A.1 Oracle Unified Directory Command-Line Interface Reference

Follow these topics for a description of the command-line utilities used by Oracle Unified Directory to create, configure, and manage directory server, proxy server and replication gateway instances.

This appendix describes all of the commands that are provided with Oracle Unified Directory 11g Release 2 (11.1.2). Some commands are specific to a directory server instance and cannot be used to configure a proxy server. Similarly, some commands are specific to the proxy and cannot be used to configure a directory server.

A.1.1 General Command-Line Usage Information

Review these topics for general information on server commands usage.

A.1.1.1 Summary of Server Commands and Their Use

The tables in this section provide a summary of the server commands and how they can be used. The tables use the following legend:

Remote

The command can be launched on a remote server

Offline

The command can be launched when the server is stopped

Online

The command connects to a running server instance

Administration Port Only

The command must use the administration connector to access the server (on port 4444 by default)

Note:

Not all the commands listed in the following tables are supported for a proxy server instance.

The following table lists the server administration commands:

Table A-1 Server Administration Commands

Command Remote Offline Online Administration Connector

create-rc-script

dsconfig

X

X

X

dsjavaproperties

X

dsreplication

X

X

X

gicadm

X

X

X

oudExtractMovePlan

X

X

oudCopyConfig

X

X

oudPasteConfig

X

start-ds

X

status

X

X

X

X

stop-ds

X

X

X

uninstall

X

X

X

upgrade

X

windows-service

X

The following table lists the data administration commands:

Table A-2 Data Administration Commands

Command Remote Offline Online Administration Connector

backup

X *

X

X

X

base64

X

dbtest

X

encode-password

X

export-ldif

X *

X

X

X

import-ldif

X *

X

X

X

ldapcompare

X

X

ldapdelete

X

X

ldapmodify

X

X

ldappasswordmodify

X

X

ldapsearch

X

X

ldif-diff

X

ldifmodify

X

ldifsearch

X

list-backends

X

make-ldif

X

manage-account

X

X

X

manage-tasks

X

X

X

rebuild-index

X

restore

X *

X

X

X

split-ldif

X

X

verify-index

X

* The command can be launched remotely but the data files must be on the host on which the server is running.

A.1.1.2 Using a Properties File With Server Commands

Certain command-line utilities can use a common properties file to provide default values for options such as the following:

  • The host name and port number of the server

  • Whether to use SSL or StartTLS to communicate with the server

  • The bind DN to use when connecting to the server

A.1.1.2.1 Utilities That Can Use Properties Files

The following utilities can use a properties file:

  • backup

  • dsconfig

  • dsreplication

  • export-ldif

  • gicadm

  • import-ldif

  • split-ldif

  • ldapcompare

  • ldapdelete

  • ldapmodify

  • ldappasswordmodify

  • ldapsearch

  • manage-tasks

  • oud-setup

  • oud-proxy-setup

  • oud-replication-gateway-setup

  • restore

  • status

  • stop-ds

  • uninstall

The following mutually exclusive options are used with the command-line utilities to indicate whether a properties files is used:

--propertiesFilePath path

Specify the path to the file that contains default values for command-line options.

--noPropertiesFile

Indicates that the properties file is not used to obtain default values for command-line options.

A.1.1.2.2 How Properties Files are Located

Utilities that use the common properties file have the following default behavior:

  • If the --noPropertiesFile option is specified, the command-line interface does not try to locate a properties file. Only options specified on the command line are evaluated.

  • If the --propertiesFilePath option is specified, property values are read from this file.

  • If neither --propertiesFilePath nor --noPropertiesFile is specified, the command-line interface attempts to find a properties file in the following locations:

    • USERDIRECTORY/.opends/tools.properties

    • INSTANCE_DIR/OUD/config/tools.properties

  • If no properties file is found in either of these locations, the default behavior is applied (only arguments specified on the command line are evaluated).

A.1.1.2.3 Order of Precedence of Options and Properties

If an option is provided on the command line, this option and its corresponding value are used by the command-line interface. In other words, options specified on the command line take precedence over the properties defined in the properties file.

The properties file has the standard JAVA properties file format (property-name=value). As such, the file supports variations on property names to enable them to be overridden according to the command that uses them. For example, the properties file might contain the following:

hostname=localhost
port=4444
bindDN=cn=Directory Manager
bindPasswordFile=/path/pwd-file
baseDN=dc=example,dc=com
searchScope=sub
sortOrder=givenName
virtualListView=0:2:1:0

If a command-line interface uses the port property, the command first tries to locate a toolname.port definition. If this is not defined, the command tries to locate a port definition. For example, the properties file might have several port options defined for different utilities:

port=4444
ldapsearch.port=1389
ldapcompare.port=1389
ldapmodify.port=1389
ldapdelete.port=1389

Note:

Do not use quotation marks around the values in the properties file (for example, port="4444").

A.1.1.3 Using a Password File With Server Commands

Certain command-line utilities require a password file that contains only the password for the user account or entry (bindDN) using which bind is performed. You use the bind password in the specified file instead of passing it in clear text form on the command line.

Perform the following steps to create a text file, for instance pwd-file, to save the bindDN password.

  1. Navigate to the location where you want to create a text file to store the password.

  2. Create the text file that will only contain the password as follows:

    vi pwd-file

  3. Enter the password.

  4. Save and close the file.

You must use this password file, pwd-file, while specifying the -j or the --bindPasswordFile parameter for command-line utilities, such as dsconfig, dsreplication, oud-setup, and so on.

You must always specify the absolute or relative path to the password file if it does not exists in your current directory.

A.1.2 Server Administration Commands

You can review the different options and examples of each server administration command.

A.1.2.1 create-rc-script

The create-rc-script command generates a shell script to start, stop, and restart the directory server.

Synopsis

create-rc-script [options]

Description

The create-rc-script command can be used to generate a shell script to start, stop, and restart the directory server. You can update the resulting script to suit the needs of your directory service. This command is available for UNIX or Linux systems only.

The create-rc-script command uses the OPENDS_JAVA_* and JAVA_* variables.

Options

The create-rc-script command accepts an option in either its short form (for example, -f filename) or its long form equivalent (for example, --outputFile filename).

-f, --outputFile filename

Specify the path to the output file.

-j, --javaHome javaHomePath

Specify the path to the Java installation that should be used to run the server.

-J, --javaArgs javaArgs

Specify the set of arguments that should be passed to the JVM when running the server.

-u, --userName userName

Specify the name of the user account under which the server should run. The user account must have the appropriate permissions to run the script.

General Options

--version

Display the version information for the directory server.

-?, -H, --help

Display command-line usage information for the create-rc-script command.

Examples

The examples in this section explain how to use the create-rc-script command.

Creating the Script

The following command generates the script to start, stop, and restart the directory server. It creates the file called myscript, specified by the -f option:

$ create-rc-script -f myscript

Starting the Directory Server by Using the New Script

The following command uses the newly created script (see previous example) to start the directory server.

$ myscript start

Stopping the Directory Server by Using the New Script

The following command uses the newly created script (see first example) to stop the directory server.

$ myscript stop

Restarting the Directory Server by Using the New Script

The following command uses the newly created script (see first example) to restart the directory server.

$ myscript restart

Specifying JAVA_HOME and JAVA_ARGS in the Script

The following command uses the -u (--userName), -j (--javaHome) and -J (--javaArgs) options.

$ create-rc-script -f myscript -u sysAdmin -j /usr/java -J "-Xms128m -Xmx128m"

Code Generated by the create-rc-script Command

The create-rc-script command from the example above generates the following code:

# /bin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License, Version 1.0 only
# (the "License").  You may not use this file except in compliance
# with the License.
#
# You can obtain a copy of the license at
# https://OpenDS.dev.java.net/OpenDS.LICENSE.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at
# trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
# add the following below this CDDL HEADER, with the fields enclosed
# by brackets "[]" replaced with your own identifying information:
#      Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END

# Set the path to the OpenDS instance to manage
INSTANCE_ROOT="/usr/local/opends/standalone/ds-server-1"
export INSTANCE_ROOT

# Specify the path to the Java installation to use
OPENDS_JAVA_HOME="/usr/java"
export OPENDS_JAVA_HOME

# Specify arguments that should be provided to the JVM
JAVA_ARGS="-Xms128m -Xmx128m"
export JAVA_ARGS

# Determine what action should be performed on the server
case "${1}" in
start)
/bin/su sysAdmin "${INSTANCE_ROOT}/bin/start-ds" --quiet
exit ${?}
;;
stop)
/bin/su sysAdmin "${INSTANCE_ROOT}/bin/stop-ds" --quiet
exit ${?}
;;
restart)
/bin/su sysAdmin "${INSTANCE_ROOT}/bin/stop-ds" --restart --quiet
exit ${?}
;;
*)

echo "Usage:  $0 { start | stop | restart }"
exit 1
;;
esac

Exit Codes

An exit code of 0 indicates success. A nonzero exit code indicates that an error occurred.

Location

The create-rc-script command is located at this path:

UNIX and Linux: INSTANCE_DIR/OUD/bin

Related Commands

A.1.2.2 dps2oud

The dps2oud command allows you to migrate a Directory Proxy Server (DPS) configuration to an Oracle Unified Directory configuration.

Synopsis

dps2oud [options]

Description

The dps2oud command allows you to migrate a DPS configuration to an Oracle Unified Directory configuration. The dps2oud command takes a DPS configuration as the input and generates a batch file that comprises dsconfig commands, which are used to create an equivalent Oracle Unified Directory configuration. The dps2oud command reads the DPS configuration either through a file or through the LDAP protocol on a running DPS instance.

Options

The dps2oud command accepts the following options.

-o, --outputFile file

The output file for dsconfig commands.

-f, --dpsConfigFile file

Specifies the name of the DPS config file to use.

-c, --createDisabledObjects

Creates DPS-disabled objects.

-P, --printDsConfigCmds

Prints dsconfig commands.

LDAP Connection Options

-h, --hostname host

DPS server hostname or IP address.

-j, --bindPasswordFile filename

The full path to the file containing the bind password.

-p, --port port

DPS server port number.

-D, --BindDN bindDN

DN to use to bind to the DPS server.

General Options

-?, -H, --help

Displays command-line usage information for the command and exit without making any attempt to stop or restart the directory server.

-V, --version

Displays the version information for the directory server.

Examples

The following examples show how to use the dps2oud command.

Viewing the Global Help Subcommands

The following command displays the available global Help subcommands:

$ dps2oud --help

Migrating a Directory Proxy Server Configuration to an Oracle Unified Directory Configuration

You can migrate a DPS configuration to an Oracle Unified Directory configuration using one of the following methods:

Method 1: Reading a DPS configuration from an LDIF file

The following command displays how to read a DPS configuration from an LDIF file:

$ dps2oud -f dse.ldif -o oud_conf_cmds

The following command provides the path to a batch file containing a set of dsconfig commands to be executed:

$ dsconfig -F oud_conf_cmds

Method 2: Reading a DPS configuration from a running DPS instance

The following command displays how to read a DPS configuration from a DPS instance:

$ dps2oud -h dpsHost -p 389 -D "cn=Proxy Manager"  -j /path/pwd-file -o oud_conf_cmds 

The following command provides the path to a batch file containing a set of dsconfig commands to be executed:

$ dsconfig -F oud_conf_cmds

Exit Codes

An exit code of 0 indicates that the operation completed successfully. A nonzero exit code indicates that an error occurred during processing.

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/dps2oud

  • Windows: INSTANCE_DIR\OUD\bat\dps2oud.bat

Related Commands

A.1.2.3 ds2oud

The ds2oud command manages the migration from an Oracle Directory Server Enterprise Edition directory server instance to Oracle Unified Directory.

Synopsis

ds2oud [options]

Description

The ds2oud command enables you to manage the migration from an Oracle Directory Server Enterprise Edition directory server instance to Oracle Unified Directory. The ds2oud command first allows you to diagnose the targeted Oracle Directory Server Enterprise Edition directory server, and then performs the migration task. It is based on the premise that the existing Oracle Unified Directory instance is modified to be compatible with the Oracle Directory Server Enterprise Edition directory server to be migrated. The ds2oud command runs in interactive mode, if you do not specify options. Interactive mode works much like a wizard, walking you through every aspect of the migration.

You can also run the ds2oud command in batch mode. In batch mode, a batch file that comprises dsconfig commands is generated. These commands are used to create an equivalent Oracle Unified Directory configuration. So, you can run ds2oud once, and create a single batch file that can be used to configure any number of Oracle Unified Directory instances.

You must ensure while running the ds2oud command that the Oracle Unified Directory instance (to which the Oracle Directory Server Enterprise Edition instance is being migrated) is configured without any suffixes.

Options

The ds2oud command accepts the following options.

-d, --diagnose

Diagnoses the targeted Oracle Directory Server Enterprise Edition directory server.

-f, --ldifDBFile file

Diagnoses the Oracle Directory Server Enterprise Edition directory server LDIF database file.

-u, --userSchemaFile file

Specifies the user schema to be taken into consideration. It applies to -f subcommand.

-a, --migrateAll

Propagates schema and configuration elements from Oracle Directory Server Enterprise Edition directory server to Oracle Unified Directory server.

-s, --migrateUserSchema

Propagates the User schema from Oracle Directory Server Enterprise Edition directory server to Oracle Unified Directory server.

You must migrate the schema before you migrate the configuration, otherwise the migration can produce unpredictable results.

-c, --migrateConfiguration

Propagates configuration elements from Oracle Directory Server Enterprise Edition directory server to Oracle Unified Directory server.

You must migrate the schema before you migrate the configuration, otherwise the migration can produce unpredictable results.

-A, --adaptDseeData {file}

Adapts an Oracle Directory Server Enterprise Edition 6.3 LDIF data file to ease import on Oracle Unified Directory, producing a result file, {file}_result.ldif

-w, --uniqueWorkflowElement

Use a unique workflow element for all the naming contexts to migrate. This applies to -c subcommand.

Oracle Directory Server Enterprise Edition LDAP Connection Options

-D, --odseeBindDN bindDN

DN to use to bind to the Oracle Directory Server Enterprise Edition server.

-j, --odseeBindPasswordFile filename

Oracle Directory Server Enterprise Edition bind password file.

-h, --odseeHostname host

Oracle Directory Server Enterprise Edition server hostname. The default value is localhost.

-p, --odseePort port

Oracle Directory Server Enterprise Edition server port number. The default value is 389.

-Z, --odseeUseSSL

Establishes an Oracle Directory Server Enterprise Edition SSL-encrypted connection.

-P, --odseeTrustStorePath trustStorePath

Use the Oracle Directory Server Enterprise Edition trust store certificate in the specified path. This option is not needed if -X is used, although a trust store should be used when working in a production environment.

-U, --odseeTrustStorePasswordFile filename

Use the password in the specified file to access the certificates in the Oracle Directory Server Enterprise Edition trust store. This option is only required if --odseeTrustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

-X, --odseeTrustAll

Trust all certificate that the Oracle Directory Server Enterprise Edition server presents. This option can be used for testing purposes, but for security reasons, a trust store should be used to determine whether the Oracle Directory Server Enterprise Edition should accept the server certificate.

Oracle Unified Directory LDAP Connection Options

--oudBindDN bindDN

DN to use to bind to the Oracle Unified Directory server.

--oudBindPasswordFile filename

Oracle Unified Directory bind password file.

--oudHostname host

Oracle Unified Directory server hostname. The default value is localhost.

--oudPort port

Oracle Unified Directory server port number. The default value is 389.

--oudAdminPort port

Oracle Unified Directory server administration port. The default value is 444.

--oudUseSSL

Establishes an Oracle Unified Directory SSL-encrypted connection.

--oudTrustStorePath trustStorePath

Use the Oracle Unified Directory trust store certificate in the specified path.

--oudTrustStorePasswordFile filename

Use the password in the specified file to access the certificates in the Oracle Unified Directory trust store. This option is only required if --oudTrustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

--oudTrustAll

Trust all certificate that the Oracle Unified Directory server presents. This option can be used for testing purposes, but for security reasons, a trust store should be used to determine whether the Oracle Unified Directory should accept the server certificate.

Command Input/Output Options

-n, --no-prompt

Use the non-interactive mode. If data in the command is missing, the user is not prompted and the tool fails.

-o, --outputFile filename

Redirects the output into the specified output file.

-F, --batchFilePath filename

This option specifies the name of the output file that contains a set of dsconfig commands to execute to migrate the configuration.

When you run ds2oud with this option, a batch file is generated that includes all of the dsconfig commands required to create the equivalent Oracle Unified Directory configuration. So, you can run ds2oud once, and create a single batch file that can be used to configure any number of Oracle Unified Directory instances.

--displayCommand

Display the equivalent non-interactive dsconfig commands (for the migration of Oracle Directory Server Enterprise Edition configuration parameters).

General Options

-?, -H, --help

Displays command-line usage information for the command and exit without making any attempt to stop or restart the directory server.

-V, --version

Displays the version information for the directory server.

Examples

The following examples show how to use the ds2oud command.

Viewing the Global Help Subcommands

The following command displays the available global Help subcommands:

$ ds2oud --help

Running ds2oud in Interactive Mode From the Command Line

The ds2oud command can be run in interactive mode, where you are prompted for migration options. To run ds2oud in interactive mode, type the following command:

$ ds2oud
What do you want to do ?

1)  Diagnose an ODSEE directory server instance
2)  Diagnose an ODSEE LDIF data file
3)  Migrate the user schema and global configuration parameters
4)  Migrate the user schema only
5)  Migrate global configuration parameters only
6)  Adapt DSEE 6.3 LDIF data file to ease import on OUD

c)  cancel

For each preceding action, you must first provide the connection options for the Oracle Directory Server Enterprise Edition server (for diagnosis) or both the Oracle Directory Server Enterprise Edition and Oracle Unified Directory servers (for migration).

Running ds2oud for Diagnosing Data

The following command is run to diagnose the data present in the Oracle Directory Server Enterprise Edition directory server:

$ ds2oud -f odseeDataFile.ldif -u 99user.ldif

*******************************************************************************
* Diagnose ODSEE LDIF data file :  odseeDataFile.ldif
*******************************************************************************
The data were validated successfully regarding the OUD schema

Migrating an Existing Oracle Directory Server Enterprise Edition Configuration to an Oracle Unified Directory Configuration

Use the following commands to migrate an existing Oracle Directory Server Enterprise Edition Configuration to a new Oracle Unified Directory Configuration

The following command migrates an existing Oracle Directory Server Enterprise Edition configuration and schema:

$ ds2oud --migrateAll -D "cn=directory manager"
-j /tmp/pwd -h hostname -p ldapPort  
--oudBindDN "cn=directory manager" --oudBindPasswordFile /tmp/pwd
--oudHostname hostname2 --oudPort ldapPort2 --oudAdminPort adminPort  -n

The following command provides the path to a batch file containing a set of dsconfig commands to be executed to create a new Oracle Unified Directory configuration:

$ ds2oud --migrateConfiguration --batchFilePath batchFile
-D "cn=directory manager" -j /tmp/pwd -h hostname 
-p ldapPort --oudBindDN "cn=directory manager"
--oudBindPasswordFile /tmp/pwd  --oudHostname hostname2 
--oudPort ldapPort2 --oudAdminPort adminPort -n

Exit Codes

0

Successful.

1

Unable to initialize arguments.

2

Cannot parse arguments because the provided arguments are not valid or there was an error checking the user data.

3

At least one step into the migration process has failed.

4

The user canceled the operation in interactive mode.

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/ds2oud

  • Windows: INSTANCE_DIR\OUD\bat\ds2oud.bat

Related Commands

A.1.2.4 dsconfig

The dsconfig command allows you to define a base configuration for the Directory Server.

Synopsis

dsconfig [subcommands] [Options]

Description

The dsconfig command enables you to create, manage, and remove the base configuration for a server instance. The server configuration is organized as a set of components that dsconfig can access by using one or more subcommands. All components have zero or more configurable properties. These properties can be queried and modified to change the behavior of the component.

