Oracle® Fusion Middleware Man Page Reference for Oracle Directory Server Enterprise Edition 11g Release 1 (11.1.1.7.0) Part Number E28967-01 |
|
|
PDF · Mobi · ePub |
Manages Directory Server configuration
SYNOPSIS
install-path/bin/dsconf subcommand [global-options] [subcommand-options] [subcommand-operands]
Description
The dsconf
command manages Directory Server configuration. It enables you to modify the configuration entries in cn=config
.
The server must be running in order for you to run dsconf
.
Subcommands
The following subcommands are supported:
dsconf accord-repl-agmt [-h
host
] [-p
port
] [-I
USER_DN
] [-W
FILE
]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Ensures the authentication properties of the destination suffix are in accord with those of the replication agreement.
dsconf analyze-index-filters [-h
host
] [-p
port
]
SUFFIX_DN
Analyzes index filters and displays their statistics.
dsconf backup [-h
host
] [-p
port
] [-a] [-f FLAG]...
ARCHIVE_DIR
Backs up Directory Server data (configuration data excluded).
dsconf change-repl-dest [-h
host
] [-p
port
] [-A
NEW_PROTOCOL
] [-J]
SUFFIX_DN
HOST
:
PORT
NEW_HOST
:
NEW_PORT
Changes the remote replica pointed to by an existing replication agreement. The suffix DN and configuration of the existing agreement remain the same.
dsconf create-encrypted-attr [-h
host
] [-p
port
] [--desc
DESC
]
SUFFIX_DN
ATTR_NAME
[
ATTR_NAME
...]
ENCRYPTION_ALGO
Declares that the values for an attribute are encrypted.
dsconf create-index [-h
host
] [-p
port
]
SUFFIX_DN
ATTR_NAME
[
ATTR_NAME
...]
Declares that an attribute is indexed. The default index types for the attribute are equality and presence.
dsconf create-plugin [-h
host
] [-p
port
] -H
LIB_PATH
-F
INIT_FUNCT
-Y
TYPE
[-G
ARG
]...
PLUGIN_NAME
Declares a new client plugin. The plugin state is disabled.
dsconf create-repl-agmt [-h
host
] [-p
port
] [-A
PROTOCOL
] [-J]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Creates a replication agreement for existing suffix.
dsconf create-repl-priority [-h
host
] [-p
port
]
SUFFIX_DN
PRIORITY_NAME
PROP
:
VAL
[
PROP
:
VAL
...]
Creates a prioritized replication rule on a master.
dsconf create-suffix [-h
host
] [-p
port
] [-B
NAME
] [-L
FILE
] [-N]
SUFFIX_DN
[
SUFFIX_DN
...]
Creates a suffix.
dsconf delete-encrypted-attr [-h
host
] [-p
port
]
SUFFIX_DN
ATTR_NAME
[
ATTR_NAME
...]
Declares that the values for an attribute are no longer encrypted.
dsconf delete-index [-h
host
] [-p
port
]
SUFFIX_DN
ATTR_NAME
[
ATTR_NAME
...]
Declares that an attribute is no longer indexed.
dsconf delete-plugin [-h
host
] [-p
port
]
PLUGIN_NAME
[
PLUGIN_NAME
...]
Declares that a plugin can not be used by the server any more.
dsconf delete-repl-agmt [-h
host
] [-p
port
]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Deletes a replication agreement.
dsconf delete-repl-priority [-h
host
] [-p
port
]
SUFFIX_DN
PRIORITY_NAME
[
PRIORITY_NAME
...]
Deletes a prioritized replication rule.
dsconf delete-suffix [-h
host
] [-p
port
]
SUFFIX_DN
[
SUFFIX_DN
...]
Deletes suffix configuration and data.
dsconf demote-repl [-h
host
] [-p
port
]
SUFFIX_DN
[
SUFFIX_DN
...]
Demotes the role of an existing replicated suffix. A master is demoted to a hub, a hub is demoted to a consumer. To demote a master to a consumer, run the command twice.
dsconf disable-index-filter-analyzer [-h
host
] [-p
port
]
SUFFIX_DN
Disables the index filter analyzer.
dsconf disable-plugin [-h
host
] [-p
port
]
PLUGIN_NAME
[
PLUGIN_NAME
...]
Disables a plugin.
dsconf disable-repl [-h
host
] [-p
port
]
SUFFIX_DN
[
SUFFIX_DN
...]
