dsconf man page
dsconf The instance name OR the LDAP url to connect to, IE localhost, Manage database suffixes and backends Manage online backups Manage database chaining/database links Manage server configuration Manage the directory manager account Monitor the state of the instance Manage plugins available on the server Get and set the global password policy settings Manage local (user/subtree) password policies Configure replication for a suffix Manage replication agreements Manage Winsync Agreements Manage replication tasks Query and manipulate sasl mappings Query and manipulate security options Query and manipulate schema Manage replication conflicts usage: dsconf instance backend [-h] Manage a backend suffix Manage backend indexes Manage VLV searches and indexes Encrypted attribute options Manage the global database configuration settings Get the global database monitor information Do an online import of the suffix Do an online export of the suffix Create a backend database Delete a backend database Get a representation of the suffix tree usage: dsconf instance backend suffix [-h] List current active backends and suffixes Get the suffix entry get_dn Get the sub-suffixes of this backend Set configuration settings for a single backend usage: dsconf instance backend suffix list [-h] [--suffix] Just display the suffix, and not the backend name Skip over sub-suffixes usage: dsconf instance backend suffix get [-h] [selector] The backend to search for usage: dsconf instance backend suffix get-dn [-h] [dn] The backend dn to get usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix] be_name usage: dsconf instance backend suffix set [-h] [--enable-readonly] The backend name or suffix to delete Set backend database to be read-only Disable read-only mode for backend database Only allow indexed searches Allow all searches even if they are unindexed Add a LDAP referral to the backend Remove a LDAP referral to the backend Enable the backend database Disable the backend database The maximum number of entries to keep in the entry cache The maximum size in bytes that the entry cache can grow to The maximum size in bytes that the DN cache can grow to usage: dsconf instance backend index [-h] Set configuration settings for a single backend Edit an index entry Get an index entry Set configuration settings for a single backend Set configuration settings for a single backend Reindex the database (for a single index or all indexes usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE The backend name or suffix to delete An indexing type: eq, sub, pres, or approximate Matching rule for the index After adding new index, reindex the database The index attribute's name usage: dsconf instance backend index set [-h] --attr ATTR The backend name or suffix to edit an index from The index name to edit An index type to add to the index: eq, sub, pres, or approx An index type to remove from the index: eq, sub, pres, or approx A matching-rule to add to the index A matching-rule to remove from the index After editing index, reindex the database usage: dsconf instance backend index get [-h] --attr ATTR be_name usage: dsconf instance backend index list [-h] [--just-names] be_name The backend name or suffix to list indexes from Return a list of just the attribute names for a backend usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name usage: dsconf instance backend index reindex [-h] [--attr ATTR] [--wait] usage: dsconf instance backend vlv-index [-h] List VLV search and index entries Get a VLV search & index Add a VLV search entry. The search entry is the parent entry of the VLV index entries, and it specifies the search params that are used to match entries for those indexes. Edit a VLV search & index Delete VLV search & index Create a VLV index under a VLV search entry(parent entry). The VLV index just specifies the attributes to sort Delete a VLV index under a VLV search entry(parent entry). Index/reindex the VLV database index usage: dsconf instance backend vlv-index list [-h] [--just-names] be_name The backend name of the VLV index List just the names of the VLV search entries usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name usage: dsconf instance backend vlv-index add-search [-h] --name NAME The backend name of the VLV index Name of the VLV search entry The VLV search base The VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree The VLV search filter usage: dsconf instance backend vlv-index edit-search [-h] --name NAME The backend name of the VLV index Name of the VLV index The VLV search base The VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree The VLV search filter Reindex all the VLV database indexes usage: dsconf instance backend vlv-index del-search [-h] --name NAME be_name usage: dsconf instance backend vlv-index add-index [-h] --parent-name The backend name of the VLV index Name, or "cn" attribute value, of the parent VLV search entry Name of the new VLV index A space separated list of attributes to sort for this VLV index Create the database index for this VLV index definition usage: dsconf instance backend vlv-index del-index [-h] --parent-name The backend name of the VLV index Name, or "cn" attribute value, of the parent VLV search entry Name of the VLV index to delete Delete a VLV index that has this vlvsort value usage: dsconf instance backend vlv-index reindex [-h] The backend name of the VLV index Name of the VLV Index entry to reindex. If not set, all indexes are reindexed Name, or "cn" attribute value, of the parent VLV search entry usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-names] The backend name or suffix to to reindex List all the encrypted attributes for this backend List just the names of the encrypted attributes (used with --list) Add an attribute to be encrypted Remove an attribute from being encrypted usage: dsconf instance backend config [-h] {get,set} ... Get the global database configuration Set the global database configuration usage: dsconf instance backend config get [-h] usage: dsconf instance backend config set [-h] specifies the maximum number of entries that the Directory Server will check Specifies the permissions used for newly created index files Specifies the number of entry IDs that are searched during a search operation Specifies absolute path to database instance Specifies the database index cache size, in bytes. Specifies the path to the directory that contains the database transaction Sets whether database transaction log entries are immediately written to the Sets whether the server should should wait if there are no db locks available Sets the amount of time in seconds after which the Directory Server sends a Sets the interval in seconds when the database is compacted Specifies how many transactions will be batched before being committed Controls when transactions should be flushed earliest, independently of the Controls when transactions should be flushed latest, independently of the Specifies the transaction log information buffer size Sets the maximum number of database locks Set to "on" or "off" to automatically set the size of the import cache to be Sets the percentage of free memory that is used in total for the database and Sets the percentage of RAM that is used for the database cache. The remaining Sets the size, in bytes, of the database cache used in the import process. List of attributes to not include during database export operations Specifies the maximum number of entries that the Directory Server will check Specifies the number of entry IDs that are searched, specifically, for a Specifies the maximum number of entries that the Directory Server will check WARNING this parameter can trigger experimental code to improve write Adjusts the backend database deadlock policy (Advanced setting) Sets the directory for the database mmapped files (Advanced setting) usage: dsconf instance backend monitor [-h] [--suffix SUFFIX] Get just the suffix monitor entry usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E] The backend name or the root suffix where to import Specifies the filename of the input LDIF files.When multiple files are The number of chunks to have during the import operation. Decrypts encrypted data during export. This option is used onlyif database Generate a unique id. Type none for no unique ID to be generatedand Requests that only the core database is created without attribute indexes. Specifies the suffixes or the subtrees to be included. Specifies the suffixes to be excluded. usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m] [-N] [-r] The backend names or the root suffixes from where to export. Gives the filename of the output LDIF file.If more than one are specified, use Uses only the main database file. Decrypts encrypted data during export. This option is used only if database Sets minimal base-64 encoding. Enables you to suppress printing the sequence number. Exports the information required to initialize a replica when the LDIF is Requests that the unique ID is not exported. Requests that the output LDIF is not folded. Specifies the suffixes or the subtrees to be included. Specifies the suffixes to be excluded. usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUFFIX] Sets the parent suffix only if this backend is a sub-suffix The database suffix DN, for example "dc=example,dc=com" The database backend name, for example "userroot" Create sample entries in the database Create the suffix object entry in the database. Only suffixes using the usage: dsconf instance backend delete [-h] be_name The backend name or suffix to delete usage: dsconf instance backend get-tree [-h] usage: dsconf instance backup [-h] {create,restore} ... Creates a backup of the database Restores a database from a backup usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive] usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive usage: dsconf instance chaining [-h] Get the chaining controls and server component lists Set the chaining controls and server component lists Get the default creation parameters for new database links Set the default creation parameters for new database links Create a database link to a remote server get chaining database link Edit a database link to a remote server Delete a database link Get the monitor information for a database chaining link List database links usage: dsconf instance chaining config-get [-h] [--avail-controls] List available controls for chaining List available plugin components for chaining usage: dsconf instance chaining config-set [-h] [--add-control ADD_CONTROL] Add a transmitted control OID Delete a transmitted control OID Add a chaining component Delete a chaining component usage: dsconf instance chaining config-get-def [-h] usage: dsconf instance chaining config-set-def [-h] The maximum number of BIND connections the database link establishes with the The maximum number of LDAP connections the database link establishes with the The number of seconds that pass before the server checks for abandoned The maximum number of concurrent bind operations per TCP connection. The maximum number of concurrent operations allowed. Set to "off" to disable proxied authorization, then binds for chained Specifies connection lifetime in seconds. 0 keeps connection open forever. The amount of time in seconds before a bind attempt times out. Sets whether referrals are returned by scoped searches (on/off). Set whether ACIs are evaluated on the database link as well as the remote data Sets the number of times the server tries to bind with the remote server. Sets the maximum number of entries to return from a search operation. Sets the maximum number of seconds allowed for an operation. Sets the maximum number of times a database is allowed to chain; that is, the The maximum amount of time it can take a remote server to respond to an LDAP Sets the duration of the test issued by the database link to check whether the Set to "on" specifies that the database links should use StartTLS for its usage: dsconf instance chaining link-create [-h] The name of the database link The maximum number of BIND connections the database link establishes with the The maximum number of LDAP connections the database link establishes with the The number of seconds that pass before the server checks for abandoned The maximum number of concurrent bind operations per TCP connection. The maximum number of concurrent operations allowed. Set to "off" to disable proxied authorization, then binds for chained Specifies connection lifetime in seconds. 0 keeps connection open forever. The amount of time in seconds before a bind attempt times out. Sets whether referrals are returned by scoped searches (on/off). Set whether ACIs are evaluated on the database link as well as the remote data Sets the number of times the server tries to bind with the remote server. Sets the maximum number of entries to return from a search operation. Sets the maximum number of seconds allowed for an operation. Sets the maximum number of times a database is allowed to chain; that is, the The maximum amount of time it can take a remote server to respond to an LDAP Sets the duration of the test issued by the database link to check whether the Set to "on" specifies that the database links should use StartTLS for its The suffix managed by the database link. Gives the LDAP/LDAPS URL of the remote server. Sets the authentication method to use to authenticate to the remote server: DN of the administrative entry used to communicate with the remote server Password for the administrative user. usage: dsconf instance chaining link-get [-h] CHAIN_NAME The chaining link name, or suffix, to retrieve usage: dsconf instance chaining link-set [-h] The name of the database link The maximum number of BIND connections the database link establishes with the The maximum number of LDAP connections the database link establishes with the The number of seconds that pass before the server checks for abandoned The maximum number of concurrent bind operations per TCP connection. The maximum number of concurrent operations allowed. Set to "off" to disable proxied authorization, then binds for chained Specifies connection lifetime in seconds. 0 keeps connection open forever. The amount of time in seconds before a bind attempt times out. Sets whether referrals are returned by scoped searches (on/off). Set whether ACIs are evaluated on the database link as well as the remote data Sets the number of times the server tries to bind with the remote server. Sets the maximum number of entries to return from a search operation. Sets the maximum number of seconds allowed for an operation. Sets the maximum number of times a database is allowed to chain; that is, the The maximum amount of time it can take a remote server to respond to an LDAP Sets the duration of the test issued by the database link to check whether the Set to "on" specifies that the database links should use StartTLS for its The suffix managed by the database link. Gives the LDAP/LDAPS URL of the remote server. Sets the authentication method to use to authenticate to the remote server: DN of the administrative entry used to communicate with the remote server Password for the administrative user. usage: dsconf instance chaining link-delete [-h] CHAIN_NAME The name of the database link usage: dsconf instance chaining monitor [-h] CHAIN_NAME The name of the database link usage: dsconf instance chaining link-list [-h] usage: dsconf instance config [-h] {get,add,replace,delete} ... get Add attribute value to configuration Replace attribute value in configuration Delete attribute value in configuration usage: dsconf instance config get [-h] [attrs [attrs ...]] Configuration attribute(s) to get usage: dsconf instance config add [-h] [attr [attr ...]] Configuration attribute to add usage: dsconf instance config replace [-h] [attr [attr ...]] Configuration attribute to replace usage: dsconf instance config delete [-h] [attr [attr ...]] Configuration attribute to delete usage: dsconf instance directory_manager [-h] {password_change} ... Change the directory manager password usage: dsconf instance directory_manager password_change [-h] usage: dsconf instance monitor [-h] Monitor the server statistics, connections and operations Monitor the ldbm statistics, such as dbcache Monitor the behaviour of a backend database Monitor the SNMP statistics Monitor database chaining statistics Disk space statistics. All values are in bytes usage: dsconf instance monitor server [-h] usage: dsconf instance monitor ldbm [-h] usage: dsconf instance monitor backend [-h] [backend] Optional name of the backend to monitor usage: dsconf instance monitor snmp [-h] usage: dsconf instance monitor chaining [-h] [backend] Optional name of the chaining backend to monitor usage: dsconf instance monitor disk [-h] usage: dsconf instance plugin [-h] Manage and configure MemberOf plugin Manage and configure Automembership plugin Manage and configure Referential Integrity Postoperation plugin Manage and configure RootDN