dsconf - Man Page

dsconf [-h] [-v] [-j] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN] [-Z] instance {backend,backup,chaining,config,directory_manager,logging,monitor,plugin,pwpolicy,localpwp,replication,repl,repl-agmt,repl-winsync-agmt,repl-tasks,repl-conflict,sasl,security,schema} ...

dsconf backend

Manage database suffixes and backends

dsconf backup

Manage online backups

dsconf chaining

Manage database chaining and database links

dsconf config

Manage the server configuration

dsconf directory_manager

Manage the Directory Manager account

dsconf logging

Manage the server logs

dsconf monitor

Monitor the state of the instance

dsconf plugin

Manage plug-ins available on the server

dsconf pwpolicy

Manage the global password policy settings

dsconf localpwp

Manage the local user and subtree password policies

dsconf replication

Manage replication for a suffix

dsconf repl-agmt

Manage replication agreements

dsconf repl-winsync-agmt

Manage Winsync agreements

dsconf repl-tasks

Manage replication tasks

dsconf repl-conflict

Manage replication conflicts

dsconf sasl

Manage SASL mappings

dsconf security

Manage security settings

dsconf schema

Manage the directory schema

usage: dsconf [-v] [-j] instance backend [-h]
                              {suffix,index,vlv-index,attr-encrypt,config,monitor,import,export,create,delete,get-tree,compact-db} ...

dsconf backend suffix

Manage backend suffixes

dsconf backend index

Manage backend indexes

dsconf backend vlv-index

Manage VLV searches and indexes

dsconf backend attr-encrypt

Manage encrypted attribute settings

dsconf backend config

Manage the global database configuration settings

dsconf backend monitor

Displays global database or suffix monitoring information

dsconf backend import

Online import of a suffix

dsconf backend export

Online export of a suffix

dsconf backend create

Create a backend database

dsconf backend delete

Delete a backend database

dsconf backend get-tree

Display the suffix tree

dsconf backend compact-db

Compact the database and the replication changelog

usage: dsconf [-v] [-j] instance backend suffix [-h]
                                               {list,get,get-dn,get-sub-suffixes,set} ...

dsconf backend suffix list

List active backends and suffixes

dsconf backend suffix get

Display the suffix entry

dsconf backend suffix get-dn

Display the DN of a backend

dsconf backend suffix get-sub-suffixes

Display sub-suffixes

dsconf backend suffix set

Set configuration settings for a specific backend

usage: dsconf [-v] [-j] instance backend suffix list [-h] [--suffix]
                                                    [--skip-subsuffixes]

--suffix

Displays the suffixes without backend name

--skip-subsuffixes

Displays the list of suffixes without sub-suffixes

usage: dsconf [-v] [-j] instance backend suffix get [-h] [selector]

selector

The backend database name to search for

usage: dsconf [-v] [-j] instance backend suffix get-dn [-h] [dn]

dn

The DN to the database entry in cn=ldbm database,cn=plugins,cn=config

usage: dsconf [-v] [-j] instance backend suffix get-sub-suffixes
      [-h] [--suffix] be_name

be_name

The backend name or suffix

--suffix

Displays the list of suffixes without backend name

usage: dsconf [-v] [-j] instance backend suffix set [-h] [--enable-readonly]
                                                   [--disable-readonly]
                                                   [--enable-orphan]
                                                   [--disable-orphan]
                                                   [--require-index]
                                                   [--ignore-index]
                                                   [--add-referral ADD_REFERRAL]
                                                   [--del-referral DEL_REFERRAL]
                                                   [--enable] [--disable]
                                                   [--cache-size CACHE_SIZE]
                                                   [--cache-memsize CACHE_MEMSIZE]
                                                   [--dncache-memsize DNCACHE_MEMSIZE]
                                                   [--state STATE]
                                                   be_name

be_name

The backend name or suffix

--enable-readonly

Enables read-only mode for the backend database

--disable-readonly

Disables read-only mode for the backend database

--enable-orphan

Disconnect a subsuffix from its parent suffix.

--disable-orphan

Let the subsuffix be connected to its parent suffix.

--require-index

Allows only indexed searches

--ignore-index

Allows all searches even if they are unindexed

--add-referral ADD_REFERRAL

Adds an LDAP referral to the backend

--del-referral DEL_REFERRAL

Removes an LDAP referral from the backend

--enable

Enables the backend database

--disable

Disables the backend database

--cache-size CACHE_SIZE

Sets the maximum number of entries to keep in the entry cache

--cache-memsize CACHE_MEMSIZE

Sets the maximum size in bytes that the entry cache can grow to

--dncache-memsize DNCACHE_MEMSIZE

Sets the maximum size in bytes that the DN cache can grow to

--state STATE

Changes the backend state to: "backend", "disabled", "referral", or "referral on update"

usage: dsconf [-v] [-j] instance backend index [-h]
                                              {add,set,get,list,delete,reindex} ...

dsconf backend index add

Add an index

dsconf backend index set

Update an index

dsconf backend index get

Display an index entry

dsconf backend index list

Display the index

dsconf backend index delete

Delete an index

dsconf backend index reindex

Re-index the database for a single index or all indexes

usage: dsconf [-v] [-j] instance backend index add [-h]
                                                  --index-type INDEX_TYPE
                                                  [--matching-rule MATCHING_RULE]
                                                  [--reindex] --attr ATTR
                                                  be_name

be_name

The backend name or suffix

--index-type INDEX_TYPE

Sets the indexing type (eq, sub, pres, or approx)

--matching-rule MATCHING_RULE

Sets the matching rule for the index

--reindex

Re-indexes the database after adding a new index

--attr ATTR

Sets the attribute name to index

usage: dsconf [-v] [-j] instance backend index set [-h] --attr ATTR
                                                  [--add-type ADD_TYPE]
                                                  [--del-type DEL_TYPE]
                                                  [--add-mr ADD_MR]
                                                  [--del-mr DEL_MR]
                                                  [--reindex]
                                                  be_name

be_name

The backend name or suffix

--attr ATTR

Sets the indexed attribute to update

--add-type ADD_TYPE

Adds an index type to the index (eq, sub, pres, or approx)

--del-type DEL_TYPE

Removes an index type from the index: (eq, sub, pres, or approx)

--add-mr ADD_MR

Adds a matching-rule to the index

--del-mr DEL_MR

Removes a matching-rule from the index

--reindex

Re-indexes the database after editing the index

usage: dsconf [-v] [-j] instance backend index get [-h] --attr ATTR be_name

be_name

The backend name or suffix

--attr ATTR

Sets the index name to display

usage: dsconf [-v] [-j] instance backend index list [-h] [--just-names]
                                                   be_name

be_name

The backend name or suffix

--just-names

Displays only the names of indexed attributes

usage: dsconf [-v] [-j] instance backend index delete [-h] [--attr ATTR]
                                                     be_name

be_name

The backend name or suffix

--attr ATTR

Sets the name of the attribute to delete from the index

usage: dsconf [-v] [-j] instance backend index reindex [-h] [--attr ATTR]
                                                      [--wait]
                                                      be_name

be_name

The backend name or suffix

--attr ATTR

Sets the name of the attribute to re-index. Omit this argument to re-index all attributes

--wait

Waits for the index task to complete and reports the status

usage: dsconf [-v] [-j] instance backend vlv-index [-h]
                                                  {list,get,add-search,edit-search,del-search,add-index,del-index,reindex} ...

dsconf backend vlv-index list

List VLV search and index entries

dsconf backend vlv-index get

Display a VLV search and indexes

dsconf backend vlv-index add-search

Add a VLV search entry. The search entry is the parent entry of the VLV index entries, and it specifies the search parameters that are used to match entries for those indexes.

dsconf backend vlv-index edit-search

Update a VLV search and index

dsconf backend vlv-index del-search

Delete VLV search & index

dsconf backend vlv-index add-index

Create a VLV index under a VLV search entry (parent entry, formatter_class=CustomHelpFormatter). The VLV index specifies the attributes to sort

dsconf backend vlv-index del-index

Delete a VLV index under a VLV search entry (parent entry)

dsconf backend vlv-index reindex

Index/re-index the VLV database index

usage: dsconf [-v] [-j] instance backend vlv-index list [-h] [--just-names]
                                                       be_name

be_name

The backend name of the VLV index

--just-names

Displays only the names of VLV search entries

usage: dsconf [-v] [-j] instance backend vlv-index get [-h] [--name NAME]
                                                      be_name

be_name

The backend name of the VLV index

--name NAME

Displays the VLV search entry and its index entries

usage: dsconf instance [-v] [-j] backend vlv-index add-search
      [-h] --name NAME --search-base SEARCH_BASE --search-scope SEARCH_SCOPE
      --search-filter SEARCH_FILTER
      be_name

be_name

The backend name of the VLV index

--name NAME

Sets the name of the VLV search entry

--search-base SEARCH_BASE

Sets the VLV search base

--search-scope SEARCH_SCOPE

Sets the VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree search)

--search-filter SEARCH_FILTER

Sets the VLV search filter

usage: dsconf [-v] [-j] instance backend vlv-index edit-search
      [-h] --name NAME [--search-base SEARCH_BASE]
      [--search-scope SEARCH_SCOPE] [--search-filter SEARCH_FILTER]
      [--reindex]
      be_name

be_name

The backend name of the VLV index to update

--name NAME

Sets the name of the VLV index

--search-base SEARCH_BASE

Sets the VLV search base

--search-scope SEARCH_SCOPE

Sets the VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree search)

--search-filter SEARCH_FILTER

Sets the VLV search filter

--reindex

Re-indexes all VLV database indexes

usage: dsconf [-v] [-j] instance backend vlv-index del-search
      [-h] --name NAME be_name

be_name

The backend name of the VLV index

--name NAME

Sets the name of the VLV search index

usage: dsconf instance [-v] [-j] backend vlv-index add-index
      [-h] --parent-name PARENT_NAME --index-name INDEX_NAME --sort SORT
      [--index-it]
      be_name

be_name

The backend name of the VLV index

--parent-name PARENT_NAME

Sets the name or "cn" attribute of the parent VLV search entry

--index-name INDEX_NAME

Sets the name of the new VLV index

--sort SORT

Sets a space-separated list of attributes to sort for this VLV index

--index-it

Creates the database index for this VLV index definition

usage: dsconf [-v] [-j] instance backend vlv-index del-index
      [-h] --parent-name PARENT_NAME [--index-name INDEX_NAME] [--sort SORT]
      be_name

be_name

The backend name of the VLV index

--parent-name PARENT_NAME

Sets the name or "cn" attribute value of the parent VLV search entry

--index-name INDEX_NAME

Sets the name of the VLV index to delete

--sort SORT

Delete a VLV index that has this vlvsort value

usage: dsconf [-v] [-j] instance backend vlv-index reindex [-h]
                                                          [--index-name INDEX_NAME]
                                                          --parent-name PARENT_NAME
                                                          be_name

be_name

The backend name of the VLV index

--index-name INDEX_NAME

Sets the name of the VLV index entry to re-index. If not set, all indexes are re-indexed

--parent-name PARENT_NAME

Sets the name or "cn" attribute value of the parent VLV search entry

usage: dsconf [-v] [-j] instance backend attr-encrypt [-h] [--list]
                                                     [--just-names]
                                                     [--add-attr ADD_ATTR]
                                                     [--del-attr DEL_ATTR]
                                                     be_name

be_name

The backend name or suffix

--list

Lists all encrypted attributes in the backend

--just-names

List only the names of the encrypted attributes when used with --list

--add-attr ADD_ATTR

Enables encryption for the specified attribute

--del-attr DEL_ATTR

Disables encryption for the specified attribute

usage: dsconf [-v] [-j] instance backend config [-h] {get,set} ...

dsconf backend config get

Display the global database configuration

dsconf backend config set

Set the global database configuration

usage: dsconf [-v] [-j] instance backend config get [-h]

usage: dsconf [-v] [-j] instance backend config set [-h]
                                                   [--lookthroughlimit LOOKTHROUGHLIMIT]
                                                   [--mode MODE]
                                                   [--idlistscanlimit IDLISTSCANLIMIT]
                                                   [--directory DIRECTORY]
                                                   [--dbcachesize DBCACHESIZE]
                                                   [--logdirectory LOGDIRECTORY]
                                                   [--txn-wait TXN_WAIT]
                                                   [--checkpoint-interval CHECKPOINT_INTERVAL]
                                                   [--compactdb-interval COMPACTDB_INTERVAL]
                                                   [--compactdb-time COMPACTDB_TIME]
                                                   [--txn-batch-val TXN_BATCH_VAL]
                                                   [--txn-batch-min TXN_BATCH_MIN]
                                                   [--txn-batch-max TXN_BATCH_MAX]
                                                   [--logbufsize LOGBUFSIZE]
                                                   [--locks LOCKS]
                                                   [--locks-monitoring-enabled LOCKS_MONITORING_ENABLED]
                                                   [--locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD]
                                                   [--locks-monitoring-pause LOCKS_MONITORING_PAUSE]
                                                   [--import-cache-autosize IMPORT_CACHE_AUTOSIZE]
                                                   [--cache-autosize CACHE_AUTOSIZE]
                                                   [--cache-autosize-split CACHE_AUTOSIZE_SPLIT]
                                                   [--import-cachesize IMPORT_CACHESIZE]
                                                   [--exclude-from-export EXCLUDE_FROM_EXPORT]
                                                   [--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT]
                                                   [--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT]
                                                   [--rangelookthroughlimit RANGELOOKTHROUGHLIMIT]
                                                   [--backend-opt-level BACKEND_OPT_LEVEL]
                                                   [--deadlock-policy DEADLOCK_POLICY]
                                                   [--db-home-directory DB_HOME_DIRECTORY]
                                                   [--db-lib DB_LIB]
                                                   [--mdb-max-size MDB_MAX_SIZE]
                                                   [--mdb-max-readers MDB_MAX_READERS]
                                                   [--mdb-max-dbs MDB_MAX_DBS]

--lookthroughlimit LOOKTHROUGHLIMIT

Specifies the maximum number of entries that the server will check when examining candidate entries in response to a search request

--mode MODE

Specifies the permissions used for newly created index files

--idlistscanlimit IDLISTSCANLIMIT

Specifies the number of entry IDs that are searched during a search operation

--directory DIRECTORY

Specifies absolute path to database instance

--dbcachesize DBCACHESIZE

Specifies the database index cache size in bytes

--logdirectory LOGDIRECTORY

Specifies the path to the directory that contains the database transaction logs

--txn-wait TXN_WAIT

Sets whether the server should should wait if there are no db locks available

--checkpoint-interval CHECKPOINT_INTERVAL

Sets the amount of time in seconds after which the server sends a checkpoint entry to the database transaction log

--compactdb-interval COMPACTDB_INTERVAL

Sets the interval in seconds when the database is compacted

--compactdb-time COMPACTDB_TIME

Sets the time (HH:MM format) of day when to compact the database after the "compactdb interval" has been reached

--txn-batch-val TXN_BATCH_VAL

Specifies how many transactions will be batched before being committed

--txn-batch-min TXN_BATCH_MIN

Controls when transactions should be flushed earliest, independently of the batch count. Requires that txn-batch-val is set

--txn-batch-max TXN_BATCH_MAX

Controls when transactions should be flushed latest, independently of the batch count. Requires that txn-batch-val is set)

--logbufsize LOGBUFSIZE

Specifies the transaction log information buffer size

--locks LOCKS

Sets the maximum number of database locks

--locks-monitoring-enabled LOCKS_MONITORING_ENABLED

Enables or disables monitoring of DB locks when the value crosses the percentage set with "--locks-monitoring-threshold"

--locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD

Sets the DB lock exhaustion threshold in percentage (valid range is 70-90). When the threshold is reached, all searches are aborted until the number of active locks decreases below the configured threshold and/or the administrator increases the number of database locks (nsslapd-db-locks). This threshold is a safeguard against DB corruption which might be caused by locks exhaustion.