Disables replication for a replicated suffix.
dsconf disable-repl-agmt [-h
host
] [-p
port
]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Disables replication with another Directory Server.
dsconf enable-plugin [-h
host
] [-p
port
]
PLUGIN_NAME
[
PLUGIN_NAME
...]
Enables a plugin.
dsconf enable-repl [-h
host
] [-p
port
] [-d
REPL_ID
]
ROLE
SUFFIX_DN
[
SUFFIX_DN
...]
Enables replication by assigning a role to an existing suffix.
dsconf enable-index-filter-analyzer [-h
host
] [-p
port
] [--max-entries
INT
]
SUFFIX_DN
Sets the index-filter-analyzer-enabled
property on
to enable you to analyze indexes. You can also set the index-filter-analyzer-max-entries
property by specifying a value for --max-entries
.
dsconf enable-repl-agmt [-h
host
] [-p
port
]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Enables replication with another Directory Server.
dsconf export [-h host] [-p port] [-aQ] [-f FLAG]... [[-s DN]... |[-x DN]...] [-y [-C FILE]] SUFFIX_DN [SUFFIX_DN...] LDIF_FILE
dsconf export [-h host] [-p port] [-aQ] [-f FLAG]... [-f FLAG=VAL] [[-s DN]... |[-x DN]...] [-y [-C FILE]] SUFFIX_DN [SUFFIX_DN...] GZ_LDIF_FILE
Exports suffix data to LDIF format as a compressed or uncompressed exported file.
dsconf get-index-prop [-h
host
] [-p
port
] [-T]
SUFFIX_DN
ATTR_NAME
[
PROP
...]
Displays the value of an index configuration property.
dsconf get-log-prop [-h
host
] [-p
port
] [-T] [-Z
UNIT
]
LOG_TYPE
[
PROP
...]
Displays server log property values.
dsconf get-plugin-prop [-h
host
] [-p
port
] [-T]
PLUGIN_NAME
[
PROP
...]
Displays plugin property values.
dsconf get-repl-agmt-prop [-h
host
] [-p
port
] [-T]
SUFFIX_DN
HOST
:
PORT
[
PROP
...]
Displays replication agreement property values.
dsconf get-server-prop [-h
host
] [-p
port
] [-T] [-M
UNIT
] [-Z
UNIT
] [
PROP
...]
Displays server property values.
dsconf get-suffix-prop [-h
host
] [-p
port
] [-T] [-M
UNIT
] [-Z
UNIT
]
SUFFIX_DN
[
PROP
...]
Displays suffix property values.
dsconf help-properties [-r]
Lists properties exposed by subcommands.
Following is an explanation of the keywords that are used in the dsconf help-properties
output:
ETA Encrypted Attribute IDX Index LOG Log PLG Plugin RPR Replication Priority Rules RAG Replication Agreement SER Server SUF Suffix
dsconf import [-h host] [-p port] [-aK] [-f FLAG=VAL]... [-x DN]... LDIF_FILE [LDIF_FILE...] SUFFIX_DN
dsconf import [-h host] [-p port] [-aK] [-f FLAG=VAL]... [-xDN]... GZ_LDIF_FILE [GZ_LDIF_FILE...] SUFFIX_DN
Populates an existing suffix with LDIF data from a compressed or uncompressed LDIF file.
dsconf info [-h
host
] [-p
port
] [-c] [-D
user-DN
] [-e] [-i] [-j] [-w
file
]
Displays information about server configuration such as port number, suffix name, server mode and task states.
dsconf init-repl-dest [-h
host
] [-p
port
] [-a]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Launches a total update of the remote replica from a local suffix.
dsconf list-encrypted-attrs [-h
host
] [-p
port
] [-E] [-v] [
SUFFIX_DN
...]
Lists encrypted attributes. When used with -v
, this command displays additional information related to encrypted attributes.
dsconf list-indexes [-h
host
] [-p
port
] [-E] [-v] [
SUFFIX_DN
...]
Lists indexed attribute configuration. When used with -v
, this command displays additional information related to indexes.
dsconf list-plugins [-h
host
] [-p
port
] [-E] [-v]
Lists plugins. When used with -v
, this command displays additional information related to plugins.
dsconf list-repl-agmts [-h
host
] [-p
port
] [-E] [-v] [
SUFFIX_DN
...]