Access Control plugin Manage and configure USN plugin Manage and configure Account Policy plugin Manage and configure Attribute Uniqueness plugin Manage and configure DNA plugin Manage and configure Linked Attributes plugin Manage and configure Managed Entries Plugin Manage and configure Pass-Through Authentication plugins (URLs and PAM) Manage and configure Retro Changelog plugin Manage and configure The Posix Winsync API plugin List current configured (enabled and disabled) plugins Show the plugin data Edit the plugin usage: dsconf instance plugin memberof [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin Manage the config entry Run the fix-up task for memberOf plugin usage: dsconf instance plugin memberof show [-h] usage: dsconf instance plugin memberof enable [-h] usage: dsconf instance plugin memberof disable [-h] usage: dsconf instance plugin memberof status [-h] usage: dsconf instance plugin memberof set [-h] [--attr ATTR [ATTR ...]] Specifies the attribute in the user entry for the Directory Server to manage Specifies the attribute in the group entry to use to identify the DNs of group Specifies whether to search the local suffix for user entries on all available Specifies wherher to skip nested groups or not (memberOfSkipNested) Specifies backends or multiple-nested suffixes for the MemberOf plug-in to Specifies backends or multiple-nested suffixes for the MemberOf plug-in to If an entry does not have an object class that allows the memberOf attribute The value to set as nsslapd-pluginConfigArea usage: dsconf instance plugin memberof config-entry [-h] Add the config entry Edit the config entry Display the config entry Delete the config entry usage: dsconf instance plugin memberof config-entry add [-h] The config entry full DN Specifies the attribute in the user entry for the Directory Server to manage Specifies the attribute in the group entry to use to identify the DNs of group Specifies whether to search the local suffix for user entries on all available Specifies wherher to skip nested groups or not (memberOfSkipNested) Specifies backends or multiple-nested suffixes for the MemberOf plug-in to Specifies backends or multiple-nested suffixes for the MemberOf plug-in to If an entry does not have an object class that allows the memberOf attribute usage: dsconf instance plugin memberof config-entry set [-h] The config entry full DN Specifies the attribute in the user entry for the Directory Server to manage Specifies the attribute in the group entry to use to identify the DNs of group Specifies whether to search the local suffix for user entries on all available Specifies wherher to skip nested groups or not (memberOfSkipNested) Specifies backends or multiple-nested suffixes for the MemberOf plug-in to Specifies backends or multiple-nested suffixes for the MemberOf plug-in to If an entry does not have an object class that allows the memberOf attribute usage: dsconf instance plugin memberof config-entry show [-h] DN The config entry full DN usage: dsconf instance plugin memberof config-entry delete [-h] DN The config entry full DN usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN usage: dsconf instance plugin automember [-h] display plugin configuration enable plugin disable plugin display plugin status List Automembership definitions or regex rules. Manage Automembership definition. Run a rebuild membership task. usage: dsconf instance plugin automember show [-h] usage: dsconf instance plugin automember enable [-h] usage: dsconf instance plugin automember disable [-h] usage: dsconf instance plugin automember status [-h] usage: dsconf instance plugin automember list [-h] {definitions,regexes} ... List Automembership definitions. List Automembership regex rules. usage: dsconf instance plugin automember list definitions [-h] usage: dsconf instance plugin automember list regexes [-h] DEFNAME The definition entry CN. usage: dsconf instance plugin automember definition [-h] The definition entry CN. Create Automembership definition. Edit Automembership definition. Remove Automembership definition. Display Automembership definition. Manage Automembership regex rules. usage: dsconf instance plugin automember definition DEFNAME add Specifies the name of the member attribute in the group entry and the Sets default or fallback group to add the entry to as a member attribute in Sets the subtree DN to search for entries (autoMemberScope) Sets a standard LDAP search filter to use to search for matching entries usage: dsconf instance plugin automember definition DEFNAME set Specifies the name of the member attribute in the group entry and the Sets default or fallback group to add the entry to as a member attribute in Sets the subtree DN to search for entries (autoMemberScope) Sets a standard LDAP search filter to use to search for matching entries usage: dsconf instance plugin automember definition DEFNAME delete [-h] usage: dsconf instance plugin automember definition DEFNAME show [-h] usage: dsconf instance plugin automember definition DEFNAME regex The regex entry CN. Create Automembership regex. Edit Automembership regex. Remove Automembership regex. Display Automembership regex. usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME add Sets a single regular expression to use to identify entries to exclude Sets a single regular expression to use to identify entries to include Sets which group to add the entry to as a member, if it meets the regular usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME set Sets a single regular expression to use to identify entries to exclude Sets a single regular expression to use to identify entries to include Sets which group to add the entry to as a member, if it meets the regular usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME delete usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME show usage: dsconf instance plugin automember fixup [-h] -f FILTER -s usage: dsconf instance plugin referential-integrity [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin Manage the config entry usage: dsconf instance plugin referential-integrity show [-h] usage: dsconf instance plugin referential-integrity enable [-h] usage: dsconf instance plugin referential-integrity disable [-h] usage: dsconf instance plugin referential-integrity status [-h] usage: dsconf instance plugin referential-integrity set [-h] Sets the update interval. Special values: 0 - The check is performed Specifies attributes to check for and update (referint-membership-attr) Defines the subtree in which the plug-in looks for the delete or rename Defines the subtree in which the plug-in ignores any operations for deleting Specifies which branch the plug-in searches for the groups to which the user Specifies a path to the Referential integrity logfile.For example: The value to set as nsslapd-pluginConfigArea usage: dsconf instance plugin referential-integrity config-entry Add the config entry Edit the config entry Display the config entry Delete the config entry usage: dsconf instance plugin referential-integrity config-entry add The config entry full DN Sets the update interval. Special values: 0 - The check is performed Specifies attributes to check for and update (referint-membership-attr) Defines the subtree in which the plug-in looks for the delete or rename Defines the subtree in which the plug-in ignores any operations for deleting Specifies which branch the plug-in searches for the groups to which the user Specifies a path to the Referential integrity logfile.For example: usage: dsconf instance plugin referential-integrity config-entry set The config entry full DN Sets the update interval. Special values: 0 - The check is performed Specifies attributes to check for and update (referint-membership-attr) Defines the subtree in which the plug-in looks for the delete or rename Defines the subtree in which the plug-in ignores any operations for deleting Specifies which branch the plug-in searches for the groups to which the user Specifies a path to the Referential integrity logfile.For example: usage: dsconf instance plugin referential-integrity config-entry show [-h] DN The config entry full DN usage: dsconf instance plugin referential-integrity config-entry delete The config entry full DN usage: dsconf instance plugin root-dn [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin usage: dsconf instance plugin root-dn show [-h] usage: dsconf instance plugin root-dn enable [-h] usage: dsconf instance plugin root-dn disable [-h] usage: dsconf instance plugin root-dn status [-h] usage: dsconf instance plugin root-dn set [-h] Sets what hosts, by fully-qualified domain name, the root user is allowed to Sets what hosts, by fully-qualified domain name, the root user is not allowed Sets what IP addresses, either IPv4 or IPv6, for machines the root user is Sets what IP addresses, either IPv4 or IPv6, for machines the root user is not Sets part of a time period or range when the root user is allowed to access Sets part of a time period or range when the root user is allowed to access Gives a comma-separated list of what days the root user is allowed to use to usage: dsconf instance plugin usn [-h] display plugin configuration enable plugin disable plugin display plugin status Get or manage global usn mode (nsslapd-entryusn-global) Run the USN tombstone cleanup task usage: dsconf instance plugin usn show [-h] usage: dsconf instance plugin usn enable [-h] usage: dsconf instance plugin usn disable [-h] usage: dsconf instance plugin usn status [-h] usage: dsconf instance plugin usn global [-h] {on,off} ... Enable usn global mode Disable usn global mode usage: dsconf instance plugin usn global on [-h] usage: dsconf instance plugin usn global off [-h] usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND) Gives the suffix or subtree in the Directory Server to run the cleanup Gives the Directory Server instance back end, or database, to run the cleanup Gives the highest USN value to delete when removing tombstone entries usage: dsconf instance plugin account-policy [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin Manage the config entry usage: dsconf instance plugin account-policy show [-h] usage: dsconf instance plugin account-policy enable [-h] usage: dsconf instance plugin account-policy disable [-h] usage: dsconf instance plugin account-policy status [-h] usage: dsconf instance plugin account-policy set [-h] The value to set as nsslapd-pluginConfigArea usage: dsconf instance plugin account-policy config-entry [-h] Add the config entry Edit the config entry Display the config entry Delete the config entry usage: dsconf instance plugin account-policy config-entry add The config entry full DN Sets that every entry records its last login time (alwaysRecordLogin) Provides a backup attribute for the server to reference to evaluate the Specifies the attribute to store the time of the last successful login in this Specifies the attribute within the policy to use for the account inactivation Specifies the attribute to identify which entries are account policy Specifies the primary time attribute used to evaluate an account policy usage: dsconf instance plugin account-policy config-entry set The config entry full DN Sets that every entry records its last login time (alwaysRecordLogin) Provides a backup attribute for the server to reference to evaluate the Specifies the attribute to store the time of the last successful login in this Specifies the attribute within the policy to use for the account inactivation Specifies the attribute to identify which entries are account policy Specifies the primary time attribute used to evaluate an account policy usage: dsconf instance plugin account-policy config-entry show [-h] DN The config entry full DN usage: dsconf instance plugin account-policy config-entry delete [-h] DN The config entry full DN usage: dsconf instance plugin attr-uniq [-h] display plugin configuration enable plugin disable plugin display plugin status List available plugin configs Add the config entry Edit the config entry Display the config entry Delete the config entry enable plugin disable plugin display plugin status usage: dsconf instance plugin attr-uniq show [-h] NAME The name of the plug-in configuration record usage: dsconf instance plugin attr-uniq enable [-h] NAME Sets the name of the plug-in configuration record usage: dsconf instance plugin attr-uniq disable [-h] NAME Sets the name of the plug-in configuration record usage: dsconf instance plugin attr-uniq status [-h] NAME Sets the name of the plug-in configuration record usage: dsconf instance plugin attr-uniq list [-h] usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}] Sets the name of the plug-in configuration record. (cn) You can use any Identifies whether or not the config is enabled. Sets the name of the attribute whose values must be unique. This attribute is Sets the DN under which the plug-in checks for uniqueness of the attributes If enabled (on), the plug-in checks that the attribute is unique across all Verifies that the value of the attribute set in uniqueness-attribute-name is Verifies if an attribute is unique, if the entry contains the object class set usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}] Sets the name of the plug-in configuration record. (cn) You can use any Identifies whether or not the config is enabled. Sets the name of the attribute whose values must be unique. This attribute is Sets the DN under which the plug-in checks for uniqueness of the attributes If enabled (on), the plug-in checks that the attribute is unique across all Verifies that the value of the attribute set in uniqueness-attribute-name is Verifies if an attribute is unique, if the entry contains the object class set usage: dsconf instance plugin attr-uniq delete [-h] NAME Sets the name of the plug-in configuration record usage: dsconf instance plugin dna [-h] display plugin configuration enable plugin disable plugin display plugin status List available plugin configs Manage plugin configs usage: dsconf instance plugin dna show [-h] usage: dsconf instance plugin dna enable [-h] usage: dsconf instance plugin dna disable [-h] usage: dsconf instance plugin dna status [-h] usage: dsconf instance plugin dna list [-h] {configs,shared-configs} ... List main DNA plugin config entries List DNA plugin shared config entries usage: dsconf instance plugin dna list configs [-h] usage: dsconf instance plugin dna config [-h] The DNA configuration name Add the config entry Edit the config entry Display the config entry Delete the config entry Manage the shared config entry usage: dsconf instance plugin dna config NAME add [-h] Sets which attributes have unique numbers being generated for them (dnaType) Defines a prefix that can be prepended to the generated number values for the Gives the next available number which can be assigned (dnaNextValue) Sets the maximum value that can be assigned for the range (dnaMaxValue) Sets an interval to use to increment through numbers in a range (dnaInterval) Sets a user-defined value that instructs the plug-in to assign a new value for Sets an LDAP filter to use to search for and identify the entries to which to Sets the base DN to search for entries to which to apply the distributed Specifies the Replication Manager DN (dnaRemoteBindDN) Specifies the Replication Manager's password (dnaRemoteBindCred) Defines a shared identity that the servers can use to transfer ranges to one Sets a threshold of remaining available numbers in the range. When the server Defines the next range to use when the current range is exhausted sets a timeout period, in seconds, for range requests so that the server does usage: dsconf instance plugin dna config NAME set [-h] Sets which attributes have unique numbers being generated for them (dnaType) Defines a prefix that can be prepended to the generated number values for the Gives the next available number which can be assigned (dnaNextValue) Sets the maximum value that can be assigned for the range (dnaMaxValue) Sets an interval to use to increment through numbers in a range (dnaInterval) Sets a user-defined value that instructs the plug-in to assign a new value for Sets an LDAP filter to use to search for and identify the entries to which to Sets the base DN to search for entries to which to apply the distributed Specifies the Replication Manager DN (dnaRemoteBindDN) Specifies the Replication Manager's password (dnaRemoteBindCred) Defines a shared identity that the servers can use to transfer ranges to one Sets a threshold of remaining available numbers in the range. When the server Defines the next range to use when the current range is exhausted sets a timeout period, in seconds, for range requests so that the server does usage: dsconf instance plugin dna config NAME show [-h] usage: dsconf instance plugin dna config NAME delete [-h] usage: dsconf instance plugin linked-attr [-h] display plugin configuration enable plugin disable plugin display plugin status Run the fix-up task for linked attributes plugin List