The dsconfig command accesses the server over SSL through the administration connector (described in Managing Administration Traffic to the Server).

Unless you specify all configuration parameters and the -n (--no-prompt) option, dsconfig runs in interactive mode. Interactive mode works much like a wizard, walking you through every aspect of the server configuration. For more information, see Using dsconfig in Interactive Mode.

Help Subcommands

The dsconfig command provides help functions that list the component subcommands needed to manage your base configuration.

--help-distribution

Display subcommands relating to distribution.

--help-general-configuration

Display subcommands relating to general configuration.

--help-integration

Display subcommands relating to integration.

--help-load-balancing

Display subcommands relating to load balancing.

--help-local-datasource

Display subcommands relating to local data source.

--help-remote-datasource

Display subcommands relating to remote data source.

--help-replication

Display subcommands relating to replication.

--help-schema

Display subcommands relating to schema.

--help-security

Display subcommands relating to authentication and authorization.

--help-virtualization

Display subcommands relating to virtualization.

--help-all

Display all subcommands.

General Subcommands

The following subcommand lists the objects and properties of the server instance.

list-properties

Displays the managed objects and properties. Option types are as follows:

r — Property values are readable.

w — Property values are writable.

m — The property is mandatory.

s — The property is single-valued.

a — Administrative action is required for changes to take effect.

Suboptions are as follows:

-t, --type type. Component type.

-c, --category category. Category of the component. The value for type must be one of the component types associated with the category that is specified using the --category suboption.

--inherited. Modifies the display output to show the inherited properties of components.

--advanced. Modifies the display output to show the advanced properties of components.

--property property. The name of a property to be displayed.

Distribution Subcommands

The following subcommands allow you to define the base configuration for the directory server.

create-distribution-algorithm

Creates distribution algorithms. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Distribution Algorithm that should be created. The value for type can be one of capacity, dnpattern, generic, lexico, or numeric.

create-distribution-partition

Creates distribution partitions. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--partition-name name. The name of the new distribution partition.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Distribution Partition that should be created. The value for type can be one of capacity, dnpattern, generic, lexico, or numeric.

create-workflow-element --type distribution

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-global-index

Creates global indexes. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--index-name name. The name of the new Global Index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-extension --type global-index-catalog

Creates Extensions. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Extension that should be created. The value for type can be one of global-index-catalog, global-index-catalogs-shared-cache, ldap-server.

create-global-index-catalog-replication-domain

Creates global index catalog replication domains. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-extension --type global-index-catalogs-shared-cache

Creates Extensions. Suboptions are as follows:

--extension-name name. The name of the new Extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Extension that should be created. The value for type can be one of global-index-catalog, global-index-catalogs-shared-cache, ldap-server.

create-workflow-element --type global-index-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, chema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type global-index-replication-changes-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, chema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

delete-distribution-algorithm

Deletes distribution algorithms. Suboptions are as follows:

--element-name name. The name of the Distribution Workflow Element.

-f,--force. Ignore nonexistent distribution algorithms.

delete-distribution-partition

Deletes distribution partitions. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--partition-name name. The name of the distribution partition.

-f,--force. Ignore nonexistent distribution partitions.

delete-extension

Deletes Extensions. Suboptions are as follows:

--extension-name name. The name of the Extension.

-f,--force. Ignore nonexistent extensions.

delete-global-index

Deletes global indexes. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--index-name name. The name of the Global Index.

-f,--force. Ignore nonexistent global indexes.

delete-global-index-catalog-replication-domain

This command is supported only for the proxy. To manage the global index see gicadm

Deletes global index catalog replication domains. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

-f,--force. Ignore nonexistent global index catalog replication domains.

delete-workflow-element

Deletes Workflow Elements. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

-f,--force. Ignore nonexistent workflow element.

get-data-encryption-prop

Shows data encryption properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-distribution-algorithm-prop

Shows distribution algorithm properties. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-distribution-partition-prop

Shows distribution partition properties. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--partition-name name. The name of the distribution partition.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-global-index-catalog-replication-domain-prop

This command is supported only for the proxy. To manage the global index see gicadm

Shows global index catalog replication domain properties. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-global-index-prop

This command is supported only for the proxy. To manage the global index see gicadm

Shows Global index properties. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--index-name name. The name of the Global Index.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-distribution-algorithm

This command is supported for only proxy.

Lists existing distribution algorithm. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-distribution-partitions

This command is supported only for the proxy.

Lists existing distribution partitions. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-extensions

Lists existing Extensions. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-global-index-catalog-replication-domain

This command is supported only for the proxy. To manage the global index see gicadm

Lists existing global index catalog replication domain. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-global-indexes

Lists existing global indexes. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing Workflow Elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-data-encryption-prop

Modifies Data Encryption properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-distribution-algorithm-prop

This command is supported only for the proxy.

Modifies distribution algorithm properties. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-distribution-partition-prop

This command is supported only for the proxy.

Modifies distribution partition properties. Suboptions are as follows:

--element-name name. The name of the distribution workflow element.

--partition-name name. The name of the distribution partition.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-extension-prop

Modifies Extension properties. Suboptions are as follows:

--extension-name name. The name of the Extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-global-index-catalog-replication-domain-prop

This command is supported only for the proxy.

Modifies global index catalog replication domain properties. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-global-index-prop

This command is supported only for the proxy.

Modifies global index properties. Suboptions are as follows:

--extension-name name. The name of the Global Index Catalog Extension.

--index-name name. The name of the Global Index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

Modifies Workflow Element properties. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

General Configuration Subcommands

The following subcommands configure the core server.

create-alert-handler

Creates alert handlers. Suboptions are as follows:

--handler-name name. The name of the new alert handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Alert Handler that should be created. The value for type can be one of custom, jmx, or smtp.

create-certificate-mapper

Creates certificate mappers. Suboptions are as follows:

--mapper-name name. The name of the new certificate mapper.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Certificate Mapper that should be created. The value for type can be one of custom, fingerprint, subject-attribute-to-user-attribute, subject-dn-to-user-attribute, or subject-equals-dn.

create-connection-handler

Creates connection handlers. Suboptions are as follows:

--handler-name name. The name of the new connection handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Connection Handler that should be created. The value for type can be one of custom, jmx, ldap, snmp, or ldif.

create-debug-target

Creates debug targets. Suboptions are as follows:

--publisher-name name. The name of the debug log publisher.

--target-name java-name. The name of the new debug target, which will also be used as the value for the debug-scope property. The fully-qualified Oracle Unified Directory Java package, class, or method affected by the settings in this target definition. Use the hash symbol (#) to separate the class name and the method name (for example, org.opends.server.core.DirectoryServer#startUp).

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-extended-operation-handler

This command is not supported for the proxy.

Creates extended operation handlers. Suboptions are as follows:

--handler-name name. The name of the new extended operation handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Extended Operation handler that should be created. The value for type can be one of cancel, custom, get-connection-id, get-symmetric-key, password-modify, password-policy-state, start-tls, or who-am-i.

create-identity-mapper

Creates identity mappers. Suboptions are as follows:

--mapper-name name. The name of the new identity mapper.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Identity Mapper that should be created. The value for type can be one of custom,exact-match, or match-and-replace.

create-log-publisher

Creates log publishers. Suboptions are as follows:

--publisher-name name. The name of the new log publisher.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Log Publisher that should be created. The value for type can be one of custom-access, custom-debug, custom-error, file-based-access, file-based-debug, or file-based-error.

create-log-retention-policy

Creates Log Retention Policies. Suboptions are as follows:

--policy-name name. The name of the new log retention policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Log Retention Policy that should be created. The value for type can be one of custom,file-count, free-disk-space, or size-limit.

create-log-rotation-policy

Creates log rotation policies. Suboptions are as follows:

--policy-name name. The name of the new log rotation policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Log Rotation Policy that should be created. The value for type can be one of custom, fixed-time, size-limit, or time-limit.

create-workflow-element --type monitor-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, chema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-network-group

Creates network groups. Suboptions are as follows:

--group-name name. The name of the new network group.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-network-group-qos-policy

Creates network group resource limits. Suboptions are as follows:

--group-name name. The name of the network group.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Quality of Service Policy that should be created. The value for type can be one of the following affinity, referral, request-filtering, or resource-limits.

create-workflow

Creates workflows. Suboptions are as follows:

--workflow-name name. The name of the new workflow. This name will also be used as The value for the workflow-id property.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

delete-alert-handler

Deletes alert handlers. Suboptions are as follows:

--handler-name name. The name of the alert handler.

-f,--force. Ignore nonexistent alert handlers.

delete-certificate-mapper

Deletes certificate mappers. Suboptions are as follows:

--mapper-name name. The name of the certificate mapper.

-f,--force. Ignore nonexistent certificate mappers.

delete-connection-handler

Deletes connection handlers. Suboptions are as follows:

--handler-name name. The name of the connection handler.

-f,--force. Ignore nonexistent connection handlers.

delete-debug-target

Deletes debug targets. Suboptions are as follows:

--publisher-name name. The name of the debug log publisher.

--target-name name. The name of the debug target.

-f,--force. Ignore nonexistent debug targets.

delete-extended-operation-handler

Deletes extended operation handlers. Suboptions are as follows:

--handler-name name. The name of the extended operation handler.

-f,--force. Ignore nonexistent extended operation handlers.

delete-identity-mapper

Deletes identity mappers. Suboptions are as follows:

--mapper-name name. The name of the identity mapper.

-f,--force. Ignore nonexistent identity mappers.

delete-log-publisher

Deletes log publishers. Suboptions are as follows:

--publisher-name name. The name of the log publisher.

-f,--force. Ignore nonexistent log publishers.

delete-log-retention-policy

Deletes Log Retention Policies. Suboptions are as follows:

--policy-name name. The name of the log retention policy.

-f,--force. Ignore nonexistent Log Retention Policies.

delete-log-rotation-policy

Deletes log rotation policies. Suboptions are as follows:

--policy-name name. The name of the log rotation policy.

-f,--force. Ignore nonexistent log rotation policies.

delete-network-group

Deletes network group. Suboptions are as follows:

--group-name name. The name of the network group.

-f,--force. Ignore nonexistent network groups.

delete-network-group-qos-policy

Deletes network group quality of service policy. Suboptions are as follows:

--group-name name. The name of the network group.

--policy-type name. The name of the QOS policy.

-f,--force. Ignore nonexistent network group resource limits.

delete-workflow

Deletes workflow. Suboptions are as follows:

-f,--force. Ignore nonexistent workflow.

--workflow-name name. The name of the workflows.

delete-workflow-element

Deletes Workflow Elements. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

-f,--force. Ignore nonexistent workflow elements.

get-administration-connector-prop

Shows administration connector properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-alert-handler-prop

Shows alert handler properties. Suboptions are as follows:

--handler-name name. The name of the alert handler.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-certificate-mapper-prop

Shows certificate mapper properties. Suboptions are as follows:

--mapper-name name. The name of the certificate mapper.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-connection-handler-prop

Shows connection handler properties. Suboptions are as follows:

--handler-name name. The name of the connection handler.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-debug-target-prop

Shows debug target properties. Suboptions are as follows:

--publisher-name name. The name of the debug log publisher.

--target-name name. The name of the debug target.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-extended-operation-handler-prop

Shows extended operation handler properties. Suboptions are as follows:

--handler-name name. The name of the extended operation handler.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-global-configuration-prop

Shows global configuration properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-identity-mapper-prop

Shows identity mapper properties. Suboptions are as follows:

--mapper-name name. The name of the identity mapper.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-log-publisher-prop

Shows log publisher properties. Suboptions are as follows:

--publisher-name name. The name of the log publisher.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-log-retention-policy-prop

Shows log retention policy properties. Suboptions are as follows:

--policy-name name. The name of the log retention policy.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-log-rotation-policy-prop

Shows log rotation policy properties. Suboptions are as follows:

--policy-name name. The name of the log rotation policy.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-network-group-prop

Shows network group properties. Suboptions are as follows:

--group-name name. The name of the network group.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-network-group-qos-policy-prop

Shows network group quality of service policy properties. Suboptions are as follows:

--group-name name. The name of the network group.

--policy-type name. The name of the quality of service policy.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-plugin-root-prop

Shows plugin root properties.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-root-dse-backend-prop

Shows root DSE backend properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-work-queue-prop

Shows work queue properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-workflow-prop

Shows workflow properties. Suboptions are as follows:

--workflow-name name. The name of the workflow.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-alert-handlers

Lists existing alert handlers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-certificate-mappers

Lists existing certificate mappers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-connection-handlers

Lists existing connection handlers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-debug-targets

Lists existing debug targets. Suboptions are as follows:

--publisher-name name. The name of the Debug Log Publisher.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-extended-operation-handlers

Lists existing extended operation handlers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-identity-mappers

Lists existing identity mappers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-log-publishers

Lists existing log publishers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-log-retention-policies

Lists existing log retention policies. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-log-rotation-policies

Lists existing log rotation policies. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-network-group-qos-policies

Lists existing network group QOS policies. Suboptions are as follows:

--group-name name. The name of the Network Group.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-network-groups

Lists existing network groups. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing Workflow Elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflows

Lists existing workflows. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-administration-connector-prop

Modifies administration connector properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-alert-handler-prop

Modifies alert handler properties. Suboptions are as follows:

--handler-name name. The name of the alert handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-certificate-mapper-prop

Modifies certificate mapper properties. Suboptions are as follows:

--mapper-name name. The name of the certificate mapper.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-connection-handler-prop

Modifies connection handler properties. Suboptions are as follows:

--handler-name name. The name of the connection handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-debug-target-prop

Modifies debug target properties. Suboptions are as follows:

--publisher-name name. The name of the debug log publisher.

--target-name name. The name of the debug target.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-extended-operation-handler-prop

Modifies extended operation handler properties. Suboptions are as follows:

--handler-name name. The name of the extended operation handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-global-configuration-prop

Modifies global configuration properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-identity-mapper-prop

Modifies identity mapper properties. Suboptions are as follows:

--mapper-name name. The name of the identity mapper.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-log-publisher-prop

Modifies log publisher properties. Suboptions are as follows:

--publisher-name name. The name of the log publisher.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-log-retention-policy-prop

Modifies log retention policy properties. Suboptions are as follows:

--policy-name name. The name of the log retention policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-log-rotation-policy-prop

Modifies log rotation policy properties. Suboptions are as follows:

--policy-name name. The name of the log rotation policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-network-group-prop

Modifies network group properties. Suboptions are as follows:

--group-name name. The name of the network group.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-network-group-qos-policy-prop

Modifies network group quality of service policy properties. Suboptions are as follows:

--group-name name. The name of the network group.

--policy-type name. The name of the QOS policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-plugin-root-prop

Modifies plugin root properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-root-dse-backend-prop

Modifies root DSE back end properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-work-queue-prop

Modifies work queue properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

Modifies Workflow Element properties. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-prop

Modifies workflow properties. Suboptions are as follows:

--workflow-name name. The name of the workflow.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Load Balancing Subcommands

The following subcommands configure load balancing for the proxy server.

create-load-balancing-algorithm

This command is supported only for the proxy.

Creates load balancing algorithms. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Load Balancing Algorithm that should be created. The value for type can be failover, generic, optimal, proportional, saturation, or searchfilter. The default value is generic.

create-load-balancing-route

This command is supported only for the proxy.

Creates load balancing routes. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--route-name name. The name of the new load balancing route.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Load Balancing Route that should be created. The value for type can be failover, generic, optimal, proportional, saturation, or searchfilter. The default value is generic.

create-workflow-element --type load-balancing

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Workflow Element that should be created. The value for type can be one of The type of Workflow Element which should be created. The value for TYPE can be one of: ad-paging,ad-password,backup-local-backend,db-local-backend,distribution,dn-renaming,dynamic-entry-tree,dynamic-groups,eus,eus-alias-resolution,eus-context,fa,flat-tree,fork-join,get-rid-of-duplicate,global-index-local-backend,global-index-replication-changes-local-backend,hide-entries-by-filter,join,kerberos-auth-provider,ldif-local-backend,load-balancing,memory-local-backend,monitor-local-backend,null-local-backend,pass-through-authentication,plugin,proxy-ldap,rdbms,rdn-changing, saml-xasp,schema-local-backend,transformations,trust-store-local-backend,union,virtual-member-of.

delete-load-balancing-algorithm

Deletes load balancing algorithm. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

-f,--force. Ignore nonexistent load balancing algorithms.

delete-load-balancing-route

Deletes load balancing routes. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--route-name name. The name of the load balancing route.

-f,--force. Ignore nonexistent load balancing route.

delete-workflow-element

Deletes Workflow Elements. Suboptions are as follows:

--element-name name. The name of the workflow element.

-f,--force. Ignore nonexistent workflow element.

get-load-balancing-algorithm-prop

Shows load balancing algorithm properties. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-load-balancing-route-prop

This command is supported only for the proxy.

Shows load balancing route properties. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--route-name name. The name of the load balancing route.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-load-balancing-algorithm

This command is supported only for the proxy.

Lists existing load balancing algorithm. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-load-balancing-routes

This command is supported only for the proxy.

Lists existing load balancing routes. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing Workflow Elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-load-balancing-algorithm-prop

This command is supported only for the proxy.

Modifies load-balancing algorithm properties. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-load-balancing-route-prop

This command is supported only for the proxy.

Modifies load balancing route properties. Suboptions are as follows:

--element-name name. The name of the load balancing workflow element.

--route-name name. The name of the load balancing route.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

Modifies Workflow Element properties. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Local Data Source Subcommands

create-account-status-notification-handler

Creates account status notification handlers. Suboptions are as follows:

--handler-name name. The name of the new account status notification handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Account Status Notification Handler that should be created. The value for type can be one of custom, error-log, or smtp.

create-workflow-element --type backup-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging,ad-password,backup-local-backend,db-local-backend,distribution,dn-renaming,dynamic-entry-tree,dynamic-groups,eus, eus-alias-resolution,eus-context,fa,flat-tree,fork-join,get-rid-of-duplicate,global-index-local-backend,global-index-replication-changes-local-backend,hide-entries-by-filter,join,kerberos-auth-provider,ldif-local-backend,load-balancing,memory-local-backend,monitor-local-backend ,null-local-backend,pass-through-authentication,plugin,proxy-ldap,rdbms,rdn-changing,saml-xasp,schema-local-backend,transformations,trust-store-local-backend,union,virtual-member-of.

create-workflow-element --type db-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging,ad-password,backup-local-backend,db-local-backend,distribution,dn-renaming,dynamic-entry-tree,dynamic-groups,eus, eus-alias-resolution,eus-context,fa,flat-tree,fork-join,get-rid-of-duplicate,global-index-local-backend,global-index-replication-changes-local-backend,hide-entries-by-filter,join,kerberos-auth-provider,ldif-local-backend,load-balancing,memory-local-backend,monitor-local-backend ,null-local-backend,pass-through-authentication,plugin,proxy-ldap,rdbms,rdn-changing,saml-xasp,schema-local-backend,transformations,trust-store-local-backend,union,virtual-member-of.

create-entry-cache

Creates entry caches. Suboptions are as follows:

--cache-name name. The name of the new Entry Cache.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Entry Cache that should be created. The value for type can be one of custom, fifo,file-system, or soft-reference.

create-group-implementation

This command is not supported for the proxy.