--locks-monitoring-pause LOCKS_MONITORING_PAUSE

Sets the DB lock monitoring value in milliseconds for the amount of time that the monitoring thread spends waiting between checks.

--import-cache-autosize IMPORT_CACHE_AUTOSIZE

Enables or disables to automatically set the size of the import cache to be used during the import process of LDIF files

--cache-autosize CACHE_AUTOSIZE

Sets the percentage of free memory that is used in total for the database and entry cache. "0" disables this feature.

--cache-autosize-split CACHE_AUTOSIZE_SPLIT

Sets the percentage of RAM that is used for the database cache. The remaining percentage is used for the entry cache

--import-cachesize IMPORT_CACHESIZE

Sets the size in bytes of the database cache used in the import process.

--exclude-from-export EXCLUDE_FROM_EXPORT

List of attributes to not include during database export operations

--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT

Specifies the maximum number of entries that the server will check when examining candidate entries for a search which uses the simple paged results control

--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT

Specifies the number of entry IDs that are searched, specifically, for a search operation using the simple paged results control.

--rangelookthroughlimit RANGELOOKTHROUGHLIMIT

Specifies the maximum number of entries that the server will check when examining candidate entries in response to a range search request.

--backend-opt-level BACKEND_OPT_LEVEL

Sets the backend optimization level for write performance (0, 1, 2, or 4). WARNING: This parameter can trigger experimental code.

--deadlock-policy DEADLOCK_POLICY

Adjusts the backend database deadlock policy (Advanced setting)

--db-home-directory DB_HOME_DIRECTORY

Sets the directory for the database mmapped files (Advanced setting)

--db-lib DB_LIB

Sets which db lib is used. Valid values are: bdb or mdb

--mdb-max-size MDB_MAX_SIZE

Sets the lmdb database maximum size (in bytes).

--mdb-max-readers MDB_MAX_READERS

Sets the lmdb database maximum number of readers (Advanced setting)

--mdb-max-dbs MDB_MAX_DBS

Sets the lmdb database maximum number of sub databases (Advanced setting)

usage: dsconf [-v] [-j] instance backend monitor [-h] [--suffix SUFFIX]

--suffix SUFFIX

Displays monitoring information only for the specified suffix

usage: dsconf [-v] [-j] instance backend import [-h] [-c CHUNKS_SIZE] [-E]
                                               [-g GEN_UNIQ_ID] [-O]
                                               [-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
                                               [-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
                                               [--timeout TIMEOUT]
                                               [be_name] [ldifs ...]

be_name

The backend name or the root suffix

ldifs

Specifies the filename of the input LDIF files. Multiple files are imported in the specified order.

-c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE

The number of chunks to have during the import operation

-E,  --encrypted

Encrypt attributes configured in the database for encryption

-g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID

Generate a unique id. Set "none" for no unique ID to be generated and "deterministic" for the generated unique ID to be name-based. By default, a time-based unique ID is generated. When using the deterministic generation to have a name-based unique ID, it is also possible to specify the namespace for the server to use. namespaceId is a string of characters in the format 00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx.

-O,  --only-core

Creates only the core database attribute indexes

-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]

Specifies the suffixes or the subtrees to be included

-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]

Specifies the suffixes to be excluded

--timeout TIMEOUT

Set a timeout to wait for the export task. Default is 0 (no timeout)

usage: dsconf [-v] [-j] instance backend export [-h] [-l LDIF] [-C] [-E] [-m]
                                               [-N] [-r] [-u] [-U]
                                               [-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
                                               [-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
                                               [--timeout TIMEOUT]
                                               be_names [be_names ...]

be_names

The backend names or the root suffixes

-l LDIF, --ldif LDIF

Sets the filename of the output LDIF file. Separate multiple file names with spaces.

-C, --use-id2entry

Uses only the main database file

-E, --encrypted

Decrypts encrypted data during export. This option is used only if database encryption is enabled.

-m, --min-base64

Sets minimal base-64 encoding

-N, --no-seq-num

Suppresses printing the sequence numbers

-r, --replication

Exports the data with information required to initialize a replica

-u, --no-dump-uniq-id

Omits exporting the unique ID

-U, --not-folded

Disables folding the output

-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]

Specifies the suffixes or the subtrees to be included

-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]

Specifies the suffixes to be excluded

--timeout TIMEOUT

Set a timeout to wait for the export task. Default is 0 (no timeout)

usage: dsconf [-v] [-j] instance backend create [-h]
                                               [--parent-suffix PARENT_SUFFIX]
                                               --suffix SUFFIX
                                               --be-name BE_NAME
                                               [--create-entries]
                                               [--create-suffix]

--parent-suffix PARENT_SUFFIX

Sets the parent suffix only if this backend is a sub-suffix

--suffix SUFFIX

Sets the database suffix DN

--be-name BE_NAME

Sets the database backend name"

--create-entries

Adds sample entries to the database

--create-suffix

Creates the suffix object entry in the database. Only suffixes using the 'dc',

usage: dsconf [-v] [-j] instance backend delete [-h] [--do-it] be_name

be_name

The backend name or suffix

--do-it

Remove backend and its subsuffixes

usage: dsconf [-v] [-j] instance backend get-tree [-h]

usage: dsconf [-v] [-j] instance backend compact-db [-h] [--only-changelog]
                                                   [--timeout TIMEOUT]

--only-changelog

Compacts only the replication change log

--timeout TIMEOUT

Set a timeout to wait for the compaction task. Default is 0 (no timeout)

usage: dsconf [-v] [-j] instance backup [-h] {create,restore} ...

dsconf backup create

Creates a backup of the database

dsconf backup restore

Restores a database from a backup

usage: dsconf [-v] [-j] instance backup create [-h] [-t DB_TYPE]
                                              [--timeout TIMEOUT]
                                              [archive]

archive

Sets the directory where to store the backup files. Format: instance_name- year_month_date_hour_minutes_seconds. Default: /var/lib/dirsrv/slapd- instance/bak/

-t DB_TYPE, --db-type DB_TYPE

Sets the database type. Default: ldbm database

--timeout TIMEOUT

Sets the task timeout. Default is 120 seconds,

usage: dsconf [-v] [-j] instance backup restore [-h] [-t DB_TYPE]
                                               [--timeout TIMEOUT]
                                               archive

archive

Set the directory that contains the backup files

-t DB_TYPE, --db-type DB_TYPE

Sets the database type. Default: ldbm database

--timeout TIMEOUT

Sets the task timeout. Default is 120 seconds.

usage: dsconf [-v] [-j] instance chaining [-h]
                               {config-get,config-set,config-get-def,config-set-def,link-create,link-get,link-set,link-delete,monitor,link-list} ...

dsconf chaining config-get

Display the chaining controls and server component lists

dsconf chaining config-set

Set the chaining controls and server component lists

dsconf chaining config-get-def

Display the default creation parameters for new database links

dsconf chaining config-set-def

Set the default creation parameters for new database links

dsconf chaining link-create

Create a database link to a remote server

dsconf chaining link-get

Displays chaining database links

dsconf chaining link-set

Edit a database link to a remote server

dsconf chaining link-delete

Delete a database link

dsconf chaining monitor

Display monitor information for a database chaining link

dsconf chaining link-list

List database links

usage: dsconf [-v] [-j] instance chaining config-get [-h] [--avail-controls]
                                                    [--avail-comps]

--avail-controls

Lists available chaining controls

--avail-comps

Lists available chaining plugin components

usage: dsconf [-v] [-j] instance chaining config-set [-h]
                                                    [--add-control ADD_CONTROL]
                                                    [--del-control DEL_CONTROL]
                                                    [--add-comp ADD_COMP]
                                                    [--del-comp DEL_COMP]

--add-control ADD_CONTROL

Adds a transmitted control OID

--del-control DEL_CONTROL

Deletes a transmitted control OID

--add-comp ADD_COMP

Adds a chaining component

--del-comp DEL_COMP

Deletes a chaining component

usage: dsconf [-v] [-j] instance chaining config-get-def [-h]

usage: dsconf [-v] [-j] instance chaining config-set-def [-h]
                                                        [--conn-bind-limit CONN_BIND_LIMIT]
                                                        [--conn-op-limit CONN_OP_LIMIT]
                                                        [--abandon-check-interval ABANDON_CHECK_INTERVAL]
                                                        [--bind-limit BIND_LIMIT]
                                                        [--op-limit OP_LIMIT]
                                                        [--proxied-auth PROXIED_AUTH]
                                                        [--conn-lifetime CONN_LIFETIME]
                                                        [--bind-timeout BIND_TIMEOUT]
                                                        [--return-ref RETURN_REF]
                                                        [--check-aci CHECK_ACI]
                                                        [--bind-attempts BIND_ATTEMPTS]
                                                        [--size-limit SIZE_LIMIT]
                                                        [--time-limit TIME_LIMIT]
                                                        [--hop-limit HOP_LIMIT]
                                                        [--response-delay RESPONSE_DELAY]
                                                        [--test-response-delay TEST_RESPONSE_DELAY]
                                                        [--use-starttls USE_STARTTLS]

--conn-bind-limit CONN_BIND_LIMIT

Sets the maximum number of BIND connections the database link establishes with the remote server

--conn-op-limit CONN_OP_LIMIT

Sets the maximum number of LDAP connections the database link establishes with the remote server

--abandon-check-interval ABANDON_CHECK_INTERVAL

Sets the number of seconds that pass before the server checks for abandoned operations

--bind-limit BIND_LIMIT

Sets the maximum number of concurrent bind operations per TCP connection

--op-limit OP_LIMIT

Sets the maximum number of concurrent operations allowed

--proxied-auth PROXIED_AUTH

Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute.

--conn-lifetime CONN_LIFETIME

Specifies connection lifetime in seconds. "0" keeps the connection open forever.

--bind-timeout BIND_TIMEOUT

Sets the amount of time in seconds before a bind attempt times out

--return-ref RETURN_REF

Enables or disables whether referrals are returned by scoped searches

--check-aci CHECK_ACI

Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server

--bind-attempts BIND_ATTEMPTS

Sets the number of times the server tries to bind to the remote server

--size-limit SIZE_LIMIT

Sets the maximum number of entries to return from a search operation

--time-limit TIME_LIMIT

Sets the maximum number of seconds allowed for an operation

--hop-limit HOP_LIMIT

Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another.

--response-delay RESPONSE_DELAY

Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected

--test-response-delay TEST_RESPONSE_DELAY

Sets the duration of the test issued by the database link to check whether the remote server is responding

--use-starttls USE_STARTTLS

Configured that database links use StartTLS if set to "on"

usage: dsconf instance [-v] [-j] chaining link-create [-h]
                                                     [--conn-bind-limit CONN_BIND_LIMIT]
                                                     [--conn-op-limit CONN_OP_LIMIT]
                                                     [--abandon-check-interval ABANDON_CHECK_INTERVAL]
                                                     [--bind-limit BIND_LIMIT]
                                                     [--op-limit OP_LIMIT]
                                                     [--proxied-auth PROXIED_AUTH]
                                                     [--conn-lifetime CONN_LIFETIME]
                                                     [--bind-timeout BIND_TIMEOUT]
                                                     [--return-ref RETURN_REF]
                                                     [--check-aci CHECK_ACI]
                                                     [--bind-attempts BIND_ATTEMPTS]
                                                     [--size-limit SIZE_LIMIT]
                                                     [--time-limit TIME_LIMIT]
                                                     [--hop-limit HOP_LIMIT]
                                                     [--response-delay RESPONSE_DELAY]
                                                     [--test-response-delay TEST_RESPONSE_DELAY]
                                                     [--use-starttls USE_STARTTLS]
                                                     --suffix SUFFIX
                                                     --server-url SERVER_URL
                                                     --bind-mech BIND_MECH
                                                     --bind-dn BIND_DN
                                                     [--bind-pw BIND_PW]
                                                     [--bind-pw-file BIND_PW_FILE]
                                                     [--bind-pw-prompt]
                                                     CHAIN_NAME

CHAIN_NAME

The name of the database link

--conn-bind-limit CONN_BIND_LIMIT

Sets the maximum number of BIND connections the database link establishes with the remote server

--conn-op-limit CONN_OP_LIMIT

Sets the maximum number of LDAP connections the database link establishes with the remote server

--abandon-check-interval ABANDON_CHECK_INTERVAL

Sets the number of seconds that pass before the server checks for abandoned operations

--bind-limit BIND_LIMIT

Sets the maximum number of concurrent bind operations per TCP connection

--op-limit OP_LIMIT

Sets the maximum number of concurrent operations allowed

--proxied-auth PROXIED_AUTH

Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute.