available plugin configs Manage plugin configs usage: dsconf instance plugin linked-attr show [-h] usage: dsconf instance plugin linked-attr enable [-h] usage: dsconf instance plugin linked-attr disable [-h] usage: dsconf instance plugin linked-attr status [-h] usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN] usage: dsconf instance plugin linked-attr list [-h] usage: dsconf instance plugin linked-attr config [-h] The Linked Attributes configuration name Add the config entry Edit the config entry Display the config entry Delete the config entry usage: dsconf instance plugin linked-attr config NAME add [-h] Sets the attribute that is managed manually by administrators (linkType) Sets the attribute that is created dynamically by the plugin (managedType) Sets the scope that restricts the plugin to a specific part of the directory usage: dsconf instance plugin linked-attr config NAME set [-h] Sets the attribute that is managed manually by administrators (linkType) Sets the attribute that is created dynamically by the plugin (managedType) Sets the scope that restricts the plugin to a specific part of the directory usage: dsconf instance plugin linked-attr config NAME show [-h] usage: dsconf instance plugin linked-attr config NAME delete [-h] usage: dsconf instance plugin managed-entries [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin List Managed Entries Plugin configs and templates Handle Managed Entries Plugin configs Handle Managed Entries Plugin templates usage: dsconf instance plugin managed-entries show [-h] usage: dsconf instance plugin managed-entries enable [-h] usage: dsconf instance plugin managed-entries disable [-h] usage: dsconf instance plugin managed-entries status [-h] usage: dsconf instance plugin managed-entries set [-h] The value to set as nsslapd-pluginConfigArea usage: dsconf instance plugin managed-entries list [-h] List Managed Entries Plugin configs (list config-area if specified in the main plugin entry) List Managed Entries Plugin templates in the directory usage: dsconf instance plugin managed-entries list configs [-h] usage: dsconf instance plugin managed-entries list templates [-h] BASEDN The base DN where to search the templates. usage: dsconf instance plugin managed-entries config [-h] The config entry CN. Add the config entry Edit the config entry Display the config entry Delete the config entry usage: dsconf instance plugin managed-entries config NAME add Sets the scope of the search to use to see which entries the plug-in monitors Sets the search filter to use to search for and identify the entries within Sets the subtree under which to create the managed entries (managedBase) Identifies the template entry to use to create the managed entry usage: dsconf instance plugin managed-entries config NAME set Sets the scope of the search to use to see which entries the plug-in monitors Sets the search filter to use to search for and identify the entries within Sets the subtree under which to create the managed entries (managedBase) Identifies the template entry to use to create the managed entry usage: dsconf instance plugin managed-entries config NAME show [-h] usage: dsconf instance plugin managed-entries config NAME delete [-h] usage: dsconf instance plugin managed-entries template [-h] The template entry DN. Add the template entry Edit the template entry Display the template entry Delete the template entry usage: dsconf instance plugin managed-entries template DN add Sets which attribute to use as the naming attribute in the automatically- Sets an attribute with a defined value that must be added to the Sets attributes in the Managed Entries template entry which must exist in the usage: dsconf instance plugin managed-entries template DN set Sets which attribute to use as the naming attribute in the automatically- Sets an attribute with a defined value that must be added to the Sets attributes in the Managed Entries template entry which must exist in the usage: dsconf instance plugin managed-entries template DN show [-h] usage: dsconf instance plugin managed-entries template DN delete [-h] usage: dsconf instance plugin pass-through-auth [-h] display plugin configuration enable plugin disable plugin display plugin status List pass-though plugin URLs or PAM configurations. Manage PTA URL configurations. Manage PAM PTA configurations. usage: dsconf instance plugin pass-through-auth show [-h] usage: dsconf instance plugin pass-through-auth enable [-h] usage: dsconf instance plugin pass-through-auth disable [-h] usage: dsconf instance plugin pass-through-auth status [-h] usage: dsconf instance plugin pass-through-auth list [-h] List URLs. List PAM configurations. usage: dsconf instance plugin pass-through-auth list urls [-h] usage: dsconf instance plugin pass-through-auth list pam-configs [-h] usage: dsconf instance plugin pass-through-auth url [-h] Add the config entry Edit the config entry Delete the config entry usage: dsconf instance plugin pass-through-auth url add [-h] URL The full LDAP URL in format "ldap|ldaps://authDS/subtree usage: dsconf instance plugin pass-through-auth url modify [-h] usage: dsconf instance plugin pass-through-auth url delete [-h] URL The full LDAP URL you get from the "list" command usage: dsconf instance plugin pass-through-auth pam-config [-h] The PAM PTA configuration name Add the config entry Edit the config entry Display the config entry Delete the config entry usage: dsconf instance plugin pass-through-auth pam-config NAME add Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix) Sets a suffix to include for PAM authentication (pamIncludeSuffix) Identifies how to handle missing include or exclude suffixes Sets an LDAP filter to use to identify specific entries within the included Contains the attribute name which is used to hold the PAM user ID (pamIDAttr) Gives the method to use to map the LDAP bind DN to a PAM identity Sets whether to fallback to regular LDAP authentication if PAM authentication Requires secure TLS connection for PAM authentication (pamSecure) Contains the service name to pass to PAM (pamService) usage: dsconf instance plugin pass-through-auth pam-config NAME set Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix) Sets a suffix to include for PAM authentication (pamIncludeSuffix) Identifies how to handle missing include or exclude suffixes Sets an LDAP filter to use to identify specific entries within the included Contains the attribute name which is used to hold the PAM user ID (pamIDAttr) Gives the method to use to map the LDAP bind DN to a PAM identity Sets whether to fallback to regular LDAP authentication if PAM authentication Requires secure TLS connection for PAM authentication (pamSecure) Contains the service name to pass to PAM (pamService) usage: dsconf instance plugin pass-through-auth pam-config NAME show [-h] usage: dsconf instance plugin pass-through-auth pam-config NAME delete [-h] usage: dsconf instance plugin retro-changelog [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin usage: dsconf instance plugin retro-changelog show [-h] usage: dsconf instance plugin retro-changelog enable [-h] usage: dsconf instance plugin retro-changelog disable [-h] usage: dsconf instance plugin retro-changelog status [-h] usage: dsconf instance plugin retro-changelog set [-h] Sets a flag to indicate on a change in the changelog whether the change is Specifies another Directory Server attribute which must be included in the Specifies the name of the directory in which the changelog database is created This attribute specifies the maximum age of any entry in the changelog This attribute specifies the suffix which will be excluded from the scope of usage: dsconf instance plugin posix-winsync [-h] display plugin configuration enable plugin disable plugin display plugin status Edit the plugin Run the memberOf fix-up task to correct mismatched member and uniquemember values for synced users usage: dsconf instance plugin posix-winsync show [-h] usage: dsconf instance plugin posix-winsync enable [-h] usage: dsconf instance plugin posix-winsync disable [-h] usage: dsconf instance plugin posix-winsync status [-h] usage: dsconf instance plugin posix-winsync set [-h] Sets whether to run the memberOf fix-up task immediately after a sync run in Sets whether to store (and, if necessary, convert) the UID value in the Sets whether to map the memberUID attribute in an Active Directory group to Manages if nested groups are updated when memberUID attributes in an Active Sets whether to the older Microsoft System Services for Unix 3.0 (msSFU30) usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER] DN usage: dsconf instance plugin list [-h] usage: dsconf instance plugin show [-h] [selector] The plugin to search for usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled {on,off}] The plugin to edit The type of plugin. Identifies whether or not the plugin is enabled. The plugin library name (without the library suffix). An initialization function of the plugin. The plugin ID. The vendor of plugin. The version of plugin. The description of the plugin. All plug-ins with a type value which matches one of the values in the The plug-in name matching one of the following values will be started by the The priority it has in the execution order of plug-ins usage: dsconf instance pwpolicy [-h] {get,set} ... Get the global password policy entry Set an attribute in a global password policy usage: dsconf instance pwpolicy get [-h] usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME] The password storage scheme Allow users to change their passwords User must change their passwrod after it is reset by an Administrator To enable password history set this to "on", otherwise "off" The number of password to keep in history The DN of an entry or a group of account that can bypass password policy Set to "on" to track the time the password was last changed Send an expiring warning if password expires within this time (in seconds) Set to "on" to enable password expiration The password expiration time in seconds The number of seconds that must pass before a user can change their password The number of allowed logins after the password has expired Set to "on" to always send the expiring control regardless of the warning Set to "on" to enable account lockout Set to "on" to allow an account to become unlocked after the lockout duration The number of seconds an account stays locked out The maximum number of allowed failed password attempts before the account gets The number of seconds to wait before reducing the failed login count on an Set to "on" to Enable password syntax checking The minimum number of characters required in a password The minimum number of digit/number characters in a password The minimum number of alpha characters required in a password The minimum number of uppercase characters required in a password The minimum number of lowercase characters required in a password The minimum number of special characters required in a password The minimum number of 8-bit characters required in a password The maximum number of times the same character can appear sequentially in the Set to "on" to reject passwords that are palindromes The maximum number of allowed monotonic character sequences in a password The maximum number of allowed monotonic character sequences that can be The maximum number of sequential characters from the same character class that The minimum number of syntax catagory checks Sets the smallest attribute value length that is used for trivial/user words A space-separated list of words that can not be in a password A space-separated list of attributes whose values can not appear in the Set to "on" to enfore CrackLib dictionary checking Filesystem path to specific/custom CrackLib dictionary files Set to "on" to enable fine-grained (subtree/user-level) password policies Set to "on" to enable password policy state attributesto be replicated Set to "on" to allow adding prehashed passwords usage: dsconf instance localpwp [-h] List all the local password policies Get local password policy entry Set an attribute in a local password policy Remove a local password policy Add new user password policy Add new subtree password policy usage: dsconf instance localpwp list [-h] DN Suffix to search for local password policies usage: dsconf instance localpwp get [-h] DN Get the local policy for this entry DN usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME] Set the local policy for this entry DN The password storage scheme Allow users to change their passwords User must change their passwrod after it is reset by an Administrator To enable password history set this to "on", otherwise "off" The number of password to keep in history The DN of an entry or a group of account that can bypass password policy Set to "on" to track the time the password was last changed Send an expiring warning if password expires within this time (in seconds) Set to "on" to enable password expiration The password expiration time in seconds The number of seconds that must pass before a user can change their password The number of allowed logins after the password has expired Set to "on" to always send the expiring control regardless of the warning Set to "on" to enable account lockout Set to "on" to allow an account to become unlocked after the lockout duration The number of seconds an account stays locked out The maximum number of allowed failed password attempts before the account gets The number of seconds to wait before reducing the failed login count on an Set to "on" to Enable password syntax checking The minimum number of characters required in a password The minimum number of digit/number characters in a password The minimum number of alpha characters required in a password The minimum number of uppercase characters required in a password The minimum number of lowercase characters required in a password The minimum number of special characters required in a password The minimum number of 8-bit characters required in a password The maximum number of times the same character can appear sequentially in the Set to "on" to reject passwords that are palindromes The maximum number of allowed monotonic character sequences in a password The maximum number of allowed monotonic character sequences that can be The maximum number of sequential characters from the same character class that The minimum number of syntax catagory checks Sets the smallest attribute value length that is used for trivial/user words A space-separated list of words that can not be in a password A space-separated list of attributes whose values can not appear in the Set to "on" to enfore CrackLib dictionary checking Filesystem path to specific/custom CrackLib dictionary files usage: dsconf instance localpwp remove [-h] DN Remove local policy for this entry DN usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME] Add/replace the local password policy for this entry DN The password storage scheme Allow users to change their passwords User must change their passwrod after it is reset by an Administrator To enable password history set this to "on", otherwise "off" The number of password to keep in history The DN of an entry or a group of account that can bypass password policy Set to "on" to track the time the password was last changed Send an expiring warning if password expires within this time (in seconds) Set to "on" to enable password expiration The password expiration time in seconds The number of seconds that must pass before a user can change their password The number of allowed logins after the password has expired Set to "on" to always send the expiring control regardless of the warning Set to "on" to enable account lockout Set to "on" to allow an account to become unlocked after the lockout duration The number of seconds an account stays locked out The maximum number of allowed failed password attempts before the account gets The number of seconds to wait before reducing the failed login count on an Set to "on" to Enable password syntax checking The minimum number of characters required in a password The minimum number of digit/number characters in a password The minimum number of alpha characters required in a password The minimum number of uppercase characters required in a password The minimum number of lowercase characters required in a password The minimum number of special characters required in a password The minimum number of 8-bit characters required in a password The maximum number of times the same character can appear sequentially in the Set to "on" to reject passwords that are palindromes The maximum number of allowed monotonic character sequences in a password The maximum number of allowed monotonic character sequences that can be The maximum number of sequential characters from the same character class that The minimum number of syntax catagory checks Sets the smallest attribute value length that is used for trivial/user words A space-separated list of words that can not be in a password A space-separated list of