Lists replication agreements. When used with -v
, this command displays additional information related to replication agreements.
dsconf list-repl-priorities [-h
host
] [-p
port
] [-E] [-v] [
SUFFIX_DN
...]
Lists prioritized replication rules. When used with -v
, this command displays additional information related to prioritized replication rules.
dsconf list-suffixes [-h
host
] [-p
port
] [-E] [-v]
Lists suffixes. When used with -v
, this command displays additional information related to suffixes. This includes the number of entries, the suffix role and the number of replication agreements, replication priority rules, indexes and encrypted attributes.
dsconf promote-repl [-h
host
] [-p
port
] [-d
REPL_ID
]
SUFFIX_DN
[
SUFFIX_DN
...]
Promotes the role of an existing replicated suffix. A consumer is promoted to a hub, a hub is promoted to a master. To promote a consumer to a master, run the command twice.
dsconf pwd-compat [-h
host
] [-p
port
] [-a]
NEW_MODE
Changes Directory Server password compatibility state.
dsconf reindex [-h
host
] [-p
port
] [-a] [-t
ATTR
] ...
SUFFIX_DN
[
SUFFIX_DN
...]
Rebuilds index(es) of an existing suffix.
dsconf restore [-h
host
] [-p
port
] [-a] [-f FLAG]
ARCHIVE_DIR
Restores Directory Server data from backup archive.
dsconf rotate-log-now [-h
host
] [-p
port
] [-a]
LOG_TYPE
Closes and renames current log and creates fresh log.
dsconf rewrite [-h
host
] [-p
port
][-a] [-f FLAG=
VAL
]... SUFFIX_DN [
SUFFIX_DN...
]
Rewrites all entries according to the current database format, and depending upon the flag.
dsconf set-index-prop [-h
host
] [-p
port
]
SUFFIX_DN
ATTR_NAME
PROP
:
VAL
[
PROP
:
VAL
...]
Sets the index property value.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
dsconf set-log-prop [-h
host
] [-p
port
]
LOG_TYPE
PROP
:
VAL
[
PROP
:
VAL
...]
Sets server log property value.
The specified target directory for log file must exist on all the platforms other than Windows. On Windows, if the target directory does not exist, it is created automatically.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
dsconf set-plugin-prop [-h
host
] [-p
port
]
PLUGIN_NAME
PROP
:
VAL
[
PROP
:
VAL
...]
Sets plugin property value.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
dsconf set-repl-agmt-prop [-h
host
] [-p
port
]
SUFFIX_DN
HOST
:
PORT
PROP
:
VAL
[
PROP
:
VAL
...]
Sets replication agreement property value.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
dsconf set-server-prop [-h
host
] [-p
port
]
PROP
:
VAL
[
PROP
:
VAL
...]
Sets server property value.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
dsconf set-suffix-prop [-h
host
] [-p
port
]
SUFFIX_DN
PROP
:
VAL
[
PROP
:
VAL
...]
Sets suffix property value.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
dsconf show-repl-agmt-status [-h
host
] [-p
port
] [-I
USER_DN
] [-W
FILE
]
SUFFIX_DN
HOST
:
PORT
Displays a comparison of a source and destination suffix configuration and the status of the replication agreement. When used with v, this command displays additional replication agreement information such as pending changes and delayed maximum duration.
dsconf show-task-status [-h
host
] [-p
port
]
Displays status of current directory server tasks. When used with v, this command displays additional information related to the task type.
dsconf update-repl-dest-now [-h
host
] [-p
port
]
SUFFIX_DN
HOST
:
PORT
[
HOST
:
PORT
...]
Restarts replication updates after the destination server has been down by forcing updates to the remote replica from the local suffix.
Global Options
The following options are global, and are applicable to all commands and subcommands. The global options must follow their respective commands or subcommands to execute successfully.
-?
--help
Displays help information for a command or subcommand.
-c
--accept-cert
Does not ask for confirmation before accepting non-trusted server certificates.
-D
user-DN--user-dn
user-DNBinds as user_DN. dsconf
searches for a user-DN value in the following order: First a USER_DN specified in the command line, then a user-DN set by using the environment variable $LDAP_ADMIN_USER. If none of these are found, the default is to bind as the user cn=Directory Manager
.
-e
--unsecured
Connects over LDAP with no secure connection. To connect over a clear connection by default, set the DIRSERV_UNSECURED
environment variable.