--conn-lifetime CONN_LIFETIME

Specifies connection lifetime in seconds. "0" keeps the connection open forever.

--bind-timeout BIND_TIMEOUT

Sets the amount of time in seconds before a bind attempt times out

--return-ref RETURN_REF

Enables or disables whether referrals are returned by scoped searches

--check-aci CHECK_ACI

Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server

--bind-attempts BIND_ATTEMPTS

Sets the number of times the server tries to bind to the remote server

--size-limit SIZE_LIMIT

Sets the maximum number of entries to return from a search operation

--time-limit TIME_LIMIT

Sets the maximum number of seconds allowed for an operation

--hop-limit HOP_LIMIT

Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another.

--response-delay RESPONSE_DELAY

Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected

--test-response-delay TEST_RESPONSE_DELAY

Sets the duration of the test issued by the database link to check whether the remote server is responding

--use-starttls USE_STARTTLS

Configured that database links use StartTLS if set to "on"

--suffix SUFFIX

Sets the suffix managed by the database link

--server-url SERVER_URL

Sets the LDAP/LDAPS URL to the remote server

--bind-mech BIND_MECH

Sets the authentication method to use to authenticate to the remote server. Valid values: "SIMPLE" (default), "EXTERNAL", "DIGEST-MD5", or "GSSAPI"

--bind-dn BIND_DN

Sets the DN of the administrative entry used to communicate with the remote server

--bind-pw BIND_PW

Sets the password of the administrative user

--bind-pw-file BIND_PW_FILE

File containing the password

--bind-pw-prompt

Prompt for password

usage: dsconf [-v] [-j] instance chaining link-get [-h] CHAIN_NAME

CHAIN_NAME

The chaining link name or suffix to retrieve

usage: dsconf instance [-v] [-j] chaining link-set [-h]
                                                  [--conn-bind-limit CONN_BIND_LIMIT]
                                                  [--conn-op-limit CONN_OP_LIMIT]
                                                  [--abandon-check-interval ABANDON_CHECK_INTERVAL]
                                                  [--bind-limit BIND_LIMIT]
                                                  [--op-limit OP_LIMIT]
                                                  [--proxied-auth PROXIED_AUTH]
                                                  [--conn-lifetime CONN_LIFETIME]
                                                  [--bind-timeout BIND_TIMEOUT]
                                                  [--return-ref RETURN_REF]
                                                  [--check-aci CHECK_ACI]
                                                  [--bind-attempts BIND_ATTEMPTS]
                                                  [--size-limit SIZE_LIMIT]
                                                  [--time-limit TIME_LIMIT]
                                                  [--hop-limit HOP_LIMIT]
                                                  [--response-delay RESPONSE_DELAY]
                                                  [--test-response-delay TEST_RESPONSE_DELAY]
                                                  [--use-starttls USE_STARTTLS]
                                                  [--suffix SUFFIX]
                                                  [--server-url SERVER_URL]
                                                  [--bind-mech BIND_MECH]
                                                  [--bind-dn BIND_DN]
                                                  [--bind-pw BIND_PW]
                                                  [--bind-pw-file BIND_PW_FILE]
                                                  [--bind-pw-prompt]
                                                  CHAIN_NAME

CHAIN_NAME

The name of the database link

--conn-bind-limit CONN_BIND_LIMIT

Sets the maximum number of BIND connections the database link establishes with the remote server

--conn-op-limit CONN_OP_LIMIT

Sets the maximum number of LDAP connections the database link establishes with the remote server

--abandon-check-interval ABANDON_CHECK_INTERVAL

Sets the number of seconds that pass before the server checks for abandoned operations

--bind-limit BIND_LIMIT

Sets the maximum number of concurrent bind operations per TCP connection

--op-limit OP_LIMIT

Sets the maximum number of concurrent operations allowed

--proxied-auth PROXIED_AUTH

Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute.

--conn-lifetime CONN_LIFETIME

Specifies connection lifetime in seconds. "0" keeps the connection open forever.

--bind-timeout BIND_TIMEOUT

Sets the amount of time in seconds before a bind attempt times out

--return-ref RETURN_REF

Enables or disables whether referrals are returned by scoped searches

--check-aci CHECK_ACI

Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server

--bind-attempts BIND_ATTEMPTS

Sets the number of times the server tries to bind to the remote server

--size-limit SIZE_LIMIT

Sets the maximum number of entries to return from a search operation

--time-limit TIME_LIMIT

Sets the maximum number of seconds allowed for an operation

--hop-limit HOP_LIMIT

Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another.

--response-delay RESPONSE_DELAY

Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected

--test-response-delay TEST_RESPONSE_DELAY

Sets the duration of the test issued by the database link to check whether the remote server is responding

--use-starttls USE_STARTTLS

Configured that database links use StartTLS if set to "on"

--suffix SUFFIX

Sets the suffix managed by the database link

--server-url SERVER_URL

Sets the LDAP/LDAPS URL to the remote server

--bind-mech BIND_MECH

Sets the authentication method to use to authenticate to the remote server: Valid values: "SIMPLE" (default), "EXTERNAL", "DIGEST-MD5", or "GSSAPI"

--bind-dn BIND_DN

Sets the DN of the administrative entry used to communicate with the remote server

--bind-pw BIND_PW

Sets the password of the administrative user

--bind-pw-file BIND_PW_FILE

File containing the password

--bind-pw-prompt

Prompt for password

usage: dsconf [-v] [-j] instance chaining link-delete [-h] CHAIN_NAME

CHAIN_NAME

The name of the database link

usage: dsconf [-v] [-j] instance chaining monitor [-h] CHAIN_NAME

CHAIN_NAME

The name of the database link

usage: dsconf [-v] [-j] instance chaining link-list [-h]

usage: dsconf [-v] [-j] instance config [-h] {get,add,replace,delete} ...

dsconf config get

get

dsconf config add

Add attribute value to configuration

dsconf config replace

Replace attribute value in configuration

dsconf config delete

Delete attribute value in configuration

usage: dsconf [-v] [-j] instance config get [-h] [attrs ...]

attrs

Configuration attribute(s) to get

usage: dsconf [-v] [-j] instance config add [-h] [attr ...]

attr

Configuration attribute to add

usage: dsconf [-v] [-j] instance config replace [-h] [attr ...]

attr

Configuration attribute to replace

usage: dsconf [-v] [-j] instance config delete [-h] [attr ...]

attr

Configuration attribute to delete

usage: dsconf [-v] [-j] instance directory_manager [-h] {password_change} ...

dsconf directory_manager password_change

Changes the password of the Directory Manager account

usage: dsconf [-v] [-j] instance directory_manager password_change [-h]

usage: dsconf [-v] [-j] instance logging [-h]
                              {access,audit,auditfail,error,security} ...

dsconf logging access

Manage access log settings

dsconf logging audit

Manage audit log settings

dsconf logging auditfail

Manage auditfail log settings

dsconf logging error

Manage error log settings

dsconf logging security

Manage security log settings

usage: dsconf [-v] [-j] instance logging access [-h] {get,set,list-levels} ...

dsconf logging access get

Get access log configuration

dsconf logging access set

Set access log configuration

dsconf logging access list-levels

List all the log levels

usage: dsconf [-v] [-j] instance logging access get [-h]

usage: dsconf [-v] [-j] instance logging access set [-h]
                                                   {level,logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space,log-format,time-format} ...

dsconf logging access set level

Set the log level

dsconf logging access set logging-enabled

Enable access logging

dsconf logging access set logging-disabled

Disable access logging

dsconf logging access set mode

Set the log file permissions. Default is 600

dsconf logging access set location

Set the log name and location

dsconf logging access set compress-enabled

Enable log compression for rotated logs

dsconf logging access set compress-disabled

Disable log compression for rotated logs

dsconf logging access set buffering-enabled

Enable log buffering

dsconf logging access set buffering-disabled

Disable log buffering

dsconf logging access set max-logs

Set the maximum number of rotated logs the server will maintain

dsconf logging access set max-logsize

Set the maximum size for a log in MB

dsconf logging access set rotation-interval

Set the interval for when a log is rotated.This works with the interval unit

dsconf logging access set rotation-interval-unit

Set the time unit for the rotation interval for whena log is rotated.  Choose between: "minute", "hour", "day", "week", and "month"

dsconf logging access set rotation-tod-enabled

Enable "time of day" rotation for expired logs

dsconf logging access set rotation-tod-disabled

Disable "time of day" rotation for expired logs

dsconf logging access set rotation-tod-hour

Set the hour when an expired log should be rotated

dsconf logging access set rotation-tod-minute

Set the minute when an expired log should be rotated

dsconf logging access set deletion-interval

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

dsconf logging access set deletion-interval-unit

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

dsconf logging access set max-disk-space

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

dsconf logging access set free-disk-space

The server deletes the oldest rotated log file when the available disk space in MB is less than this amount.

dsconf logging access set log-format

Choose between "default", "json", or "json-pretty"

dsconf logging access set time-format

Time format for JSON logging (strftime)

usage: dsconf [-v] [-j] instance logging access set level [-h]
                                                         levels [levels ...]

levels

log level

usage: dsconf [-v] [-j] instance logging access set logging-enabled [-h]

usage: dsconf [-v] [-j] instance logging access set logging-disabled [-h]

usage: dsconf [-v] [-j] instance logging access set mode [-h] values

values

File permissions. Default is 600

usage: dsconf [-v] [-j] instance logging access set location [-h] values

values

Log name and location

usage: dsconf [-v] [-j] instance logging access set compress-enabled [-h]

usage: dsconf [-v] [-j] instance logging access set compress-disabled [-h]

usage: dsconf [-v] [-j] instance logging access set buffering-enabled [-h]

usage: dsconf [-v] [-j] instance logging access set buffering-disabled [-h]

usage: dsconf [-v] [-j] instance logging access set max-logs [-h] values

values

Set the maximum number of rotated logs the server will maintain

usage: dsconf [-v] [-j] instance logging access set max-logsize [-h] values

values

Set the maximum size for a log in MB

usage: dsconf [-v] [-j] instance logging access set rotation-interval
      [-h] values

values

Set the interval for when a log is rotated.This works with the interval unit

usage: dsconf [-v] [-j] instance logging access set rotation-interval-unit
      [-h] values

values

Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month"

usage: dsconf [-v] [-j] instance logging access set rotation-tod-enabled [-h]

usage: dsconf [-v] [-j] instance logging access set rotation-tod-disabled [-h]

usage: dsconf [-v] [-j] instance logging access set rotation-tod-hour
      [-h] values

values

Set the hour when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging access set rotation-tod-minute
      [-h] values

values

Set the minute when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging access set deletion-interval
      [-h] values

values

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

usage: dsconf [-v] [-j] instance logging access set deletion-interval-unit
      [-h] values

values

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

usage: dsconf [-v] [-j] instance logging access set max-disk-space [-h] values

values

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

usage: dsconf [-v] [-j] instance logging access set free-disk-space
      [-h] values

values

Set the minimum available disk space in MB that triggers the server to delete rotated log files.

usage: dsconf [-v] [-j] instance logging access set log-format [-h] values

values

Choose between "default", "json", or "json-pretty"

usage: dsconf [-v] [-j] instance logging access set time-format [-h] values

values

Time format for JSON logging (strftime)

usage: dsconf [-v] [-j] instance logging access list-levels [-h]

usage: dsconf [-v] [-j] instance logging audit [-h] {get,set} ...

dsconf logging audit get

Get audit log configuration

dsconf logging audit set

Set audit log configuration

usage: dsconf [-v] [-j] instance logging audit get [-h]

usage: dsconf [-v] [-j] instance logging audit set [-h]
                                                  {logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space,log-format,time-format,display-attrs} ...

dsconf logging audit set logging-enabled

Enable access logging

dsconf logging audit set logging-disabled

Disable audit logging

dsconf logging audit set mode

Set the log file permissions. Default is 600

dsconf logging audit set location

Set the log name and location

dsconf logging audit set compress-enabled

Enable log compression for rotated logs

dsconf logging audit set compress-disabled

Disable log compression for rotated logs

dsconf logging audit set buffering-enabled

Enable log buffering

dsconf logging audit set buffering-disabled

Disable log buffering

dsconf logging audit set max-logs

Set the maximum number of rotated logs the server will maintain

dsconf logging audit set max-logsize

Set the maximum size for a log in MB

dsconf logging audit set rotation-interval

Set the interval for when a log is rotated.This works with the interval unit

dsconf logging audit set rotation-interval-unit

Set the time unit for the rotation interval for whena log is rotated.  Choose between: "minute", "hour", "day", "week", and "month"

dsconf logging audit set rotation-tod-enabled

Enable "time of day" rotation for expired logs

dsconf logging audit set rotation-tod-disabled

Disable "time of day" rotation for expired logs

dsconf logging audit set rotation-tod-hour

Set the hour when an expired log should be rotated

dsconf logging audit set rotation-tod-minute

Set the minute when an expired log should be rotated

dsconf logging audit set deletion-interval

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

dsconf logging audit set deletion-interval-unit

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

dsconf logging audit set max-disk-space

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

dsconf logging audit set free-disk-space

The server deletes the oldest rotated log file when the available disk space in MB is less than this amount.