attributes whose values can not appear in the Set to "on" to enfore CrackLib dictionary checking Filesystem path to specific/custom CrackLib dictionary files usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME] Add/replace the subtree policy for this entry DN The password storage scheme Allow users to change their passwords User must change their passwrod after it is reset by an Administrator To enable password history set this to "on", otherwise "off" The number of password to keep in history The DN of an entry or a group of account that can bypass password policy Set to "on" to track the time the password was last changed Send an expiring warning if password expires within this time (in seconds) Set to "on" to enable password expiration The password expiration time in seconds The number of seconds that must pass before a user can change their password The number of allowed logins after the password has expired Set to "on" to always send the expiring control regardless of the warning Set to "on" to enable account lockout Set to "on" to allow an account to become unlocked after the lockout duration The number of seconds an account stays locked out The maximum number of allowed failed password attempts before the account gets The number of seconds to wait before reducing the failed login count on an Set to "on" to Enable password syntax checking The minimum number of characters required in a password The minimum number of digit/number characters in a password The minimum number of alpha characters required in a password The minimum number of uppercase characters required in a password The minimum number of lowercase characters required in a password The minimum number of special characters required in a password The minimum number of 8-bit characters required in a password The maximum number of times the same character can appear sequentially in the Set to "on" to reject passwords that are palindromes The maximum number of allowed monotonic character sequences in a password The maximum number of allowed monotonic character sequences that can be The maximum number of sequential characters from the same character class that The minimum number of syntax catagory checks Sets the smallest attribute value length that is used for trivial/user words A space-separated list of words that can not be in a password A space-separated list of attributes whose values can not appear in the Set to "on" to enfore CrackLib dictionary checking Filesystem path to specific/custom CrackLib dictionary files usage: dsconf instance replication [-h] Enable replication for a suffix Disable replication for a suffix Get the database RUV entry for his suffix List all the replicated suffixes Get the current status of all the replication agreements Get the current status of all the replication agreements Promte replica to a Hub or Master Create a replication manager entry Delete a replication manager entry Demote replica to a Hub or Consumer Get replication configuration Create the replication changelog Delete the replication changelog. This will invalidate any existing replication agreements Set replication changelog attributes. Display replication changelog attributes. Decode Directory Server replication change log and dump it to an LDIF Set an attribute in the replication configuration Get the full replication topology report usage: dsconf instance replication enable [-h] --suffix SUFFIX --role ROLE The DN of the suffix to be enabled for replication The Replication role: "master", "hub", or "consumer" The replication identifier for a "master". Values range from 1 - 65534 A group entry DN containing members that are "bind/supplier" DNs The Bind or Supplier DN that can make replication updates Password for replication manager(--bind-dn). This will create the manager usage: dsconf instance replication disable [-h] --suffix SUFFIX The DN of the suffix to have replication disabled usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX The DN of the replicated suffix usage: dsconf instance replication list [-h] usage: dsconf instance replication status [-h] --suffix SUFFIX The DN of the replication suffix The DN to use to authenticate to the consumer The password for the bind DN usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX The DN of the replication suffix The DN to use to authenticate to the consumer The password for the bind DN usage: dsconf instance replication promote [-h] --suffix SUFFIX --newrole The DN of the replication suffix to promote Promote this replica to a "hub" or "master" The replication identifier for a "master". Values range from 1 - 65534 A group entry DN containing members that are "bind/supplier" DNs The Bind or Supplier DN that can make replication updates usage: dsconf instance replication create-manager [-h] [--name NAME] The NAME of the new replication manager entry. For example, if the NAME is Password for replication manager. If not provided, you will be prompted for The DN of the replication suffix whose replication configuration you want to usage: dsconf instance replication delete-manager [-h] [--name NAME] usage: dsconf instance replication demote [-h] --suffix SUFFIX --newrole usage: dsconf instance replication get [-h] --suffix SUFFIX Get the replication configuration for this suffix DN usage: dsconf instance replication create-changelog [-h] usage: dsconf instance replication delete-changelog [-h] usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR] The replication changelog location on the filesystem The maximum number of entries to get in the replication changelog The maximum age of a replication changelog entry The replication changelog compaction interval The interval to check if the replication changelog can be trimmed usage: dsconf instance replication get-changelog [-h] usage: dsconf instance replication dump-changelog [-h] [-c] [-l] Dump and interpret CSN only. This option can be used with or without -i Preserve generated ldif.done files from changelogdir. If you already have a ldif-like changelog, but the changes in that file are Path name for the final result. Default to STDOUT if omitted. Specify replica roots whose changelog you want to dump. The replica roots may usage: dsconf instance replication set [-h] --suffix SUFFIX The DN of the replication suffix The Replication Identifier number The Replication role: master, hub, or consumer Add a bind (supplier) DN Remove a bind (supplier) DN Add a replication referral (for consumers only) Remove a replication referral (for conusmers only) The replication purge delay The interval in seconds to check for tombstones that can be purged Set to "on" to improve tombstone purging performance A group entry DN containing members that are "bind/supplier" DNs An interval in seconds to check if the bind group has been updated A timeout in seconds on how long to wait before stopping replication when the The maximum time in seconds a replication agreement should stay in a backoff The starting time in seconds a replication agreement should stay in a backoff A timeout in seconds a replication master should send updates before it yields usage: dsconf instance replication monitor [-h] The connection values for monitoring other not connected topologies. The If a host:port is assigned an alias, then the alias instead of host:port will usage: dsconf instance repl-agmt [-h] List all the replication agreements Enable replication agreement Disable replication agreement Initialize replication agreement Check the agreement initialization status Trigger replication to send updates now Get the current status of the replication agreement Delete replication agreement Initialize replication agreement Set an attribute in the replication agreement Get replication configuration usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry ENTRY] usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX The name of the replication agreement The DN of the replication suffix The DN to use to authenticate to the consumer The password for the bind DN usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host HOST The name of the replication agreement The DN of the replication suffix The hostname of the remote replica The port number of the remote replica The replication connection protocol: LDAP, LDAPS, or StartTLS The Bind DN the agreement uses to authenticate to the replica The credentials for the Bind DN The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI" List of attributes to NOT replicate to the consumer during incremental updates List of attributes to NOT replicate during a total initialization A list of attributes that are removed from updates only if the event would Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday - The timeout used for replicaton connections A timeout in seconds on how long to wait before stopping replication when the The amount of time in milliseconds the server waits if the consumer is not The amount of time in seconds a supplier should wait after a consumer sends The amount of time in seconds a supplier should wait between update sessions. Sets the maximum number of entries and updates sent by a supplier, which are The time in milliseconds to pause after reaching the number of entries and Initialize the agreement after creating it. usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST] The name of the replication agreement The DN of the replication suffix The hostname of the remote replica The port number of the remote replica The replication connection protocol: LDAP, LDAPS, or StartTLS The Bind DN the agreement uses to authenticate to the replica The credentials for the Bind DN The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI" List of attributes to NOT replicate to the consumer during incremental updates List of attributes to NOT replicate during a total initialization A list of attributes that are removed from updates only if the event would Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday - The timeout used for replicaton connections A timeout in seconds on how long to wait before stopping replication when the The amount of time in milliseconds the server waits if the consumer is not The amount of time in seconds a supplier should wait after a consumer sends The amount of time in seconds a supplier should wait between update sessions. Sets the maximum number of entries and updates sent by a supplier, which are The time in milliseconds to pause after reaching the number of entries and usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-winsync-agmt [-h] List all the replication winsync agreements Enable replication winsync agreement Disable replication winsync agreement Initialize replication winsync agreement Check the agreement initialization status Trigger replication to send updates now Get the current status of the replication agreement Delete replication winsync agreement Initialize replication winsync agreement Set an attribute in the replication winsync agreement Get replication configuration usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX The DN of the suffix to look up replication winsync agreements usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUFFIX usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX --host The name of the replication winsync agreement The DN of the replication winsync suffix The hostname of the AD server The port number of the AD server The replication winsync connection protocol: LDAP, LDAPS, or StartTLS The Bind DN the agreement uses to authenticate to the AD Server The credentials for the Bind DN List of attributes to NOT replicate to the consumer during incremental updates Sets the replication update schedule The suffix of the AD Server The Directory Server suffix The AD Domain Synchronize Users between AD and DS Synchronize Groups between AD and DS The interval that DS checks AD for changes in entries Sets which direction to perform synchronization: "toWindows", "fromWindows", Sets instructions on how to handle moved or deleted entries: "none", "unsync", Custom filter for finding users in AD Server Custom filter for finding AD users in DS Server Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE> The timeout used for replicaton connections The amount of time in seconds a supplier should wait after a consumer sends The amount of time in seconds a supplier should wait between update sessions. Initialize the agreement after creating it. usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX] The name of the replication winsync agreement The DN of the replication winsync suffix The hostname of the AD server The port number of the AD server The replication winsync connection protocol: LDAP, LDAPS, or StartTLS The Bind DN the agreement uses to authenticate to the AD Server The credentials for the Bind DN List of attributes to NOT replicate to the consumer during incremental updates Sets the replication update schedule The suffix of the AD Server The Directory Server suffix The AD Domain Synchronize Users between AD and DS Synchronize Groups between AD and DS The interval that DS checks AD for changes in entries Sets which direction to perform synchronization: "toWindows", "fromWindows", Sets instructions on how to handle moved or deleted entries: "none", "unsync", Custom filter for finding users in AD Server Custom filter for finding AD users in DS Server Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE> The timeout used for replicaton connections The amount of time in seconds a supplier should wait after a consumer sends The amount of time in seconds a supplier should wait between update sessions. usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX AGMT_NAME usage: dsconf instance repl-tasks [-h] Cleanup old/removed replica IDs List all the running CleanAllRUV tasks Abort cleanallruv tasks List all the running CleanAllRUV abort Tasks usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX The Directory Server suffix The replica ID to remove/clean Ignore errors and do a best attempt to clean all the replicas usage: dsconf instance repl-tasks list-cleanruv-tasks [-h] [--suffix SUFFIX] List only tasks from for suffix usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUFFIX The Directory Server suffix The replica ID of the cleaning task to abort Enforce that the abort task completed on all replicas usage: dsconf instance repl-tasks list-abortruv-tasks [-h] [--suffix SUFFIX] List only tasks from for suffix usage: dsconf instance sasl [-h] {list,get,create,delete} ... List avaliable SASL mappings get create deletes the object usage: dsconf instance sasl list [-h] usage: dsconf instance sasl get [-h] [selector] SASL mapping name to get usage: dsconf instance sasl create [-h] [--cn [CN]] Value of cn Value of nsSaslMapRegexString Value of nsSaslMapBaseDNTemplate Value of nsSaslMapFilterTemplate Value of nsSaslMapPriority usage: dsconf instance sasl delete [-h] map_name The SASL Mapping name ("cn" value) usage: dsconf instance security [-h] Set general security options Get general security options Enable security Disable security Manage TLS certificates Manage TLS Certificate Authorities Query and manipulate RSA security options Manage secure ciphers usage: dsconf instance security set [-h] [--security SECURITY] Use this command for setting security related options located in cn=config and cn=encryption,cn=config. To enable/disable security you can use enable and disable commands instead. Enable or disable security (nsslapd-security) Host/address to listen on for LDAPS (nsslapd-securelistenhost) Port for LDAPS to listen on (nsslapd-securePort) Client authentication requirement (nsSSLClientAuth) Allow client TLS renegotiation (nsTLSAllowClientRenegotiation) Require binds over LDAPS, StartTLS, or SASL (nsslapd-require-secure-binds) Check Subject of remote certificate against the hostname (nsslapd-ssl-check- Validate server certificate during startup (nsslapd-validate-cert) Secure session timeout (nsSSLSessionTimeout) Secure protocol minimal allowed version (sslVersionMin) Secure protocol maximal allowed version (sslVersionMax) Allow weak ciphers for legacy use (allowWeakCipher) Allow short DH params for legacy use (allowWeakDHParam) Use this command to directly set nsSSL3Ciphers attribute. It is a comma usage: dsconf instance security get [-h] usage: dsconf instance security enable [-h] [--cert-name CERT_NAME] If missing, create security database, then turn on security functionality. Please note this is usually not enough for TLS connections to work - proper setup of CA and server certificate is necessary. The name of the certificate the server should use usage: dsconf instance security disable [-h] Turn off security functionality. The rest of the configuration will be left untouched. usage: dsconf instance security certificate [-h] Add a server certificate Set the Trust flags Delete a certificate Get a server certificate's information List the server certificates usage: dsconf instance security certificate add [-h] --file FILE --name NAME Add a server certificate to the NSS database The file name of the