-h
host--hostname
hostConnects to the directory on host. dsconf
contacts the LDAP server on the specified host, which can be a host name or an IP address. dsconf
searches for a host value in the following order: First a host specified on the command line, then a host set by using the environment variable $DIRSERV_HOST. If none of these are found, the default is to use the local host.
For example, when mapping the IPv4 address 192.168.0.99
to IPv6, specify the HOST:PORT as follows: ::ffff:192.168.0.99
.
-i
--no-inter
Does not prompt for confirmation before performing the operation.
-j
--reject-cert
Does not ask for confirmation before rejecting non-trusted server certificates (for current session only).
-p
port--port
portConnects to directory on port. dsconf
searches for a port value in the following order: First aport specified in the command line, then a port set by using the environment variable $DIRSERV_PORT. If none of these are found, the default is to use port 389.
This option is mutually exclusive with -P
,--secure-port
.
-P
port--secure-port
portConnects over SSL to the directory on port. dsconf
searches for a port value in the following order:
A port specified in the command line
A port set by using the $DIR_SERV_PORT
environment variable
If none of these are found, the default is to use port 636
.
This option is mutually exclusive with -p
,--port
.
-v
--verbose
Displays extra information.
-V
--version
Displays the current version of dsconf
. The version is provided in the format year.monthday.time. So version number 2007.1204.0035
was built on December 4th, 2007 at 00h35. If the components used by dsconf
are not aligned, the version of each individual component is displayed.
-w
FILE--pwd-file
FILEBinds using an LDAP password is read from FILE. dsconf
searches for a password FILE value in the following order: A password or password file specified in the command line. A password file set by using the environment variable $LDAP_ADMIN_PWF. If none of these are found, the default is to prompt for the password.
-y
--decrypt-attr
Decrypts encrypted attributes. The --decrypt-attr
option is a boolean and is optional.
Subcommands Options
The following options are applicable to the subcommands where they are specified.
-A
PROTOCOL--auth-protocol
PROTOCOLSets authentication protocol for replication agreements to PROTOCOL. For the create-repl-dest
subcommand, the default value is clear. Other possible values are ssl-simple
and ssl-client
. For the change-repl-dest
subcommand, the default value is the same as that of the HOST:PORT to which you are changing.
-a
--async
Launches a task and returns the command line accessible immediately.
-B
NAME--db-name
NAMESpecifies a database name.
-C
FILE--cert-pwd-file
FILEReads certificate database password from FILE
. The default is to prompt for password.
-d
REPL_ID--repl-id
REPL_IDSpecifies a replication ID for a master. It is only used when ROLE = master.
--desc
DESCSpecifies a description DESC.
-E
--record
Modifies the display output to show one property value per line.
-F
INIT_FUNC--init-func
INIT_FUNCSets initialization function for a plugin to INIT_FUNC.
-f
FLAG or -f
FLAG=VAL--flags
FLAG or --flags
FLAG=VALCustomizes specific subcommand.
Import flags:
Sets the merge chunk size. Overrides the detection of when to start a new pass during import.
Specifies whether an output file will be generated for later use in importing to large replicated suffixes. Default is yes
. Possible values are yes
and no
. This flag can only be used when the -K
option is used. If this flag is not used, an output file will automatically be generated.
Sets the path of the generated output file for an incremental (appended) import. The output file is used for updating a replication topology. It is an LDIF file containing the difference between the replicated suffix and the LDIF file, and replication information.
Export flags:
Compression level to use when a GZ_LDIF_FILE is given as operand. Default level is 3, level range is from 1 to 9.
Exports each suffix to a separate file.
Exports the main database file only.
Does not export unique id values.
Does not wrap long lines.
Does not export entry IDs.
Backup flags:
verify-db
Check integrity of the backed up database.
no-recovery
Skip recovery of the backed up database.
Restore flags:
move-archive
Performs restore by moving files in place of copying them.
Rewrite flags:
purge-csn
Purge the Change Sequence Number (CSN). The purge-csn
flag is set to off by default. Setting purge-csn
to on prevents old CSN data from being kept by the operation. This reduces the size of entries by removing traces of previous updates.
convert-pwp-opattr-to-DS6
Converts DS5 mode password policy operational attributes to run in D6-mode.