dsconf logging audit set log-format

Choose between "default", "json", or "json-pretty"

dsconf logging audit set time-format

Time format for JSON logging (strftime)

dsconf logging audit set display-attrs

Sets additional identifying attrs to display

usage: dsconf [-v] [-j] instance logging audit set logging-enabled [-h]

usage: dsconf [-v] [-j] instance logging audit set logging-disabled [-h]

usage: dsconf [-v] [-j] instance logging audit set mode [-h] values

values

File permissions. Default is 600

usage: dsconf [-v] [-j] instance logging audit set location [-h] values

values

Log name and location

usage: dsconf [-v] [-j] instance logging audit set compress-enabled [-h]

usage: dsconf [-v] [-j] instance logging audit set compress-disabled [-h]

usage: dsconf [-v] [-j] instance logging audit set buffering-enabled [-h]

usage: dsconf [-v] [-j] instance logging audit set buffering-disabled [-h]

usage: dsconf [-v] [-j] instance logging audit set max-logs [-h] values

values

Set the maximum number of rotated logs the server will maintain

usage: dsconf [-v] [-j] instance logging audit set max-logsize [-h] values

values

Set the maximum size for a log in MB

usage: dsconf [-v] [-j] instance logging audit set rotation-interval
      [-h] values

values

Set the interval for when a log is rotated.This works with the interval unit

usage: dsconf [-v] [-j] instance logging audit set rotation-interval-unit
      [-h] values

values

Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month"

usage: dsconf [-v] [-j] instance logging audit set rotation-tod-enabled [-h]

usage: dsconf [-v] [-j] instance logging audit set rotation-tod-disabled [-h]

usage: dsconf [-v] [-j] instance logging audit set rotation-tod-hour
      [-h] values

values

Set the hour when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging audit set rotation-tod-minute
      [-h] values

values

Set the minute when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging audit set deletion-interval
      [-h] values

values

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

usage: dsconf [-v] [-j] instance logging audit set deletion-interval-unit
      [-h] values

values

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

usage: dsconf [-v] [-j] instance logging audit set max-disk-space [-h] values

values

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

usage: dsconf [-v] [-j] instance logging audit set free-disk-space [-h] values

values

Set the minimum available disk space in MB that triggers the server to delete rotated log files.

usage: dsconf [-v] [-j] instance logging audit set log-format [-h] values

values

Choose between "default", "json", or "json-pretty"

usage: dsconf [-v] [-j] instance logging audit set time-format [-h] values

values

Time format for JSON logging (strftime)

usage: dsconf [-v] [-j] instance logging audit set display-attrs
      [-h] values [values ...]

values

Sets additional identifying attrs to display

usage: dsconf [-v] [-j] instance logging auditfail [-h] {get,set} ...

dsconf logging auditfail get

Get auditfail log configuration

dsconf logging auditfail set

Set auditfail log configuration

usage: dsconf [-v] [-j] instance logging auditfail get [-h]

usage: dsconf [-v] [-j] instance logging auditfail set [-h]
                                                      {logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space} ...

dsconf logging auditfail set logging-enabled

Enable access logging

dsconf logging auditfail set logging-disabled

Disable auditfail logging

dsconf logging auditfail set mode

Set the log file permissions. Default is 600

dsconf logging auditfail set location

Set the log name and location

dsconf logging auditfail set compress-enabled

Enable log compression for rotated logs

dsconf logging auditfail set compress-disabled

Disable log compression for rotated logs

dsconf logging auditfail set max-logs

Set the maximum number of rotated logs the server will maintain

dsconf logging auditfail set max-logsize

Set the maximum size for a log in MB

dsconf logging auditfail set rotation-interval

Set the interval for when a log is rotated.This works with the interval unit

dsconf logging auditfail set rotation-interval-unit

Set the time unit for the rotation interval for whena log is rotated.  Choose between: "minute", "hour", "day", "week", and "month"

dsconf logging auditfail set rotation-tod-enabled

Enable "time of day" rotation for expired logs

dsconf logging auditfail set rotation-tod-disabled

Disable "time of day" rotation for expired logs

dsconf logging auditfail set rotation-tod-hour

Set the hour when an expired log should be rotated

dsconf logging auditfail set rotation-tod-minute

Set the minute when an expired log should be rotated

dsconf logging auditfail set deletion-interval

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

dsconf logging auditfail set deletion-interval-unit

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

dsconf logging auditfail set max-disk-space

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

dsconf logging auditfail set free-disk-space

The server deletes the oldest rotated log file when the available disk space in MB is less than this amount.

usage: dsconf [-v] [-j] instance logging auditfail set logging-enabled [-h]

usage: dsconf [-v] [-j] instance logging auditfail set logging-disabled [-h]

usage: dsconf [-v] [-j] instance logging auditfail set mode [-h] values

values

File permissions. Default is 600

usage: dsconf [-v] [-j] instance logging auditfail set location [-h] values

values

Log name and location

usage: dsconf [-v] [-j] instance logging auditfail set compress-enabled [-h]

usage: dsconf [-v] [-j] instance logging auditfail set compress-disabled [-h]

usage: dsconf [-v] [-j] instance logging auditfail set max-logs [-h] values

values

Set the maximum number of rotated logs the server will maintain

usage: dsconf [-v] [-j] instance logging auditfail set max-logsize [-h] values

values

Set the maximum size for a log in MB

usage: dsconf [-v] [-j] instance logging auditfail set rotation-interval
      [-h] values

values

Set the interval for when a log is rotated.This works with the interval unit

usage: dsconf [-v] [-j] instance logging auditfail set rotation-interval-unit
      [-h] values

values

Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month"

usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-enabled
      [-h]

usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-disabled
      [-h]

usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-hour
      [-h] values

values

Set the hour when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging auditfail set rotation-tod-minute
      [-h] values

values

Set the minute when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging auditfail set deletion-interval
      [-h] values

values

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

usage: dsconf [-v] [-j] instance logging auditfail set deletion-interval-unit
      [-h] values

values

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

usage: dsconf [-v] [-j] instance logging auditfail set max-disk-space
      [-h] values

values

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

usage: dsconf [-v] [-j] instance logging auditfail set free-disk-space
      [-h] values

values

Set the minimum available disk space in MB that triggers the server to delete rotated log files.

usage: dsconf [-v] [-j] instance logging error [-h] {get,set,list-levels} ...

dsconf logging error get

Get error log configuration

dsconf logging error set

Set error log configuration

dsconf logging error list-levels

List all the log levels

usage: dsconf [-v] [-j] instance logging error get [-h]

usage: dsconf [-v] [-j] instance logging error set [-h]
                                                  {level,logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space} ...

dsconf logging error set level

Set the log level

dsconf logging error set logging-enabled

Enable access logging

dsconf logging error set logging-disabled

Disable error logging

dsconf logging error set mode

Set the log file permissions. Default is 600

dsconf logging error set location

Set the log name and location

dsconf logging error set compress-enabled

Enable log compression for rotated logs

dsconf logging error set compress-disabled

Disable log compression for rotated logs

dsconf logging error set buffering-enabled

Enable log buffering

dsconf logging error set buffering-disabled

Disable log buffering

dsconf logging error set max-logs

Set the maximum number of rotated logs the server will maintain

dsconf logging error set max-logsize

Set the maximum size for a log in MB

dsconf logging error set rotation-interval

Set the interval for when a log is rotated.This works with the interval unit

dsconf logging error set rotation-interval-unit

Set the time unit for the rotation interval for whena log is rotated.  Choose between: "minute", "hour", "day", "week", and "month"

dsconf logging error set rotation-tod-enabled

Enable "time of day" rotation for expired logs

dsconf logging error set rotation-tod-disabled

Disable "time of day" rotation for expired logs

dsconf logging error set rotation-tod-hour

Set the hour when an expired log should be rotated

dsconf logging error set rotation-tod-minute

Set the minute when an expired log should be rotated

dsconf logging error set deletion-interval

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

dsconf logging error set deletion-interval-unit

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

dsconf logging error set max-disk-space

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

dsconf logging error set free-disk-space

The server deletes the oldest rotated log file when the available disk space in MB is less than this amount.

usage: dsconf [-v] [-j] instance logging error set level [-h]
                                                        levels [levels ...]

levels

log level

usage: dsconf [-v] [-j] instance logging error set logging-enabled [-h]

usage: dsconf [-v] [-j] instance logging error set logging-disabled [-h]

usage: dsconf [-v] [-j] instance logging error set mode [-h] values

values

File permissions. Default is 600

usage: dsconf [-v] [-j] instance logging error set location [-h] values

values

Log name and location

usage: dsconf [-v] [-j] instance logging error set compress-enabled [-h]

usage: dsconf [-v] [-j] instance logging error set compress-disabled [-h]

usage: dsconf [-v] [-j] instance logging error set buffering-enabled [-h]

usage: dsconf [-v] [-j] instance logging error set buffering-disabled [-h]

usage: dsconf [-v] [-j] instance logging error set max-logs [-h] values

values

Set the maximum number of rotated logs the server will maintain

usage: dsconf [-v] [-j] instance logging error set max-logsize [-h] values

values

Set the maximum size for a log in MB

usage: dsconf [-v] [-j] instance logging error set rotation-interval
      [-h] values

values

Set the interval for when a log is rotated.This works with the interval unit

usage: dsconf [-v] [-j] instance logging error set rotation-interval-unit
      [-h] values

values

Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month"

usage: dsconf [-v] [-j] instance logging error set rotation-tod-enabled [-h]

usage: dsconf [-v] [-j] instance logging error set rotation-tod-disabled [-h]

usage: dsconf [-v] [-j] instance logging error set rotation-tod-hour
      [-h] values

values

Set the hour when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging error set rotation-tod-minute
      [-h] values

values

Set the minute when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging error set deletion-interval
      [-h] values

values

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

usage: dsconf [-v] [-j] instance logging error set deletion-interval-unit
      [-h] values

values

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

usage: dsconf [-v] [-j] instance logging error set max-disk-space [-h] values

values

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

usage: dsconf [-v] [-j] instance logging error set free-disk-space [-h] values

values

Set the minimum available disk space in MB that triggers the server to delete rotated log files.

usage: dsconf [-v] [-j] instance logging error list-levels [-h]

usage: dsconf [-v] [-j] instance logging security [-h] {get,set} ...

dsconf logging security get

Get security log configuration

dsconf logging security set

Set security log configuration

usage: dsconf [-v] [-j] instance logging security get [-h]

usage: dsconf [-v] [-j] instance logging security set [-h]
                                                     {logging-enabled,logging-disabled,mode,location,compress-enabled,compress-disabled,buffering-enabled,buffering-disabled,max-logs,max-logsize,rotation-interval,rotation-interval-unit,rotation-tod-enabled,rotation-tod-disabled,rotation-tod-hour,rotation-tod-minute,deletion-interval,deletion-interval-unit,max-disk-space,free-disk-space} ...

dsconf logging security set logging-enabled

Enable access logging

dsconf logging security set logging-disabled

Disable security logging

dsconf logging security set mode

Set the log file permissions. Default is 600

dsconf logging security set location

Set the log name and location

dsconf logging security set compress-enabled

Enable log compression for rotated logs

dsconf logging security set compress-disabled

Disable log compression for rotated logs

dsconf logging security set buffering-enabled

Enable log buffering

dsconf logging security set buffering-disabled

Disable log buffering

dsconf logging security set max-logs

Set the maximum number of rotated logs the server will maintain

dsconf logging security set max-logsize

Set the maximum size for a log in MB

dsconf logging security set rotation-interval

Set the interval for when a log is rotated.This works with the interval unit

dsconf logging security set rotation-interval-unit

Set the time unit for the rotation interval for whena log is rotated.  Choose between: "minute", "hour", "day", "week", and "month"

dsconf logging security set rotation-tod-enabled

Enable "time of day" rotation for expired logs

dsconf logging security set rotation-tod-disabled

Disable "time of day" rotation for expired logs

dsconf logging security set rotation-tod-hour

Set the hour when an expired log should be rotated

dsconf logging security set rotation-tod-minute

Set the minute when an expired log should be rotated

dsconf logging security set deletion-interval

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

dsconf logging security set deletion-interval-unit

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

dsconf logging security set max-disk-space

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

dsconf logging security set free-disk-space

The server deletes the oldest rotated log file when the available disk space in MB is less than this amount.

usage: dsconf [-v] [-j] instance logging security set logging-enabled [-h]

usage: dsconf [-v] [-j] instance logging security set logging-disabled [-h]

usage: dsconf [-v] [-j] instance logging security set mode [-h] values

values

File permissions. Default is 600

usage: dsconf [-v] [-j] instance logging security set location [-h] values

values

Log name and location

usage: dsconf [-v] [-j] instance logging security set compress-enabled [-h]

usage: dsconf [-v] [-j] instance logging security set compress-disabled [-h]

usage: dsconf [-v] [-j] instance logging security set buffering-enabled [-h]

usage: dsconf [-v] [-j] instance logging security set buffering-disabled [-h]

usage: dsconf [-v] [-j] instance logging security set max-logs [-h] values

values

Set the maximum number of rotated logs the server will maintain

usage: dsconf [-v] [-j] instance logging security set max-logsize [-h] values

values

Set the maximum size for a log in MB

usage: dsconf [-v] [-j] instance logging security set rotation-interval
      [-h] values

values

Set the interval for when a log is rotated.This works with the interval unit

usage: dsconf [-v] [-j] instance logging security set rotation-interval-unit
      [-h] values

values

Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month"

usage: dsconf [-v] [-j] instance logging security set rotation-tod-enabled
      [-h]

usage: dsconf [-v] [-j] instance logging security set rotation-tod-disabled
      [-h]

usage: dsconf [-v] [-j] instance logging security set rotation-tod-hour
      [-h] values

values

Set the hour when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging security set rotation-tod-minute
      [-h] values

values

Set the minute when an expired log should be rotated

usage: dsconf [-v] [-j] instance logging security set deletion-interval
      [-h] values

values

Set the interval a rotated log should be deleted. This works with the deletion internal unit setting

usage: dsconf [-v] [-j] instance logging security set deletion-interval-unit
      [-h] values

values

Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month"

usage: dsconf [-v] [-j] instance logging security set max-disk-space
      [-h] values

values

Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted.

usage: dsconf [-v] [-j] instance logging security set free-disk-space
      [-h] values

values

Set the minimum available disk space in MB that triggers the server to delete rotated log files.

usage: dsconf [-v] [-j] instance monitor [-h]
                              {server,dbmon,ldbm,backend,snmp,chaining,disk} ...

dsconf monitor server

Displays the server statistics, connections, and operations

dsconf monitor dbmon

Monitor all database statistics in a single report

dsconf monitor ldbm

Monitor the LDBM statistics, such as dbcache

dsconf monitor backend

Monitor the behavior of a backend database

dsconf monitor snmp

Displays the SNMP statistics

dsconf monitor chaining

Monitor database chaining statistics

dsconf monitor disk

Displays the disk space statistics. All values are in bytes.

usage: dsconf [-v] [-j] instance monitor server [-h]

usage: dsconf [-v] [-j] instance monitor dbmon [-h] [-b BACKENDS] [-x]

-b BACKENDS, --backends BACKENDS

Specifies a list of space-separated backends to monitor. Default is all backends.