Creates group implementations. Suboptions are as follows:

--implementation-name name. The name of the new group implementation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Group Implementation that should be created. The value for type can be one of dynamic, static, or virtual-static.

create-workflow-element --type ldif-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging,ad-password,backup-local-backend,db-local-backend,distribution,dn-renaming,dynamic-entry-tree,dynamic-groups,eus, eus-alias-resolution,eus-context,fa,flat-tree,fork-join,get-rid-of-duplicate,global-index-local-backend,global-index-replication-changes-local-backend,hide-entries-by-filter,join,kerberos-auth-provider,ldif-local-backend,load-balancing,memory-local-backend,monitor-local-backend ,null-local-backend,pass-through-authentication,plugin,proxy-ldap,rdbms,rdn-changing,saml-xasp,schema-local-backend,transformations,trust-store-local-backend,union,virtual-member-of

create-local-db-index

Creates local DB indexes. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the new local DB index, which is also used as the value for the attribute property. This specifies the name of the attribute for which the index is to be maintained.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-local-db-vlv-index

Creates local DB VLV indexes. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the new local DB VLV index, which is also used as the value of the name property. This property specifies a unique name for this VLV index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-workflow-element --type memory-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging,ad-password,backup-local-backend,db-local-backend,distribution,dn-renaming,dynamic-entry-tree,dynamic-groups,eus, eus-alias-resolution,eus-context,fa,flat-tree,fork-join,get-rid-of-duplicate,global-index-local-backend,global-index-replication-changes-local-backend,hide-entries-by-filter,join,kerberos-auth-provider,ldif-local-backend,load-balancing,memory-local-backend,monitor-local-backend ,null-local-backend,pass-through-authentication,plugin,proxy-ldap,rdbms,rdn-changing,saml-xasp,schema-local-backend,transformations,trust-store-local-backend,union,virtual-member-of

create-workflow-element --type null-local-backend

Creates Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging,ad-password,backup-local-backend,db-local-backend,distribution,dn-renaming,dynamic-entry-tree,dynamic-groups,eus, eus-alias-resolution,eus-context,fa,flat-tree,fork-join,get-rid-of-duplicate,global-index-local-backend,global-index-replication-changes-local-backend,hide-entries-by-filter,join,kerberos-auth-provider,ldif-local-backend,load-balancing,memory-local-backend,monitor-local-backend ,null-local-backend,pass-through-authentication,plugin,proxy-ldap,rdbms,rdn-changing,saml-xasp,schema-local-backend,transformations,trust-store-local-backend,union,virtual-member-of

create-password-generator

Creates password generators. Suboptions are as follows:

--generator-name name. The name of the new password generator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of password generator that should be created. The value for type can be one of custom or random.

create-password-policy

Creates password Policies. Suboptions are as follows:

--policy-name name. The name of the new password policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-plugin --type password-policy-import

Creates Plugins. Suboptions are as follows:

--plugin-name name. The name of the new Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Plugin that should be created. The value for type can be one of dsee-gateway, password-policy-import, referential-integrity, seven-bit-clean, unique-attribute.

create-password-storage-scheme

Creates password storage schemes. Suboptions are as follows:

--scheme-name name. The name of the new password storage scheme.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of password Storage scheme that should be created. The value for type can be one of aes, base64, blowfish, clear, crypt, custom, md5, rc4, salted-md5, salted-sha1, salted-sha256, sha256, salted-sha384, salted-sha512, sha512, sha1, or triple-des.

create-password-validator

Creates password validators. Suboptions are as follows:

--validator-name name. The name of the new password validator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of password validator that should be created. The value for type can be one of attribute-value, character-set, custom, dictionary, length-based, repeated-characters, similarity-based, or unique-characters.

create-plugin --type referential-integrity

Creates Plugins. Suboptions are as follows:

--plugin-name name. The name of the new Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Plugin that should be created. The value for type can be one of dsee-gateway, password-policy-import, referential-integrity,seven-bit-clean,unique-attribute.

create-plugin --type seven-bit-clean

Creates Plugins. Suboptions are as follows:

--plugin-name name. The name of the new Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Plugin that should be created. The value for type can be one of dsee-gateway, password-policy-import, referential-integrity,seven-bit-clean,unique-attribute.

create-plugin --type unique-attribute

Creates Plugins. Suboptions are as follows:

--plugin-name name. The name of the new Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Plugin that should be created. The value for type can be one of dsee-gateway, password-policy-import, referential-integrity,seven-bit-clean,unique-attribute.

create-virtual-attribute

This command is not supported for the proxy.

Creates virtual attributes. Suboptions are as follows:

--name name. The name of the new virtual attribute.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Virtual Attribute that should be created. The value for type can be one of collective-attribute-subentries, custom, entry-dn,entry-uuid, governing-structure-rule, has-subordinates, is-member-of, member, nsuniqueid, num-subordinates, orclguid, password-policy-subentry, proximity, structural-object-class, subschema-subentry, user-defined.

delete-account-status-notification-handler

Deletes account status notification handlers. Suboptions are as follows:

--handler-name name. The name of the account status notification handler.

-f,--force. Ignore nonexistent account status notification handlers.

delete-entry-cache

Deletes entry caches. Suboptions are as follows:

--cache-name name. The name of the Entry Cache.

-f,--force. Ignore nonexistent entry cache.

delete-group-implementation

This command is not supported for the proxy.

Deletes group implementations. Suboptions are as follows:

--implementation-name name. The name of the group implementation.

-f,--force. Ignore nonexistent group implementations.

delete-local-db-index

Deletes local DB indexes. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the local DB index.

-f,--force. Ignore nonexistent local DB indexes.

delete-local-db-vlv-index

Deletes local DB VLV indexes. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the local DB VLV index.

-f,--force. Ignore nonexistent local DB VLV indexes.

delete-password-generator

Deletes password generators. Suboptions are as follows:

--generator-name name. The name of the password generator.

-f,--force. Ignore nonexistent password generators.

delete-password-policy

Deletes password policies. Suboptions are as follows:

--policy-name name. The name of the password policy.

-f,--force. Ignore nonexistent password policies.

delete-password-storage-scheme

Deletes password storage schemes. Suboptions are as follows:

--scheme-name name. The name of the password storage scheme.

-f,--force. Ignore nonexistent password storage schemes.

delete-password-validator

Deletes password validators. Suboptions are as follows:

--validator-name name. The name of the password validator.

-f,--force. Ignore nonexistent password validators.

delete-plugin

Deletes Plugins. Suboptions are as follows:

--plugin-name name. The name of the Plugin.

-f,--force. Ignore nonexistent Plugins.

delete-virtual-attribute

This command is not supported for the proxy.

Deletes virtual attributes. Suboptions are as follows:

--name name. The name of the virtual attribute.

-f,--force. Ignore nonexistent virtual attributes.

delete-workflow-element

Deletes Workflow Elements. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

-f,--force. Ignore nonexistent Workflow Elements.

get-account-status-notification-handler-prop

Shows account status notification handler properties. Suboptions are as follows:

--handler-name name. The name of the account status notification handler.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-entry-cache-prop

Shows entry cache properties. Suboptions are as follows:

--cache-name name. The name of the entry cache.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-group-implementation-prop

This command is not supported for the proxy.

Shows group implementation properties. Suboptions are as follows:

--implementation-name name. The name of the group implementation.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-local-db-index-prop

Shows local DB index properties. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the local DB index.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-local-db-vlv-index-prop

Shows the local DB VLV index properties. Suboptions are as follows:

--element-name name. The name of the local DB back end.

--index-name name. The name of the local DB VLV index.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-generator-prop

Shows password generator properties. Suboptions are as follows:

--generator-name name. The name of the password generator.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-policy-prop

Shows password policy properties. Suboptions are as follows:

--policy-name name. The name of the password policy.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-storage-scheme-prop

Shows password storage scheme properties. Suboptions are as follows:

--scheme-name name. The name of the password storage scheme.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-validator-prop

Shows password validator properties. Suboptions are as follows:

--validator-name name. The name of the password validator.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-virtual-attribute-prop

This command is not supported for the proxy.

Shows virtual attribute properties. Suboptions are as follows:

--name name. The name of the virtual attribute.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-account-status-notification-handlers

Lists existing account status notification handlers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-entry-caches

Lists existing entry caches. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-group-implementations

This command is not supported for the proxy.

Lists existing group implementations. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-local-db-indexes

Lists existing local DB indexes. Suboptions are as follows:

--element-name name. The name of the DB local backend Workflow Element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-local-db-vlv-indexes

Lists existing local DB VLV indexes. Suboptions are as follows:

--element-name name. The name of the DB local backend Workflow Element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-generators

Lists existing password generators. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-policies

Lists existing password policies. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-storage-schemes

Lists existing password storage schemes. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-validators

Lists existing password validators. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-plugins

Lists existing Plugins. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-virtual-attributes

This command is not supported for the proxy.

Lists existing virtual attributes. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing Workflow Elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-account-status-notification-handler-prop

Modifies account status notification handler properties. Suboptions are as follows:

--handler-name name. The name of the account status notification handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-entry-cache-prop

Modifies Entry Cache properties. Suboptions are as follows:

--cache-name name. The name of the Entry Cache.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-group-implementation-prop

This command is not supported for the proxy.

Modifies group implementation properties. Suboptions are as follows:

--implementation-name name. The name of the group implementation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-local-db-index-prop

Modifies local DB Index properties. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the local DB Index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-local-db-vlv-index-prop

Modifies local DB VLV Index properties. Suboptions are as follows:

--element-name name. The name of the local DB back end workflow element.

--index-name name. The name of the local DB VLV Index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-generator-prop

Modifies password generator properties. Suboptions are as follows:

--generator-name name. The name of the password generator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-policy-prop

Modifies password policy properties. Suboptions are as follows:

--policy-name name. The name of the password policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-storage-scheme-prop

Modifies password storage scheme properties. Suboptions are as follows:

--scheme-name name. The name of the password storage scheme.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-validator-prop

Modifies password validator properties. Suboptions are as follows:

--validator-name name. The name of the password validator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-plugin-prop

Modifies Plugin properties. Suboptions are as follows:

--plugin-name name. The name of the Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-virtual-attribute-prop

This command is not supported for the proxy.

Modifies virtual attribute properties. Suboptions are as follows:

--name name. The name of the virtual attribute.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

Modifies Workflow Element properties. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Integration Subcommands

This section describes the subcommands for various workflow operations.

create-workflow-element --type ad-paging

This command creates Ad Paging Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type ad-password

This command creates password Workflow Elements. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type eus-context

This command creates Eus Context Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type eus

This command creates Eus Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type fa

This command creates Fa Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type kerberos-auth-provider

This command creates Kerberos Auth Provider Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type pass-through-authentication

This command creates Pass Through Authentication Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

create-workflow-element --type plugin

This command creates Plugin Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

delete-workflow-element

This command deletes Workflow Elements. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

-f, --force. Ignore nonexistent Workflow Elements.

list-workflow-elements

Lists existing workflow elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-workflow-element-prop

Modifies workflow element properties. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Remote Data Source Subcommands

This section describes subcommands for various remote data source operations.

create-extension --type ldap-server

This command creates LDAP Server Extensions. Suboptions are as follows:

--extension-name name. The name of the new extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Extension that should be created. The value for type can be one of global-index-catalog, global-index-catalogs-shared-cache,ldap-server.

create-workflow-element --type proxy-ldap

This command creates Proxy LDAP Workflow Elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Workflow Element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-contex, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations,trust-store-local-backend, union, virtual-member-of

delete-extension

Deletes extension. Suboptions are as follows:

--extension-name name. The name of the extension.

-f,--force. Ignore nonexistent extensions.

delete-workflow-element

Deletes workflow elements. Suboptions are as follows:

--element-name name. The name of the workflow element.

-f,--force. Ignore nonexistent workflow elements.

list-extensions

Lists existing extensions. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing workflow elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-extension-prop

This command modifies Extension properties. Suboptions are as follows:

--extension-name name. The name of the Extension.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

This command modifies Workflow Element properties. Suboptions are as follows:

--element-name name. The name of the Workflow Element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Replication Subcommands

This section describes subcommands for various replication operations.

create-plugin --type dsee-gateway

Creates Plugins. Suboptions are as follows:

--plugin-name name. The name of the Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t, --type type. The type of Plugin that should be created. The value for type can be one of dsee-gateway,password-policy-import,referential-integrity, seven-bit-clean,unique-attribute.

create-gateway-domain

Creates gateway domains. Suboptions are as follows:

--plugin-name name. The name of the DSEE gateway plugin.

--domain-name name. The name of the gateway domain.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-replication-domain

Creates replication domains. Suboptions are as follows:

--provider-name name. The name of the multi-master synchronization provider.

--domain-name name. The name of the new replication domain.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-replication-server

Creates replication servers. Suboptions are as follows:

--provider-name name. The name of the multi-master synchronization provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-synchronization-provider

Creates synchronization providers. Suboptions are as follows:

--provider-name name. The name of the new synchronization provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Synchronization Provider that should be created. The value for type can be one of custom,replication.

delete-gateway-domain

Deletes gateway domains. Suboptions are as follows:

--plugin-name name. The name of the DSEE gateway plugin.

--domain-name name. The name of the gateway domain.

-f, --force. Ignore nonexistent Gateway Domains.

delete-plugin

Deletes Plugins. Suboptions are as follows:

--plugin-name name. The name of the Plugin.

-f,--force. Ignore nonexistent Plugin.

delete-replication-domain

Deletes replication domains. Suboptions are as follows:

--provider-name name. The name of the synchronization provider.

--domain-name name. The name of the replication domain.

-f,--force. Ignore nonexistent replication domains.

delete-replication-server

Deletes replication servers. Suboptions are as follows:

--provider-name name. The name of the synchronization provider.

-f,--force. Ignore nonexistent replication servers.

delete-synchronization-provider

Deletes synchronization providers. Suboptions are as follows:

--provider-name name. The name of the synchronization provider.

-f,--force. Ignore nonexistent synchronization providers.

get-external-changelog-domain-prop

Shows External Changelog Domain properties. Suboptions are as follows:

--provider-name name. The name of the Replication Synchronization Provider.

--domain-name name. The name of the Replication Domain.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-gateway-domain-prop

Shows gateway domain properties.

--plugin-name name. The name of the DSEE gateway plugin.

--domain-name name. The name of the gateway domain.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-replication-domain-prop

Shows replication domain properties. Suboptions are as follows:

--provider-name name. The name of the multi-master synchronization provider.

--domain-name name. The name of the replication domain.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-replication-server-prop

Shows replication server properties. Suboptions are as follows:

--provider-name name. The name of the multi-master synchronization provider.

--property property. The name of a property to be displayed.

-E, --record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-synchronization-provider-prop

Shows synchronization provider properties. Suboptions are as follows:

--provider-name name. The name of the synchronization provider.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-plugins

Lists existing Plugins. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-gateway-domains

Lists existing gateway domains. Suboptions are as follows.

--plugin-name name. The name of the DSEE Gateway Plugin.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-replication-domains

Lists existing replication domains. Suboptions are as follows:

--provider-name name. The name of the replication synchronization provider.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-replication-server

Lists existing replication server. Suboptions are as follows:

--provider-name name. The name of the replication synchronization provider.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-synchronization-providers

Lists existing synchronization providers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-external-changelog-domain-prop

Modifies External Changelog Domain properties. Suboptions are as follows:

--provider-name name. The name of the Replication Synchronization Provider.

--domain-name name. The name of the Replication Domain.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-gateway-domain-prop

Modifies gateway domain properties. Suboptions are as follows:

--plugin-name name. The name of the DSEE Gateway Plugin.

--domain-name name. The name of the gateway domain.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-plugin-prop

Modifies Plugin properties. Suboptions are as follows:

--plugin-name name. The name of the Plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-replication-domain-prop

Modifies replication domain properties. Suboptions are as follows:

--provider-name name. The name of the replication synchronization provider.

--domain-name name. The name of the replication domain.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-replication-server-prop

Modifies replication server properties. Suboptions are as follows:

--provider-name name. The name of the replication synchronization provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-synchronization-provider-prop

Modifies synchronization provider properties. Suboptions are as follows:

--provider-name name. The name of the synchronization provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Schema Subcommands

This section describes subcommands for various schema operations.

create-attribute-syntax

This command is not supported for the proxy.

Creates attribute syntaxes. Suboptions are as follows:

--syntax-name name. The name of the new attribute syntax.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Attribute Syntax that should be created. The value for type can be one of attribute-type-description, directory-string, generic, or telephone-number.

create-matching-rule

This command is not supported for the proxy.

Creates matching rules. Suboptions are as follows:

--rule-name name. The name of the new matching rule.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Matching Rule that should be created. The value for type can be one of collation or generic.

delete-attribute-syntax

This command is not supported for the proxy.

Deletes attribute syntaxes. Suboptions are as follows:

--syntax-name name. The name of the attribute syntax.

-f,--force. Ignore nonexistent attribute syntaxes.

delete-matching-rule

This command is not supported for the proxy.

Deletes matching rules. Suboptions are as follows:

--rule-name name. The name of the matching rule.

-f,--force. Ignore nonexistent matching rules.

get-attribute-syntax-prop

This command is not supported for the proxy.

Shows attribute syntax properties. Suboptions are as follows:

--syntax-name name. The name of the attribute syntax.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-matching-rule-prop

This command is not supported for the proxy.

Shows matching rule properties. Suboptions are as follows:

--rule-name name. The name of the matching rule.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-attribute-syntaxes

This command is not supported for the proxy.

Lists existing attribute syntaxes. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-matching-rules

This command is not supported for the proxy.

Lists existing matching rules. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-attribute-syntax-prop

This command is not supported for the proxy.

Modifies attribute syntax properties. Suboptions are as follows:

--syntax-name name. The name of the attribute syntax.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-matching-rule-prop

This command is not supported for the proxy.

Modifies matching rule properties. Suboptions are as follows:

--rule-name name. The name of the matching rule.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Security Subcommands

create-access-control-group

Creates access control groups.

--group-name name. The name of the new access control group.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-key-manager-provider

Creates key manager providers. Suboptions are as follows:

--provider-name name. The name of the new key manager provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of key manager provider that should be created. The value for type can be one of file-based, custom, or pkcs11.

PKCS#11 is not supported for a proxy server instance.

create-key-manager-provider-key-pin

Creates key manager provider key pins. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--pin-name name. The name of the new key manager provider key pin which will also be used as the value of the "ssl-cert-nickname" property: Specifies the nickname of the certificate this key manager provider key pin applies to.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-password-generator

Creates password generators. Suboptions are as follows:

--generator-name name. The name of the new password generator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of password generator which should be created. The value for type can be one of: custom, or random.

create-password-policy

Creates password policies. Suboptions are as follows:

--policy-name name. The name of the new password policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-plugin --type password-policy-import

Creates password policy import plugins. Suboptions are as follows:

--plugin-name name. The name of the new plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of plugin which should be created. The value for type can be one of: dsee-gateway, last-mod, password-policy-import, referential-integrity, seven-bit-clean, unique-attribute.

create-password-storage-scheme

Creates password storage schemes. Suboptions are as follows:

--scheme-name name. The name of the new password storage scheme.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of password storage scheme which should be created. The value for type can be one of: aes, base64, blowfish, clear, crypt, custom, euspbkdf2sha512, md5, pbkdf2hmacsha1, pbkdf2hmacsha256, pbkdf2hmacsha512, rc4, salted-md5, salted-sha1, salted-sha256, salted-sha384, salted-sha512, sha1, sha256, sha512, triple-des, user-defined.

create-password-validator

Creates password validators. Suboptions are as follows:

--validator-name name. The name of the new password validator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of password validator which should be created. The value for type can be one of: character-set, custom, dictionary, length-based, repeated-characters, similarity-based, unique-characters.

create-sasl-mechanism-handler

This command is not supported for the proxy.

Creates SASL mechanism handlers. Suboptions are as follows:

--handler-name name. The name of the new SASL mechanism handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of SASL Mechanism Handler that should be created. The value for type can be one of anonymous, cram-md5, digest-md5, external, custom, gssapi, or plain.

create-trust-manager-provider

Creates trust manager providers. Suboptions are as follows:

--provider-name name. The name of the new trust manager provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of trust manager provider that should be created. The value for type can be one of blind, file-based, or custom.

create-trust-store-key-pin

Creates trust store key pins. Suboptions are as follows:

--element-name name. The name of the trust store local backend workflow element.