certificate The name/nickname of the certificate Set this certificate as the server's certificate usage: dsconf instance security certificate set-trust-flags Change the trust flags of a server certificate usage: dsconf instance security certificate del [-h] name Delete a certificate from the NSS database The name/nickname of the certificate usage: dsconf instance security certificate get [-h] name Get detailed information about a certificate, like trust attributes, expiration dates, Subject and Issuer DNs The name/nickname of the certificate usage: dsconf instance security certificate list [-h] List the server certificates in the NSS database usage: dsconf instance security ca-certificate [-h] Add a Certificate Authority Set the Trust flags Delete a certificate Get a Certificate Authority's information List the Certificate Authorities usage: dsconf instance security ca-certificate add [-h] --file FILE --name Add a Certificate Authority to the NSS database usage: dsconf instance security ca-certificate set-trust-flags Change the trust attributes of a CA certificate. Certificate Authorities typically use "CT,," usage: dsconf instance security ca-certificate del [-h] name Delete a CA certificate from the NSS database The name/nickname of the CA certificate usage: dsconf instance security ca-certificate get [-h] name Get detailed information about a CA certificate, like trust attributes, expiration dates, Subject and Issuer DN The name/nickname of the CA certificate usage: dsconf instance security ca-certificate list [-h] List the CA certificates in the NSS database usage: dsconf instance security rsa [-h] {set,get,enable,disable} ... Set RSA security options Get RSA security options Enable RSA Disable RSA usage: dsconf instance security rsa set [-h] Use this command for setting RSA (private key) related options located in cn=RSA,cn=encryption,cn=config. To enable/disable RSA you can use enable and disable commands instead. Activate use of RSA certificates (nsSSLActivation) Server certificate name in NSS DB (nsSSLPersonalitySSL) Security token name (module of NSS DB) (nsSSLToken) usage: dsconf instance security rsa get [-h] usage: dsconf instance security rsa enable [-h] usage: dsconf instance security rsa disable [-h] usage: dsconf instance security ciphers [-h] {enable,disable,get,set,list} ... Enable ciphers Disable ciphers Get ciphers attribute Set ciphers attribute List ciphers usage: dsconf instance security ciphers enable [-h] cipher [cipher ...] Use this command to enable specific ciphers. cipher usage: dsconf instance security ciphers disable [-h] cipher [cipher ...] Use this command to disable specific ciphers. cipher usage: dsconf instance security ciphers get [-h] Use this command to get contents of nsSSL3Ciphers attribute. usage: dsconf instance security ciphers set [-h] cipher-string Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names (prefixed with + or -), optionally including +all or -all. The attribute may optionally be prefixed by keyword default. Please refer to documentation of the attribute for a more detailed description. cipher-string usage: dsconf instance security ciphers list [-h] List secure ciphers. Without arguments, list ciphers as configured in nsSSL3Ciphers attribute. Only enabled ciphers Only supported ciphers Only supported ciphers without enabled ciphers usage: dsconf instance schema [-h] List all schema objects on this system Work with attribute types on this system Work with objectClasses on this system Work with matching rules on this system Dynamically reload schema while server is running Run a task to check every modification to attributes to make sure that the new value has the required syntax for that attribute type usage: dsconf instance schema list [-h] usage: dsconf instance schema attributetypes [-h] List all available attribute type syntaxes List available attribute types on this system Query an attribute to determine object classes that may or must take it Add an attribute type to this system Replace an attribute type on this system Remove an attribute type on this system usage: dsconf instance schema attributetypes get_syntaxes [-h] usage: dsconf instance schema attributetypes list [-h] usage: dsconf instance schema attributetypes query [-h] [name] Attribute type to query usage: dsconf instance schema attributetypes add [-h] [--oid OID] NAME of the object OID assigned to the object Description text(DESC) of the object Provides information about where the attribute type is defined Additional NAMEs of the object. True if the matching rule must have only one valueOnly one of the flags this True if the matching rule may have multiple values (default)Only one of the True if the attribute is not modifiable by a client applicationOnly one of the True if the attribute is modifiable by a client application (default)Only one NAME or OID of the matching rule used for checkingwhether attribute values are NAME or OID of the matching rule used for checkingwhether an attribute value NAME or OID of the matching rule used for checkingwhether attribute values are The flag indicates how the attribute type is to be used. Choose from the list: The list of NAMEs or OIDs of attribute typesthis attribute type is derived OID of the LDAP syntax assigned to the attribute usage: dsconf instance schema attributetypes replace [-h] [--oid OID] NAME of the object OID assigned to the object Description text(DESC) of the object Provides information about where the attribute type is defined Additional NAMEs of the object. True if the matching rule must have only one valueOnly one of the flags this True if the matching rule may have multiple values (default)Only one of the True if the attribute is not modifiable by a client applicationOnly one of the True if the attribute is modifiable by a client application (default)Only one NAME or OID of the matching rule used for checkingwhether attribute values are NAME or OID of the matching rule used for checkingwhether an attribute value NAME or OID of the matching rule used for checkingwhether attribute values are The flag indicates how the attribute type is to be used. Choose from the list: The list of NAMEs or OIDs of attribute typesthis attribute type is derived OID of the LDAP syntax assigned to the attribute usage: dsconf instance schema attributetypes remove [-h] name NAME of the object usage: dsconf instance schema objectclasses [-h] List available objectClasses on this system Query an objectClass Add an objectClass to this system Replace an objectClass on this system Remove an objectClass on this system usage: dsconf instance schema objectclasses list [-h] usage: dsconf instance schema objectclasses query [-h] [name] ObjectClass to query usage: dsconf instance schema objectclasses add [-h] [--oid OID] [--desc DESC] NAME of the object OID assigned to the object Description text(DESC) of the object Provides information about where the attribute type is defined NAMEs or OIDs of all attributes an entry of the object must have NAMEs or OIDs of additional attributes an entry of the object may have Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY NAMEs or OIDs of object classes this object is derived from usage: dsconf instance schema objectclasses replace [-h] [--oid OID] NAME of the object OID assigned to the object Description text(DESC) of the object Provides information about where the attribute type is defined NAMEs or OIDs of all attributes an entry of the object must have NAMEs or OIDs of additional attributes an entry of the object may have Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY NAMEs or OIDs of object classes this object is derived from usage: dsconf instance schema objectclasses remove [-h] name NAME of the object usage: dsconf instance schema matchingrules [-h] {list,query} ... List available matching rules on this system Query a matching rule usage: dsconf instance schema matchingrules list [-h] usage: dsconf instance schema matchingrules query [-h] [name] Matching rule to query usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait] directory where schema files are located Wait for the reload task to complete usage: dsconf instance schema validate-syntax [-h] [-f FILTER] DN usage: dsconf instance repl-conflict [-h] List conflict entries Compare the conflict entry with its valid counterpart Delete a conflict entry Replace the valid entry with the conflict entry Convert the conflict entry to a valid entry, while keeping the original valid entry counterpart. This requires that the converted conflict entry have a new RDN value. For example: "cn=my_new_rdn_value". List replication glue entries Delete the glue entry and its child entries Convert the glue entry into a regular entry usage: dsconf instance repl-conflict list [-h] suffix The backend name, or suffix, to look for conflict entries usage: dsconf instance repl-conflict compare [-h] DN The DN of the conflict entry usage: dsconf instance repl-conflict delete [-h] DN The DN of the conflict entry usage: dsconf instance repl-conflict swap [-h] DN The DN of the conflict entry usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN usage: dsconf instance repl-conflict list-glue [-h] suffix The backend name, or suffix, to look for glue entries usage: dsconf instance repl-conflict delete-glue [-h] DN The DN of the glue entry usage: dsconf instance repl-conflict convert-glue [-h] DN The DN of the glue entry Display verbose operation tracing during command execution The account to bind as for executing operations Password for binddn Prompt for password for the bind DN Specifies a file containing the password for the binddn Basedn (root naming context) of the instance to manage Connect with StartTLS Return result in JSON object lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>. The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.htmlSynopsis
dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN] [-Z] [-j] instance {backend,backup,chaining,config,directory_manager,monitor,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-winsync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ...Options
ldap://mai.example.com:389Sub-commands
OPTIONS 'dsconf backend'
{suffix,index,vlv-index,attr-encrypt,config,monitor,import,export,create,delete,get-tree}
...Sub-commands
OPTIONS 'dsconf backend suffix'
{list,get,get-dn,get-sub-suffixes,set}
...Sub-commands
OPTIONS 'dsconf backend suffix list'
[--skip-subsuffixes]OPTIONS 'dsconf backend suffix get'
OPTIONS 'dsconf backend suffix get-dn'
OPTIONS 'dsconf backend suffix get-sub-suffixes'
OPTIONS 'dsconf backend suffix set'
[--disable-readonly]
[--require-index] [--ignore-index]
[--add-referral ADD_REFERRAL]
[--del-referral DEL_REFERRAL]
[--enable] [--disable]
[--cache-size CACHE_SIZE]
[--cache-memsize CACHE_MEMSIZE]
[--dncache-memsize DNCACHE_MEMSIZE]
be_nameOPTIONS 'dsconf backend index'
{add,set,get,list,delete,reindex} ...Sub-commands
OPTIONS 'dsconf backend index add'
[--matching-rule MATCHING_RULE]
[--reindex] --attr ATTR
be_nameOPTIONS 'dsconf backend index set'
[--add-type ADD_TYPE]
[--del-type DEL_TYPE]
[--add-mr ADD_MR] [--del-mr DEL_MR]
[--reindex]
be_nameOPTIONS 'dsconf backend index get'
OPTIONS 'dsconf backend index list'
OPTIONS 'dsconf backend index delete'
OPTIONS 'dsconf backend index reindex'
be_nameOPTIONS 'dsconf backend vlv-index'
{list,get,add-search,edit-search,del-search,add-index,del-index,reindex}
...Sub-commands
OPTIONS 'dsconf backend vlv-index list'
OPTIONS 'dsconf backend vlv-index get'
OPTIONS 'dsconf backend vlv-index add-search'
--search-base SEARCH_BASE
--search-scope
SEARCH_SCOPE
--search-filter
SEARCH_FILTER
be_name
search)OPTIONS 'dsconf backend vlv-index edit-search'
[--search-base SEARCH_BASE]
[--search-scope SEARCH_SCOPE]
[--search-filter SEARCH_FILTER]
[--reindex]
be_name
search)OPTIONS 'dsconf backend vlv-index del-search'
OPTIONS 'dsconf backend vlv-index add-index'
PARENT_NAME --index-name
INDEX_NAME --sort SORT
[--index-it]
be_nameOPTIONS 'dsconf backend vlv-index del-index'
PARENT_NAME
[--index-name INDEX_NAME]
[--sort SORT]
be_nameOPTIONS 'dsconf backend vlv-index reindex'
[--index-name INDEX_NAME]
--parent-name PARENT_NAME
be_nameOPTIONS 'dsconf backend attr-encrypt'
[--add-attr ADD_ATTR]
[--del-attr DEL_ATTR]
be_nameOPTIONS 'dsconf backend config'
Sub-commands
OPTIONS 'dsconf backend config get'
OPTIONS 'dsconf backend config set'
[--lookthroughlimit LOOKTHROUGHLIMIT]
[--mode MODE]
[--idlistscanlimit IDLISTSCANLIMIT]
[--directory DIRECTORY]
[--dbcachesize DBCACHESIZE]
[--logdirectory LOGDIRECTORY]
[--durable-txn DURABLE_TXN]
[--txn-wait TXN_WAIT]
[--checkpoint-interval CHECKPOINT_INTERVAL]
[--compactdb-interval COMPACTDB_INTERVAL]
[--txn-batch-val TXN_BATCH_VAL]
[--txn-batch-min TXN_BATCH_MIN]
[--txn-batch-max TXN_BATCH_MAX]
[--logbufsize LOGBUFSIZE]
[--locks LOCKS]
[--import-cache-autosize IMPORT_CACHE_AUTOSIZE]
[--cache-autosize CACHE_AUTOSIZE]
[--cache-autosize-split CACHE_AUTOSIZE_SPLIT]
[--import-cachesize IMPORT_CACHESIZE]
[--exclude-from-export EXCLUDE_FROM_EXPORT]
[--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT]
[--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT]
[--rangelookthroughlimit RANGELOOKTHROUGHLIMIT]
[--backend-opt-level BACKEND_OPT_LEVEL]
[--deadlock-policy DEADLOCK_POLICY]
[--db-home-directory DB_HOME_DIRECTORY]
when examining candidate entries in response to a search request
logs
disk.
checkpoint entry to the database transaction log
batch count (only works when txn-batch-val is set)
batch count (only works when txn-batch-val is set)
used during the the import process of LDIF files
entry cache. Set to "0" to disable this feature.
percentage is used for the entry cache
when examining candidate entries for a search which uses the simple paged
results control
search operation using the simple paged results control.
when examining candidate entries in response to a range search request.
performance. Valid values are: 0, 1, 2, or 4OPTIONS 'dsconf backend monitor'
OPTIONS 'dsconf backend import'
[-g GEN_UNIQ_ID] [-O]
[-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
[-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
[be_name] [ldifs [ldifs ...]]
imported, they are imported in the orderthey are specified on the command
line.
encryption is enabled.
deterministic for the generated unique ID to be name-based.By default, a time-
based unique ID is generated.When using the deterministic generation to have a
name-based unique ID,it is also possible to specify the namespace for the
server to use.namespaceId is a string of charactersin the format 00-xxxxxxxx-
xxxxxxxx-xxxxxxxx-xxxxxxxx.OPTIONS 'dsconf backend export'
[-u] [-U]
[-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
[-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
be_names [be_names ...]
a space as a separator
encryption is enabled.
importedOPTIONS 'dsconf backend create'
--suffix SUFFIX --be-name BE_NAME
[--create-entries] [--create-suffix]
attributes 'dc', 'o', 'ou', or 'cn' are supported in this featureOPTIONS 'dsconf backend delete'
OPTIONS 'dsconf backend get-tree'
OPTIONS 'dsconf backup'
Sub-commands
OPTIONS 'dsconf backup create'
OPTIONS 'dsconf backup restore'
OPTIONS 'dsconf chaining'
{config-get,config-set,config-get-def,config-set-def,link-create,link-get,link-set,link-delete,monitor,link-list}
...Sub-commands
OPTIONS 'dsconf chaining config-get'
[--avail-comps]OPTIONS 'dsconf chaining config-set'
[--del-control DEL_CONTROL]
[--add-comp ADD_COMP]
[--del-comp DEL_COMP]OPTIONS 'dsconf chaining config-get-def'
OPTIONS 'dsconf chaining config-set-def'
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
remote server.
remote server.
operations.
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).
server (on/off).
number of times a request can be forwarded from one database link to another.
operation request made by a database link before an error is suspected.
remote server is responding.
secure connections.OPTIONS 'dsconf chaining link-create'
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
--suffix SUFFIX --server-url
SERVER_URL --bind-mech BIND_MECH
--bind-dn BIND_DN --bind-pw
BIND_PW
CHAIN_NAME
remote server.
remote server.
operations.
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).
server (on/off).
number of times a request can be forwarded from one database link to another.
operation request made by a database link before an error is suspected.
remote server is responding.
secure connections.
<leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPIOPTIONS 'dsconf chaining link-get'
OPTIONS 'dsconf chaining link-set'
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
[--suffix SUFFIX]
[--server-url SERVER_URL]
[--bind-mech BIND_MECH]
[--bind-dn BIND_DN]
[--bind-pw BIND_PW]
CHAIN_NAME
remote server.
remote server.
operations.
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).
server (on/off).
number of times a request can be forwarded from one database link to another.
operation request made by a database link before an error is suspected.
remote server is responding.
secure connections.
<leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPIOPTIONS 'dsconf chaining link-delete'
OPTIONS 'dsconf chaining monitor'
OPTIONS 'dsconf chaining link-list'
OPTIONS 'dsconf config'
Sub-commands
OPTIONS 'dsconf config get'
OPTIONS 'dsconf config add'
OPTIONS 'dsconf config replace'
OPTIONS 'dsconf config delete'
OPTIONS 'dsconf directory_manager'
Sub-commands
OPTIONS 'dsconf directory_manager password_change'
OPTIONS 'dsconf monitor'
{server,ldbm,backend,snmp,chaining,disk} ...Sub-commands
OPTIONS 'dsconf monitor server'
OPTIONS 'dsconf monitor ldbm'
OPTIONS 'dsconf monitor backend'
OPTIONS 'dsconf monitor snmp'
OPTIONS 'dsconf monitor chaining'
OPTIONS 'dsconf monitor disk'
OPTIONS 'dsconf plugin'
{memberof,automember,referential-integrity,root-dn,usn,account-policy,attr-uniq,dna,linked-attr,managed-entries,pass-through-auth,retro-changelog,posix-winsync,list,show,set}
...Sub-commands
OPTIONS 'dsconf plugin memberof'
{show,enable,disable,status,set,config-entry,fixup}
...Sub-commands
OPTIONS 'dsconf plugin memberof show'
OPTIONS 'dsconf plugin memberof enable'
OPTIONS 'dsconf plugin memberof disable'
OPTIONS 'dsconf plugin memberof status'
OPTIONS 'dsconf plugin memberof set'
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE] [--exclude EXCLUDE]
[--autoaddoc AUTOADDOC]
[--config-entry CONFIG_ENTRY]
to reflect group membership (memberOfAttr)
members (memberOfGroupAttr)
suffixes (memberOfAllBackends)
work on (memberOfEntryScope)
exclude (memberOfEntryScopeExcludeSubtree)
then the memberOf plugin will automatically add the object class listed in the
memberOfAutoAddOC parameterOPTIONS 'dsconf plugin memberof config-entry'
{add,set,show,delete} ...Sub-commands
OPTIONS 'dsconf plugin memberof config-entry add'
[--attr ATTR [ATTR ...]]
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE]
[--exclude EXCLUDE]
[--autoaddoc AUTOADDOC]
DN
to reflect group membership (memberOfAttr)
members (memberOfGroupAttr)
suffixes (memberOfAllBackends)
work on (memberOfEntryScope)
exclude (memberOfEntryScopeExcludeSubtree)
then the memberOf plugin will automatically add the object class listed in the
memberOfAutoAddOC parameterOPTIONS 'dsconf plugin memberof config-entry set'
[--attr ATTR [ATTR ...]]
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE]
[--exclude EXCLUDE]
[--autoaddoc AUTOADDOC]
DN
to reflect group membership (memberOfAttr)
members (memberOfGroupAttr)
suffixes (memberOfAllBackends)
work on (memberOfEntryScope)
exclude (memberOfEntryScopeExcludeSubtree)
then the memberOf plugin will automatically add the object class listed in the
memberOfAutoAddOC parameterOPTIONS 'dsconf plugin memberof config-entry show'
OPTIONS 'dsconf plugin memberof config-entry delete'
OPTIONS 'dsconf plugin memberof fixup'
OPTIONS 'dsconf plugin automember'
{show,enable,disable,status,list,definition,fixup}
...Sub-commands
OPTIONS 'dsconf plugin automember show'
OPTIONS 'dsconf plugin automember enable'
OPTIONS 'dsconf plugin automember disable'
OPTIONS 'dsconf plugin automember status'
OPTIONS 'dsconf plugin automember list'
Sub-commands
OPTIONS 'dsconf plugin automember list definitions'
OPTIONS 'dsconf plugin automember list regexes'
OPTIONS 'dsconf plugin automember definition'
DEFNAME
{add,set,delete,show,regex}
...Sub-commands
OPTIONS 'dsconf plugin automember definition add'
[-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP]
--scope SCOPE --filter FILTER
attribute in the object entry that supplies the member attribute value, in the
format group_member_attr:entry_attr (autoMemberGroupingAttr)
group entry (autoMemberDefaultGroup)
(autoMemberFilter)OPTIONS 'dsconf plugin automember definition set'
[-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP]
--scope SCOPE --filter FILTER
attribute in the object entry that supplies the member attribute value, in the
format group_member_attr:entry_attr (autoMemberGroupingAttr)
group entry (autoMemberDefaultGroup)
(autoMemberFilter)OPTIONS 'dsconf plugin automember definition delete'
OPTIONS 'dsconf plugin automember definition show'
OPTIONS 'dsconf plugin automember definition regex'
[-h] REGEXNAME {add,set,delete,show} ...Sub-commands
OPTIONS 'dsconf plugin automember definition regex add'
[-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
[--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP
(autoMemberExclusiveRegex)
(autoMemberInclusiveRegex)
expression conditions (autoMemberTargetGroup)OPTIONS 'dsconf plugin automember definition regex set'
[-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]]
[--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP
(autoMemberExclusiveRegex)
(autoMemberInclusiveRegex)
expression conditions (autoMemberTargetGroup)OPTIONS 'dsconf plugin automember definition regex delete'
[-h]OPTIONS 'dsconf plugin automember definition regex show'
[-h]OPTIONS 'dsconf plugin automember fixup'
{sub,base,one}
DNOPTIONS 'dsconf plugin referential-integrity'
{show,enable,disable,status,set,config-entry}
...Sub-commands
OPTIONS 'dsconf plugin referential-integrity show'
OPTIONS 'dsconf plugin referential-integrity enable'
OPTIONS 'dsconf plugin referential-integrity disable'
OPTIONS 'dsconf plugin referential-integrity status'
OPTIONS 'dsconf plugin referential-integrity set'
[--update-delay UPDATE_DELAY]
[--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
[--entry-scope ENTRY_SCOPE]
[--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
[--container-scope CONTAINER_SCOPE]
[--log-file LOG_FILE]
[--config-entry CONFIG_ENTRY]
immediately, -1 - No check is performed (referint-update-delay)
operations of a user entry (nsslapd-pluginEntryScope)
or renaming a user (nsslapd-pluginExcludeEntryScope)
belongs. It only updates groups that are under the specified container branch,
and leaves all other groups not updated (nsslapd-pluginContainerScope)
/var/log/dirsrv/slapd-YOUR_INSTANCE/referintOPTIONS 'dsconf plugin referential-integrity config-entry'
[-h] {add,set,show,delete} ...Sub-commands
OPTIONS 'dsconf plugin referential-integrity config-entry add'
[-h] [--update-delay UPDATE_DELAY]
[--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
[--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
[--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
DN
immediately, -1 - No check is performed (referint-update-delay)
operations of a user entry (nsslapd-pluginEntryScope)
or renaming a user (nsslapd-pluginExcludeEntryScope)
belongs. It only updates groups that are under the specified container branch,
and leaves all other groups not updated (nsslapd-pluginContainerScope)
/var/log/dirsrv/slapd-YOUR_INSTANCE/referintOPTIONS 'dsconf plugin referential-integrity config-entry set'
[-h] [--update-delay UPDATE_DELAY]
[--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]]
[--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE]
[--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE]
DN
immediately, -1 - No check is performed (referint-update-delay)
operations of a user entry (nsslapd-pluginEntryScope)
or renaming a user (nsslapd-pluginExcludeEntryScope)
belongs. It only updates groups that are under the specified container branch,
and leaves all other groups not updated (nsslapd-pluginContainerScope)
/var/log/dirsrv/slapd-YOUR_INSTANCE/referintOPTIONS 'dsconf plugin referential-integrity config-entry show'
OPTIONS 'dsconf plugin referential-integrity config-entry delete'
[-h] DNOPTIONS 'dsconf plugin root-dn'
{show,enable,disable,status,set} ...Sub-commands
OPTIONS 'dsconf plugin root-dn show'
OPTIONS 'dsconf plugin root-dn enable'
OPTIONS 'dsconf plugin root-dn disable'
OPTIONS 'dsconf plugin root-dn status'
OPTIONS 'dsconf plugin root-dn set'
[--allow-host ALLOW_HOST [ALLOW_HOST ...]]
[--deny-host DENY_HOST [DENY_HOST ...]]
[--allow-ip ALLOW_IP [ALLOW_IP ...]]
[--deny-ip DENY_IP [DENY_IP ...]]
[--open-time OPEN_TIME]
[--close-time CLOSE_TIME]
[--days-allowed DAYS_ALLOWED]
use to access the Directory Server. Any hosts not listed are implicitly denied
(rootdn-allow-host)
to use to access the Directory Server Any hosts not listed are implicitly
allowed (rootdn-deny-host). If an host address is listed in both the rootdn-
allow-host and rootdn-deny-host attributes, it is denied access.
allowed to use to access the Directory Server Any IP addresses not listed are
implicitly denied (rootdn-allow-ip)
allowed to use to access the Directory Server. Any IP addresses not listed are
implicitly allowed (rootdn-deny-ip) If an IP address is listed in both the
rootdn-allow-ip and rootdn-deny-ip attributes, it is denied access.
the Directory Server. This sets when the time-based access begins (rootdn-
open-time)
the Directory Server. This sets when the time-based access ends (rootdn-close-
time)
access the Directory Server. Any days listed are implicitly denied (rootdn-
days-allowed)OPTIONS 'dsconf plugin usn'
{show,enable,disable,status,global,cleanup}
...Sub-commands
OPTIONS 'dsconf plugin usn show'
OPTIONS 'dsconf plugin usn enable'
OPTIONS 'dsconf plugin usn disable'
OPTIONS 'dsconf plugin usn status'
OPTIONS 'dsconf plugin usn global'
Sub-commands
OPTIONS 'dsconf plugin usn global on'
OPTIONS 'dsconf plugin usn global off'
OPTIONS 'dsconf plugin usn cleanup'
[-m MAXUSN]
operation against. If the suffix is not specified, then the back end must be
given (suffix)
operation against. If the back end is not specified, then the suffix must be
specified.Backend instance in which USN tombstone entries (backend)
(max_usn_to_delete)OPTIONS 'dsconf plugin account-policy'
{show,enable,disable,status,set,config-entry}
...Sub-commands
OPTIONS 'dsconf plugin account-policy show'
OPTIONS 'dsconf plugin account-policy enable'
OPTIONS 'dsconf plugin account-policy disable'
OPTIONS 'dsconf plugin account-policy status'
OPTIONS 'dsconf plugin account-policy set'
[--config-entry CONFIG_ENTRY]OPTIONS 'dsconf plugin account-policy config-entry'
{add,set,show,delete}
...Sub-commands
OPTIONS 'dsconf plugin account-policy config-entry add'
[-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR]
[--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
[--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
[--state-attr STATE_ATTR]
DN
expiration time (altStateAttrName)
attribute in the users directory entry (alwaysRecordLoginAttr)
limit (limitAttrName)
configuration entries (specAttrName)
(stateAttrName)OPTIONS 'dsconf plugin account-policy config-entry set'
[-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR]
[--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR]
[--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR]
[--state-attr STATE_ATTR]
DN
expiration time (altStateAttrName)
attribute in the users directory entry (alwaysRecordLoginAttr)
limit (limitAttrName)
configuration entries (specAttrName)
(stateAttrName)OPTIONS 'dsconf plugin account-policy config-entry show'
OPTIONS 'dsconf plugin account-policy config-entry delete'
OPTIONS 'dsconf plugin attr-uniq'
{show,enable,disable,status,list,add,set,delete}
...Sub-commands
OPTIONS 'dsconf plugin attr-uniq show'
OPTIONS 'dsconf plugin attr-uniq enable'
OPTIONS 'dsconf plugin attr-uniq disable'
OPTIONS 'dsconf plugin attr-uniq status'
OPTIONS 'dsconf plugin attr-uniq list'
OPTIONS 'dsconf plugin attr-uniq add'
[--attr-name ATTR_NAME [ATTR_NAME ...]]
[--subtree SUBTREE [SUBTREE ...]]
[--across-all-subtrees {on,off}]
[--top-entry-oc TOP_ENTRY_OC]
[--subtree-entries-oc SUBTREE_ENTRIES_OC]
NAME
string, but "attribute_name Attribute Uniqueness" is recommended.
multi-valued. (uniqueness-attribute-name)
value. This attribute is multi-valued (uniqueness-subtrees)
subtrees set. If you set the attribute to off, uniqueness is only enforced
within the subtree of the updated entry (uniqueness-across-all-subtrees)
unique in this subtree (uniqueness-top-entry-oc)
in this parameter (uniqueness-subtree-entries-oc)OPTIONS 'dsconf plugin attr-uniq set'
[--attr-name ATTR_NAME [ATTR_NAME ...]]
[--subtree SUBTREE [SUBTREE ...]]
[--across-all-subtrees {on,off}]
[--top-entry-oc TOP_ENTRY_OC]
[--subtree-entries-oc SUBTREE_ENTRIES_OC]
NAME
string, but "attribute_name Attribute Uniqueness" is recommended.
multi-valued. (uniqueness-attribute-name)
value. This attribute is multi-valued (uniqueness-subtrees)
subtrees set. If you set the attribute to off, uniqueness is only enforced
within the subtree of the updated entry (uniqueness-across-all-subtrees)
unique in this subtree (uniqueness-top-entry-oc)
in this parameter (uniqueness-subtree-entries-oc)OPTIONS 'dsconf plugin attr-uniq delete'
OPTIONS 'dsconf plugin dna'
{show,enable,disable,status,list,config} ...Sub-commands
OPTIONS 'dsconf plugin dna show'
OPTIONS 'dsconf plugin dna enable'
OPTIONS 'dsconf plugin dna disable'
OPTIONS 'dsconf plugin dna status'
OPTIONS 'dsconf plugin dna list'
Sub-commands
OPTIONS 'dsconf plugin dna list configs'
OPTIONS 'dsconf plugin dna config'
NAME
{add,set,show,delete,shared-config-entry}
...Sub-commands
OPTIONS 'dsconf plugin dna config add'
[--type TYPE [TYPE ...]]