-x, --indexes

Shows index stats for each backend

usage: dsconf [-v] [-j] instance monitor ldbm [-h]

usage: dsconf [-v] [-j] instance monitor backend [-h] [backend]

backend

The optional name of the backend to monitor

usage: dsconf [-v] [-j] instance monitor snmp [-h]

usage: dsconf [-v] [-j] instance monitor chaining [-h] [backend]

backend

The optional name of the chaining backend to monitor

usage: dsconf [-v] [-j] instance monitor disk [-h]

usage: dsconf [-v] [-j] instance plugin [-h]
                             {memberof,automember,referential-integrity,root-dn,usn,account-policy,attr-uniq,dna,ldap-pass-through-auth,linked-attr,managed-entries,pam-pass-through-auth,retro-changelog,posix-winsync,contentsync,entryuuid,pwstorage-scheme,list,show,set} ...

dsconf plugin memberof

Manage and configure MemberOf plugin

dsconf plugin automember

Manage and configure Automembership plugin

dsconf plugin referential-integrity

Manage and configure Referential Integrity Postoperation plugin

dsconf plugin root-dn

Manage and configure RootDN Access Control plugin

dsconf plugin usn

Manage and configure USN plugin

dsconf plugin account-policy

Manage and configure Account Policy plugin

dsconf plugin attr-uniq

Manage and configure Attribute Uniqueness plugin

dsconf plugin dna

Manage and configure DNA plugin

dsconf plugin ldap-pass-through-auth

Manage and configure LDAP Pass-Through Authentication Plugin

dsconf plugin linked-attr

Manage and configure Linked Attributes plugin

dsconf plugin managed-entries

Manage and configure Managed Entries Plugin

dsconf plugin pam-pass-through-auth

Manage and configure Pass-Through Authentication plugins (LDAP URLs and PAM)

dsconf plugin retro-changelog

Manage and configure Retro Changelog plugin

dsconf plugin posix-winsync

Manage and configure the Posix Winsync API plugin

dsconf plugin contentsync

Manage and configure Content Sync Plugin (aka syncrepl)

dsconf plugin entryuuid

Manage and configure EntryUUID plugin

dsconf plugin pwstorage-scheme

Manage password storage scheme plugins

dsconf plugin list

List current configured (enabled and disabled) plugins

dsconf plugin show

Show the plugin data

dsconf plugin set

Edit the plugin settings

usage: dsconf [-v] [-j] instance plugin memberof [-h]
                                                {show,enable,disable,status,set,config-entry,fixup,fixup-status} ...

dsconf plugin memberof show

Displays the plugin configuration

dsconf plugin memberof enable

Enables the plugin

dsconf plugin memberof disable

Disables the plugin

dsconf plugin memberof status

Displays the plugin status

dsconf plugin memberof set

Edit the plugin settings

dsconf plugin memberof config-entry

Manage the config entry

dsconf plugin memberof fixup

Run the fix-up task for memberOf plugin

dsconf plugin memberof fixup-status

Check the status of a fix-up task

usage: dsconf [-v] [-j] instance plugin memberof show [-h]

usage: dsconf [-v] [-j] instance plugin memberof enable [-h]

usage: dsconf [-v] [-j] instance plugin memberof disable [-h]

usage: dsconf [-v] [-j] instance plugin memberof status [-h]

usage: dsconf [-v] [-j] instance plugin memberof set [-h] [--attr ATTR]
                                                    [--groupattr GROUPATTR [GROUPATTR ...]]
                                                    [--allbackends {on,off}]
                                                    [--skipnested {on,off}]
                                                    [--scope SCOPE [SCOPE ...]]
                                                    [--exclude EXCLUDE [EXCLUDE ...]]
                                                    [--autoaddoc AUTOADDOC]
                                                    [--config-entry CONFIG_ENTRY]

--attr ATTR

Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr)

--groupattr GROUPATTR [GROUPATTR ...]

Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr)

--allbackends {on,off}

Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends)

--skipnested {on,off}

Specifies whether to skip nested groups or not (memberOfSkipNested)

--scope SCOPE [SCOPE ...]

Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on (memberOfEntryScope)

--exclude EXCLUDE [EXCLUDE ...]

Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude (memberOfEntryScopeExcludeSubtree)

--autoaddoc AUTOADDOC

If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter

--config-entry CONFIG_ENTRY

The value to set as nsslapd-pluginConfigArea

usage: dsconf [-v] [-j] instance plugin memberof config-entry
      [-h] {add,set,show,delete} ...

dsconf plugin memberof config-entry add

Add the config entry

dsconf plugin memberof config-entry set

Edit the config entry

dsconf plugin memberof config-entry show

Display the config entry

dsconf plugin memberof config-entry delete

Delete the config entry

usage: dsconf [-v] [-j] instance plugin memberof config-entry add
      [-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]]
      [--allbackends {on,off}] [--skipnested {on,off}]
      [--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]]
      [--autoaddoc AUTOADDOC]
      DN

DN

The config entry full DN

--attr ATTR

Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr)

--groupattr GROUPATTR [GROUPATTR ...]

Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr)

--allbackends {on,off}

Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends)

--skipnested {on,off}

Specifies whether to skip nested groups or not (memberOfSkipNested)

--scope SCOPE [SCOPE ...]

Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on (memberOfEntryScope)

--exclude EXCLUDE [EXCLUDE ...]

Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude (memberOfEntryScopeExcludeSubtree)

--autoaddoc AUTOADDOC

If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter

usage: dsconf [-v] [-j] instance plugin memberof config-entry set
      [-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]]
      [--allbackends {on,off}] [--skipnested {on,off}]
      [--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]]
      [--autoaddoc AUTOADDOC]
      DN

DN

The config entry full DN

--attr ATTR

Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr)

--groupattr GROUPATTR [GROUPATTR ...]

Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr)

--allbackends {on,off}

Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends)

--skipnested {on,off}

Specifies whether to skip nested groups or not (memberOfSkipNested)

--scope SCOPE [SCOPE ...]

Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on (memberOfEntryScope)

--exclude EXCLUDE [EXCLUDE ...]

Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude (memberOfEntryScopeExcludeSubtree)

--autoaddoc AUTOADDOC

If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter

usage: dsconf [-v] [-j] instance plugin memberof config-entry show [-h] DN

DN

The config entry full DN

usage: dsconf [-v] [-j] instance plugin memberof config-entry delete [-h] DN

DN

The config entry full DN

usage: dsconf [-v] [-j] instance plugin memberof fixup [-h] [-f FILTER]
                                                      [--wait]
                                                      [--timeout TIMEOUT]
                                                      DN

DN

Base DN that contains entries to fix up

-f FILTER, --filter FILTER

Filter for entries to fix up. If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute regenerated.

--wait

Wait for the task to finish, this could take a long time

--timeout TIMEOUT

Sets the task timeout. ,Default is 0 (no timeout)

usage: dsconf [-v] [-j] instance plugin memberof fixup-status
      [-h] [--dn DN] [--show-log] [--watch]

--dn DN

The task entry's DN

--show-log

Display the task log

--watch

Watch the task's status and wait for it to finish

usage: dsconf [-v] [-j] instance plugin automember [-h]
                                                  {show,enable,disable,status,list,definition,fixup,fixup-status,abort-fixup} ...

dsconf plugin automember show

Displays the plugin configuration

dsconf plugin automember enable

Enables the plugin

dsconf plugin automember disable

Disables the plugin

dsconf plugin automember status

Displays the plugin status

dsconf plugin automember list

List Automembership definitions or regex rules.

dsconf plugin automember definition

Manage Automembership definition.

dsconf plugin automember fixup

Run a rebuild membership task.

dsconf plugin automember fixup-status

Check the status of a fix-up task

dsconf plugin automember abort-fixup

Abort the rebuild membership task.

usage: dsconf [-v] [-j] instance plugin automember show [-h]

usage: dsconf [-v] [-j] instance plugin automember enable [-h]

usage: dsconf [-v] [-j] instance plugin automember disable [-h]

usage: dsconf [-v] [-j] instance plugin automember status [-h]

usage: dsconf [-v] [-j] instance plugin automember list [-h]
                                                       {definitions,regexes} ...

dsconf plugin automember list definitions

Lists Automembership definitions.

dsconf plugin automember list regexes

List Automembership regex rules.

usage: dsconf [-v] [-j] instance plugin automember list definitions [-h]

usage: dsconf [-v] [-j] instance plugin automember list regexes [-h] DEFNAME

DEFNAME

The definition entry CN

usage: dsconf [-v] [-j] instance plugin automember definition
      [-h] DEFNAME {add,set,delete,show,regex} ...

dsconf plugin automember definition add

Creates Automembership definition.

dsconf plugin automember definition set

Edits Automembership definition.

dsconf plugin automember definition delete

Removes Automembership definition.

dsconf plugin automember definition show

Displays Automembership definition.

dsconf plugin automember definition regex

Manage Automembership regex rules.

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME add
      [-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP]
      --scope SCOPE --filter FILTER

--grouping-attr GROUPING_ATTR

Specifies the name of the member attribute in the group entry and the attribute in the object entry that supplies the member attribute value, in the format group_member_attr:entry_attr (autoMemberGroupingAttr)

--default-group DEFAULT_GROUP

Sets default or fallback group to add the entry to as a member attribute in group entry (autoMemberDefaultGroup)

--scope SCOPE

Sets the subtree DN to search for entries (autoMemberScope)

--filter FILTER

Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter)

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME set
      [-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP]
      --scope SCOPE --filter FILTER

--grouping-attr GROUPING_ATTR

Specifies the name of the member attribute in the group entry and the attribute in the object entry that supplies the member attribute value, in the format group_member_attr:entry_attr (autoMemberGroupingAttr)

--default-group DEFAULT_GROUP

Sets default or fallback group to add the entry to as a member attribute in group entry (autoMemberDefaultGroup)

--scope SCOPE

Sets the subtree DN to search for entries (autoMemberScope)

--filter FILTER

Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter)

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME delete
      [-h]

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME show
      [-h]

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex
      [-h] REGEXNAME {add,set,delete,show} ...

dsconf plugin automember definition regex add

Creates Automembership regex.

dsconf plugin automember definition regex set

Edits Automembership regex.

dsconf plugin automember definition regex delete

Removes Automembership regex.

dsconf plugin automember definition regex show

Displays Automembership regex.

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME add
      [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
      [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP

--exclusive EXCLUSIVE [EXCLUSIVE ...]

Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex)

--inclusive INCLUSIVE [INCLUSIVE ...]

Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex)

--target-group TARGET_GROUP

Sets which group to add the entry to as a member, if it meets the regular expression conditions (autoMemberTargetGroup)

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME set
      [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
      [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP

--exclusive EXCLUSIVE [EXCLUSIVE ...]

Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex)

--inclusive INCLUSIVE [INCLUSIVE ...]

Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex)

--target-group TARGET_GROUP

Sets which group to add the entry to as a member, if it meets the regular expression conditions (autoMemberTargetGroup)

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME delete
      [-h]

usage: dsconf [-v] [-j] instance plugin automember definition DEFNAME regex REGEXNAME show
      [-h]

usage: dsconf [-v] [-j] instance plugin automember fixup [-h] -f FILTER
                                                        -s {sub,base,one}
                                                        [--cleanup] [--wait]
                                                        [--timeout TIMEOUT]
                                                        DN

DN

Base DN that contains entries to fix up

-f FILTER, --filter FILTER

Sets the LDAP filter for entries to fix up

-s {sub,base,one}, --scope {sub,base,one}

Sets the LDAP search scope for entries to fix up

--cleanup

Clean up previous group memberships before rebuilding

--wait

Wait for the task to finish, this could take a long time

--timeout TIMEOUT

Set a timeout to wait for the fixup task. Default is 0 (no timeout)

usage: dsconf [-v] [-j] instance plugin automember fixup-status
      [-h] [--dn DN] [--show-log] [--watch]

--dn DN

The task entry's DN

--show-log

Display the task log

--watch

Watch the task's status and wait for it to finish

usage: dsconf [-v] [-j] instance plugin automember abort-fixup
      [-h] [--timeout TIMEOUT]

--timeout TIMEOUT

Set a timeout to wait for the abort task. Default is 0 (no timeout)

usage: dsconf instance [-v] [-j] plugin referential-integrity
      [-h] {show,enable,disable,status,set,config-entry} ...

dsconf plugin referential-integrity show

Displays the plugin configuration

dsconf plugin referential-integrity enable

Enables the plugin

dsconf plugin referential-integrity disable

Disables the plugin

dsconf plugin referential-integrity status

Displays the plugin status

dsconf plugin referential-integrity set

Edit the plugin settings

dsconf plugin referential-integrity config-entry

Manage the config entry

usage: dsconf [-v] [-j] instance plugin referential-integrity show [-h]

usage: dsconf [-v] [-j] instance plugin referential-integrity enable [-h]

usage: dsconf [-v] [-j] instance plugin referential-integrity disable [-h]

usage: dsconf [-v] [-j] instance plugin referential-integrity status [-h]

usage: dsconf [-v] [-j] instance plugin referential-integrity set
      [-h] [--update-delay UPDATE_DELAY]
      [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
      [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
      [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
      [--config-entry CONFIG_ENTRY]

--update-delay UPDATE_DELAY

Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is performed (referint-update-delay)

--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]

Specifies attributes to check for and update (referint-membership-attr)

--entry-scope ENTRY_SCOPE

Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry (nsslapd-pluginEntryScope)

--exclude-entry-scope EXCLUDE_ENTRY_SCOPE

Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user (nsslapd-pluginExcludeEntryScope)

--container-scope CONTAINER_SCOPE

Specifies which branch the plug-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd-pluginContainerScope)

--log-file LOG_FILE

Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint

--config-entry CONFIG_ENTRY

The value to set as nsslapd-pluginConfigArea

usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry
      [-h] {add,set,show,delete} ...

dsconf plugin referential-integrity config-entry add

Add the config entry

dsconf plugin referential-integrity config-entry set

Edit the config entry

dsconf plugin referential-integrity config-entry show

Display the config entry

dsconf plugin referential-integrity config-entry delete

Delete the config entry

usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry add
      [-h] [--update-delay UPDATE_DELAY]
      [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
      [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
      [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
      DN

DN

The config entry full DN

--update-delay UPDATE_DELAY

Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is performed (referint-update-delay)

--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]

Specifies attributes to check for and update (referint-membership-attr)

--entry-scope ENTRY_SCOPE

Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry (nsslapd-pluginEntryScope)

--exclude-entry-scope EXCLUDE_ENTRY_SCOPE

Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user (nsslapd-pluginExcludeEntryScope)

--container-scope CONTAINER_SCOPE

Specifies which branch the plug-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd-pluginContainerScope)

--log-file LOG_FILE

Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint

usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry set
      [-h] [--update-delay UPDATE_DELAY]
      [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
      [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
      [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
      DN

DN

The config entry full DN

--update-delay UPDATE_DELAY

Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is performed (referint-update-delay)

--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]

Specifies attributes to check for and update (referint-membership-attr)

--entry-scope ENTRY_SCOPE

Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry (nsslapd-pluginEntryScope)

--exclude-entry-scope EXCLUDE_ENTRY_SCOPE

Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user (nsslapd-pluginExcludeEntryScope)

--container-scope CONTAINER_SCOPE

Specifies which branch the plug-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd-pluginContainerScope)

--log-file LOG_FILE

Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint

usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry show
      [-h] DN

DN

The config entry full DN

usage: dsconf [-v] [-j] instance plugin referential-integrity config-entry delete
      [-h] DN

DN

The config entry full DN

usage: dsconf [-v] [-j] instance plugin root-dn [-h]
                                               {show,enable,disable,status,set} ...

dsconf plugin root-dn show

Displays the plugin configuration

dsconf plugin root-dn enable

Enables the plugin

dsconf plugin root-dn disable

Disables the plugin

dsconf plugin root-dn status

Displays the plugin status

dsconf plugin root-dn set

Edit the plugin settings

usage: dsconf [-v] [-j] instance plugin root-dn show [-h]

usage: dsconf [-v] [-j] instance plugin root-dn enable [-h]

usage: dsconf [-v] [-j] instance plugin root-dn disable [-h]

usage: dsconf [-v] [-j] instance plugin root-dn status [-h]

usage: dsconf [-v] [-j] instance plugin root-dn set [-h]
                                                   [--allow-host ALLOW_HOST [ALLOW_HOST ...]]
                                                   [--deny-host DENY_HOST [DENY_HOST ...]]
                                                   [--allow-ip ALLOW_IP [ALLOW_IP ...]]
                                                   [--deny-ip DENY_IP [DENY_IP ...]]
                                                   [--open-time OPEN_TIME]
                                                   [--close-time CLOSE_TIME]
                                                   [--days-allowed DAYS_ALLOWED]

--allow-host ALLOW_HOST [ALLOW_HOST ...]

Sets what hosts, by fully-qualified domain name, the root user is allowed to use to access Directory Server. Any hosts not listed are implicitly denied (rootdn-allow-host)

--deny-host DENY_HOST [DENY_HOST ...]

Sets what hosts, by fully-qualified domain name, the root user is not allowed to use to access Directory Server. Any hosts not listed are implicitly allowed (rootdn-deny-host). If a host address is listed in both the rootdn-allow-host and rootdn-deny-host attributes, it is denied access.

--allow-ip ALLOW_IP [ALLOW_IP ...]

Sets what IP addresses, either IPv4 or IPv6, for machines the root user is allowed to use to access Directory Server. Any IP addresses not listed are implicitly denied (rootdn-allow-ip)

--deny-ip DENY_IP [DENY_IP ...]

Sets what IP addresses, either IPv4 or IPv6, for machines the root user is not allowed to use to access Directory Server. Any IP addresses not listed are implicitly allowed (rootdn-deny-ip). If an IP address is listed in both the rootdn-allow-ip and rootdn-deny-ip attributes, it is denied access.

--open-time OPEN_TIME

Sets part of a time period or range when the root user is allowed to access Directory Server. This sets when the time-based access begins (rootdn-open- time)

--close-time CLOSE_TIME

Sets part of a time period or range when the root user is allowed to access Directory Server. This sets when the time-based access ends (rootdn-close- time)

--days-allowed DAYS_ALLOWED

Sets a comma-separated list of what days the root user is allowed to use to access Directory Server. Any days listed are implicitly denied (rootdn-days- allowed)

usage: dsconf [-v] [-j] instance plugin usn [-h]
                                           {show,enable,disable,status,global,cleanup} ...

dsconf plugin usn show

Displays the plugin configuration

dsconf plugin usn enable

Enables the plugin

dsconf plugin usn disable

Disables the plugin

dsconf plugin usn status

Displays the plugin status

dsconf plugin usn global

Get or manage global USN mode (nsslapd-entryusn-global)

dsconf plugin usn cleanup

Runs the USN tombstone cleanup task

usage: dsconf [-v] [-j] instance plugin usn show [-h]

usage: dsconf [-v] [-j] instance plugin usn enable [-h]

usage: dsconf [-v] [-j] instance plugin usn disable [-h]

usage: dsconf [-v] [-j] instance plugin usn status [-h]

usage: dsconf [-v] [-j] instance plugin usn global [-h] {on,off} ...

dsconf plugin usn global on

Enables USN global mode

dsconf plugin usn global off

Disables USN global mode

usage: dsconf [-v] [-j] instance plugin usn global on [-h]

usage: dsconf [-v] [-j] instance plugin usn global off [-h]

usage: dsconf [-v] [-j] instance plugin usn cleanup [-h] (-s SUFFIX |
                                                   -n BACKEND) [-m MAX_USN]
                                                   [--timeout TIMEOUT]

-s SUFFIX, --suffix SUFFIX

Sets the suffix or subtree in Directory Server to run the cleanup operation against. If the suffix is not specified, then the back end must be specified (suffix).

-n BACKEND, --backend BACKEND

Sets the Directory Server instance back end, or database, to run the cleanup operation against. If the back end is not specified, then the suffix must be specified. Backend instance in which USN tombstone entries (backend)

-m MAX_USN, --max-usn MAX_USN

Sets the highest USN value to delete when removing tombstone entries (max_usn_to_delete)

--timeout TIMEOUT

Sets the cleanup task timeout. Default is 120 seconds,

usage: dsconf [-v] [-j] instance plugin account-policy [-h]
                                                      {show,enable,disable,status,set,config-entry} ...

dsconf plugin account-policy show

Displays the plugin configuration

dsconf plugin account-policy enable

Enables the plugin

dsconf plugin account-policy disable

Disables the plugin

dsconf plugin account-policy status

Displays the plugin status

dsconf plugin account-policy set

Edit the plugin settings

dsconf plugin account-policy config-entry

Manage the config entry

usage: dsconf [-v] [-j] instance plugin account-policy show [-h]

usage: dsconf [-v] [-j] instance plugin account-policy enable [-h]

usage: dsconf [-v] [-j] instance plugin account-policy disable [-h]

usage: dsconf [-v] [-j] instance plugin account-policy status [-h]

usage: dsconf [-v] [-j] instance plugin account-policy set [-h]
                                                          [--config-entry CONFIG_ENTRY]

--config-entry CONFIG_ENTRY

Sets the nsslapd-pluginarg0 attribute

usage: dsconf [-v] [-j] instance plugin account-policy config-entry
      [-h] {add,set,show,delete} ...

dsconf plugin account-policy config-entry add

Add the config entry

dsconf plugin account-policy config-entry set

Edit the config entry

dsconf plugin account-policy config-entry show

Display the config entry

dsconf plugin account-policy config-entry delete

Delete the config entry

usage: dsconf [-v] [-j] instance plugin account-policy config-entry add
      [-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR]
      [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
      [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
      [--state-attr STATE_ATTR] [--login-history-size LOGIN_HISTORY_SIZE]
      [--check-all-state-attrs {yes,no}]
      DN

DN

The full DN of the config entry

--always-record-login {yes,no}

Sets that every entry records its last login time (alwaysRecordLogin)

--alt-state-attr ALT_STATE_ATTR

Provides a backup attribute for the server to reference to evaluate the expiration time (altStateAttrName)

--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR

Specifies the attribute to store the time of the last successful login in this attribute in the users directory entry (alwaysRecordLoginAttr)

--limit-attr LIMIT_ATTR

Specifies the attribute within the policy to use for the account inactivation limit (limitAttrName)

--spec-attr SPEC_ATTR

Specifies the attribute to identify which entries are account policy configuration entries (specAttrName)

--state-attr STATE_ATTR

Specifies the primary time attribute used to evaluate an account policy (stateAttrName)

--login-history-size LOGIN_HISTORY_SIZE

Specifies the number of login timestamps to store (lastLoginHistSize) )

--check-all-state-attrs {yes,no}

Check both state and alternate state attributes for account state

usage: dsconf [-v] [-j] instance plugin account-policy config-entry set
      [-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR]
      [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
      [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
      [--state-attr STATE_ATTR] [--login-history-size LOGIN_HISTORY_SIZE]
      [--check-all-state-attrs {yes,no}]
      DN

DN

The full DN of the config entry

--always-record-login {yes,no}

Sets that every entry records its last login time (alwaysRecordLogin)

--alt-state-attr ALT_STATE_ATTR

Provides a backup attribute for the server to reference to evaluate the expiration time (altStateAttrName)

--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR

Specifies the attribute to store the time of the last successful login in this attribute in the users directory entry (alwaysRecordLoginAttr)

--limit-attr LIMIT_ATTR

Specifies the attribute within the policy to use for the account inactivation limit (limitAttrName)

--spec-attr SPEC_ATTR

Specifies the attribute to identify which entries are account policy configuration entries (specAttrName)

--state-attr STATE_ATTR

Specifies the primary time attribute used to evaluate an account policy (stateAttrName)

--login-history-size LOGIN_HISTORY_SIZE

Specifies the number of login timestamps to store (lastLoginHistSize) )

--check-all-state-attrs {yes,no}

Check both state and alternate state attributes for account state

usage: dsconf [-v] [-j] instance plugin account-policy config-entry show
      [-h] DN

DN

The full DN of the config entry

usage: dsconf [-v] [-j] instance plugin account-policy config-entry delete
      [-h] DN

DN

The full DN of the config entry

usage: dsconf [-v] [-j] instance plugin attr-uniq [-h]
                                                 {list,add,set,show,delete,enable,disable,status} ...

dsconf plugin attr-uniq list

Lists available plugin configs

dsconf plugin attr-uniq add

Add the config entry

dsconf plugin attr-uniq set

Edit the config entry

dsconf plugin attr-uniq show

Display the config entry

dsconf plugin attr-uniq delete

Delete the config entry

dsconf plugin attr-uniq enable

enable plugin

dsconf plugin attr-uniq disable

disable plugin

dsconf plugin attr-uniq status

display plugin status

usage: dsconf [-v] [-j] instance plugin attr-uniq list [-h]

usage: dsconf [-v] [-j] instance plugin attr-uniq add [-h]
                                                     [--enabled {on,off}]
                                                     [--attr-name ATTR_NAME [ATTR_NAME ...]]
                                                     [--subtree SUBTREE [SUBTREE ...]]
                                                     [--across-all-subtrees {on,off}]
                                                     [--top-entry-oc TOP_ENTRY_OC]
                                                     [--subtree-entries-oc SUBTREE_ENTRIES_OC]
                                                     NAME

NAME

The name of the plug-in configuration record. (cn) You can use any string, but "attribute_name Attribute Uniqueness" is recommended.

--enabled {on,off}

Identifies whether or not the config is enabled.

--attr-name ATTR_NAME [ATTR_NAME ...]

Sets the name of the attribute whose values must be unique. This attribute is multi-valued. (uniqueness-attribute-name)

--subtree SUBTREE [SUBTREE ...]