--pin-name string. The name of the new trust store key pin which will also be used as the value of the "ssl-cert-nickname" property: Specifies the nickname of the certificate this trust store key pin applies to.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-workflow-element --type trust-store-local-backend

Creates workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, backup-local-backend, db-local-backend,distribution, dn-renaming, eus, eus-context, fa, global-index-local-backend, global-index-replication-changes-local-backend, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdn-changing, transformations, trust-store-local-backend.

delete-access-control-group

Deletes access control groups. Suboptions are as follows:

--group-name name. The name of the access control group.

-f,--force. Ignore nonexistent access control groups.

delete-key-manager-provider

Deletes key manager providers. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

-f,--force. Ignore nonexistent key manager providers.

delete-key-manager-provider-key-pin

Deletes key manager provider key pins. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--pin-name name. The name of the key manager provider key pin.

-f,--force. Ignore nonexistent key manager provider key pins.

delete-password-generator

Deletes password generators. Suboptions are as follows:

--generator-name name. The name of the password generator.

-f,--force. Ignore nonexistent password generators.

delete-password-policy

Deletes password Policies. Suboptions are as follows:

--policy-name name. The name of the password policy.

-f,--force. Ignore nonexistent password Policies.

delete-password-storage-scheme

Deletes password storage schemes. Suboptions are as follows:

--scheme-name name. The name of the password storage scheme.

-f,--force. Ignore nonexistent password storage schemes.

delete-password-validator

Deletes password validators. Suboptions are as follows:

--validator-name name. The name of the password validator.

-f,--force. Ignore nonexistent password validators.

delete-plugin

Deletes plugins. Suboptions are as follows:

--plugin-name name. The name of the plugin.

-f,--force. Ignore nonexistent plugins.

delete-sasl-mechanism-handler

This command is not supported for the proxy.

Deletes SASL mechanism handlers. Suboptions are as follows:

--handler-name name. The name of the SASL mechanism handler.

-f,--force. Ignore nonexistent SASL mechanism handlers.

delete-trust-manager-provider

Deletes trust manager providers. Suboptions are as follows:

--provider-name name. The name of the trust manager provider.

-f,--force. Ignore nonexistent trust manager providers.

delete-trust-store-key-pin

Deletes trust manager providers. Suboptions are as follows:

--element-name name. The name of the trust store local backend workflow element.

--pin-name name. The name of the trust store key pin.

-f,--force. Ignore nonexistent trust store key pins.

delete-workflow-element

Deletes workflow elements. Suboptions are as follows:

--element-name name. The name of the workflow element.

-f,--force. Ignore nonexistent workflow elements.

get-access-control-group-prop

Shows access control group properties. Suboptions are as follows:

--group-name name. The name of the access control group.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-access-control-handler-prop

Shows access control handler properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-crypto-manager-prop

Show crypto manager properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-data-encryption-prop

Shows data encryption properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-key-manager-provider-key-pin-prop

Shows key manager provider key pin properties. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--pin-name name. The name of the key manager provider key pin.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-key-manager-provider-prop

Shows key manager provider properties. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-generator-prop

Shows password generator properties. Suboptions are as follows:

--generator-name name. The name of the password generator.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-policy-prop

Shows password policy properties. Suboptions are as follows:

--policy-name name. The name of the password policy.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-storage-scheme-prop

Shows password storage scheme properties. Suboptions are as follows:

--scheme-name name. The name of the password storage scheme.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-password-validator-prop

Shows password validator properties. Suboptions are as follows:

--validator-name name. The name of the password validator.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-root-dn-prop

Shows root DN properties. Suboptions are as follows:

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-sasl-mechanism-handler-prop

Shows SASL mechanism handler properties. Suboptions are as follows:

--handler-name name. The name of the SASL mechanism handler.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-trust-manager-provider-prop

Shows trust manager provider properties. Suboptions are as follows:

--provider-name name. The name of the trust manager provider.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-trust-store-key-pin-prop

Shows trust store key pin properties. Suboptions are as follows:

--element-name name. The name of the trust store local backend workflow element.

--pin-name name. The name of the trust store key pin.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-access-control-groups

Lists existing access control groups. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-key-manager-provider-key-pins

Lists existing key manager provider key pins. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-key-manager-providers

Lists existing key manager providers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-generators

Lists existing password generators. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-policies

Lists existing password Policies. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-storage-schemes

Lists existing password storage schemes. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-password-validators

Lists existing password validators. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-plugins

Lists existing plugins. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-sasl-mechanism-handlers

This command is not supported for the proxy.

Lists existing SASL mechanism handlers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-trust-manager-providers

Lists existing trust manager providers. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-trust-store-key-pins

Lists existing trust store key pins. Suboptions are as follows:

--element-name name. The name of the trust store local backend workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing workflow elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-access-control-group-prop

Modifies access control group properties. Suboptions are as follows:

--group-name name. The name of the access control group.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-access-control-handler-prop

Modifies access control handler properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-crypto-manager-prop

Modifies crypto manager properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-data-encryption-prop

Modifies data encryption properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-key-manager-provider-key-pin-prop

Modifies key manager provider key pin properties. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--pin-name name. The name of the key manager provider key pin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-key-manager-provider-prop

Modifies key manager provider properties. Suboptions are as follows:

--provider-name name. The name of the key manager provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-generator-prop

Modifies password generator properties. Suboptions are as follows:

--element-name name. The name of the password generator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-policy-prop

Modifies password policy properties. Suboptions are as follows:

--element-name name. The name of the password policy.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-storage-scheme-prop

Modifies password storage scheme properties. Suboptions are as follows:

--scheme-name name. The name of the password storage scheme.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-password-validator-prop

Modifies password validator properties. Suboptions are as follows:

--validator-name name. The name of the password validator.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-plugin-prop

Modifies plugin properties. Suboptions are as follows:

--plugin-name name. The name of the plugin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-root-dn-prop

Modifies root DN properties. Suboptions are as follows:

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-sasl-mechanism-handler-prop

This command is not supported for the proxy.

Modifies SASL mechanism handler properties. Suboptions are as follows:

--handler-name name. The name of the SASL mechanism handler.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-trust-manager-provider-prop

Modifies trust manager provider properties. Suboptions are as follows:

--provider-name name. The name of the trust manager provider.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-trust-store-key-pin-prop

Modifies trust store key pin properties. Suboptions are as follows:

--element-name name. The name of the trust store local backend workflow element.

--pin-name name. The name of the trust store key pin.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

Modifies workflow element properties. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Virtualization Subcommands

This section describes subcommands for virtualization.

create-transformation --type add-inbound-attribute

Creates add inbound attribute transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute. For more information about each transformation, see Configuring Transformation Using dsconfig.

create-transformation --type add-outbound-attribute

Creates add outbound attribute transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute. For more information about each transformation, see Configuring Transformation Using dsconfig.

create-workflow-element --type dn-renaming

Creates DN renaming workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type dynamic-entry-tree

Creates dynamic entry tree workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type dynamic-groups

Creates dynamic groups workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-transformation --type filter-inbound-attribute

Creates filter inbound attribute transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute. For more information about each transformation, see Configuring Transformation Using dsconfig.

create-transformation --type filter-outbound-attribute

Creates filter outbound attribute transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute. For more information about each transformation, see Configuring Transformation Using dsconfig.

create-workflow-element --type flat-tree

Creates flat tree workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type fork-join

Creates fork join workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type get-rid-of-duplicate

Creates get rid of duplicate workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type hide-entries-by-filter

Creates hide entries by filter workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-join-participant

Creates join participants. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--participant-name name. The name of the new join participant.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-workflow-element --type join

Creates join workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-transformation --type map-attribute

Creates map attribute transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute. For more information about each transformation, see Configuring Transformation Using dsconfig.

create-transformation --type map-object-class

Creates map object class transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute. For more information about each transformation, see Configuring Transformation Using dsconfig.

create-primary-fork-join-participant

Creates primary fork join participants. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-workflow-element --type rdn-changing

Creates RDN changing workflow elements. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type saml-xasp

Creates SAML XASP workflow elements. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-secondary-fork-join-participant

Creates secondary fork join participants. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

create-transformation --type tokenize-attribute

Creates tokenize attribute transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute.

create-transformation

Creates transformations. Suboptions are as follows:

--transformation-name name. The name of the new transformation.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of Transformation that should be created. The value for type can be one of add-inbound-attribute, add-outbound-attribute, filter-inbound-attribute, filter-outbound-attribute, map-attribute, map-object-class, tokenize-attribute.

create-workflow-element --type transformations

Creates transformations workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

create-workflow-element --type virtual-member-of

Creates virtual member of workflow elements. Suboptions are as follows:

--element-name name. The name of the new workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

-t,--type type. The type of workflow element that should be created. The value for type can be one of ad-paging, ad-password, backup-local-backend, db-local-backend, distribution, dn-renaming, dynamic-entry-tree, dynamic-groups, eus, eus-alias-resolution, eus-context, fa, flat-tree, fork-join, get-rid-of-duplicate, global-index-local-backend, global-index-replication-changes-local-backend, hide-entries-by-filter, join, kerberos-auth-provider, ldif-local-backend, load-balancing, memory-local-backend, monitor-local-backend, null-local-backend, pass-through-authentication, plugin, proxy-ldap, rdbms, rdn-changing, saml-xasp, schema-local-backend, transformations, trust-store-local-backend, union, virtual-member-of.

delete-join-participant

Deletes join participants. Suboptions are as follows:

--element-name name. The name of the Join workflow element.

--participant-name name. The name of the join participant.

-f, --force. Ignore nonexistent join participants.

delete-primary-fork-join-participant

Deletes primary fork join participants. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

-f, --force. Ignore nonexistent primary fork join participants.

delete-secondary-fork-join-participant

Deletes secondary fork join participants. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

-f, --force. Ignore nonexistent secondary fork join participants.

delete-transformation

Deletes transformations. Suboptions are as follows:

--transformation-name name. The name of the transformation.

-f, --force. Ignore nonexistent transformation.

delete-workflow-element

Deletes workflow elements. Suboptions are as follows:

--element-name name. The name of the workflow element.

-f, --force. Ignore nonexistent workflow elements.

get-join-participant-prop

Shows join participant properties. Suboptions are as follows:

--element-name name. The name of the join workflow element.

--participant-name name. The name of the join participant.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-primary-fork-join-participant-prop

Shows primary fork join participant properties. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-secondary-fork-join-participant-prop

Shows secondary fork join participant properties. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

get-transformation-prop

Shows transformation properties. Suboptions are as follows:

--transformation-name name. The name of the transformation element.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-join-participants

Lists existing join participants. Suboptions are as follows:

--element-name name. The name of the join workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-primary-fork-join-participant

Lists existing primary fork join participant. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-secondary-fork-join-participant

Lists existing secondary fork join participant. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-transformations

Lists existing transformations. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

list-workflow-elements

Lists existing workflow elements. Suboptions are as follows:

--property property. The name of a property to be displayed.

-z,--unit-size unit. Displays size data using the specified unit. The value for unit can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

-m,--unit-time unit. Displays time data using the specified unit. The value for unit can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

set-join-participant-prop

Modifies join participant properties. Suboptions are as follows:

--element-name name. The name of the join workflow element.

--participant-name name. The name of the join participant.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-primary-fork-join-participant-prop

Modifies primary fork join participant properties. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-secondary-fork-join-participant-prop

Modifies secondary fork join participant properties. Suboptions are as follows:

--element-name name. The name of the fork join workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-transformation-prop

Modifies transformation properties. Suboptions are as follows:

--transformation-name name. The name of the transformation element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

set-workflow-element-prop

Modifies workflow element properties. Suboptions are as follows:

--element-name name. The name of the workflow element.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed.

Options

The dsconfig command accepts an option in either its short form (for example, -h hostname) or its long form equivalent (for example, --hostname hostname).

--advanced

Allows the configuration of advanced components and properties.

LDAP Connection Options

The dsconfig command contacts the directory server over SSL through the administration connector (described in Managing Administration Traffic to the Server). These connection options are used to contact the directory server.

-D, --bindDN bindDN

Use the bind DN to bind the server. This option is used when performing simple authentication and is not required if SASL authentication is to be used. The default value for this option is cn=Directory Manager.

SASL is not supported for a proxy server instance.

-h, --hostname hostname

Contact the server on the specified hostname or IP address. If this option is not provided, a default of localhost is used.

-j, --bindPasswordFile filename

Use the bind password in the specified file when authenticating to the server.

-K, --keyStorePath path

Use the client keystore certificate in the specified path.

-N, --certNickname nickname

Use the nickname of certificate for SSL client authentication.

-o, --saslOption name=value

Use the specified options for SASL authentication.

SASL is not supported for a proxy server instance.

-p, --port port

Contact the server at the specified administration port. If this option is not provided, the administration port of the local configuration is used.

-P, --trustStorePath path

Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.

-u, --keyStorePasswordFile filename

Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used.

-U, --trustStorePasswordFile filename

Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

-X, --trustAll

Trust all server SSL certificates that the server presents. This option can be used for convenience and testing purposes, but for security reasons a trust store should be used to determine whether the client should accept the server certificate. If the client and the server run in the same instance, there is no certificate interaction.

--connectTimeout {timeout}

This is used to specify the maximum length of time (in milliseconds) that can be taken to establish a connection. Use 0 to specify no time out. The default value is 30000.

Command Input/Output Options

--commandFilePath path

Specify the full path to the file, where the equivalent non-interactive commands will be written when this command is run in interactive mode.

--displayCommand

Display the equivalent non-interactive option in the standard output when this command is run in interactive mode.

-F, --batchFilePath batchFilePath

Specifies the path to a file that contains a set of dsconfig commands to be executed. This option supports line splitting, backslash ('\'), quotes (") escaped quotes (\") inside a quoted string, and hash for comments ('#').

-n, --no-prompt

Use non-interactive mode. If some data in the command is missing, you are not prompted and the command will fail.

--noPropertiesFile

Indicate that the command will not use a properties file to get the default command-line options.

--sortMenuItems

Allows to sort the menu items if the interactive mode is used. The order is the user locale alphabetic order.

--propertiesFilePath path

Specify the path to the properties file that contains the default command-line options.

-Q, --quiet

Run in quiet mode. No output will be generated unless a significant error occurs during the process.

-s, --script-friendly

Run in "script friendly" mode. Display the output in a format that can be easily parsed by a script.

-v, --verbose

Run in verbose mode, displaying diagnostics on standard output.

General Options

-?, -H, --help

Display command-line usage information for the command and exit without making any attempt to stop or restart the server.

-V, --version

Display the version information for the server and exit rather than attempting to run this command.

Examples

The following examples show how to use the dsconfig command. For additional dsconfig examples, see Managing the Server Configuration Using dsconfig.

Viewing the Global Help Subcommands and Global Options

The following command displays the available global help subcommands and global options for the server:

$ dsconfig --help

Viewing a Component's Subcommand Help Information

The following command displays subcommands relating to authentication and authorization:

$ dsconfig --help-security

Viewing Help on an Individual Subcommand

The following command displays the help information for the set-distribution-partition-prop subcommand:

$ dsconfig set-distribution-partition-prop --help

Displaying a Component's Properties

The following command displays the properties for local-db-index. If -t is not specified, the command displays the properties for all components.

$ dsconfig list-properties -c local-db-index
Option Types:

 r -- Property value(s) are readable
 w -- Property value(s) are writable
 m -- The property is mandatory
 s -- The property is single-valued
 a -- Administrative action is required for changes to take effect

Component       Type     Property                        Options  Syntax
------------------------------------------------------------------------------
local-db-index  generic  attribute                       r-ms-    OID
local-db-index  generic  index-entry-limit               rw-sa    INTEGER
local-db-index  generic  index-extensible-matching-rule  rw--a    LOCALE | OID
local-db-index  generic  index-type                      rwm-a    TYPE

The following command displays the properties for crypto-manager.

$ dsconfig list-properties -c crypto-manager
Option Types:

 r -- Property value(s) are readable
 w -- Property value(s) are writable
 m -- The property is mandatory
 s -- The property is single-valued
 a -- Administrative action is required for changes to take effect

Component       Type     Property                     Options  Syntax
----------------------------------------------------------------------
crypto-manager  generic  key-wrapping-transformation  rw-s-    STRING
crypto-manager  generic  ssl-cert-nickname            rw-sa    STRING
crypto-manager  generic  ssl-cipher-suite             rw---    STRING
crypto-manager  generic  ssl-encryption               rw-s-    BOOLEAN
crypto-manager  generic  ssl-protocol                 rw---    STRING

Parameters Supported by the -F, --batchFilePath subcommand

The following example describes the various parameters supported by the -F, --batchFilePath subcommand.

Executing the -F, --batchFilePath subcommand using the line splitting approach. The file /tmp/batch contains the following set of commands:

create-workflow-element \
--type db-local-backend \
--set base-dn:cn=myexample,cn=com \
--set enabled:true \
--element-name myBackend

Running the -F, --batchFilePath subcommand.

dsconfig -X -j /path/pwd-file -F /tmp/batch -n

Executing the -F, --batchFilePath subcommand using quotes (") and escaped quotes (\") inside a quoted string. The file /tmp/batch contains the following set of commands:

set-access-control-handler-prop \
--add global-aci:"(targetattr != \"description || mail\") \
(version 3.0; acl \"Allow self entry modification except for \
description and mail attributes\"; allow (write)userdn =\"ldap:///self\";) "

Running the -F, --batchFilePath subcommand.

dsconfig -X  -j /path/pwd-file -F /tmp/batch -n

Exit Codes

An exit code of 0 indicates that the operation completed successfully. An exit code of 1 or greater indicates that an error occurred during processing.

How to Use a Properties File

The server supports the use of a properties file that passes in any default option values used with the dsconfig command. The properties file is convenient when working in different configuration environments, especially in scripted or embedded applications. For more information, see Using a Properties File With Server Commands.

The following options can be stored in a properties file:

  • bindDN

  • bindPasswordFile

  • certNickname

  • hostname

  • keyStorePasswordFile

  • keyStorePath

  • port

  • saslOption

    SASL is not supported for a proxy server instance.

  • trustAll

  • trustStorePasswordFile

  • trustStorePath

  • useSSL

  • useStartTLS

Entries in the properties file have the following format:

toolname.propertyname=propertyvalue

For example:

dsconfig.trustAll=Yes

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/dsconfig

  • Windows: INSTANCE_DIR\OUD\bat\dsconfig.bat

Related Commands

A.1.2.5 dsjavaproperties

The dsjavaproperties command specifies the JVM version and Java arguments that are used by each server command.

Synopsis

dsjavaproperties [options]

Description

The dsjavaproperties command can be used to specify the JVM version and Java arguments that are used by each server command. The JVM and Java arguments for each command are specified in a properties file, located at INSTANCE_DIR/OUD/config/java.properties. The properties file is not used unless you run the dsjavaproperties command. If you edit the properties file, you must run dsjavaproperties again for the new settings to be taken into account.

dsjavaproperties can be used to specify (among other arguments) whether a command runs using the JVM in -server mode or -client mode. By default, all client applications run in -client mode, and all of the server utilities run in -server mode. Generally, -server mode provides higher throughput than -client mode, at the expense of slightly longer startup times.

For certain commands (import-ldif, export-ldif, backup, and restore) you can also specify different Java arguments (and a different JVM) depending on whether the command is run in online or offline mode.

If the value of the overwrite-env-java-home property is set to false in the java.properties file, the OPENDS_JAVA_HOME environment variable takes precedence over the arguments specified in the properties file. Similarly, if the value of the overwrite-env-java-args property is set to false in the java.properties file, the OPENDS_JAVA_ARGS environment variable takes precedence over the arguments specified in the properties file.

Options

The dsjavaproperties command accepts an option in either its short form (for example, -Q) or their long form equivalent (for example, --quiet).

-Q, --quiet

Run in quiet mode. Quiet mode does not output progress information to standard output.

-?, -H, --help

Display command-line usage information for the command and exit without making any attempt to stop or restart the server.