The convert-pwp-opattr-to-DS6
flag is set to off
by default. When a server is DS6-migration-mode
enabled, setting convert-pwp-opattr-to-DS6
to on,
permits DS5 mode password policy operational attributes to be migrated using their ID (Internet Draft) and to run in DS6-mode. DS6-migration-mode
is the only mode in which you can migrate operational attributes safely. When the migration has been successfully performed, run the server in DS6-mode
when you are ready.
Note that the dsconf rewrite -f convert-pwp-opattr-to-DS6=on
subcommand must be run on all servers in the topology that are in DS6-migration-mode
in order to migrate their DS5 mode password policy operational attributes.
-G
ARG--arguments
ARGSets plugin argument property to ARG.
-H
LIB_PATH--lib-path
LIB_PATHSets plugin library path to LIB_PATH.
-I
USER_DN--dest-bind-dn
USER_DNBinds as USER_DN on destination suffix (Default: same as the DN used for source suffix)
-J
--no-accord
For use with the create-repl-agmt
and change-repl-dest
subcommands. When the --no-accord
option is used with either create-repl-agmt
and change-repl-dest
subcommands, the accord-repl-agmt
subcommand is not performed.
When creating a new replication agreement or when changing the destination server of a replication agreement, dsconf
tries to run the accord-repl-agmt
operation to ensure the authentication properties of the destination suffix are in accord with those of replication agreement. If the destination server is unavailable or takes time to respond, the time to operate the command would be longer than necessary unless the --no-accord
subcommand option is used.
-K
--incremental
Specifies that the contents of the imported LDIF file are appended to the existing LDAP entries. If this option is not specified, the contents of the imported file replace the existing entries.
-L
FILE--db-path
FILESpecifies database directory and path.
-M
UNIT--unit-time
UNITDisplays time in UNIT, where UNIT is one of: w, d, h, m, s (week, day, hour, minute, second).
--max-entries
INTSpecifies the maximum number of entries for index-filter-analyzer-max-entries
.
-N
--no-top-entry
Does not create a top entry for the suffix. By default, a top-level entry is created when a new suffix is created (on the condition that the suffix starts with dc=
, c=
, o=
or ou=
). This option changes the default behavior.
-Q
--no-repl
Does not export additional data needed for replication.
-r
--attr-map
Displays help properties and their corresponding attributes in cn=config
.
-s
DN--include
DNExports all data under specified DN.
-T
--tab
Displays information in a table format.
-t
ATTR--attr
ATTRReindexes the attribute ATTR (Default: All attributes).
-W
FILE--dest-pwd-file
FILEBinds on a destination suffix using the password read from FILE. The default is the same FILE used for the source suffix.
-x
DN--exclude
DNDoes not import or export data contained under the specified DN.
-Y
TYPE--type
TYPESets plugin type to TYPE, where TYPE is one of: database, extendedop, preoperation, postoperation, matchingrule, syntax, internalpreoperation, internalpostoperation, object, pwdstoragescheme, reverpwdstoragescheme, ldbmentryfetchstore, beprecommit, archive2ldbm.
-Z
UNIT--unit-size
UNITDisplays memory size data in UNIT, where UNIT is one of: G, M, k, b (Gigabyte, Megabyte, kilobyte, byte).
Operands
The following operands are supported:
Directory Server instance backup archive directory.
Attribute name.
Algorithm to use for encryption. Possible values are: des
, des3
, rc2
, rc4
, aes128
, aes256
, camellia128
, and camellia256
. These values signify respectively DES block cipher, Triple DES block cipher, RC2 block cipher, RC4 stream cipher, AES 128-bit block cipher, AES 256-bit block cipher, CAMELLIA 128-bit block cipher, and CAMELLIA 256-bit block cipher.
Path and filename for file in gzip
compressed LDIF format.
Destination replicated suffix, defined by HOST and destination PORT.
Path and filename for file in LDIF format.
Type of log, where LOG_TYPE is one of: access, error, audit.
Desired mode for password compatibility policy. The default mode is DS5–compatible-mode
. You can change it to to-DS6-migration-mode
and then to to-DS6-mode
.
Plugin name. The plugin name is defined when the plugin is created.
Name used to define or identify a prioritized replication rule.
Property name. For a list of PROP names and default values, use the command dsconf help-properties -v
.
Property and corresponding value. For a list of PROP names and default values, use the command dsconf help-properties -v
.
For multi-valued properties, use PROP+:VAL to add a value, and PROP-:VAL to remove a value.