Sets the DN under which the plug-in checks for uniqueness of the attributes value. This attribute is multi-valued (uniqueness-subtrees)

--across-all-subtrees {on,off}

If enabled (on), the plug-in checks that the attribute is unique across all subtrees set. If you set the attribute to off, uniqueness is only enforced within the subtree of the updated entry (uniqueness-across-all-subtrees)

--top-entry-oc TOP_ENTRY_OC

Verifies that the value of the attribute set in uniqueness-attribute-name is unique in this subtree (uniqueness-top-entry-oc)

--subtree-entries-oc SUBTREE_ENTRIES_OC

Verifies if an attribute is unique, if the entry contains the object class set in this parameter (uniqueness-subtree-entries-oc)

usage: dsconf [-v] [-j] instance plugin attr-uniq set [-h]
                                                     [--enabled {on,off}]
                                                     [--attr-name ATTR_NAME [ATTR_NAME ...]]
                                                     [--subtree SUBTREE [SUBTREE ...]]
                                                     [--across-all-subtrees {on,off}]
                                                     [--top-entry-oc TOP_ENTRY_OC]
                                                     [--subtree-entries-oc SUBTREE_ENTRIES_OC]
                                                     NAME

NAME

The name of the plug-in configuration record. (cn) You can use any string, but "attribute_name Attribute Uniqueness" is recommended.

--enabled {on,off}

Identifies whether or not the config is enabled.

--attr-name ATTR_NAME [ATTR_NAME ...]

Sets the name of the attribute whose values must be unique. This attribute is multi-valued. (uniqueness-attribute-name)

--subtree SUBTREE [SUBTREE ...]

Sets the DN under which the plug-in checks for uniqueness of the attributes value. This attribute is multi-valued (uniqueness-subtrees)

--across-all-subtrees {on,off}

If enabled (on), the plug-in checks that the attribute is unique across all subtrees set. If you set the attribute to off, uniqueness is only enforced within the subtree of the updated entry (uniqueness-across-all-subtrees)

--top-entry-oc TOP_ENTRY_OC

Verifies that the value of the attribute set in uniqueness-attribute-name is unique in this subtree (uniqueness-top-entry-oc)

--subtree-entries-oc SUBTREE_ENTRIES_OC

Verifies if an attribute is unique, if the entry contains the object class set in this parameter (uniqueness-subtree-entries-oc)

usage: dsconf [-v] [-j] instance plugin attr-uniq show [-h] NAME

NAME

The name of the plug-in configuration record

usage: dsconf [-v] [-j] instance plugin attr-uniq delete [-h] NAME

NAME

The name of the plug-in configuration record

usage: dsconf [-v] [-j] instance plugin attr-uniq enable [-h] NAME

NAME

The name of the plug-in configuration record

usage: dsconf [-v] [-j] instance plugin attr-uniq disable [-h] NAME

NAME

The name of the plug-in configuration record

usage: dsconf [-v] [-j] instance plugin attr-uniq status [-h] NAME

NAME

The name of the plug-in configuration record

usage: dsconf [-v] [-j] instance plugin dna [-h]
                                           {show,enable,disable,status,list,config} ...

dsconf plugin dna show

Displays the plugin configuration

dsconf plugin dna enable

Enables the plugin

dsconf plugin dna disable

Disables the plugin

dsconf plugin dna status

Displays the plugin status

dsconf plugin dna list

List available plugin configs

dsconf plugin dna config

Manage plugin configs

usage: dsconf [-v] [-j] instance plugin dna show [-h]

usage: dsconf [-v] [-j] instance plugin dna enable [-h]

usage: dsconf [-v] [-j] instance plugin dna disable [-h]

usage: dsconf [-v] [-j] instance plugin dna status [-h]

usage: dsconf [-v] [-j] instance plugin dna list [-h]
                                                {configs,shared-configs} ...

dsconf plugin dna list configs

List main DNA plugin config entries

dsconf plugin dna list shared-configs

List DNA plugin shared config entries

usage: dsconf [-v] [-j] instance plugin dna list configs [-h]

usage: dsconf [-v] [-j] instance plugin dna list shared-configs [-h] BASEDN

BASEDN

The search DN

usage: dsconf [-v] [-j] instance plugin dna config [-h]
                                                  NAME
                                                  {add,set,show,delete,shared-config-entry} ...

dsconf plugin dna config add

Add the config entry

dsconf plugin dna config set

Edit the config entry

dsconf plugin dna config show

Display the config entry

dsconf plugin dna config delete

Delete the config entry

dsconf plugin dna config shared-config-entry

Manage the shared config entry

usage: dsconf [-v] [-j] instance plugin dna config NAME add
      [-h] [--type TYPE [TYPE ...]] [--prefix PREFIX]
      [--next-value NEXT_VALUE] [--max-value MAX_VALUE] [--interval INTERVAL]
      [--magic-regen MAGIC_REGEN] [--filter FILTER] [--scope SCOPE]
      [--remote-bind-dn REMOTE_BIND_DN] [--remote-bind-cred REMOTE_BIND_CRED]
      [--shared-config-entry SHARED_CONFIG_ENTRY] [--threshold THRESHOLD]
      [--next-range NEXT_RANGE]
      [--range-request-timeout RANGE_REQUEST_TIMEOUT]

--type TYPE [TYPE ...]

Sets which attributes have unique numbers being generated for them (dnaType)

--prefix PREFIX

Defines a prefix that can be prepended to the generated number values for the attribute (dnaPrefix)

--next-value NEXT_VALUE

Sets the next available number which can be assigned (dnaNextValue)

--max-value MAX_VALUE

Sets the maximum value that can be assigned for the range (dnaMaxValue)

--interval INTERVAL

Sets an interval to use to increment through numbers in a range (dnaInterval)

--magic-regen MAGIC_REGEN

Sets a user-defined value that instructs the plug-in to assign a new value for the entry (dnaMagicRegen)

--filter FILTER

Sets an LDAP filter to use to search for and identify the entries to which to apply the distributed numeric assignment range (dnaFilter)

--scope SCOPE

Sets the base DN to search for entries to which to apply the distributed numeric assignment (dnaScope)

--remote-bind-dn REMOTE_BIND_DN

Specifies the Replication Manager DN (dnaRemoteBindDN)

--remote-bind-cred REMOTE_BIND_CRED

Specifies the Replication Manager's password (dnaRemoteBindCred)

--shared-config-entry SHARED_CONFIG_ENTRY

Defines a shared identity that the servers can use to transfer ranges to one another (dnaSharedCfgDN)

--threshold THRESHOLD

Sets a threshold of remaining available numbers in the range. When the server hits the threshold, it sends a request for a new range (dnaThreshold)

--next-range NEXT_RANGE

Defines the next range to use when the current range is exhausted (dnaNextRange)

--range-request-timeout RANGE_REQUEST_TIMEOUT

Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on a new range from one server and can request a range from a new server (dnaRangeRequestTimeout)

usage: dsconf [-v] [-j] instance plugin dna config NAME set
      [-h] [--type TYPE [TYPE ...]] [--prefix PREFIX]
      [--next-value NEXT_VALUE] [--max-value MAX_VALUE] [--interval INTERVAL]
      [--magic-regen MAGIC_REGEN] [--filter FILTER] [--scope SCOPE]
      [--remote-bind-dn REMOTE_BIND_DN] [--remote-bind-cred REMOTE_BIND_CRED]
      [--shared-config-entry SHARED_CONFIG_ENTRY] [--threshold THRESHOLD]
      [--next-range NEXT_RANGE]
      [--range-request-timeout RANGE_REQUEST_TIMEOUT]

--type TYPE [TYPE ...]

Sets which attributes have unique numbers being generated for them (dnaType)

--prefix PREFIX

Defines a prefix that can be prepended to the generated number values for the attribute (dnaPrefix)

--next-value NEXT_VALUE

Sets the next available number which can be assigned (dnaNextValue)

--max-value MAX_VALUE

Sets the maximum value that can be assigned for the range (dnaMaxValue)

--interval INTERVAL

Sets an interval to use to increment through numbers in a range (dnaInterval)

--magic-regen MAGIC_REGEN

Sets a user-defined value that instructs the plug-in to assign a new value for the entry (dnaMagicRegen)

--filter FILTER

Sets an LDAP filter to use to search for and identify the entries to which to apply the distributed numeric assignment range (dnaFilter)

--scope SCOPE

Sets the base DN to search for entries to which to apply the distributed numeric assignment (dnaScope)

--remote-bind-dn REMOTE_BIND_DN

Specifies the Replication Manager DN (dnaRemoteBindDN)

--remote-bind-cred REMOTE_BIND_CRED

Specifies the Replication Manager's password (dnaRemoteBindCred)

--shared-config-entry SHARED_CONFIG_ENTRY

Defines a shared identity that the servers can use to transfer ranges to one another (dnaSharedCfgDN)

--threshold THRESHOLD

Sets a threshold of remaining available numbers in the range. When the server hits the threshold, it sends a request for a new range (dnaThreshold)

--next-range NEXT_RANGE

Defines the next range to use when the current range is exhausted (dnaNextRange)

--range-request-timeout RANGE_REQUEST_TIMEOUT

Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on a new range from one server and can request a range from a new server (dnaRangeRequestTimeout)

usage: dsconf [-v] [-j] instance plugin dna config NAME show [-h]

usage: dsconf [-v] [-j] instance plugin dna config NAME delete [-h]

usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry
      [-h] SHARED_CFG {set,show,delete} ...

dsconf plugin dna config shared-config-entry set

Edit the shared config entry

dsconf plugin dna config shared-config-entry show

Display the shared config entry

dsconf plugin dna config shared-config-entry delete

Delete the shared config entry

usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry SHARED_CFG set
      [-h] [--remote-bind-method REMOTE_BIND_METHOD]
      [--remote-conn-protocol REMOTE_CONN_PROTOCOL]

--remote-bind-method REMOTE_BIND_METHOD

Specifies the remote bind method "SIMPLE", "SSL" (for SSL client auth), "SASL/GSSAPI", or "SASL/DIGEST-MD5" (dnaRemoteBindMethod)

--remote-conn-protocol REMOTE_CONN_PROTOCOL

Specifies the remote connection protocol "LDAP", or "TLS" (dnaRemoteConnProtocol)

usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry SHARED_CFG show
      [-h]

usage: dsconf [-v] [-j] instance plugin dna config NAME shared-config-entry SHARED_CFG delete
      [-h]

usage: dsconf instance [-v] [-j] plugin ldap-pass-through-auth
      [-h] {show,enable,disable,status,list,add,modify,delete} ...

dsconf plugin ldap-pass-through-auth show

Displays the plugin configuration

dsconf plugin ldap-pass-through-auth enable

Enables the plugin

dsconf plugin ldap-pass-through-auth disable

Disables the plugin

dsconf plugin ldap-pass-through-auth status

Displays the plugin status

dsconf plugin ldap-pass-through-auth list

Lists LDAP URLs

dsconf plugin ldap-pass-through-auth add

Add an LDAP url to the config entry

dsconf plugin ldap-pass-through-auth modify

Edit the LDAP pass through config entry

dsconf plugin ldap-pass-through-auth delete

Delete a URL from the config entry

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth show [-h]

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth enable [-h]

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth disable [-h]

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth status [-h]

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth list [-h]

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth add [-h] URL

URL

The full LDAP URL in format "ldap|ldaps://authDS/subtree maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the rest should be specified too

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth modify
      [-h] OLD_URL NEW_URL

OLD_URL

The full LDAP URL you get from the "list" command

NEW_URL

Sets the full LDAP URL in format "ldap|ldaps://authDS/subtree maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the rest should be specified too.

usage: dsconf [-v] [-j] instance plugin ldap-pass-through-auth delete [-h] URL

URL

The full LDAP URL you get from the "list" command

usage: dsconf [-v] [-j] instance plugin linked-attr [-h]
                                                   {show,enable,disable,status,fixup,fixup-status,list,config} ...

dsconf plugin linked-attr show

Displays the plugin configuration

dsconf plugin linked-attr enable

Enables the plugin

dsconf plugin linked-attr disable

Disables the plugin

dsconf plugin linked-attr status

Displays the plugin status

dsconf plugin linked-attr fixup

Run the fix-up task for linked attributes plugin

dsconf plugin linked-attr fixup-status

Check the status of a fix-up task

dsconf plugin linked-attr list

List available plugin configs

dsconf plugin linked-attr config

Manage plugin configs

usage: dsconf [-v] [-j] instance plugin linked-attr show [-h]

usage: dsconf [-v] [-j] instance plugin linked-attr enable [-h]

usage: dsconf [-v] [-j] instance plugin linked-attr disable [-h]

usage: dsconf [-v] [-j] instance plugin linked-attr status [-h]

usage: dsconf [-v] [-j] instance plugin linked-attr fixup [-h] [-l LINKDN]
                                                         [--wait]

-l LINKDN, --linkdn LINKDN

Sets the base DN that contains entries to fix up

--wait

Wait for the task to finish, this could take a long time

usage: dsconf [-v] [-j] instance plugin linked-attr fixup-status
      [-h] [--dn DN] [--show-log] [--watch]

--dn DN

The task entry's DN

--show-log

Display the task log

--watch

Watch the task's status and wait for it to finish

usage: dsconf [-v] [-j] instance plugin linked-attr list [-h]

usage: dsconf [-v] [-j] instance plugin linked-attr config [-h]
                                                          NAME
                                                          {add,set,show,delete} ...

dsconf plugin linked-attr config add

Add the config entry

dsconf plugin linked-attr config set

Edit the config entry

dsconf plugin linked-attr config show

Display the config entry

dsconf plugin linked-attr config delete

Delete the config entry

usage: dsconf [-v] [-j] instance plugin linked-attr config NAME add
      [-h] [--link-type LINK_TYPE] [--managed-type MANAGED_TYPE]
      [--link-scope LINK_SCOPE]

--link-type LINK_TYPE

Sets the attribute that is managed manually by administrators (linkType)

--managed-type MANAGED_TYPE

Sets the attribute that is created dynamically by the plugin (managedType)

--link-scope LINK_SCOPE

Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope)

usage: dsconf [-v] [-j] instance plugin linked-attr config NAME set
      [-h] [--link-type LINK_TYPE] [--managed-type MANAGED_TYPE]
      [--link-scope LINK_SCOPE]

--link-type LINK_TYPE

Sets the attribute that is managed manually by administrators (linkType)