[--prefix PREFIX]
[--next-value NEXT_VALUE]
[--max-value MAX_VALUE]
[--interval INTERVAL]
[--magic-regen MAGIC_REGEN]
[--filter FILTER]
[--scope SCOPE]
[--remote-bind-dn REMOTE_BIND_DN]
[--remote-bind-cred REMOTE_BIND_CRED]
[--shared-config-entry SHARED_CONFIG_ENTRY]
[--threshold THRESHOLD]
[--next-range NEXT_RANGE]
[--range-request-timeout RANGE_REQUEST_TIMEOUT]
attribute (dnaPrefix)
the entry (dnaMagicRegen)
apply the distributed numeric assignment range (dnaFilter)
numeric assignment (dnaScope)
another (dnaSharedCfgDN)
hits the threshold, it sends a request for a new range (dnaThreshold)
(dnaNextRange)
not stall waiting on a new range from one server and can request a range from
a new server (dnaRangeRequestTimeout)OPTIONS 'dsconf plugin dna config set'
[--type TYPE [TYPE ...]]
[--prefix PREFIX]
[--next-value NEXT_VALUE]
[--max-value MAX_VALUE]
[--interval INTERVAL]
[--magic-regen MAGIC_REGEN]
[--filter FILTER]
[--scope SCOPE]
[--remote-bind-dn REMOTE_BIND_DN]
[--remote-bind-cred REMOTE_BIND_CRED]
[--shared-config-entry SHARED_CONFIG_ENTRY]
[--threshold THRESHOLD]
[--next-range NEXT_RANGE]
[--range-request-timeout RANGE_REQUEST_TIMEOUT]
attribute (dnaPrefix)
the entry (dnaMagicRegen)
apply the distributed numeric assignment range (dnaFilter)
numeric assignment (dnaScope)
another (dnaSharedCfgDN)
hits the threshold, it sends a request for a new range (dnaThreshold)
(dnaNextRange)
not stall waiting on a new range from one server and can request a range from
a new server (dnaRangeRequestTimeout)OPTIONS 'dsconf plugin dna config show'
OPTIONS 'dsconf plugin dna config delete'
OPTIONS 'dsconf plugin linked-attr'
{show,enable,disable,status,fixup,list,config}
...Sub-commands
OPTIONS 'dsconf plugin linked-attr show'
OPTIONS 'dsconf plugin linked-attr enable'
OPTIONS 'dsconf plugin linked-attr disable'
OPTIONS 'dsconf plugin linked-attr status'
OPTIONS 'dsconf plugin linked-attr fixup'
OPTIONS 'dsconf plugin linked-attr list'
OPTIONS 'dsconf plugin linked-attr config'
NAME {add,set,show,delete}
...Sub-commands
OPTIONS 'dsconf plugin linked-attr config add'
[--link-type LINK_TYPE]
[--managed-type MANAGED_TYPE]
[--link-scope LINK_SCOPE]
tree (linkScope)OPTIONS 'dsconf plugin linked-attr config set'
[--link-type LINK_TYPE]
[--managed-type MANAGED_TYPE]
[--link-scope LINK_SCOPE]
tree (linkScope)OPTIONS 'dsconf plugin linked-attr config show'
OPTIONS 'dsconf plugin linked-attr config delete'
OPTIONS 'dsconf plugin managed-entries'
{show,enable,disable,status,set,list,config,template}
...Sub-commands
OPTIONS 'dsconf plugin managed-entries show'
OPTIONS 'dsconf plugin managed-entries enable'
OPTIONS 'dsconf plugin managed-entries disable'
OPTIONS 'dsconf plugin managed-entries status'
OPTIONS 'dsconf plugin managed-entries set'
[--config-area CONFIG_AREA]OPTIONS 'dsconf plugin managed-entries list'
{configs,templates} ...Sub-commands
OPTIONS 'dsconf plugin managed-entries list configs'
OPTIONS 'dsconf plugin managed-entries list templates'
OPTIONS 'dsconf plugin managed-entries config'
NAME
{add,set,show,delete} ...Sub-commands
OPTIONS 'dsconf plugin managed-entries config add'
[-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE]
[--managed-template MANAGED_TEMPLATE]
(originScope)
the subtree which require a managed entry (originFilter)
(managedTemplate)OPTIONS 'dsconf plugin managed-entries config set'
[-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE]
[--managed-template MANAGED_TEMPLATE]
(originScope)
the subtree which require a managed entry (originFilter)
(managedTemplate)OPTIONS 'dsconf plugin managed-entries config show'
OPTIONS 'dsconf plugin managed-entries config delete'
OPTIONS 'dsconf plugin managed-entries template'
DN
{add,set,show,delete}
...Sub-commands
OPTIONS 'dsconf plugin managed-entries template add'
[-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
[--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
generated entry (mepRDNAttr)
automatically-generated entry (mepStaticAttr)
generated entry (mepMappedAttr)OPTIONS 'dsconf plugin managed-entries template set'
[-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR]
[--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]]
generated entry (mepRDNAttr)
automatically-generated entry (mepStaticAttr)
generated entry (mepMappedAttr)OPTIONS 'dsconf plugin managed-entries template show'
OPTIONS 'dsconf plugin managed-entries template delete'
OPTIONS 'dsconf plugin pass-through-auth'
{show,enable,disable,status,list,url,pam-config}
...Sub-commands
OPTIONS 'dsconf plugin pass-through-auth show'
OPTIONS 'dsconf plugin pass-through-auth enable'
OPTIONS 'dsconf plugin pass-through-auth disable'
OPTIONS 'dsconf plugin pass-through-auth status'
OPTIONS 'dsconf plugin pass-through-auth list'
{urls,pam-configs} ...Sub-commands
OPTIONS 'dsconf plugin pass-through-auth list urls'
OPTIONS 'dsconf plugin pass-through-auth list pam-configs'
OPTIONS 'dsconf plugin pass-through-auth url'
{add,modify,delete} ...Sub-commands
OPTIONS 'dsconf plugin pass-through-auth url add'
maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional
parameter is specified the rest should be specified tooOPTIONS 'dsconf plugin pass-through-auth url modify'
OLD_URL NEW_URLOPTIONS 'dsconf plugin pass-through-auth url delete'
OPTIONS 'dsconf plugin pass-through-auth pam-config'
NAME
{add,set,show,delete}
...Sub-commands
OPTIONS 'dsconf plugin pass-through-auth pam-config add'
[-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
[--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
[--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER]
[--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method ID_MAP_METHOD]
[--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE]
(pamMissingSuffix)
suffixes for which to use PAM pass-through authentication (pamFilter)
(pamIDMapMethod)
fails (pamFallback)OPTIONS 'dsconf plugin pass-through-auth pam-config set'
[-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]]
[--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]]
[--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER]
[--id-attr ID_ATTR [ID_ATTR ...]] [--id_map_method ID_MAP_METHOD]
[--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE]
(pamMissingSuffix)
suffixes for which to use PAM pass-through authentication (pamFilter)
(pamIDMapMethod)
fails (pamFallback)OPTIONS 'dsconf plugin pass-through-auth pam-config show'
OPTIONS 'dsconf plugin pass-through-auth pam-config delete'
OPTIONS 'dsconf plugin retro-changelog'
{show,enable,disable,status,set}
...Sub-commands
OPTIONS 'dsconf plugin retro-changelog show'
OPTIONS 'dsconf plugin retro-changelog enable'
OPTIONS 'dsconf plugin retro-changelog disable'
OPTIONS 'dsconf plugin retro-changelog status'
OPTIONS 'dsconf plugin retro-changelog set'
[--is-replicated {TRUE,FALSE}]
[--attribute ATTRIBUTE]
[--directory DIRECTORY]
[--max-age MAX_AGE]
[--exclude-suffix EXCLUDE_SUFFIX]
newly made on that server or whether it was replicated over from another
server (isReplicated)
retro changelog entries (nsslapd-attribute)
the first time the plug-in is run
(nsslapd-changelogmaxage)
the plugin (nsslapd-exclude-suffix)OPTIONS 'dsconf plugin posix-winsync'
{show,enable,disable,status,set,fixup}
...Sub-commands
OPTIONS 'dsconf plugin posix-winsync show'
OPTIONS 'dsconf plugin posix-winsync enable'
OPTIONS 'dsconf plugin posix-winsync disable'
OPTIONS 'dsconf plugin posix-winsync status'
OPTIONS 'dsconf plugin posix-winsync set'
[--create-memberof-task {true,false}]
[--lower-case-uid {true,false}]
[--map-member-uid {true,false}]
[--map-nested-grouping {true,false}]
[--ms-sfu-schema {true,false}]
order to update group memberships for synced users
(posixWinsyncCreateMemberOfTask)
memberUID attribute in lower case.(posixWinsyncLowerCaseUID)
the uniqueMember attribute in a Directory Server group
(posixWinsyncMapMemberUID)
Directory POSIX group change (posixWinsyncMapNestedGrouping)
schema when syncing Posix attributes from Active Directory
(posixWinsyncMsSFUSchema)OPTIONS 'dsconf plugin posix-winsync fixup'
OPTIONS 'dsconf plugin list'
OPTIONS 'dsconf plugin show'
OPTIONS 'dsconf plugin set'
[--path PATH] [--initfunc INITFUNC]
[--id ID] [--vendor VENDOR]
[--version VERSION]
[--description DESCRIPTION]
[--depends-on-type DEPENDS_ON_TYPE]
[--depends-on-named DEPENDS_ON_NAMED]
[--precedence PRECEDENCE]
[selector]
following valid range will be started by the server prior to this plug-in.
server prior to this plug-inOPTIONS 'dsconf pwpolicy'
Sub-commands
OPTIONS 'dsconf pwpolicy get'
OPTIONS 'dsconf pwpolicy set'
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
[--pwdlocal PWDLOCAL]
[--pwdisglobal PWDISGLOBAL]
[--pwdallowhash PWDALLOWHASH]
constraints
period
locked
account
password
duplicated in a password
is allowed in a password
checking. This also impacts "--pwduserattrs"
password (See "--pwdmintokenlen")OPTIONS 'dsconf localpwp'
{list,get,set,remove,adduser,addsubtree} ...Sub-commands
OPTIONS 'dsconf localpwp list'
OPTIONS 'dsconf localpwp get'
OPTIONS 'dsconf localpwp set'
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
DN
constraints
period
locked
account
password
duplicated in a password
is allowed in a password
checking. This also impacts "--pwduserattrs"
password (See "--pwdmintokenlen")OPTIONS 'dsconf localpwp remove'
OPTIONS 'dsconf localpwp adduser'
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
DN
constraints
period
locked
account
password
duplicated in a password
is allowed in a password
checking. This also impacts "--pwduserattrs"
password (See "--pwdmintokenlen")OPTIONS 'dsconf localpwp addsubtree'
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
DN
constraints
period
locked
account
password
duplicated in a password
is allowed in a password
checking. This also impacts "--pwduserattrs"
password (See "--pwdmintokenlen")OPTIONS 'dsconf replication'
{enable,disable,get-ruv,list,status,winsync-status,promote,create-manager,delete-manager,demote,get,create-changelog,delete-changelog,set-changelog,get-changelog,dump-changelog,set,monitor}
...Sub-commands
OPTIONS 'dsconf replication enable'
[--replica-id REPLICA_ID]
[--bind-group-dn BIND_GROUP_DN]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
entry if a value is setOPTIONS 'dsconf replication disable'
OPTIONS 'dsconf replication get-ruv'
OPTIONS 'dsconf replication list'
OPTIONS 'dsconf replication status'
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]OPTIONS 'dsconf replication winsync-status'
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]OPTIONS 'dsconf replication promote'
NEWROLE [--replica-id REPLICA_ID]
[--bind-group-dn BIND_GROUP_DN]
[--bind-dn BIND_DN]OPTIONS 'dsconf replication create-manager'
[--passwd PASSWD]
[--suffix SUFFIX]
"replication manager" then the new manager entry's DN would be "cn=replication
manager,cn=config".
the password
add this new manager to (OPTIONAL)OPTIONS 'dsconf replication delete-manager'
[--suffix SUFFIX]OPTIONS 'dsconf replication demote'
NEWROLEOPTIONS 'dsconf replication get'
OPTIONS 'dsconf replication create-changelog'
OPTIONS 'dsconf replication delete-changelog'
OPTIONS 'dsconf replication set-changelog'
[--max-entries MAX_ENTRIES]
[--max-age MAX_AGE]
[--compact-interval COMPACT_INTERVAL]
[--trim-interval TRIM_INTERVAL]OPTIONS 'dsconf replication get-changelog'
OPTIONS 'dsconf replication dump-changelog'
[-i CHANGELOG_LDIF]
[-o OUTPUT_FILE]
[-r REPLICA_ROOTS [REPLICA_ROOTS ...]]
option.
encoded, you may use this option to decode that ldif-like changelog. It should
be base64 encoded.
be seperated by comma. All the replica roots would be dumped if the option is
omitted.OPTIONS 'dsconf replication set'
[--replica-id REPLICA_ID]
[--replica-role REPLICA_ROLE]
[--repl-add-bind-dn REPL_ADD_BIND_DN]
[--repl-del-bind-dn REPL_DEL_BIND_DN]
[--repl-add-ref REPL_ADD_REF]
[--repl-del-ref REPL_DEL_REF]
[--repl-purge-delay REPL_PURGE_DELAY]
[--repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL]
[--repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING]
[--repl-bind-group REPL_BIND_GROUP]
[--repl-bind-group-interval REPL_BIND_GROUP_INTERVAL]
[--repl-protocol-timeout REPL_PROTOCOL_TIMEOUT]
[--repl-backoff-max REPL_BACKOFF_MAX]
[--repl-backoff-min REPL_BACKOFF_MIN]
[--repl-release-timeout REPL_RELEASE_TIMEOUT]
server is under load
state while waiting to acquire the consumer. Default is 300 seconds
state while waiting to acquire the consumer. Default is 3 seconds
its replication sessionOPTIONS 'dsconf replication monitor'
[-c [CONNECTIONS [CONNECTIONS ...]]]