-V, --version

Display the version information for the server and exit rather than attempting to run this command.

Example

The following example shows how to use the export—ldif command.

Modifying a Script

This example shows how to change the export-ldif script to use a maximum JVM heap size of 256 Mbytes when the command is run with the server online.

  1. Edit the INSTANCE_DIR/OUD/config/java.properties file and set the export-ldif.online arguments as follows:

    export-ldif.online.java-args=-client -Xms8m -Xmx256m
    
  2. Run the dsjavaproperties command for the change to take effect.

    $ dsjavaproperties
     The script files were successfully updated.  The Oracle Unified Directory 
     command-line utilities will use the java properties specified in the 
     properties file INSTANCE_DIR/OUD/config/java.properties
    

Exit Codes

An exit code of 0 indicates that the operation completed successfully. A nonzero exit code indicates that an error occurred during processing.

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/dsjavaproperties

  • Windows: INSTANCE_DIR\OUD\bat\dsjavaproperties.bat

A.1.2.6 dsreplication

The dsreplication command configures replication between directory servers so that the data of the servers is synchronized.

Synopsis

dsreplication [subcommands] [options]

Description

The dsreplication command can be used to configure replication between directory servers so that the data of the servers is synchronized. First enable replication by using the enable subcommand and then initialize the contents of one directory server with the contents of another server by using the initialize subcommand.

The dsreplication command contacts the server over SSL using the administration connector (see Managing Administration Traffic to the Server).

Like the dsconfig command, dsreplication can be run in interactive mode, which walks you through the replication setup process. To run dsreplication in interactive mode, type the command name with no parameters, as shown in the following example:

$ dsreplication
What do you want to do?

1)  Enable Replication
2)  Disable Replication
3)  Initialize Replication on one Server
4)  Initialize All Servers
5)  Pre External Initialization
6)  Post External Initialization
7)  Display Replication Status
8)  Purge Historical
9)  Set the trust flag of the Directory Server
10) Enable External Changelog
11) Disable External Changelog
12) Verify Server Configuration
13) List the Certificates Used for Replication
14) Regenerate the Certificate Used for Replication
15) Set the Certificate Used for Replication

c)  cancel

Enter choice: 1
...

To display the equivalent non-interactive command, use the --displayCommand or --commandFilePath option.

Server Subcommands

The following subcommands are used with the dsreplication command.

disable

Disable replication on the specified directory server for the specified base DN. This subcommand removes references to the specified server in the configuration of the servers with which this server is replicating data. Suboptions are as follows:

-D, --bindDN bindDN. The DN used to bind to the server on which replication will be disabled. This option must be used if no global administrator has been defined on the server or if you do not want to remove references in the other replicated servers. The password provided for the global administrator is used when this option is specified.

-a, --disableAll. Disable the replication configuration on the specified server. The contents of the server are no longer replicated and the replication server (change log and replication port) is disabled, if it is configured.

--disableReplicationServer. Disable the replication server. The replication port and change log are disabled on the specified server.

-h, --hostname host. Directory server host name or IP address.

-p, --port port. Directory server administration port number.

disable-changelog

Disables the external change log for a set of base DNs. If there is no data to replicate, then all the associated replication configuration is removed. For more information about external change log, see Using the External Change Log. Suboptions are as follows:

-h, --hostname host

Directory server host name or IP address.

-p, --port port

The Directory Server administration port number.

-D, --bindDN bindDN

The DN to bind with the server where you want to configure the external change log. The default value is cn=Directory Manager.

enable-changelog

Creates an external change log for a set of base DNs. The external change log feature allows you to retrieve the modifications performed under a specific base DN. For more information about external change log, see Using the External Change Log. Suboptions are as follows:

-h, --hostname host

Directory server host name or IP address.

-p, --port port

The Directory Server administration port number.

-D, --bindDN bindDN

The DN to bind with the server where you want to configure the external change log. The default value is cn=Directory Manager.

-r, --replicationPort port

The port required to configure the change log. You must specify this option only if the changelog (or replication) is not previously configured in the server. The default value is 8989.

enable

Update the configuration of the directory servers to replicate data under the specified base DN. If one of the specified servers is already replicating the data under the base DN to other servers, executing this subcommand updates the configuration of all the servers. It is therefore sufficient to execute the subcommand once for each server that is added to the replication topology. Suboptions are as follows:

--bindDN2 bindDN. The DN used to bind to the second server whose contents will be replicated. If no bind DN is specified, the global administrator is used to bind.

--bindPasswordFile1 filename. The file containing the password used to bind to the first server whose contents will be replicated. If no bind DN was specified for the first server, the password of the global administrator is used to bind.

-D, --bindDN1 bindDN. The DN used to bind to the first server whose contents will be replicated. If no bind DN is specified, the global administrator is used to bind.

-F, --bindPasswordFile2 filename. The file containing the password used to bind to the second server whose contents will be replicated. If no bind DN was specified for the second server, the password of the global administrator is used to bind.

-h, --host1 host. Host name or IP address of the first server whose contents will be replicated.

--noReplicationServer1. Do not configure a replication port or change log on the first server. The first server will contain replicated data but will not contain a change log of modifications made to the replicated data. Each replicated topology must contain at least two servers with a change log to avoid a single point of failure.

--noReplicationServer2. Do not configure a replication port or change log on the second server. The second server will contain replicated data but will not contain a change log of modifications made to the replicated data. Each replicated topology must contain at least two servers with a change log to avoid a single point of failure.

--noSchemaReplication. Do not replicate the schema between the servers. (Schema replication is enabled by default.) Use this option if you do not want the schema to be synchronized between servers.

--onlyReplicationServer1. Configure only a change log and replication port on the first server. The first server will not contain replicated data, but will contain a change log of the modifications made to the replicated data on other servers.

--onlyReplicationServer2. Configure only a change log and replication port on the second server. The second server will not contain replicated data, but will contain a change log of the modifications made to the replicated data on other servers.

-O, --host2 host. Hostname or IP address of the second server whose contents will be replicated.

-p, --port1 port. Directory server administration port number of the first server whose contents will be replicated.

--port2 port. Directory server administration port number of the second server whose contents will be replicated.

-r, --replicationPort1 port. The port that will be used by the replication mechanism in the first directory server to communicate with other servers. Only specify this option if replication was not previously configured on the first directory server.

-R, --replicationPort2 port. The port that will be used by the replication mechanism in the second directory server to communicate with other servers. Only specify this option if replication was not previously configured in the second server.

-S, --skipPortCheck. Skip the check to determine whether the specified replication ports are usable. If this argument is not specified, the server checks that the port is available only if you are configuring the local host.

--secureReplication1. Specifies whether communication through the replication port of the first server is encrypted. This option is only taken into account the first time replication is configured on the first server.

--secureReplication2. Specifies whether communication through the replication port of the second server is encrypted. This option is only taken into account the first time replication is configured on the second server.

--useSecondServerAsSchemaSource. Use the second server to initialize the schema of the first server. If neither this option nor the --noSchemaReplication option is specified, the schema of the first server is used to initialize the schema of the second server.

initialize

Initialize the contents of the data under the specified base DN on the destination directory server with the contents on the source server. This operation is required after enabling replication. Suboptions are as follows:

-h, --hostSource host. Directory server host name or IP address of the source server whose contents will be used to initialize the destination server.

-O, --hostDestination host. Directory server hostname or IP address of the destination server whose contents will be initialized.

-p, --portSource port. Directory server administration port number of the source server whose contents will be used to initialize the destination server.

--portDestination port. Directory server administration port number of the destination server whose contents will be initialized.

initialize-all

Initialize the data under the specified base DN, on all the directory servers in the topology, with the data on the specified server. This operation is required after enabling replication for replication to work. Alternatively, you can use the initialize subcommand on each individual server in the topology. Suboptions are as follows:

-h, --hostname host. Directory server host name or IP address of the source server.

-p, --port port. Directory server administration port number of the source server.

list-certs

List the certificates used by the servers for replication. Suboptions are as follows:

-h, --hostname host

Directory server host name or IP address.

-p, --port port

Directory server administration port number. Default value: 4444

post-external-initialization

Enable replication to work after the entire topology has been reinitialized by using import-ldif or binary copy. This subcommand must be called after you initialize the contents of all directory servers in a topology by using import-ldif or binary copy. If you do not run this subcommand, replication will no longer work after the initialization. Suboptions are as follows:

-h, --hostname host. Directory server host name or IP address.

-p, --port port. Directory server administration port number.

pre-external-initialization

Prepare a replication topology for initialization by using import-ldif or binary copy. This subcommand must be called before you initialize the contents of all directory servers in a topology by using import-ldif or binary copy. If you do not run this subcommand, replication will no longer work after the initialization. After running this subcommand, initialize the contents of all the servers in the topology, then run the subcommand post-external-initialization. Suboptions are as follows:

-h, --hostname host. Directory server host name or IP address.

-l, --local-only. Use this option when the contents of only the specified directory server will be initialized with an external method.

-p, --port port. Directory server administration port number.

purge-historical

Launches a purge processing of the historical information stored in the user entries by replication. Since this processing may take a while, you must specify the maximum duration for this processing. Suboptions are as follows:

-h, --hostname host. Directory server host name or IP address.

-p, --port port. Directory server administration port number.

--maximumDuration maximum duration. Specifies the maximum duration the purge processing must last expressed in seconds. The default value is 3600.

-t, --start startTime. Specifies the date and time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. Use 0 to schedule the task for immediate execution. When this option is specified the operation is scheduled to start at the specified time after which the utility exits immediately.

--recurringTask schedulePattern. Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern.

--completionNotify emailAddress. Indicates the e-mail address of the recipient to be notified when the task completes. You can specify this option more than once.

--errorNotify emailAddress. Indicates the e-mail address of the recipient to be notified if an error occurs when this task executes. You can specify this option more than once.

--dependency taskID. Indicates the ID of a task upon which this task depends. A task will not start execution until all its dependent tasks have completed execution.

--failedDependencyAction action. Indicates the action that should take place if one if its dependent tasks fail. It must have one of the following values: PROCESS,CANCEL, or DISABLE. The default value is CANCEL.

regenerate-cert

Regenerates the certificate used by the specified server (or all servers) for replication. Suboptions are as follows:

-a, --all

Regenerates the certificate of all servers configured for replication (and not only of the server provided to connect).

-h, --hostname host

Directory server host name or IP address.

-p, --port port

Directory server administration port number. Default value: 4444

set-cert

Configures the server to use a certificate in a keystore for replication. Suboptions are as follows:

--replCertNickName nickname

Specifies the nickname of the certificate that you want to be used by the server for replication.

--replKeyStoreType type

Specifies the type of the keystore. The value can be any type of keystore, including JKS, JCEKS, PKCS12, and PKCS11. The Java Virtual Machine used by the server must support this keystore type (by default, most JVMs support the keystore types JKS, JCEKS, and PKCS12). The default value is JKS.

--replKeyStorePath path

Specifies the path of the keystore containing the certificate to be used by the server for replication. This value is not required if the certificate is stored on a hardware device such as a Java card. The server must have read access rights to this path. You can specify a path relative to the location of the server (for example, config/my-keystore).

--replKeyStorePasswordFile path

Specifies the path to the file containing the password (PIN) needed to access the keystore. The password must be stored in clear text in the file, and the server must have read access rights to the file. If you want the server to encrypt the contents of the file, the server must also have write access rights. You can specify a path relative to the location of the server (for example, config/my-keystore.pin).

--replKeyPasswordFile keyPasswordFile

Specifies the file containing the password (PIN) needed to access the private key of the certificate in the keystore. This option is required if the private key cannot be read using the keystore password specified with the --replKeyStorePasswordFile option. The password must be stored in clear text in the file, and the server must have read access rights to the file. You can specify a path relative to the location of the server (for example, config/my-key.pin).

--skipLocalChecks

Specifies that the default checks to validate the provided data should be skipped when you run the command from the same machine as the server.

--encryptKeyStorePasswordFile

Specifies that the server should overwrite the contents of the password (PIN) file you provide with the password encrypted. The password file must contain the password in clear text, and the server must have write access rights on the file specified using the --replKeyStorePasswordFile option.

-h, --hostname host

Directory server host name or IP address.

-p, --port port

Directory server administration port number. Default value: 4444

set-trust

Set the trust flag of a directory server. Any change that is sent by an untrusted directory server will be discarded by the rest of the topology. Only trusted directory servers are allowed to send changes to be replayed by other directory servers. Suboptions are as follows:

-h, --trustedHost host. Specifies the fully qualified host name or IP address of the directory server that will perform the change.

-p, --trustedPort port. Specifies the administration port number of the directory server that will perform the change.

-M, --modifiedHost host. Specifies the fully qualified host name or IP address of the directory server whose trust flag is modified.

-c, --modifiedPort port. Specifies the administration port number of the directory server whose trust flag is modified.

-t, --trustValue trusted|untrusted. Specifies the new value of the trust flag for the directory server to be modified. The value can be trusted or untrusted. The default value is trusted.

status

List the replication configuration for the specified base DNs of all directory servers defined in the registration information. If no base DNs are specified, the information for all base DNs is displayed. Suboptions are as follows:

-h, --hostname host

Directory server host name or IP address.

-p, --port port

Directory server administration port number. Default value: 4444

-D, --bindDN bindDN

DN to use to bind to the server if no global administrator has been defined. This can be used to view the external changelog status (which does not require replication between servers to be configured). Default value: cn=Directory Manager

-e, --expanded

Use expanded view of the replication status showing the replication domains (replicated data) and replication servers (change log and replication port) as separate entities.

-s, --script-friendly

Use the script-friendly mode.

-d, --dataToDisplay {dataToDisplay}

Specify the replication data information that you want to be displayed. For example, if you enter the following:

--dataToDisplay entry-number --dataToDisplay missing-changes

the number of entries and the missing changes is displayed. For more information about the different values allowed, run the following:

dsreplication status --listDataToDisplay
 

--listDataToDisplay

List the different values that can be used for the argument --dataToDisplay. If you want to display the full list of values, also specify --advanced argument.

verify

Verifies the replication configuration of the different replicated servers.

Oracle recommends that you run the verify subcommand in interactive mode (without the --no-prompt option). Then, if any inconsistencies are found in the replication configuration, they will be displayed and you can fix them interactively.

For example, you can use the verify subcommand:

  • To remove references to servers that are no longer reachable (for example, because they crashed and are not recoverable or they were not properly uninstalled).

  • To fix configuration problems related to the certificates used by the replication system.

  • To update the host names used by the replication configuration.

Suboptions are as follows:

-r, --replicationServer hostName:replicationPort

Specifies the host names and replication ports used in the configuration to reference the replication servers. These values are applied to all servers that are replicated. For example: replicationhost1.example.com:8989

--noReplicationDomainUpdate

If specified when you provide a list of replication servers using the --replicationServer argument, the changes are not applied to the replication domains.

-a, --serverToAdd hostName:administrationPort

Specifies servers that have been removed from the registration information by mistake and must be added again (for example, servers removed by using the --serverToRemove option by mistake). If there are several network interfaces defined in the server, use commas to separate them. For example:

host1-interface1.domain1.com,host2-interface2.domain2.com:4444

-s, --serverToRemove hostName:administrationPort

Specifies servers that are not reachable (for example, servers that have been uninstalled), but they are still referenced by the other servers and are mentioned when running dsreplication status. The references to these servers will be removed. For example: replicationhost3.example.com:4444

--updateAddress oldHostName/newHostName1,newHostName2

Specifies new addresses that the registration information should use for a given server. Use this argument when a network interface has changed or when the complete list of addresses was not provided when replication was configured, which can result in duplicate lines when running dsreplication status.

You must specify the addresses currently used for the server and the new servers that you want to use. For example: oldhost/newhost1,newhost2

--fixCertificates

Fixes any problems found with the certificates that are used by the replication to communicate between servers.

-h, --hostname host

Directory server host name or IP address.

-p, --port port

Directory server administration port number. Default value: 4444

Options

The dsreplication command accepts an option in either its short form (for example, -H) or its long form equivalent (for example, --help).

-b, --baseDN baseDN

Specify the base DN of the data to be replicated or initialized, or for which replication should be disabled. Multiple base DNs can be specified by using this option multiple times. Use virtual-acis if you want to replicate the virtual ACIs.

Configuration Options

--advanced

Use this option to access advanced settings when running this command in interactive mode.

LDAP Connection Options

-I, --adminUID adminUID

Specify the User ID of the global administrator to bind to the server. If no global administrator was defined previously for any of the servers, this option creates a global administrator by using the data provided.

-j, --adminPasswordFile bindPasswordFile

Use the global administrator password in the specified file when authenticating to the directory server.

-o, --saslOption name=value

Use the specified options for SASL authentication.

SASL is not supported for a proxy server instance.

-X, --trustAll

Trust any certificate that the server might present during SSL or StartTLS negotiation. This option can be used for convenience and testing purposes, but for security reasons a trust store should be used to determine whether the client should accept the server certificate.

-P, --trustStorePath trustStorePath

Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.

-U, --TrustStorePasswordFile path

Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

-K, --keyStorePath keyStorePath

Use the client keystore certificate in the specified path.

-u, --keyStorePasswordFile keyStorePasswordFile

Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used.

-N, --certNickname nickname

Use the specified certificate for authentication.

--connectTimeout timeout

Specifies the maximum length of time (in milliseconds) that can be taken to establish a connection. Use 0to specify no time out. The default value is 30000.

Command Input/Output Options

--commandFilePath path

Specify the full path to the file in which the equivalent non-interactive commands are written when the command is run in interactive mode.

--displayCommand

Display the equivalent non-interactive command in the standard output when the command is run in interactive mode.

-n, --no-prompt

Run in non-interactive mode. If some data in the command is missing, the user will not be prompted and the command will fail.

--noPropertiesFile

Indicate that the command will not use a properties file to get the default command-line options.

--propertiesFilePath propertiesFilePath

Specify the path to the properties file that contains the default command-line options.

-Q, --quiet

Run in quiet mode. No output will be generated unless a significant error occurs during the process.

General Options

-?, -H, --help

Display command-line usage information for the command and exit without making any attempt to stop or restart the server.

-V, --version

Display the version information for the server and exit rather than attempting to run this command.

Examples

The following examples assume that two directory servers are installed: host1 and host2. Both servers are configured with the default administration port (4444). The base DN dc=example,dc=com is populated with data on host1. The base DN exists on host2, but is empty. The examples configure replication between the two servers and initialize host2 with data.

Note:

The easiest way to use dsreplication is in interactive mode, in which case you are prompted for all of the relevant arguments. Using the interactive mode and --displayCommand option, you can get the equivalent non-interactive command to do scripting).

To illustrate which arguments are configured, these examples do not use the interactive mode.

Enabling Directory Server Replication

The following command enables replication for the base DN dc=example,dc=com on host1 and host2. The command runs in non-interactive mode (-n) and specifies that all server certificates should be accepted (-X).

$ dsreplication enable \
  --host1 host1 --port1 4444 --bindDN1 "cn=Directory Manager" \
  --bindPasswordFile1 /tmp/pwd-file --replicationPort1 8989 \
  --host2 host2 --port2 4444 --bindDN2 "cn=Directory Manager" \
  --bindPasswordFile2 /tmp/pwd-file --replicationPort2 8989 \
  --adminUID admin --adminPasswordFile /tmp/pwd-file --baseDN "dc=example,dc=com" -X -n

Initializing Directory Server Replication

To initialize one replica from another, use the initialize subcommand. The following command initializes the base DN dc=example,dc=com on host2 with the data contained on host1. The command runs in non-interactive mode (-n) and specifies that all server certificates should be accepted (-X).

$ dsreplication initialize --baseDN "dc=example,dc=com" \
  --adminUID admin --adminPasswordFile /tmp/pwd-file \
  --hostSource host1 --portSource 4444 \
  --hostDestination host2 --portDestination 4444 -X -n

To initialize an entire topology, use the initialize-all subcommand. This subcommand takes the details of the source directory server as options and initializes all other replicas for which replication has been enabled.