Multi-valued properties are identified by the M
keyword. For a list of multi-valued properties, use the command dsconf help-properties | grep " M "
Allowed values that are too wide for the help-properties output are listed below:
LOG level (Access): none | acc-internal | default | acc-default_plus_referrals | acc-timing | acc-control-oids. For definitions of log levels, see the man page log(5dsconf).
LOG level (Error): default | err-function-calls | err-search-args | err-connection | err-packets | err-search-filter | err-config-file | err-acl | err-ldbm | err-entry-parsing | err-housekeeping | err-replication | err-entry-cache | err-plugins | err-dsml | err-dsml-advanced. For definitions of log levels, see the man page log(5dsconf).
PLG type and depends-on-type: database | extendedop | preoperation | postoperation | matchingrule | syntax | internalpreoperation | internalpostoperation | object | pwdstoragescheme | reverpwdstoragescheme | ldbmentryfetchstore | beprecommit | archive2ldbm
RAG transport-compression: no-compression | default-compression | best-speed | best-compression
SER dsml-client-auth-mode: client-cert-first | http-basic-only | client-cert-only
Role of the replicated suffix , where ROLE is one of: master, hub, consumer.
Suffix DN (Distinguished Name)
Syntax Values
Syntax values shown in lower case or partly in lower case are literal values.
Those shown in upper case are syntax types, defined as follows:
ATTR_NAME
A valid attribute type name such as cn
or objectClass
.
DN
A valid distinguished name such as ou=People,dc=example,dc=com
.
DURATION
A duration specified in months (M
), weeks (w
), days (d
), hours (h
), minutes (m
), seconds (s
), and miliseconds (ms
), or some combination with multiple specifiers. For example, you can specify one week as 1w
, 7d
, 168h
, 10080m
, or 604800s
. You can also specify one week as 1w0d0h0m0s
.
DURATION
properties typically do not each support all duration specifiers (Mwdhms
). Examine the output of dsconf help-properties
for the property to determine which duration specifiers are supported.
INTEGER
A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647
. On 64-bit systems, 9223372036854775807
.
INTERVAL
An interval value of the form hhmm
-
hhmm
0123456
, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000
-2359
, and the second specifies days, starting with Sunday (0
) to Saturday (6
).
LDAP_URL
A valid LDAP URL as specified by RFC 2255 (http://www.ietf.org/rfc/rfc2255.txt
).
MEMORY_SIZE
A memory size specified in gigabytes (G
), megabytes (M
),kilobytes (k
), or bytes (b
). Unlike DURATION
properties, MEMORY_SIZE
properties cannot combine multiple specifiers. However, MEMORY_SIZE
properties allow decimal values, for example, 1.5M.
OCTAL_MODE
A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4
), write (2
), execute (1
), or no access (0
) permissions, thus 640
specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.
PATH
A valid, absolute file system path.
STRING
A DirectoryString value, as specified by RFC 2252 (http://www.ietf.org/rfc/rfc2252.txt
).
TIME
A time of the form hhmm in 24-hour format, where hh stands for hours and mm stands for minutes.
EXIT STATUS
The following exit status values are returned:
0
Successful completion.
An error occurred.
Examples
The following examples show how the dsconf
command is used.
$ dsconf create-suffix -h host -p port dc=example,dc=com
In this example, non-default ports are specified.
Check to see if the suffix has been created.
$ dsconf list-suffixes -h host -p port -v
$ dsconf import -h host -p port /opt/SUNWdsee7/resources/ldif/example.ldif dc=example,dc=com
In this example, the preferredLanguage
attribute is going to be indexed.
Create an index entry for the attribute. By default, the index matching types are equity and presence.
$ dsconf create-index -h host -p port dc=example,dc=com preferredLanguage
Check that the index entry has been created
$ dsconf get-index-prop -h host -p port dc=example,dc=com preferredLanguage
Generate the index for the attribute.
$ dsconf reindex -h host -p port -t preferredLanguage dc=example,dc=com
$ dsconf backup -h host -p port /tmp/backupArchiveDir
For complete backup procedures, see the Directory Server Enterprise Edition Administration Guide.
Search for the string cache
within the dsconf
help properties:
$ dsconf help-properties | grep cache
Determine which property is most applicable and request more information. In the results of the preceding step, cache-mem-size
seems to correspond. For additional information, use the verbose option:
$ dsconf help-properties -v | grep entry-cache-size SUF entry-cache-size rw MEMORY_SIZE (Ex: 3G,2m,200k,10000b) nsslapd-cachememsize Cache size in term of memory space: (Default: 10M)
Use the following information to interpret the results above:
SUF
This property applies to a suffix.
entry-cache-size
The name of the property
rw
You have read and write access to the property when using get-suffix-prop
and set-suffix-prop
.