[-a [ALIASES [ALIASES ...]]]
format: 'host:port:binddn:bindpwd'. You can use regex for host and port. You
can set bindpwd to * and it will be requested at the runtime or you can
include the path to the password file in square brackets - [~/pwd.txt]
be displayed in the output. The format: alias=host:portOPTIONS 'dsconf repl-agmt'
{list,enable,disable,init,init-status,poke,status,delete,create,set,get}
...Sub-commands
OPTIONS 'dsconf repl-agmt list'
OPTIONS 'dsconf repl-agmt enable'
OPTIONS 'dsconf repl-agmt disable'
OPTIONS 'dsconf repl-agmt init'
OPTIONS 'dsconf repl-agmt init-status'
OPTIONS 'dsconf repl-agmt poke'
OPTIONS 'dsconf repl-agmt status'
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
AGMT_NAMEOPTIONS 'dsconf repl-agmt delete'
OPTIONS 'dsconf repl-agmt create'
--port PORT --conn-protocol
CONN_PROTOCOL [--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
--bind-method BIND_METHOD
[--frac-list FRAC_LIST]
[--frac-list-total FRAC_LIST_TOTAL]
[--strip-list STRIP_LIST]
[--schedule SCHEDULE]
[--conn-timeout CONN_TIMEOUT]
[--protocol-timeout PROTOCOL_TIMEOUT]
[--wait-async-results WAIT_ASYNC_RESULTS]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flow-control-window FLOW_CONTROL_WINDOW]
[--flow-control-pause FLOW_CONTROL_PAUSE]
[--init]
AGMT_NAME
otherwise be empty. Typically this is set to "modifiersname" and
"modifytimestmap"
Saturday).
server is under load
ready before resending data
back a busy response before making another attempt to acquire access.
not acknowledged by the consumer.
updates set in "--flow-control-window"OPTIONS 'dsconf repl-agmt set'
[--port PORT]
[--conn-protocol CONN_PROTOCOL]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-method BIND_METHOD]
[--frac-list FRAC_LIST]
[--frac-list-total FRAC_LIST_TOTAL]
[--strip-list STRIP_LIST]
[--schedule SCHEDULE]
[--conn-timeout CONN_TIMEOUT]
[--protocol-timeout PROTOCOL_TIMEOUT]
[--wait-async-results WAIT_ASYNC_RESULTS]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flow-control-window FLOW_CONTROL_WINDOW]
[--flow-control-pause FLOW_CONTROL_PAUSE]
AGMT_NAME
otherwise be empty. Typically this is set to "modifiersname" and
"modifytimestmap"
Saturday).
server is under load
ready before resending data
back a busy response before making another attempt to acquire access.
not acknowledged by the consumer.
updates set in "--flow-control-window"OPTIONS 'dsconf repl-agmt get'
OPTIONS 'dsconf repl-winsync-agmt'
{list,enable,disable,init,init-status,poke,status,delete,create,set,get}
...Sub-commands
OPTIONS 'dsconf repl-winsync-agmt list'
OPTIONS 'dsconf repl-winsync-agmt enable'
OPTIONS 'dsconf repl-winsync-agmt disable'
AGMT_NAMEOPTIONS 'dsconf repl-winsync-agmt init'
OPTIONS 'dsconf repl-winsync-agmt init-status'
AGMT_NAMEOPTIONS 'dsconf repl-winsync-agmt poke'
OPTIONS 'dsconf repl-winsync-agmt status'
OPTIONS 'dsconf repl-winsync-agmt delete'
OPTIONS 'dsconf repl-winsync-agmt create'
HOST --port PORT
--conn-protocol CONN_PROTOCOL
--bind-dn BIND_DN
--bind-passwd BIND_PASSWD
[--frac-list FRAC_LIST]
[--schedule SCHEDULE]
--win-subtree WIN_SUBTREE
--ds-subtree DS_SUBTREE
--win-domain WIN_DOMAIN
[--sync-users SYNC_USERS]
[--sync-groups SYNC_GROUPS]
[--sync-interval SYNC_INTERVAL]
[--one-way-sync ONE_WAY_SYNC]
[--move-action MOVE_ACTION]
[--win-filter WIN_FILTER]
[--ds-filter DS_FILTER]
[--subtree-pair SUBTREE_PAIR]
[--conn-timeout CONN_TIMEOUT]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--init]
AGMT_NAME
"both"
or "delete"
back a busy response before making another attempt to acquire access.OPTIONS 'dsconf repl-winsync-agmt set'
[--host HOST] [--port PORT]
[--conn-protocol CONN_PROTOCOL]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--frac-list FRAC_LIST]
[--schedule SCHEDULE]
[--win-subtree WIN_SUBTREE]
[--ds-subtree DS_SUBTREE]
[--win-domain WIN_DOMAIN]
[--sync-users SYNC_USERS]
[--sync-groups SYNC_GROUPS]
[--sync-interval SYNC_INTERVAL]
[--one-way-sync ONE_WAY_SYNC]
[--move-action MOVE_ACTION]
[--win-filter WIN_FILTER]
[--ds-filter DS_FILTER]
[--subtree-pair SUBTREE_PAIR]
[--conn-timeout CONN_TIMEOUT]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
AGMT_NAME
"both"
or "delete"
back a busy response before making another attempt to acquire access.OPTIONS 'dsconf repl-winsync-agmt get'
OPTIONS 'dsconf repl-tasks'
{cleanallruv,list-cleanruv-tasks,abort-cleanallruv,list-abortruv-tasks}
...Sub-commands
OPTIONS 'dsconf repl-tasks cleanallruv'
--replica-id REPLICA_ID
[--force-cleaning]OPTIONS 'dsconf repl-tasks list-cleanruv-tasks'
OPTIONS 'dsconf repl-tasks abort-cleanallruv'
--replica-id REPLICA_ID
[--certify]OPTIONS 'dsconf repl-tasks list-abortruv-tasks'
OPTIONS 'dsconf sasl'
Sub-commands
OPTIONS 'dsconf sasl list'
OPTIONS 'dsconf sasl get'
OPTIONS 'dsconf sasl create'
[--nsSaslMapRegexString [NSSASLMAPREGEXSTRING]]
[--nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]]
[--nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]]
[--nsSaslMapPriority [NSSASLMAPPRIORITY]]OPTIONS 'dsconf sasl delete'
OPTIONS 'dsconf security'
{set,get,enable,disable,certificate,ca-certificate,rsa,ciphers}
...Sub-commands
OPTIONS 'dsconf security set'
[--listen-host LISTEN_HOST]
[--secure-port SECURE_PORT]
[--tls-client-auth TLS_CLIENT_AUTH]
[--tls-client-renegotiation TLS_CLIENT_RENEGOTIATION]
[--require-secure-authentication REQUIRE_SECURE_AUTHENTICATION]
[--check-hostname CHECK_HOSTNAME]
[--verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP]
[--session-timeout SESSION_TIMEOUT]
[--tls-protocol-min TLS_PROTOCOL_MIN]
[--tls-protocol-max TLS_PROTOCOL_MAX]
[--allow-insecure-ciphers ALLOW_INSECURE_CIPHERS]
[--allow-weak-dh-param ALLOW_WEAK_DH_PARAM]
[--cipher-pref CIPHER_PREF]
hostname)
separated list of cipher names (prefixed with + or -), optionally including
+all or -all. The attribute may optionally be prefixed by keyword default.
Please refer to documentation of the attribute for a more detailed
description. (nsSSL3Ciphers)OPTIONS 'dsconf security get'
OPTIONS 'dsconf security enable'
OPTIONS 'dsconf security disable'
OPTIONS 'dsconf security certificate'
{add,set-trust-flags,del,get,list}
...Sub-commands
OPTIONS 'dsconf security certificate add'
[--primary-cert]OPTIONS 'dsconf security certificate set-trust-flags'
[-h] --flags FLAGS nameOPTIONS 'dsconf security certificate del'
OPTIONS 'dsconf security certificate get'
OPTIONS 'dsconf security certificate list'
OPTIONS 'dsconf security ca-certificate'
{add,set-trust-flags,del,get,list}
...Sub-commands
OPTIONS 'dsconf security ca-certificate add'
NAMEOPTIONS 'dsconf security ca-certificate set-trust-flags'
[-h] --flags FLAGS nameOPTIONS 'dsconf security ca-certificate del'
OPTIONS 'dsconf security ca-certificate get'
OPTIONS 'dsconf security ca-certificate list'
OPTIONS 'dsconf security rsa'
Sub-commands
OPTIONS 'dsconf security rsa set'
[--tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES]
[--nss-cert-name NSS_CERT_NAME]
[--nss-token NSS_TOKEN]OPTIONS 'dsconf security rsa get'
OPTIONS 'dsconf security rsa enable'
OPTIONS 'dsconf security rsa disable'
OPTIONS 'dsconf security ciphers'
Sub-commands
OPTIONS 'dsconf security ciphers enable'
OPTIONS 'dsconf security ciphers disable'
OPTIONS 'dsconf security ciphers get'
OPTIONS 'dsconf security ciphers set'
OPTIONS 'dsconf security ciphers list'
[--enabled | --supported | --disabled]OPTIONS 'dsconf schema'
{list,attributetypes,objectclasses,matchingrules,reload,validate-syntax}
...Sub-commands
OPTIONS 'dsconf schema list'
OPTIONS 'dsconf schema attributetypes'
{get_syntaxes,list,query,add,replace,remove}
...Sub-commands
OPTIONS 'dsconf schema attributetypes get_syntaxes'
OPTIONS 'dsconf schema attributetypes list'
OPTIONS 'dsconf schema attributetypes query'
OPTIONS 'dsconf schema attributetypes add'
[--desc DESC]
[--x-origin X_ORIGIN]
[--aliases ALIASES [ALIASES ...]]
[--single-value]
[--multi-value]
[--no-user-mod] [--user-mod]
[--equality EQUALITY]
[--substr SUBSTR]
[--ordering ORDERING]
[--usage USAGE]
[--sup SUP [SUP ...]]
--syntax SYNTAX
name
or --multi-value should be specified
flags this or --single-value should be specified
flags this or --user-mod should be specified
of the flags this or --no-user-mode should be specified
equal
contains another value
lesser - equal than
userApplications (default), directoryOperation, distributedOperation,
dSAOperation
fromOPTIONS 'dsconf schema attributetypes replace'
[--desc DESC]
[--x-origin X_ORIGIN]
[--aliases ALIASES [ALIASES ...]]
[--single-value]
[--multi-value]
[--no-user-mod]
[--user-mod]
[--equality EQUALITY]
[--substr SUBSTR]
[--ordering ORDERING]
[--usage USAGE]
[--sup SUP [SUP ...]]
[--syntax SYNTAX]
name
or --multi-value should be specified
flags this or --single-value should be specified
flags this or --user-mod should be specified
of the flags this or --no-user-mode should be specified
equal
contains another value
lesser - equal than
userApplications (default), directoryOperation, distributedOperation,
dSAOperation
fromOPTIONS 'dsconf schema attributetypes remove'
OPTIONS 'dsconf schema objectclasses'
{list,query,add,replace,remove}
...Sub-commands
OPTIONS 'dsconf schema objectclasses list'
OPTIONS 'dsconf schema objectclasses query'
OPTIONS 'dsconf schema objectclasses add'
[--x-origin X_ORIGIN]
[--must MUST [MUST ...]]
[--may MAY [MAY ...]]
[--kind KIND]
[--sup SUP [SUP ...]]
nameOPTIONS 'dsconf schema objectclasses replace'
[--desc DESC]
[--x-origin X_ORIGIN]
[--must MUST [MUST ...]]
[--may MAY [MAY ...]]
[--kind KIND]
[--sup SUP [SUP ...]]
nameOPTIONS 'dsconf schema objectclasses remove'
OPTIONS 'dsconf schema matchingrules'
Sub-commands
OPTIONS 'dsconf schema matchingrules list'
OPTIONS 'dsconf schema matchingrules query'
OPTIONS 'dsconf schema reload'
OPTIONS 'dsconf schema validate-syntax'
OPTIONS 'dsconf repl-conflict'
{list,compare,delete,swap,convert,list-glue,delete-glue,convert-glue}
...Sub-commands
OPTIONS 'dsconf repl-conflict list'
OPTIONS 'dsconf repl-conflict compare'
OPTIONS 'dsconf repl-conflict delete'
OPTIONS 'dsconf repl-conflict swap'
OPTIONS 'dsconf repl-conflict convert'
OPTIONS 'dsconf repl-conflict list-glue'
OPTIONS 'dsconf repl-conflict delete-glue'
OPTIONS 'dsconf repl-conflict convert-glue'
Authors
Distribution
Info