Obtaining the Directory Server Replication Status

The following command obtains the replication status of the directory servers in the topology.

bin/dsreplication status -X --adminPasswordFile /tmp/password.txt -n
Establishing connections .......... Done.
 
dc=example,dc=com - Replication Enabled
=======================================
Server             : Entries : M.C. [1] : A.O.M.C. [2] : Port [3] : Status [4]
-------------------:---------:----------:--------------:----------:-------------
host1:4444         : 200000  : 0        : N/A          : 8989     : Normal
host2:5444         : 200000  : 0        : N/A          : 9989     : Normal
 
[1] The number of changes that are still missing on this element (and that have been applied to at least one other server).
[2] Age of oldest missing change: the age (in seconds) of the oldest change that has not yet arrived on this element.
[3] The replication port used to communicate between the servers whose contents are being replicated.
[4] The status of the replication on this element.
 

 
 
To have the same output as in previous versions, the user must use the --dataToDisplay argument with the 'compat-view' value:
 
bin/dsreplication status -X --adminPasswordFile /tmp/password.txt -n --dataToDisplay compat-view
Establishing connections ......... Done.
 
dc=example,dc=com - Replication Enabled
=======================================
Server     : Entries : M.C. [1] : A.O.M.C. [2] : Port [3] : SSL [4]  : Trust [5] : U.C. [6] : Status [7]   : ChangeLog [8] : Group ID [9] : Connected To [10]
-----------:---------:----------:--------------:----------:----------:-----------:----------:--------------:---------------:--------------:---------------------------
host1:4444 : 200000  : 0        : N/A          : 8989     : Disabled : Trusted   : --       : Normal       : Enabled       : 1            : host1:8989 (GID=1)
host2:5444 : 200000  : 0        : N/A          : 9989     : Disabled : Trusted   : --       : Normal       : Enabled       : 1            : host2:9989 (GID=1)
 
[1] The number of changes that are still missing on this element (and that have been applied to at least one other server).
[2] Age of oldest missing change: the age (in seconds) of the oldest change that has not yet arrived on this element.
[3] The replication port used to communicate between the servers whose contents are being replicated.
[4] Whether the replication communication initiated by this element is encrypted or not. 
[5] Whether the directory server is trusted or not. Updates coming from an untrusted server are discarded and not propagated.
[6] The number of untrusted changes. These are changes generated on this server while it is untrusted.
    Those changes are not propagated to the rest of the topology but are effective on the untrusted server.
[7] The status of the replication on this element.
[8] Whether the external change log is enabled or not for the base DN on this server.
[9] The ID of the replication group to which the server belongs.
[10] The replication server this element is connected to with its group ID between brackets.

Disabling Directory Server Replication

The following command disables replication for the base DN dc=example,dc=com on host2. Disabling replication on one directory server removes all references to that server from the other directory servers in the replication topology.

$ dsreplication disable --baseDN "dc=example,dc=com" \
--hostname host2 --port 4444 --adminUID admin --adminPasswordFile /tmp/pwd-file \
-X -n
Establishing connections ..... Done.
Disabling replication on base DN cn=admin data of server host2:4444 ..... Done.
Disabling replication on base DN dc=example,dc=com of server host2:4444 ..... Done.
Disabling replication on base DN cn=schema of server host2:4444 ..... Done.
Removing references on base DN cn=admin data of server host1:4444 ..... Done.
Removing references on base DN dc=example,dc=com of server host1:4444 ..... Done.
Removing references on base DN cn=schema of server host1:4444 ..... Done.
Disabling replication port 8990 of server host2:4444 ..... Done.

Configuring the External Change Log on a Non-replicated Server

The following example illustrates the replication status before enabling the change log:

 
bin/dsreplication status -X --adminPasswordFile /tmp/password.txt -n --bindDN "cn=directory manager" --port 4444
Establishing connections ..... Done.
 
dc=example,dc=com - Replication Disabled
========================================
Server        : Entries   : ChangeLog [1]
--------------:-----------:--------------
host1:4444    : 200000    : Disabled

The following command enables the external change log on a non-replicated server.

bin/dsreplication enable-changelog -X --adminPasswordFile /tmp/password.txt -n --bindDN "cn=directory manager" -b dc=example,dc=com
Establishing connections ..... Done.
 
Configuring Replication port on server host1:4444 ..... Done.
Enabling Changelog on base DN dc=example,dc=com ..... Done

The following example illustrates the replication status after changelog has been enabled:

bin/dsreplication status -X --adminPasswordFile /tmp/password.txt -n --bindDN "cn=directory manager" --port 4444
Establishing connections ...... Done.
 
dc=example,dc=com - Replication Disabled
========================================
Server        : Entries   : ChangeLog [1]
--------------:-----------:--------------
host1:4444    : 200000    : Enabled
 
[1] Whether the external change log is enabled for the base DN on this server or not.

Exit Codes

0

Successful.

1

Unable to initialize arguments.

2

Cannot parse arguments because the provided arguments are not valid or there was an error checking the user data.

3

The user canceled the operation in interactive mode.

4

Conflicting arguments.

5

The specified base DNs cannot be used to enable replication.

6

The specified base DNs cannot be used to disable replication.

7

The specified base DNs cannot be used to initialize the contents of the replicas.

8

Error connecting with the credentials provided.

9

Could not find the replication ID of the domain to be used to initialize the replica.

10

The maximum number of attempts to start the initialization has been exceeded. A systematic "peer not found error" was received.

11

Error enabling replication on base DN.

12

Error initializing base DN.

13

Error reading configuration.

14

Error updating ADS.

15

Error reading ADS.

16

Error reading Topology Cache.

17

Error configuring the replication server.

18

Unsupported ADS scenario.

19

Error disabling replication on base DN.

20

Error removing replication port reference on base DN.

21

Error initializing Administration Framework.

22

Error seeding trust store.

23

Error launching pre-external initialization.

24

Error launching post-external initialization.

25

Error disabling replication server.

26

Error executing purge historical.

27

The specified base DN cannot be purged.

28

Error launching purge historical.

29

Error loading configuration class in local purge historical.

30

Error starting server in local purge historical.

31

Timeout error in local purge historical.

32

Generic error executing local purge historical.

33

The trusted host was not found in the ADS.

34

The modified host was not found in the ADS.

35

The changelog cannot be enabled on this base DN.

36

The changelog cannot be disabled on this base DN.

37

An error occurred configuring the changelog.

38

The specified host was not found in the configuration.

39

No base DN available to enable replication. This occurs when you request to enable replication between two servers, and the two servers do not have common base DNs to configure replication. It may be that they are already replicated, or that simply they are not defined).

40

No base DNs replicated. The server does not contain any replicated base DN. Thus the operations requiring replicated base DNs, for example initialize, cannot be applied to the server.

41

A source for the initialization has been specified, but no destination server could be found. None of the other servers are replicating a base DN with the server chosen as source).

42

There are replication servers or replication domains with the same replication ID. This occurs, for instance, when you try to merge two replication topologies.

43

An unidentified error.

44

Error configuring crypto manager (updating the secure connection configuration for replication).

How to Use a Properties File

The directory server supports the use of a properties file that passes in any default option values used with the dsreplication command. The properties file is convenient when working in different configuration environments, especially in scripted or embedded applications. For more information, see Using a Properties File With Server Commands.

The following options can be stored in a properties file:

  • adminUID

  • baseDN

  • certNickname

  • keyStorePasswordFile

  • keyStorePath

  • saslOption

    SASL is not supported for a proxy server instance.

  • trustAll

  • trustStorePasswordFile

  • trustStorePath

toolname.propertyname=propertyvalue

Entries in the properties file have the following format:

For example:

dsreplication.baseDN=dc=example,dc=com

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/dsreplication

  • Windows: INSTANCE_DIR\OUD\bat\dsreplication.bat

Related Commands

A.1.2.7 dstune

The dstune utility allows you to tune the Oracle Unified Directory server.

Synopsis

dstune [subcommand] [options]

Description

The dstune utility can be used to help you tuning the Oracle Unified Directory server based on criteria such as a memory limitation or the data that it will contain. To tune the server, you must use a Java Virtual Machine that uses Java HotSpot(TM), such as the Oracle Java Standard Edition.

Subcommands

The dstune utility provides the subcommands described in this section.

Note:

The dstune automatic subcommand is no longer available (automatic subcommand usage is still available for backward compatibility).

To specify automatic tuning similar to previous versions of Oracle Unified Directory, use the dstune set-runtime-options subcommand with the --value autotune suboption.

data-based

Tunes the server using information describing the data that the directory server will contain. Use --ldifFile to do the tuning based in the contents of an LDIF file. Use --entryNumber and --entrySize to do the tuning based on the number of entries and size.

If you do not specify any of these options, the server will be tuned using the data that the server currently contains.

Suboptions are as follows:

-l, --ldifFile path

Specifies the path of the LDIF file whose contents will be used to tune the server.

--entryNumber entrynumber

Specifies the number of entries that the Oracle Unified Directory server will contain. This value and the value provided for --entrySize will be used to tune the server. The default value is 100000.

--entrySize entrysize

Specifies the average size in kilobytes of the entries that the Oracle Unified Directory server will contain. This value and the value provided for --entryNumber will be used to tune the server. The default value is 4.

list

Lists the tuning settings for the server.

mem-based

Specifies the memory to be used for the tools you want to tune.

Suboptions are as follows:

--memory { heap-size | system memory | system memory percentage }

Specifies the memory to be used for the tools to be tuned.

To tune the tools based on the heap size of their respective Java process, provide a value for the memory (for example, 768m). For gigabytes, use g after the value (for example, 2.5g). If you do not specify a unit after the value, megabytes will be used.

If you are tuning the server, you can specify the system memory (systemMemory) as either an amount or percentage:

  • Amount: For example, to use 2 GB, specify systemMemory:2g. The dstune utility then splits the value you provide into two parts: the heap size that the Java Virtual Machine of the server will use and an estimation of the required file-system cache.

  • Percentage: For example, to dedicate 50 percent of system memory to the server, specify systemMemory:50.0%. To fully dedicate a machine to the server, specify systemMemory:100%.

The default value for the memory will be calculated based on your specific configuration and the free memory available on the system where dstune is running.

--targetTool { server | import-ldif | export-ldif | rebuild-index | verify-index | all }

Specifies the tools that should be tuned. The default is server.

set-runtime-options

Tunes the tools using the provided runtime settings. Use --value to provide the value of the runtime settings and --targetTool to provide the tools the value should be applied to.

Suboptions are as follows:

--value { autotune | jvm-default | JVM arguments }

Specifies the tuning parameters for the tools. The tools can be automatically tuned each time they are launched based on the available memory in the machine (provide the value autotune), the tools can use the default Java Virtual Machine on your system to choose the runtime settings (provide the value jvm-default), or you can provide directly the Java arguments that the tools must use (for instance '-server -Xmx1024m'). The default is autotune.

--targetTool { server | import-ldif | export-ldif | rebuild-index | verify-index | all }

Specifies the tools that should be tuned. The default is server.

Utility Input/Output Options

-Q, --quiet

Perform a quiet operation (no progress information is written to the standard output).

-n, --no-prompt

Run utility in non-interactive mode. If some data in the command is missing, the user will not be prompted and the command will fail.

-v, --verbose

Use verbose mode.

--displayCommand

Display the equivalent non-interactive option in the standard output when this command is run in interactive mode.

--commandFilePath path

Specify the full path to the file, where the equivalent non-interactive commands will be written when this command is run in interactive mode.

--propertiesFilePath propertiesFilePath

Specify the path to the properties file that contains the default command-line options.

--noPropertiesFile

Indicate that the command will not use a properties file to get the default command-line options.

General Options

-V, --version

Displays the version information for the directory server.

-?, -H, --help

Displays command-line usage information for the command and exit without making any attempt to stop or restart the directory server.

Examples

The examples in this section show how to use the dstune utility to tune the Oracle Unified Directory server and tools (import-ldif, export-ldif, verify-index, and rebuild-index).

Note:

Beginning with Oracle Unified Directory 11g Release 2 (11.1.2.3), the dstune automatic subcommand is no longer available (automatic subcommand usage is still available for backward compatibility).

To specify automatic tuning similar to previous versions of Oracle Unified Directory, use the dstune set-runtime-options subcommand with the --value autotune suboption.

See dstune

Memory-Based Tuning

The following subcommand tunes the server and all tools specifying 2 GB for the heap size.

$ dstune mem-based --memory 2g --targetTool all

Calculating Tuning Settings ..... Done.
Updating the tuning properties ..... Done.
Updating scripts ..... Done.

Data-Based Tuning

The following subcommand tunes the server based on the assumption that the server contains 10000000 entries with an average size of 20 KB each.

$ dstune data-based --entryNumber 10000000 --entrySize 20

Calculating Tuning Settings ..... Done.
Updating the tuning properties ..... Done.
Updating scripts ..... Done.

Runtime Tuning

The following subcommand tunes only the server and import-ldif tool to use automatic tuning. Each time you run the server and the import-ldif tool, tuning is done based on the system resources.

$ dstune set-runtime-options --targetTool server --targetTool import-ldif \
--value autotune

Updating the tuning properties ..... Done.

The server will be automatically tuned the next time it will be restarted.

Displaying the Current Tuning Mode

The following subcommand displays the current tuning settings for an Oracle Unified Directory server instance.

$ dstune list

Tool          : Tuning Value
--------------:------------------
server        : -server
import-ldif   : -Xmx2048m -server
export-ldif   : Automatic Tuning
rebuild-index : Automatic Tuning
verify-index  : -Xmx2048m -server

Exit Codes

0

The operation was completed successfully, this includes the cases where no operation is performed with no errors (for instance, the usage was displayed).

1

Unable to initialize the arguments.

2

The data provided by the user was not correct (for instance, invalid values or conflicting attributes).

3

The user canceled the operation during interaction.

4

Error writing the java.properties file.

5

Error executing the dsjavaproperties command-line to update the tuning settings.

6

An error occurred retrieving the JVM tuning settings. This occurs when the algorithms used by dstune of are not able to find some valid settings.

7

An error occurred reading the java.properties file while displaying the current tuning settings.

8

An unidentified error.

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/dstune

  • Windows: INSTANCE_DIR\OUD\bat\dstune.bat

Related Commands

A.1.2.8 gicadm

The gicadm command manages global indexes and global index catalogs.

This command is supported only for the proxy.

Synopsis

gicadm [subcommand] [options]

Description

The gicadm command enables you to create and delete a global index catalog, as well as add, modify, and delete global indexes in a global index catalog, and manage replication of global index catalogs. It also allows you to associate a global index to a distribution.

The gicadm command accesses the server over SSL through the administration connector.

Options

The gicadm command accepts the following options.

add-index

Adds a new global index to a global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--attributeName attribute-name. The identifier for the global index attribute. This identifier should be unique in the context of the global index catalog and it is used to identify the global index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it.

associate

Associates a global index catalog to a distribution workflow element. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

-d, --distributionWorkflowElement distribution-workflow-element. The name of the distribution workflow element object using this global index catalog, from which the global index catalog is to be disassociated.

create-catalog

Creates a new global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

delete-catalog

Deletes a global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

disable-replication

Disables replication on the specified server for the specified global index catalog and removes any references to this server from the other servers in the replication topology. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--adminUID adminUID. User ID of the global administrator used to bind to the server. For the enable-replication subcommand if no global administrator was defined previously the global administrator will be created using the provided data.

disassociate

Disassociates a global index catalog from a distribution workflow element. Suboptions are as follows:

-d, --distributionWorkflowElement distribution-workflow-element. The name of the distribution workflow element object using this global index catalog, from which the global index catalog is to be disassociated.

enable-replication

Updates the server configuration to replicate the global index catalog and all its global indexes. If one of the specified servers already replicates the global index catalog for a given global index, executing this subcommand will update the configuration of all servers in the topology. Therefore, it is sufficient to execute this command once for each server added to the replication topology. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--adminUID adminUID. User ID of the global administrator used to bind to the server. For the enable-replication subcommand, if no global administrator was defined previously, the global administrator will be created using the provided data.

--adminPasswordFile bindPasswordFile. The file containing the password of the global administrator.

--localReplicationPort port. Replication port number of the first server whose content will be replicated.

--localSecureReplication. Specifies whether the communication through the replication port of the first server is encrypted or not. This option will only be taken into account the first time replication is configured on the first server.

--remoteAdminPort port. Directory server administration port number of the second server whose contents will be replicated.

--remoteHost host. Fully qualified directory server host name or IP address of the second server whose contents will be replicated.

--remoteBindDN bindDN. DN to use to bind to the second server whose content will be replicated. If not specified the global administrator will be used to bind.

--remoteBindPasswordFile bindPasswordFile. File containing the password to use to bind to the second server whose content will be replicated. If no bind DN was specified for the second server the password of the global administrator will be used to bind.

--remoteReplicationPort port. Replication port number of the second server whose content will be replicated.

--remoteSecureReplication. Specifies whether the communication through the replication port of the second server is encrypted or not. This option will only be taken into account the first time.

export

Exports a global index catalog to file. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--exportDirectory directory. Path to the directory to be used to export the global index catalog. This is a required argument.

-a, --attributeName attribute-name. The name of the global index attribute. This option can be used multiple times to specify multiple indexed attributes. If this option is provided, any indexed attribute in the import source that does not match is skipped.

get-catalog-prop

Shows global index catalog properties. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--property property. The name of a property to be displayed.

-E,--record. Modifies the display output to show one property value per line.

get-index-prop

Shows index properties. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

-a, --attributeName attribute-name. The identifier for the global index attribute. This identifier should be unique in the context of the global index catalog and it is used to identify the global index.

--property property. The name of a property to be displayed. Valid property names are:all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

import

Imports content of a file into a specified global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--importDirectory directory. Path to the file to be used to import the global index catalog. This is a required argument.

--attributeName attribute-name. The identifier for the global index attribute. This identifier should be unique in the context of the global index catalog and it is used to identify the global index.

--append. Append to an existing global index rather than overwriting it.

initialize-replication

Initializes the replication of a global index catalog. All the replicated global index catalogs (part of the replication topology) can be initialized at once or the local global index catalog is initialized from a given global index catalog (also part of the replication topology). Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--adminUID adminUID. User ID of the global administrator used to bind to the server. For the initialize-replication subcommand, if no global administrator was defined previously, the global administrator will be created using the provided data.

--fromServerPort port. Directory server port number of the source server whose contents will be used to initialize the destination server.

--fromServerHost host. Directory server hostname or IP address of the source server whose contents will be used to initialize the destination server.

--all. Initializes the contents of the global index attribute on all the servers whose contents is being replicated with the contents on the specified server.

list-catalogs

Lists the global index catalogs that have been defined. Suboptions are as follows:

--property property. The name of a property to be displayed. Valid property names are:all, replication-server, server-id, window-size, heartbeat-interval and group-id.

list-indexes

Lists the global indexes that have been defined in the global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--property property. The name of a property to be displayed. Valid property names are:all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

post-external-initialization

This subcommand must be called after initializing the contents of all the replicated global indexes using the import subcommand of this tool. It will use the generation id of the targeted instance as the valid one. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

-a, --attributeName attribute-name. The identifier for the global index attribute. This option can be used multiple times to specify multiple indexed attributes. If this option is provided, any indexed attribute in the import source that does not match is skipped.

pre-external-initialization

This subcommand can be called before initializing the contents of all the replicated servers using the import subcommand of this tool. It will erase the replication change logs stored in the replication servers. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

-a, --attributeName attribute-name. The identifier for the global index attribute. This option can be used multiple times to specify multiple indexed attributes. If this option is provided, any indexed attribute in the import source that does not match is skipped.

remove-index

Removes a global index from a global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--attributeName attribute-name. The identifier for the global index attribute. This identifier should be unique in the context of the global index catalog and it is used to identify the global index.

set-catalog-prop

Modifies the properties of the global index catalog. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it. Valid property names are: all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset. Valid property names are: all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

--add property:value. Adds a single value to a property, where property is the name of the property and value is the single value to be added.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed. Valid property names are: all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

set-index-prop

Modifies the properties of an index. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--attributeName attribute-name. The identifier for the global index attribute. This identifier should be unique in the context of the global index catalog and it is used to identify the global index.