MEMORY_SIZE
Use memory size values as described in this man page.
nsslapd-cachememsize
The attribute under cn=config
to which this property applies.
(Default: 10M)
The default value of this property
Determine the current value of entry-cache-size:
$ dsconf get-suffix-prop -h host -p port dc=example,dc=com entry-cache-size entry-cache-size : 10M
Change the value of entry-cache-size to 12M:
$ dsconf set-suffix-prop -h host -p port dc=example,dc=com entry-cache-size:12M
Check that the value has been changed:
$ dsconf get-suffix-prop -h host -p port dc=example,dc=com entry-cache-size entry-cache-size : 12M
$ dsconf export -h host -p port -f not-print-entry-ids -s ou=people,dc=example,dc=com -s ou=contractors,dc=example,dc=com dc=example,dc=com instance-path/ldif/export.ldif
This example shows a command that:
Uses the flag not-print-entry-ids
to request that entry IDs are not exported.
Exports data from two suffixes ou=people,dc=example,dc=com
and ou=contractors,dc=example,dc=com
into one LDIF file instance-path
/ldif/export.ldif
.
If you have a log which is getting very large, you can rotate the log. Rotation backs up the existing log file and creates a fresh log file. In this example, the access log is rotated.
Rotate the access log by using the command:
$ dsconf rotate-log-now -h host -p port access
You can now modify the delay between log rotations for the access log.
Find the property which sets maximum log size:
$ dsconf help-properties -v | grep LOG
The output from the previous command shows that the required property is rotation-interval
.
To see the default setting for rotation-interval
:
$ dsconf get-log-prop -h host -p port access rotation-interval
The default is one day 1d
.
To increase the rotation delay to two days, use the command:
$ dsconf set-log-prop -h host -p port access rotation-interval:2d
This procedure configures replication on a topology with two severs, and both are masters. Replication is configured first on one master, then on the second master. Master 1 is located on server1.example:1389
. Master 2 is located on server2.example:2389
.
On server 1: Create a suffix
$ dsconf create-suffix -h server1.example -p 1389 dc=example,dc=com
On Server 1: Populate the suffix with LDIF data
$ dsconf import -a -h server1.example -p 1389 /opt/SUNWdsee7/resources/ldif/Example.ldif dc=example,dc=com
If the import takes a long time, you can obtain status on the import operation using:
$ dsconf info -h server1.example -p 1389
or
$ dsconf show-task-status -h server1.example -p 1389 -v
Alternatively, you can view the status of the task while it is running by omitting the -a
option in the command.
On Server 1: Enable replication on Master 1. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.
$ dsconf enable-repl -h server1.example -p 1389 -d 1 master dc=example,dc=com
On server 2: Create a suffix
$ dsconf create-suffix -h server2.example -p 2389 dc=example,dc=com
On Server 2: Enable replication on Master 2. This step assigns a replication role and ID to an existing suffix. It also sets the replication manager bind DN to the default replication manager DN.
$ dsconf enable-repl -h server2.example -p 2389 -d 2 master dc=example,dc=com
On Server 1: Create a replication agreement from Master 1 to Master 2.
$ dsconf create-repl-agmt -h server1.example -p 1389 dc=example,dc=com server2.example:2389
On Server 2: Create a replication agreement from Master 2 to Master 1
$ dsconf create-repl-agmt -h server2.example -p 2389 dc=example,dc=com server1.example:1389
On Server 1: Check that the replication agreement status is OK.
$ dsconf show-repl-agmt-status -h server1.example -p 1389 dc=example,dc=com server2.example:2389
If the status is not OK, then accord the replication agreement.
$ dsconf accord-repl-agmt -h server1.example -p 1389 dc=example,dc=com server2.example:2389
On Server 1: From Master 1, initialize replication on Master 2. This step initializes Master 2 with the data contained in the suffix on Master 1 and starts replication.
$ dsconf init-repl-dest -h server1.example -p 1389 dc=example,dc=com server2.example:2389
The replication agreements in both directions are now active and replication is running.
Attributes
See attributes
(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability |
SUNWdsee7 |
Stability Level |
Evolving |
See Also