ dsconf help-properties | grep cache
```
Determine which property is most applicable and request more information. In the results of the preceding step, cache-mem-size seems to correspond. For additional information, use the verbose option:
```
$ dsconf help-properties -v | grep entry-cache-size
SUF  entry-cache-size  rw MEMORY_SIZE (Ex: 3G,2m,200k,10000b)  
nsslapd-cachememsize
Cache size in term of memory space: (Default: 10M)
```
Use the following information to interpret the results above:

SUF

This property applies to a suffix.

entry-cache-size

The name of the property

rw

You have read and write access to the property when using get-suffix-prop and set-suffix-prop.

MEMORY_SIZE

Use memory size values as described in this man page.

nsslapd-cachememsize

The attribute under cn=config to which this property applies.

(Default: 10M)

The default value of this property

Determine the current value of entry-cache-size:

$ dsconf get-suffix-prop -h host -p port 
dc=example,dc=com entry-cache-size 
entry-cache-size : 10M

Change the value of entry-cache-size to 12M:

$ dsconf set-suffix-prop -h host -p port 
dc=example,dc=com entry-cache-size:12M

Check that the value has been changed:

$ dsconf get-suffix-prop -h host -p port 
dc=example,dc=com entry-cache-size
entry-cache-size : 12M

Example 6 Export to LDIF While Using Filters

$ dsconf export -h host -p port
-f not-print-entry-ids -s ou=people,dc=example,dc=com 
 -s ou=contractors,dc=example,dc=com dc=example,dc=com 
instance-path/ldif/export.ldif

This example shows a command that:

Uses the flag not-print-entry-ids to request that entry IDs are not exported.
Exports data from two suffixes ou=people,dc=example,dc=com and ou=contractors,dc=example,dc=com into one LDIF file instance-path/ldif/export.ldif.

Example 7 Rotate the Access Log and Modify the Rotation Delay for the Access Log

If you have a log which is getting very large, you can rotate the log. Rotation backs up the existing log file and creates a fresh log file. In this example, the access log is rotated.

Rotate the access log by using the command:

$ dsconf rotate-log-now -h host -p port access

You can now modify the delay between log rotations for the access log.

Find the property which sets maximum log size:
```
$ dsconf help-properties -v | grep LOG
```
The output from the previous command shows that the required property is rotation-interval.
To see the default setting for rotation-interval:
```
$ dsconf get-log-prop -h host -p port 
access rotation-interval
```
The default is one day 1d.

To increase the rotation delay to two days, use the command:

$ dsconf set-log-prop -h host -p port 
access rotation-interval:2d

Example 8 Configure Replication in a Two-Master Topology

This procedure configures replication on a topology with two severs, and both are masters. Replication is configured first on one master, then on the second master. Master 1 is located on server1.example:1389. Master 2 is located on server2.example:2389.

On server 1: Create a suffix

$ dsconf create-suffix -h server1.example -p 1389 
dc=example,dc=com

On Server 1: Populate the suffix with LDIF data
```
$ dsconf import -a -h server1.example -p 1389 
/opt/SUNWdsee7/resources/ldif/Example.ldif dc=example,dc=com
```
If the import takes a long time, you can obtain status on the import operation using:
```
$ dsconf info -h server1.example -p 1389 
```
or
```
$ dsconf show-task-status -h server1.example -p 1389 -v
```
Alternatively, you can view the status of the task while it is running by omitting the -a option in the command.
On Server 1: Enable replication on Master 1. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.
```
$ dsconf enable-repl -h server1.example -p 1389 
-d 1 master dc=example,dc=com
```

On server 2: Create a suffix

$ dsconf create-suffix -h server2.example -p 2389 dc=example,dc=com

On Server 2: Enable replication on Master 2. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.
```
$ dsconf enable-repl -h server2.example -p 2389 
-d 2 master dc=example,dc=com
```

On Server 1: Create a replication agreement from Master 1 to Master 2.

$ dsconf create-repl-agmt -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

On Server 2: Create a replication agreement from Master 2 to Master 1

$ dsconf create-repl-agmt -h server2.example -p 2389 
dc=example,dc=com server1.example:1389

On Server 1: Check that the replication agreement status is OK.

$ dsconf show-repl-agmt-status -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

If the status is not OK, then accord the replication agreement.

$ dsconf accord-repl-agmt -h server1.example -p 1389 
dc=example,dc=com server2.example:2389

On Server 1: From Master 1, initialize replication on Master 2. This step initializes Master 2 with the data contained in the suffix on Master 1 and starts replication.
```
$ dsconf init-repl-dest -h server1.example -p 1389 
dc=example,dc=com server2.example:2389
```

The replication agreements in both directions are now active and replication is running.

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWdsee7
Stability Level	Evolving