--set property:value. Assigns a value to a property, where property is the name of the property and value is the single value to be assigned. Specify the same property multiple times to assign more than one value to it. Valid property names are: all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

--reset property. Resets a property back to its default values, where property is the name of the property to be reset. Valid property names are: all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

--remove property:value. Removes a single value from a property, where property is the name of the property and value is the single value to be removed. Valid property names are: all, global-index-deleted-entry-retention-timeout, db-cleaner-min-utilization, db-log-file-max, db-checkpointer-bytes-interval, db-checkpointer-wakeup-interval, db-num-lock-tables, db-num-cleaner-threads, db-txn-no-sync, db-txn-write-no-sync, je-property, db-directory, db-directory-permissions, global-index-catalogs-shared-cache, and global-index-attribute.

status-replication

Displays a list with the basic replication configuration of the global index catalog. If no global index catalog is specified, the information for all replicated global index catalogs is displayed. Suboptions are as follows:

-c, --catalogName name. A unique identifier for the global index catalog. This is a required argument.

--adminUID adminUID. User ID of the global administrator used to bind to the server. For the status-replication subcommand, if no global administrator was defined previously, the global administrator will be created using the provided data.

-s, --scriptFriendly. Use the script-friendly mode.

LDAP Connection Options

The gicadm command contacts the directory server over SSL through the administration connector (described in Managing Administration Traffic to the Server). These connection options are used to contact the directory server.

-h, --hostname host

Directory server hostname or IP address.

-D, --bindDN bindDN

DN to use to bind to the server.

-j, --bindPasswordFile filename

The full path to the file containing the bind password.

-K, --keyStorePath path

Use the client keystore certificate in the specified path.

-N, --certNickname nickname

Use the certificate for SSL client authentication.

-o, --saslOptionname=value

SASL bind option.

-p, --port port

Directory server administration port number.

-P, --trustStorePath path

Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.

-u, --keyStorePasswordFile filename

Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used.

-U, --trustStorePasswordFile filename

Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

-X, --trustAll

Trust any certificate that the server presents. This option can be used for testing purposes, but for security reasons, a trust store should be used to determine whether the client should accept the server certificate.

--connectTimeout timeout

Specifies the maximum duration of time (in milliseconds) that can be taken to establish a connection. Use Oto indicate no time out. The default value is 30000 milliseconds.

Command Input/Output Options

--noPropertiesFile

Indicate that the command will not use a properties file to get the default command-line options.

--propertiesFilePath propertiesFilePath

Specify the path to the properties file that contains the default command-line options.

-v, --verbose

Run in verbose mode, displaying diagnostics on standard output.

General Options

-?, -H, --help

Displays command-line usage information for the command and exit without making any attempt to stop or restart the directory server.

-V, --version

Displays the version information for the directory server.

Examples

The following examples show how to use the gicadm command.

Note:

The following examples for creating a global index catalog, adding a global index, and associating a global index catalog to a distribution are the three steps required to use a global index catalog in a distribution deployment.

Viewing the Global Help Subcommands and Global Options

The following command displays the available global Help subcommands and global options for managing the global index catalog:

$ gicadm --help

Viewing Help on an Individual Subcommand

The following command displays the help information for the create-catalog subcommand:

$ gicadm create-catalog --help

Using gicadm to Create a Global Index Catalog

You must have deployed the proxy with distribution before running this command.

$ gicadm -h localhost -p 4444 -D "cn=Directory Manager" -j /path/pwd-file -X \
create-catalog --catalogName myCatalog

Using gicadm to Add a Global Index to a Global Index Catalog

You must have deployed the proxy with distribution before running this command. Moreover, you must already have created the global index catalog before running this command.

$ gicadm -h localhost -p 4444 -D "cn=Directory Manager" -j /tmp-pwd-file -X \
add-index --catalogName myCatalog --attributeName telephoneNumber

Using gicadm to Associate a Global Index Catalog to a Distribution

You must have deployed the proxy with distribution before running this command. Moreover, you must already have created the global index catalog before running this command.

$ gicadm -h localhost -p 4444 -D "cn=Directory Manager" -j /tmp-pwd-file -X \
associate --catalogName myCatalog --distributionWorkflowElement myDistributionName

Exit Codes

An exit code of 0 indicates that the operation completed successfully. A nonzero exit code indicates that an error occurred during processing.

Location

  • UNIX and Linux: INSTANCE_DIR/OUD/bin/gicadm

  • Windows: INSTANCE_DIR\OUD\bat\gicadm.bat

Related Commands

A.1.2.9 manage-tasks

The manage-tasks command manages and monitors tasks that have been scheduled to run on the directory server.

This command is not supported for the proxy.

Synopsis

manage-tasks [options]

Description

The manage-tasks command can be used to manage and monitor tasks that have been scheduled to run on the directory server. Tasks are scheduled by providing the appropriate scheduling information when the task is invoked (see Configuring Commands As Tasks). The manage-tasks command can be used to list tasks that are currently scheduled or that have already been executed. In addition, you can get more detailed information about a task's scheduled and execution time, its log messages, and its options.

The manage-tasks command can only be run on an online server instance, and accesses the task back end over SSL through the administration connector (described in Managing Administration Traffic to the Server).

Options

The manage-tasks command accepts an option in either its short form (for example, -c taskID) or its long form equivalent (for example, --cancel taskID).

-c, --cancel taskID

Specify a particular task to cancel.

-i, --info taskID

Display information for a particular task.

-s, --summary

Print a summary of tasks.

LDAP Connection Options

-D, --bindDN bindDN

Use the bind DN to authenticate to the directory server. This option is used when performing simple authentication and is not required if SASL authentication is used. The default value for this option is cn=Directory Manager.

-h, --hostname hostname

Contact the directory server on the specified hostname or IP address. If this option is not provided, a default of localhost is used.

-j, --bindPasswordFile filename

Use the bind password in the specified file when authenticating to the directory server.

-K, --keyStorePath path

Use the client keystore certificate in the specified path.

-N, --certNickname nickname

Use the specified certificate for client authentication.

-o, --saslOption name=value

Use the specified options for SASL authentication.

-p, --port port

Contact the directory server at the specified administration port. If this option is not provided, a default administration port of 4444 is used.

-P, --trustStorePath path

Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.

-u, --keyStorePasswordFile filename

Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used.

-U, --trustStorePasswordFile filename

Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

-X, --trustAll

Trust all server SSL certificates that the directory server presents. This option can be used for convenience and testing purposes, but for security reasons a trust store should be used to determine whether the client should accept the server certificate.

Command Input/Output Options

-n,--no-prompt

Use non-interactive mode. If required option values are missing, you are not prompted and the command will fail.

--noPropertiesFile

Indicates that a properties file is not used to obtain the default command-line options.

--propertiesFilePath path

Specify the path to the properties file that contains the default command-line options.

General Options

-?, -H, --help

Display command-line usage information for the command and exit without making any attempt to manage tasks.

-V, --version

Display the version information for the directory server and exit rather than attempting to run this command.

Examples

The following examples show how to use the manage-tasks command.

Displaying a Summary of Scheduled Tasks

The following command displays a list of scheduled tasks:

$ manage-tasks -h localhost -p 4444 -D "cn=directory manager" -j /path/pwd-file \
  -X -s

  ID                Type     Status
  -------------------------------------------------
  2008101610361710  Backup   Completed successfully
  2008101610403710  Restore  Completed successfully
  2008101610442610  Restore  Waiting on start time

Obtaining Task Information

The following command returns information about a specific task:

$ manage-tasks -h localhost -p 4444 -D "cn=directory manager" -j /path/pwd-file \
  -X -i 2008101610442610
  Task Details
  -------------------------------------------------------
  ID                        2008101610442610
  Type                      Restore
  Status                    Waiting on start time
  Scheduled Start Time      Jan 25, 2009 12:15:00 PM SAST
  Actual Start Time
  Completion Time
  Dependencies              None
  Failed Dependency Action  None
  Email Upon Completion     admin@example.com
  Email Upon Error          admin@example.com

  Restore Options
  ----------------------------------
  Backup Directory  /backup/userRoot

Canceling a Scheduled Task

The following command cancels a scheduled task. The command uses the --no-prompt option to run in non-interactive mode.

$ manage-tasks -h localhost -p 4444 -D "cn=directory manager" -j /path/pwd-file \
  -X -c 2008101610442610
Task 2008101610442610 canceled

Exit Codes

An exit code of 0 indicates that the operation completed successfully. An exit code of 1 indicates that an error occurred during processing.

How to Use a Properties File

The directory server supports the use of a properties file that passes in any default option values used with the manage-tasks command. The properties file is convenient when working in different configuration environments, especially in scripted or embedded applications. For more information, see Using a Properties File With Server Commands.

Location

  • UNIX and Linux: OUD_ORACLE_HOME/bin/manage-tasks

  • Windows: OUD_ORACLE_HOME\bat\manage-tasks.bat

A.1.2.10 oudCopyConfig

The oudCopyConfig command is used to obtain a copy of an existing configuration, from the source environment.

For more information about moving from a test to production environment, see Moving from a Test to a Production Environment.

Synopsis

oudCopyConfig [options]

Description

To obtain a copy of an existing configuration, run the oudCopyConfig command in the source environment.

The oudCopyConfig command performs the following actions:

  • It creates an archive (archivePath) that contains the required configuration data to move the test instance (instHomePath) to a production environment. The -archiveLoc option specifies the full path to the archive.

  • It creates a move plan in the archive.

  • Logs any messages to log_directory. If not specified, the default location of logged messages is the system temporary directory.

Options

The oudCopyConfig command accepts an option in the form:

-javaHome, javaHomePath

Absolute path of JDK.

-al, -archiveLoc archivePath

Absolute path of archive location. It contains the required configuration data to move the test instance (instHomePath) to a production environment.

-sih, -sourceInstanceHomeLoc instHomePath

Absolute path of an existing instance that you want to copy to a production environment.

-h, -help

Show this help message and exit. This parameter is optional.

-ldl, -logDirLoc logPath

Existing log directory location. Default location is system temporary location. This parameter is optional.

Examples

The following examples show how to use the oudCopyConfig command.

Obtaining a Copy of an Existing Configuration

The following command obtains a copy of an existing configuration.

$ OUD_ORACLE_HOME/bin/oudCopyConfig -javaHome /usr/jdk \
-sourceInstanceHomeLoc /local/asinst_1 -archiveLoc /tmp/oud.jar \
-logDirLoc /tmp/logs

Running the Help Command Option

The following command runs the Help Command Option.

$ OUD_ORACLE_HOME/bin/oudCopyConfig -javaHome /usr/jdk -help

Location

  • UNIX and Linux: OUD_ORACLE_HOME/bin/oudCopyConfig

  • Windows: OUD_ORACLE_HOME\bat\oudCopyConfig.bat

A.1.2.11 oudExtractMovePlan

The oudExtractMovePlan command is used to create an editable version of the configuration in a file named moveplan.xml, in the location specifed by the -planDirLoc argument. This directory must exist, and be writable.

For more information about moving from a test to production environment, see Moving from a Test to a Production Environment.

Synopsis

oudExtractMovePlan [options]

Description

You can modify certain configuration parameters by editing the move plan. A move plan is an XML file that exposes customizable parameters during the move across environments.

The move plan is generated when you run the oudCopyConfig command and is used by the oudPasteConfig command to duplicate the configuration.

Options

The oudExtractMovePlan command accepts an option in the form:

-javaHome, javaHomePath

Absolute path of JDK.

-al, -archiveLoc archivePath

Absolute path of archive location.

-pdl, -planDirLoc planPath

Absolute path to directory where moveplan is to be extracted. The name of move plan file is moveplan.xml.

-h, -help

Show this help message and exit. This parameter is optional.

-ldl, -logDirLoc logPath

Existing log directory location. Default location is system temporary location. This parameter is optional.

Examples

The following examples show how to use the oudExtractMovePlan command.

Editing the Configuration

The following command allows you to edit the configuration.

$ OUD_ORACLE_HOME/bin/oudExtractMovePlan -javaHome /usr/jdk \
-al /tmp/oud.jar -pdl /tmp -logDirLoc /tmp/logs

Running the Help Command Option

The following command runs the Help Command Option.

$ OUD_ORACLE_HOME/bin/oudExtractMovePlan -javaHome /usr/jdk -help

Location

  • UNIX and Linux: OUD_ORACLE_HOME/bin/oudExtractMovePlan

  • Windows: OUD_ORACLE_HOME\bat\oudExtractMovePlan.bat

Related Commands

A.1.2.12 oudPasteConfig

The oudPasteConfig command is used to paste the configuration in the target environment.

For more information about moving from a test to production environment, see Moving from a Test to a Production Environment.

Synopsis

oudPasteConfig [options]

Description

To obtain the configuration in the target environment, run the oudPasteConfig command.

The oudPasteConfig command creates a new server instance with the configuration obtained from the archive and the amended move plan.

Options

The oudPasteConfig command accepts an option in the form:

-javaHome, javaHomePath

Absolute path of JDK.

-al, -archiveLoc archivePath

Absolute path of archive location.

-mpl, -movePlanLoc planPath

Absolute path to the moveplan extracted during extract plan operation.

-tih, -targetInstanceHomeLoc instHomePath

Absolute path of instance home under which Oracle Unified Directory configuration will be restored.

-toh, -targetOracleHomeLoc oracleHomePath

Absolute path of the Oracle home associated with the instance home.

-tin, -targetInstanceName instanceName

Target instance name. If specified, must be consistent with target instance path. This parameter is optional.

-h, -help

Show this help message and exit. This parameter is optional.

-ldl, -logDirLoc logPath

Existing log directory location. Default location is system temporary location. This parameter is optional.

Examples

The following examples show how to use the oudPasteConfig command.

Pasting the Configuration

The following command allows you to paste the configuration.

$ OUD_ORACLE_HOME/bin/oudPasteConfig -javaHome /usr/jdk -al /tmp/oud.jar \
-tih /tmp/asinst_2 -toh /tmp/Oracle_OUD1 \
-mpl /tmp/moveplan.xml -tin asinst_2

Running the Help Command Option

The following command runs the Help Command Option.

$ OUD_ORACLE_HOME/bin/oudPasteConfig -javaHome /usr/jdk -help

Location

  • UNIX and Linux: OUD_ORACLE_HOME/bin/oudPasteConfig

  • Windows: OUD_ORACLE_HOME\bat\oudPasteConfig.bat

A.1.2.13 oud-replication-gateway-setup

The oud-replication-gateway-setup command is used to setup the replication gateway instance.

Synopsis

oud-replication-gateway-setup [options]

Description

The oud-replication-gateway-setup command installs and configures a replication gateway instance, including specifying the ports on which it will listen, the DN and password for the initial root user, and the base DN for the replication gateway data. The replication gateway allows replication to work between a set of Oracle Directory Server Enterprise Edition servers and a set of Oracle Unified Directory servers.

The utility can be run in one of the following modes:

  • Graphical-user interface (GUI) mode. GUI mode is the default and recommended installation option. The oud-replication-gateway-setup GUI provides an easy interface for installing and configuring replication servers in replicated multi-network environments. GUI mode also allows for easy server setup using SSL or StartTLS if desired.

    The utility launches the graphical installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on.

  • Command-line interface (CLI) mode. The command-line mode is either interactive or non-interactive. The interactive CLI mode prompts you for any required information before the configuration begins, and is used with the --cli option, or if no GUI is available.

    The utility launches the command-line installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on.

    The non-interactive CLI mode enables you to set up the server without user intervention. Use the --no-prompt and the --quiet options to suppress interactivity and output information, respectively.

When the oud-replication-gateway-setup command is run without any options, it starts in GUI mode but falls back to interactive command-line mode if no GUI is available. To run the setup in interactive command-line mode, use the --cli option.

Note:

No options are allowed if the command is run in GUI mode.

Options

The oud-replication-gateway-setup command accepts an option in either its short form (for example, -i) or its long form equivalent (for example, --cli).

-i, --cli

Use the command line install. If not specified the graphical interface will be launched. The rest of the options (excluding help and version) will only be taken into account if this option is specified.

Replication Gateway Configuration Options

-h, --hostname hostname

The fully-qualified name of the host where the replication gateway will be installed. The Oracle Directory Server Enterprise Edition and Oracle Unified Directory servers in the replication topology must be able to access this hostname. If this option is not provided, a default of localhost is used.

--adminConnectorPort port

Specifies the port on which the administration connector should listen for administration traffic. For information about the administration connector, see Managing Administration Traffic to the Server. The configuration and administration tools use this port to connect to the replication gateway. The default value is 4444.

--replicationPortForLegacy port

Specifies the port that is used by the Oracle Directory Server Enterprise Edition server to communicate with the replication gateway to replicate contents.

-S, --skipPortCheck

Do not make any attempt to determine whether the specified port is available. Normally, when this option is not present, the oud-replication-gateway-setup command verifies if that port is in use or not, and if not in use then the user running the command can bind to that port. With the --skipPortCheck option, the oud-replication-gateway-setup command skips the port check.

-D, --rootUserDN rootUserDN

DN for the initial root user for the replication gateway.

-j, --rootUserPasswordFile rootUserPasswordFile

Path to a file containing the password for the initial root user for the replication gateway.

-O, --doNotStart

Do not start the replication gateway when the configuration is completed.

-b, --baseDN baseDN

Specify the base DN of the data to be replicated between the Oracle Unified Directory and the Oracle Directory Server Enterprise Edition server. Multiple base DN's can be provided by using this option multiple times.

Oracle Directory Server Enterprise Edition Server Options

--hostNameLegacy hostname

The fully-qualified name of the host or IP address of the Oracle Directory Server Enterprise Edition server whose contents will be replicated.

--portLegacy port

Specifies the port number of the Oracle Directory Server Enterprise Edition server whose contents will be replicated. This port is used by the replication mechanism to replicate contents.

--bindDNLegacy bindDN

Specifies the DN that is used to bind the Oracle Directory Server Enterprise Edition server whose contents will be replicated.

--bindPasswordFileLegacy bindPasswordFile

Specifies the file that stores the password that is used to bind the Oracle Directory Server Enterprise Edition server whose contents will be replicated.

--secureReplicationLegacy

Specifies if the replication updates between the Oracle Directory Server Enterprise Edition server and the replication gateway are sent encrypted or not. If you enable this option, then you must specify the certificate to be used by the server using the options in Replication Gateway Security Options and the port specified using argument --portLegacy must be an LDAP port.

--clientAuthenticationToLegacy

Uses client authentication to send replication updates from the replication gateway to the Oracle Directory Server Enterprise Edition server. You can use this argument only if attribute --secureReplicationLegacy is used.

--certFileForClientAuthenticationToLegacy certificateFile

Specifies the file that contains the certificate to be used in client authentication mode when the replication gateway connects to the Oracle Directory Server Enterprise Edition server to send replication updates. The file must contain the certificate in X.509 format.

--doNotSendUpdatesToLegacyServer

Do not propagate the updates made in the Oracle Unified Directory servers to the Oracle Directory Server Enterprise Edition server. If you use this option the changes made directly in the Oracle Unified Directory servers will not be propagated to the Oracle Directory Server Enterprise Edition servers replication topology.

--doNotUpdateTrustStoreWithLegacyCertsArg

If you specify this argument and the replication gateway sends replication updates to the Oracle Directory Server Enterprise Edition server using an encrypted communication (specified using the --secureReplicationLegacy argument), then you will have to update the trust store used by the replication gateway with the server certificate of the Oracle Directory Server Enterprise Edition server for replication to work.

--clientAuthenticationFromLegacy

Uses client authentication to send replication updates from the Oracle Directory Server Enterprise Edition server to the replication gateway. You can use this argument only if attribute --secureReplicationLegacy is used.