--managed-type MANAGED_TYPE

Sets the attribute that is created dynamically by the plugin (managedType)

--link-scope LINK_SCOPE

Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope)

usage: dsconf [-v] [-j] instance plugin linked-attr config NAME show [-h]

usage: dsconf [-v] [-j] instance plugin linked-attr config NAME delete [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries [-h]
                                                       {show,enable,disable,status,set,list,config,template} ...

dsconf plugin managed-entries show

Displays the plugin configuration

dsconf plugin managed-entries enable

Enables the plugin

dsconf plugin managed-entries disable

Disables the plugin

dsconf plugin managed-entries status

Displays the plugin status

dsconf plugin managed-entries set

Edit the plugin settings

dsconf plugin managed-entries list

List Managed Entries Plugin configs and templates

dsconf plugin managed-entries config

Handle Managed Entries Plugin configs

dsconf plugin managed-entries template

Handle Managed Entries Plugin templates

usage: dsconf [-v] [-j] instance plugin managed-entries show [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries enable [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries disable [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries status [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries set
      [-h] [--config-area CONFIG_AREA]

--config-area CONFIG_AREA

Sets the value of the nsslapd-pluginConfigArea attribute

usage: dsconf [-v] [-j] instance plugin managed-entries list
      [-h] {configs,templates} ...

dsconf plugin managed-entries list configs

List Managed Entries Plugin configs (list config-area if specified in the main plugin entry)

dsconf plugin managed-entries list templates

List Managed Entries Plugin templates in the directory

usage: dsconf instance [-v] [-j] plugin managed-entries list configs [-h]

usage: dsconf instance [-v] [-j] plugin managed-entries list templates
      [-h] [BASEDN]

BASEDN

The base DN where to search the templates

usage: dsconf [-v] [-j] instance plugin managed-entries config
      [-h] NAME {add,set,show,delete} ...

dsconf plugin managed-entries config add

Add the config entry

dsconf plugin managed-entries config set

Edit the config entry

dsconf plugin managed-entries config show

Display the config entry

dsconf plugin managed-entries config delete

Delete the config entry

usage: dsconf [-v] [-j] instance plugin managed-entries config NAME add
      [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE]
      [--managed-template MANAGED_TEMPLATE]

--scope SCOPE

Sets the scope of the search to use to see which entries the plug-in monitors (originScope)

--filter FILTER

Sets the search filter to use to search for and identify the entries within the subtree which require a managed entry (originFilter)

--managed-base MANAGED_BASE

Sets the subtree under which to create the managed entries (managedBase)

--managed-template MANAGED_TEMPLATE

Identifies the template entry to use to create the managed entry (managedTemplate)

usage: dsconf [-v] [-j] instance plugin managed-entries config NAME set
      [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE]
      [--managed-template MANAGED_TEMPLATE]

--scope SCOPE

Sets the scope of the search to use to see which entries the plug-in monitors (originScope)

--filter FILTER

Sets the search filter to use to search for and identify the entries within the subtree which require a managed entry (originFilter)

--managed-base MANAGED_BASE

Sets the subtree under which to create the managed entries (managedBase)

--managed-template MANAGED_TEMPLATE

Identifies the template entry to use to create the managed entry (managedTemplate)

usage: dsconf [-v] [-j] instance plugin managed-entries config NAME show [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries config NAME delete
      [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries template
      [-h] DN {add,set,show,delete} ...

dsconf plugin managed-entries template add

Add the template entry

dsconf plugin managed-entries template set

Edit the template entry

dsconf plugin managed-entries template show

Display the template entry

dsconf plugin managed-entries template delete

Delete the template entry

usage: dsconf [-v] [-j] instance plugin managed-entries template DN add
      [-h] [--rdn-attr RDN_ATTR]
      [--static-attr STATIC_ATTR [STATIC_ATTR ...]]
      [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]

--rdn-attr RDN_ATTR

Sets which attribute to use as the naming attribute in the automatically- generated entry (mepRDNAttr)

--static-attr STATIC_ATTR [STATIC_ATTR ...]

Sets an attribute with a defined value that must be added to the automatically-generated entry (mepStaticAttr)

--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]

Sets attributes in the Managed Entries template entry which must exist in the generated entry (mepMappedAttr)

usage: dsconf [-v] [-j] instance plugin managed-entries template DN set
      [-h] [--rdn-attr RDN_ATTR]
      [--static-attr STATIC_ATTR [STATIC_ATTR ...]]
      [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]

--rdn-attr RDN_ATTR

Sets which attribute to use as the naming attribute in the automatically- generated entry (mepRDNAttr)

--static-attr STATIC_ATTR [STATIC_ATTR ...]

Sets an attribute with a defined value that must be added to the automatically-generated entry (mepStaticAttr)

--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]

Sets attributes in the Managed Entries template entry which must exist in the generated entry (mepMappedAttr)

usage: dsconf [-v] [-j] instance plugin managed-entries template DN show [-h]

usage: dsconf [-v] [-j] instance plugin managed-entries template DN delete
      [-h]

usage: dsconf instance [-v] [-j] plugin pam-pass-through-auth
      [-h] {show,enable,disable,status,list,config} ...

dsconf plugin pam-pass-through-auth show

Displays the plugin configuration

dsconf plugin pam-pass-through-auth enable

Enables the plugin

dsconf plugin pam-pass-through-auth disable

Disables the plugin

dsconf plugin pam-pass-through-auth status

Displays the plugin status

dsconf plugin pam-pass-through-auth list

Lists PAM configurations

dsconf plugin pam-pass-through-auth config

Manage PAM PTA configurations.

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth show [-h]

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth enable [-h]

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth disable [-h]

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth status [-h]

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth list [-h]

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config
      [-h] NAME {add,set,show,delete} ...

dsconf plugin pam-pass-through-auth config add

Add the config entry

dsconf plugin pam-pass-through-auth config set

Edit the config entry

dsconf plugin pam-pass-through-auth config show

Display the config entry

dsconf plugin pam-pass-through-auth config delete

Delete the config entry

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME add
      [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
      [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
      [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER]
      [--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD]
      [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE]

--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]

Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix)

--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]

Sets a suffix to include for PAM authentication (pamIncludeSuffix)

--missing-suffix {ERROR,ALLOW,IGNORE,delete,}

Identifies how to handle missing include or exclude suffixes (pamMissingSuffix)

--filter FILTER

Sets an LDAP filter to use to identify specific entries within the included suffixes for which to use PAM pass-through authentication (pamFilter)

--id-attr ID_ATTR

Contains the attribute name which is used to hold the PAM user ID (pamIDAttr)

--id_map_method ID_MAP_METHOD

Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod)

--fallback {TRUE,FALSE}

Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback)

--secure {TRUE,FALSE}

Requires secure TLS connection for PAM authentication (pamSecure)

--service SERVICE

Contains the service name to pass to PAM (pamService)

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME set
      [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
      [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
      [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER]
      [--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD]
      [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE]

--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]

Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix)

--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]

Sets a suffix to include for PAM authentication (pamIncludeSuffix)

--missing-suffix {ERROR,ALLOW,IGNORE,delete,}

Identifies how to handle missing include or exclude suffixes (pamMissingSuffix)

--filter FILTER

Sets an LDAP filter to use to identify specific entries within the included suffixes for which to use PAM pass-through authentication (pamFilter)

--id-attr ID_ATTR

Contains the attribute name which is used to hold the PAM user ID (pamIDAttr)

--id_map_method ID_MAP_METHOD

Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod)

--fallback {TRUE,FALSE}

Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback)

--secure {TRUE,FALSE}

Requires secure TLS connection for PAM authentication (pamSecure)

--service SERVICE

Contains the service name to pass to PAM (pamService)

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME show
      [-h]

usage: dsconf [-v] [-j] instance plugin pam-pass-through-auth config NAME delete
      [-h]

usage: dsconf [-v] [-j] instance plugin retro-changelog [-h]
                                                       {show,enable,disable,status,set,add,del} ...

dsconf plugin retro-changelog show

Displays the plugin configuration

dsconf plugin retro-changelog enable

Enables the plugin

dsconf plugin retro-changelog disable

Disables the plugin

dsconf plugin retro-changelog status

Displays the plugin status

dsconf plugin retro-changelog set

Edit the plugin

dsconf plugin retro-changelog add

Add attributes to the plugin

dsconf plugin retro-changelog del

Delete an attribute from plugin scope

usage: dsconf [-v] [-j] instance plugin retro-changelog show [-h]

usage: dsconf [-v] [-j] instance plugin retro-changelog enable [-h]

usage: dsconf [-v] [-j] instance plugin retro-changelog disable [-h]

usage: dsconf [-v] [-j] instance plugin retro-changelog status [-h]

usage: dsconf [-v] [-j] instance plugin retro-changelog set
      [-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE]
      [--directory DIRECTORY] [--max-age MAX_AGE]
      [--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]]
      [--exclude-attrs [EXCLUDE_ATTRS ...]]

--is-replicated {TRUE,FALSE}

Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated)

--attribute ATTRIBUTE

Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd-attribute)

--directory DIRECTORY

Specifies the name of the directory in which the changelog database is created the first time the plug-in is run

--max-age MAX_AGE

Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd-changelogmaxage)

--trim-interval TRIM_INTERVAL

--exclude-suffix [EXCLUDE_SUFFIX ...]

Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix)

--exclude-attrs [EXCLUDE_ATTRS ...]

Specifies the attributes which will be excluded from the scope of the plugin (nsslapd-exclude-attrs)

usage: dsconf [-v] [-j] instance plugin retro-changelog add
      [-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE]
      [--directory DIRECTORY] [--max-age MAX_AGE]
      [--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]]
      [--exclude-attrs [EXCLUDE_ATTRS ...]]

--is-replicated {TRUE,FALSE}

Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated)

--attribute ATTRIBUTE

Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd-attribute)

--directory DIRECTORY

Specifies the name of the directory in which the changelog database is created the first time the plug-in is run

--max-age MAX_AGE

Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd-changelogmaxage)

--trim-interval TRIM_INTERVAL

--exclude-suffix [EXCLUDE_SUFFIX ...]

Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix)

--exclude-attrs [EXCLUDE_ATTRS ...]

Specifies the attributes which will be excluded from the scope of the plugin (nsslapd-exclude-attrs)

usage: dsconf [-v] [-j] instance plugin retro-changelog del
      [-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE]
      [--directory DIRECTORY] [--max-age MAX_AGE]
      [--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]]
      [--exclude-attrs [EXCLUDE_ATTRS ...]]

--is-replicated {TRUE,FALSE}

Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated)

--attribute ATTRIBUTE

Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd-attribute)

--directory DIRECTORY

Specifies the name of the directory in which the changelog database is created the first time the plug-in is run

--max-age MAX_AGE

Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd-changelogmaxage)

--trim-interval TRIM_INTERVAL

--exclude-suffix [EXCLUDE_SUFFIX ...]

Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix)

--exclude-attrs [EXCLUDE_ATTRS ...]

Specifies the attributes which will be excluded from the scope of the plugin (nsslapd-exclude-attrs)

usage: dsconf [-v] [-j] instance plugin posix-winsync [-h]
                                                     {show,enable,disable,status,set,fixup} ...

dsconf plugin posix-winsync show

Displays the plugin configuration

dsconf plugin posix-winsync enable

Enables the plugin

dsconf plugin posix-winsync disable

Disables the plugin

dsconf plugin posix-winsync status

Displays the plugin status

dsconf plugin posix-winsync set

Edit the plugin settings

dsconf plugin posix-winsync fixup

Run the memberOf fix-up task to correct mismatched member and uniquemember values for synced users

usage: dsconf [-v] [-j] instance plugin posix-winsync show [-h]

usage: dsconf [-v] [-j] instance plugin posix-winsync enable [-h]

usage: dsconf [-v] [-j] instance plugin posix-winsync disable [-h]

usage: dsconf [-v] [-j] instance plugin posix-winsync status [-h]

usage: dsconf [-v] [-j] instance plugin posix-winsync set [-h]
                                                         [--create-memberof-task {true,false}]
                                                         [--lower-case-uid {true,false}]
                                                         [--map-member-uid {true,false}]
                                                         [--map-nested-grouping {true,false}]
                                                         [--ms-sfu-schema {true,false}]

--create-memberof-task {true,false}

Sets whether to run the memberUID fix-up task immediately after a sync run in order to update group memberships for synced users (posixWinsyncCreateMemberOfTask)

--lower-case-uid {true,false}

Sets whether to store (and, if necessary, convert) the UID value in the memberUID attribute in lower case.(posixWinsyncLowerCaseUID)

--map-member-uid {true,false}

Sets whether to map the memberUID attribute in an Active Directory group to the uniqueMember attribute in a Directory Server group (posixWinsyncMapMemberUID)

--map-nested-grouping {true,false}

Manages if nested groups are updated when memberUID attributes in an Active Directory POSIX group change (posixWinsyncMapNestedGrouping)

--ms-sfu-schema {true,false}

Sets whether to the older Microsoft System Services for Unix 3.0 (msSFU30) schema when syncing Posix attributes from Active Directory (posixWinsyncMsSFUSchema)

usage: dsconf [-v] [-j] instance plugin posix-winsync fixup
      [-h] [-f FILTER] [--timeout TIMEOUT] DN

DN

Set the base DN that contains entries to fix up

-f FILTER, --filter FILTER

Filter for entries to fix up. If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute regenerated.

--timeout TIMEOUT

Set a timeout to wait for the fixup task. Default is 120 seconds

usage: dsconf [-v] [-j] instance plugin contentsync [-h]
                                                   {show,enable,disable,status,set,add} ...

dsconf plugin contentsync show

Displays the plugin configuration

dsconf plugin contentsync enable

Enables the plugin

dsconf plugin contentsync disable

Disables the plugin

dsconf plugin contentsync status

Displays the plugin status

dsconf plugin contentsync set

Edit the plugin settings

dsconf plugin contentsync add

Add attributes to the plugin