Replication Gateway Security Options

--generateSelfSignedCertificate

Generates a self-signed certificate that the replication gateway will use as server certificate when accepting encrypted connections from the Oracle Directory Server Enterprise Edition server.

--usePkcs11Keystore

Use a certificate in a PKCS#11 token that the replication gateway will use as server certificate when accepting encrypted connections from the Oracle Directory Server Enterprise Edition server.

--useJavaKeystore keyStorePath

Specifies the path of a Java Key Store (JKS) that contains a certificate that the replication gateway will use as server certificate when accepting encrypted connections from the Oracle Directory Server Enterprise Edition server.

--useJCEKS keyStorePath

Specifies the path of a JCEKS that contains a certificate that the replication gateway will use as server certificate when accepting encrypted connections from the Oracle Directory Server Enterprise Edition server.

--usePkcs12keyStore keyStorePath

Path of a PKCS#12 key store that contains the certificate that the replication gateway will use as server certificate when accepting encrypted connections from the Oracle Directory Server Enterprise Edition server.

--gatewayKeyStorePasswordFile keyStorePasswordFile

Specifies the file containing the certificate key store PIN. It is required to access the key store that contains the certificate (JKS, JCEKS, PKCS#12, or PKCS#11) that the replication gateway will use as server certificate. This is required when the replication gateway is configured for encrypted replication communication with the Oracle Directory Server Enterprise Edition server.

--gatewayCertNickname nickname

Specifies the nickname of the certificate that the replication gateway will use when accepting encrypted connections from the Oracle Directory Server Enterprise Edition server.

Oracle Unified Directory Server Options

--hostNameNg hostname

The fully-qualified name of the host or IP address of the Oracle Unified Directory server whose contents will be replicated.

--portNg port

Specifies the port number of the Oracle Unified Directory server whose contents will be replicated.

--bindDNNg bindDN

Specifies the DN that is used to bind the Oracle Unified Directory server whose contents will be replicated. If this attribute is not specified the global administrator is used to bind.

--bindPasswordFileNg bindPasswordFile

Specifies the file that stores the password that is used to bind the Oracle Unified Directory server whose contents will be replicated. If no bind DN is specified for this server the password of the global administrator is used to bind.

--replicationPortNg port

Specifies the port used by the replication mechanism in the Oracle Unified Directory server to communicate with other Oracle Unified Directory servers. You must specify this option only if you have not configured replication for the provided Oracle Unified Directory server.

--secureReplicationNg

Specifies whether the replication communication established by the replication gateway to the Oracle Unified Directory servers is encrypted. If the replication port of the Oracle Unified Directory was not configured, the communication through it will be encrypted depending on whether this option is set.

-I, --adminUID adminUID

Specifies the user ID of the Global Administrator to use to bind to the Oracle Unified Directory server. If you have not defined a Global Administrator in the Oracle Unified Directory, then the Global Administrator is created using the provided data. The default value is admin.

--adminPasswordFile bindPasswordFile

The file that contains the password of the global administrator.

Secure Connection Options

-o, --saslOption name=value

These are SASL bind options.

SASL is not supported for a proxy instance.

-X, --trustAll

Trust all server SSL certificates that the server presents. This option can be used for convenience and testing purposes, but for security reasons a trust store should be used to determine whether the client should accept the server certificate.

-P, --trustStorePath path

Use the client trust store certificate in the specified path. This option is not needed if --trustAll is used, although a trust store should be used when working in a production environment.

-U, --trustStorePasswordFile path

Use the password in the specified file to access the certificates in the client trust store. This option is only required if --trustStorePath is used and the specified trust store requires a password to access its contents (most trust stores do not require this).

-K, --keyStorePath path

Use the client keystore certificate in the specified path.

-u, --keyStorePasswordFile filename

Use the password in the specified file to access the certificates in the client keystore. This option is only required if --keyStorePath is used.

-N, --certNickname nickname

Use the specified certificate for SSL client authentication.

--connectTimeout timeout

Specifies the maximum length of time (in milliseconds) that can be taken to establish a connection. Use 0to specify no time out. The default value is 30000.

Command Input/Output Options

-n, --no-prompt

Run setup in non-interactive mode. If some data in the command is missing, the user will not be prompted and the command will fail.

-Q, --quiet

Run in quiet mode. No output will be generated unless a significant error occurs during the process.

-v, --verbose

Run in verbose mode, displaying diagnostics on standard output.

--noPropertiesFile

Indicate that the command will not use a properties file to get the default command-line options.

--propertiesFilePath path

Specify the path to the properties file that contains the default command-line options.

General Options

-?, -H, --help

Display command-line usage information for the command and exit without making any attempt to stop or restart the server.

--version

Display the version information for the directory server and exit rather than attempting to run this command.

Examples

The following examples show how to use the replication server commands.

Running oud-replication-gateway-setup in GUI Mode

The following command runs an installation in GUI mode:

$ oud-replication-gateway-setup

The utility launches the graphical installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

$ export INSTANCE_NAME=my-oud-instance

Running oud-replication-gateway-setup in Interactive Mode From the Command Line

The GUI is launched and provides several screens that walk you through setting up your replication server in standalone or replicated environments. You also have the option to set up SSL or StartTLS certificates.

The oud-replication-gateway-setup command can be run in interactive mode, where you are prompted for installation options. To run oud-replication-gateway-setup in interactive mode, type the following command:

$ oud-replication-gateway-setup --cli

The command prompts you for the required setup values. Press Enter or Return to accept the default, or enter a value at the prompt.

The utility launches the command-line installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

$ export INSTANCE_NAME=my-oud-instance

Exit Codes

0

Successful completion or successful no-op.

1

Error unexpected. Potential bug.

2

Error user data. Cannot parse options, or data provided by user is not valid.

4

Error initializing server.

How to Use a Properties File

The directory server supports the use of a properties file that passes in any default option values used with the oud-replication-gateway-setup command. The properties file is convenient when working in different configuration environments, especially in scripted or embedded applications. For more information, see Using a Properties File With Server Commands.

All the oud-replication-gateway-setup options can be stored in a properties file. Entries in the properties file have the following format:

toolname.propertyname=propertyvalue

For example:

oud-replication-gateway-setup.hostname=grevalon:1444

Log Files

The oud-replication-gateway-setup command writes a log file named oud-setup-IDnumber where IDnumber is a decimal number. The log files are located at these paths:

  • UNIX (Solaris): /var/tmp/

  • Linux: /tmp/

  • Windows: %TEMP%

    By default, this folder is C:\Documents and Settings\User\Local Settings\Temp.

Location

The oud-replication-gateway-setup command is located at these paths:

  • UNIX and Linux: OUD_BASE_LOCATION/OUD_ORACLE_HOME/oud-replication-gateway-setup

  • Windows: OUD_BASE_LOCATION\OUD_ORACLE_HOME\oud-replication-gateway-setup.bat

Related Commands

A.1.2.14 oud-setup

The oud-setup command installs and minimally configures a directory server instance.

This command sets up a directory server instance. For information about setting up a proxy server instance, see oud-proxy-setup

Synopsis

oud-setup [options]

Description

The oud-setup command installs and configure a directory server instance, including specifying the ports on which it will listen, the DN and password for the initial root user, the base DN for the directory data, and the manner in which the database should be populated. It can be run in one of the following modes:

  • Graphical-user interface (GUI) mode. GUI mode is the default and recommended installation option. The oud-setup GUI provides an easy interface for installing and configuring standalone directory servers or replication servers in replicated multi-network environments. GUI mode also allows for easy server setup using SSL or StartTLS if desired.

    The utility launches the graphical installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on.

  • Command-line interface (CLI) mode. The command-line mode is either interactive or non-interactive. The interactive CLI mode prompts you for any required information before the configuration begins, and is used with the --cli option, or if no GUI is available.

    The utility launches the command-line installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on.

    The non-interactive CLI mode enables you to set up the server without user intervention. Use the --no-prompt and the --quiet options to suppress interactivity and output information, respectively.

When the oud-setup command is run without any options, it starts in GUI mode but falls back to interactive command-line mode if no GUI is available. To run oud-setup in command-line mode, use the --cli option. The options that can be provided are listed below.

Note:

No options are allowed if the command is run in GUI mode.

Options

The oud-setup command accepts an option in either its short form (for example, -a) or its long form equivalent (for example, --addBaseEntry).

-a, --addBaseEntry

Indicates whether to create the base entry in the directory server database.

-i, --cli

Run the setup command in command-line interactive mode rather than in GUI mode. If setup is run without the --cli option, it cannot accept other options.

-b, --baseDN baseDN

Use the base DN for user information in the Directory Server. The default value for this option is dc=example,dc=com. Multiple base DNs can be specified by providing this option multiple times.

-l, --ldifFile filename

Use the specified LDIF file to populate the database. Data can be imported from multiple files by providing this option multiple times, in which case the files are processed in the order they are provided in the option list. Do not use this option with either the --addBaseEntry or --sampleData option. If this option is not provided, then the database is left empty.

-R, --rejectFile filename

Write rejected entries to the specified file. Rejected entries occur if they do not comply with the default schema during an import using the -l or --ldifFile option.

--skipFile filename

Write skipped entries to the specified file. Skipped entries occur if entries cannot be placed under any specified base DN during an import using the -l or --ldifFile option.

-d, --sampleData number-of-entries

Populate the database with the specified number of sample user entries. You generate the entries by using the MakeLDIF facility of the import command and they are based on the default example.template template. Do not use this option with either --addBaseEntry or --ldifFile. If this option is not provided, then the database is left empty.

--eus

Configure the server for Oracle's Enterprise User Security (EUS).

-p,--ldapPort port

Contact the directory server at the specified port. If it is not provided, then the default port of 1389 as non-root and 389 as root is used.

--adminConnectorPort port

Specifies the port on which the administration connector should listen for administration traffic. For information about the administration connector, see Managing Administration Traffic to the Server. The default value is 4444.

-x, --jmxPort port

Specify the port for a JMX MBeans server connection. The default value for this option is 1689.

-S, --skipPortCheck

Do not make any attempt to determine whether the specified port is available. Normally, when this option is not present, the oud-setup command verifies that the port is not in use and that the user running the setup command can bind to that port. With the --skipPortCheck option, the oud-setup command skips the port check.

-D, --rootUserDN rootUserDN

Use the specified root user DN to authenticate the directory server. This option is used when performing simple authentication and is not required if SASL authentication is used. The default value for this option is cn=Directory Manager.

-j, --rootUserPasswordFile filename

Specifies the file containing the password for the initial root user while authenticating the directory server.

-O, --doNotStart

Do not start the directory server when the configuration is completed.

-q, --enableStartTLS

Enable StartTLS to allow secure communication with the directory server by using the LDAP port.

-Z, --ldapsPort port

Contact the directory server at the specified port for LDAP SSL (LDAPS) communication. The LDAPS port will be configured and SSL will be enabled only if this option is explicitly specified. The default value is 1636.

--generateSelfSignedCertificate

Generate a self-signed certificate that the directory server should use when accepting SSL-based connection or performing StartTLS negotiation.

-h, --hostname host

The name of the directory server host or IP address that is used to generate the self-signed certificate. This argument is considered only if the self-signed certificate argument, --generateSelfSignedCertificate is specified

--usePkcs11Keystore

Use a certificate in a PKCS#11 format that the server should use when accepting SSL-based connections or performing StartTLS negotiation

--useJavaKeystore path

Specify the path to the Java Keystore (JKS) that contains the server certificate.

--useJCEKS path

Specify the path to the Java Cryptography Extension Keystore (JCEKS) that contains the server certificate.

--usePkcs12Keystore path

Specify the path to the PKCS#12 keystore that contains the server certificate.

-u, --keyStorePasswordFile filename

Use the password in the specified file to access the certificate keystore. A password is required when you specify an existing certificate (JKS, JCEKS, PKCS#11, or PKCS#12) as a server certificate.

-N, --certNickname nickname

Use the specified certificate for SSL or StartTLS client authentication.

-e, --enableWindowsService

Enable the directory server as a Windows service. For Windows-platforms only.

--serverTuning { jvm-default | heap-size | system-memory | system-memory-percentage | JVM arguments }

Specifies runtime tuning options for the server.

Note:

In Oracle Unified Directory 11g Release 2 (11.1.2.3), the autotune option has been removed. However, autotune usage is still available for backward compatibility.

To use the default (or configured) Java Virtual Machine with no extra arguments on your system when running the server, provide the value jvm-default.

To tune the server based on the heap size of its Java process, provide the memory to be used (for example: 768m). For gigabytes, use g (for example: 2.5g). If neither a unit nor a % is specified after the value, megabytes will be used.

The server requires memory not only for its Java process but also memory in the file-system cache. The memory for the server is the sum of the Java Heap and an estimation of the required file-system cache.

You can specify the system memory as either an amount or percentage:

  • Amount: For example:

    Specify --serverTuning systemMemory:3g to use 3.0 gigabytes.

    Specify --serverTuning systemMemory:1g to use one gigabyte.

    Specify --serverTuning systemMemory:512 to use 512 megabytes.

    The oud-setup script then splits the value you provide into two parts: the heap size that the Java Virtual Machine of the server will use and an estimation of the required file-system cache.

  • Percentage: For example:

    Specify --serverTuning systemMemory:50.0% to dedicate 50 percent of system memory to the server.

    Specify --serverTuning systemMemory:25% to dedicate 25 percent of system memory to the server.

    Specify --serverTuning systemMemory:100% to fully dedicate a machine to the server.

    The oud-setup script then splits the percentage you provide into two parts: the heap size that the Java Virtual Machine of the server will use and an estimation of the required file-system cache.

You can also directly specify the JVM arguments that the server must use. For example:

--serverTuning -server -Xmx1024m

The default value for the server will be calculated based on the free memory available on the system and will depend on the machine where the setup is running and how much memory is being used on that machine.

--offlineToolsTuning { autotune | jvm-default | JVM arguments }

Specifies tuning for the off-line tools (import-ldif, export-ldif, verify-index, and rebuild-index).

Note:

In Oracle Unified Directory 11g Release 2 (11.1.2.3), the --importTuning option has been renamed to --offlineToolsTuning. However, --importTuning usage is still available for backward compatibility.

The tools can be automatically tuned each time they are launched based on the available memory in the machine (provide the value autotune), or they can use the default Java Virtual Machine on your system for the run-time settings (provide the value jvm-default).

You can also directly provide the Java arguments that the tools should use. For example, the following command uses the -server argument:

--offlineToolsTuning  -server -Xmx1024m

The default value for the tools will be calculated based on the free memory available on the system and will depend on the machine where the setup is running and how much memory is being used on that machine.

Command Input/Output Options

-n, --no-prompt

Run setup in non-interactive mode. If some data in the command is missing, the user will not be prompted and the command will fail.

--noPropertiesFile

Indicate that the command will not use a properties file to get the default command-line options.

--propertiesFilePath path

Specify the path to the properties file that contains the default command-line options.

-Q, --quiet

Run in quiet mode. No output will be generated unless a significant error occurs during the process.

-v, --verbose

Run in verbose mode, displaying diagnostics on standard output.

General Options

-?, -H, --help

Display command-line usage information for the command and exit without making any attempt to stop or restart the server.

-V, --version

Display the version information for the directory server and exit rather than attempting to run this command.

Examples

The following examples show how to use the directory server commands.

Running oud-setup in GUI Mode

The following command runs an installation in GUI mode:

$ oud-setup

The GUI is launched and provides several screens that walk you through setting up your directory server in standalone or replicated environments. You also have the option to set up SSL or StartTLS certificates.

The utility creates the Oracle Unified Directory instance in OUD_BASE_LOCATION /INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

$ export INSTANCE_NAME=my-oud-instance

Running oud-setup in Interactive Mode From the Command Line

The oud-setup command can be run in interactive mode, where you are prompted for installation options. To run oud-setup in interactive mode, type the following command:

$ oud-setup --cli

The command prompts you for the required setup values. Press Enter or Return to accept the default, or enter a value at the prompt.

The utility launches the command-line installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

$ export INSTANCE_NAME=my-oud-instance

Running oud-setup in Non-Interactive CLI Mode

The non-interactive CLI mode enables you to create installation scripts with the oud-setup command when many directory server instances must be configured for large replicated environments. This mode requires the --no-prompt and --quiet options to be provided. If no option is present, the oud-setup command defaults to interactive mode.

The following command runs the installation in non-interactive (--no-prompt) and quiet (-Q) modes. It sets the LDAP port (-p), the administration connector port (--adminConnectorPort), the root DN (-D), the file containing the root DN password (-j), and adds a base entry (-a) with the specified base DN (-b),

$ oud-setup --cli --no-prompt -Q -p 1389 --adminConnectorPort 4444 \
  -D "cn=Directory Manager" -j /path/pwd-file -a -b dc=example,dc=com

Running oud-setup in Non-Interactive CLI Mode With LDIF Import

The following command runs the installation in non-interactive (--no-prompt) and quiet (-Q) modes. It sets the LDAP port (-p), the administration connector port (--adminConnectorPort), the root DN (-D), the file containing the root DN password (-j), and adds the baseDN (-b) with data imported from an LDIF file (-l).

$ oud-setup --cli --no-prompt -Q -p 1389 --adminConnectorPort 4444 \
  -D "cn=Directory Manager" -j /path/pwd-file -b dc=example,dc=com \
  -l "/home/ldif/company.ldif"

Running oud-setup in Non-Interactive Mode With Sample Entry Generation

The following command runs the installation in non-interactive (--no-prompt) and quiet (-Q) modes. It sets the LDAP port (-p), the administration connector port (--adminConnectorPort), the root DN (-D), the file containing the root DN password (-j), the baseDN (-b) and generates 2000 sample entries (-d).

$ oud-setup --cli --no-prompt -Q -p 1389 --adminConnectorPort 4444 \
  -D "cn=Directory Manager" -j /path/pwd-file -b dc=example,dc=com -d 2000

Running oud-setup on Windows

The following command enables the directory server to run as a Windows service (-e). It sets the LDAP port (-p), the administration connector port (--adminConnectorPort), the JMX port (-x), the rootDN (-D), the file containing the root DN password (-j), and the baseDN (-b), and generates 10000 sample entries.

C:\> oud-setup.bat --cli -e -p 1389 --adminConnectorPort 4444 -x 1689 \
  -D "cn=Directory Manager" -j /path/pwd-file -b dc=example,dc=com -d 10000

The utility launches the graphical installer and creates the Oracle Unified Directory instance in OUD_BASE_LOCATION/INSTANCE_DIR. The default instance directory name is asinst_1, with subsequent instances on the same server named asinst_2, asinst_3, and so on. To specify a different instance name, set the INSTANCE_NAME environment variable before you run the setup, for example:

$ export INSTANCE_NAME=my-oud-instance

Running oud-setup in Interactive Mode To Tune the Server

The following command allows you to tune the Oracle Unified Directory server.

C:\OUD\OracleUnifiedDirectory> oud-setup.bat --cli
OUD Instance location successfully created - C:\OUD\OracleUnifiedDirectory\..\asinst_1"
 
Oracle Unified Directory 11.1.2.3.0
Please wait while the setup program initializes...
 
What would you like to use as the initial root user DN for the Directory
Server? [cn=Directory Manager]:
Please provide the password to use for the initial root user: password
Please re-enter the password for confirmation: password
 
On which port would you like the Directory Server to accept connections from
LDAP clients? [389]:
 
On which port would you like the Administration Connector to accept
connections? [4444]:
 
Do you want to create base DNs in the server? (yes / no) [yes]:
 
Provide the base DN for the directory data: [dc=example,dc=com]:
Options for populating the database:
 
    1)  Only create the base entry
    2)  Leave the database empty
    3)  Import data from an LDIF file
    4)  Load automatically-generated sample data
 
Enter choice [1]: 4
Please specify the number of user entries to generate: [2000]:
 
Do you want to enable SSL? (yes / no