table of contents
- NAME
- SYNOPSIS
- POSITIONAL ARGUMENTS
- COMMAND 'dsctl restart'
- COMMAND 'dsctl start'
- COMMAND 'dsctl stop'
- COMMAND 'dsctl status'
- COMMAND 'dsctl remove'
- OPTIONS 'dsctl remove'
- COMMAND 'dsctl db2index'
- OPTIONS 'dsctl db2index'
- COMMAND 'dsctl db2bak'
- COMMAND 'dsctl db2ldif'
- OPTIONS 'dsctl db2ldif'
- COMMAND 'dsctl dbverify'
- COMMAND 'dsctl bak2db'
- COMMAND 'dsctl ldif2db'
- OPTIONS 'dsctl ldif2db'
- COMMAND 'dsctl backups'
- OPTIONS 'dsctl backups'
- COMMAND 'dsctl ldifs'
- OPTIONS 'dsctl ldifs'
- COMMAND 'dsctl tls'
- POSITIONAL ARGUMENTS 'dsctl tls'
- COMMAND 'dsctl tls list-ca'
- COMMAND 'dsctl tls list-client-ca'
- COMMAND 'dsctl tls show-server-cert'
- COMMAND 'dsctl tls show-cert'
- COMMAND 'dsctl tls generate-server-cert-csr'
- OPTIONS 'dsctl tls generate-server-cert-csr'
- COMMAND 'dsctl tls import-client-ca'
- COMMAND 'dsctl tls import-ca'
- COMMAND 'dsctl tls import-server-cert'
- COMMAND 'dsctl tls import-server-key-cert'
- COMMAND 'dsctl tls remove-cert'
- COMMAND 'dsctl tls export-cert'
- OPTIONS 'dsctl tls export-cert'
- COMMAND 'dsctl healthcheck'
- OPTIONS 'dsctl healthcheck'
- COMMAND 'dsctl get-nsstate'
- OPTIONS 'dsctl get-nsstate'
- COMMAND 'dsctl ldifgen'
- POSITIONAL ARGUMENTS 'dsctl ldifgen'
- COMMAND 'dsctl ldifgen users'
- OPTIONS 'dsctl ldifgen users'
- COMMAND 'dsctl ldifgen groups'
- OPTIONS 'dsctl ldifgen groups'
- COMMAND 'dsctl ldifgen cos-def'
- OPTIONS 'dsctl ldifgen cos-def'
- COMMAND 'dsctl ldifgen cos-template'
- OPTIONS 'dsctl ldifgen cos-template'
- COMMAND 'dsctl ldifgen roles'
- OPTIONS 'dsctl ldifgen roles'
- COMMAND 'dsctl ldifgen mod-load'
- OPTIONS 'dsctl ldifgen mod-load'
- COMMAND 'dsctl ldifgen nested'
- OPTIONS 'dsctl ldifgen nested'
- COMMAND 'dsctl dsrc'
- POSITIONAL ARGUMENTS 'dsctl dsrc'
- COMMAND 'dsctl dsrc create'
- OPTIONS 'dsctl dsrc create'
- COMMAND 'dsctl dsrc modify'
- OPTIONS 'dsctl dsrc modify'
- COMMAND 'dsctl dsrc delete'
- OPTIONS 'dsctl dsrc delete'
- COMMAND 'dsctl dsrc display'
- COMMAND 'dsctl dsrc repl-mon'
- OPTIONS 'dsctl dsrc repl-mon'
- COMMAND 'dsctl cockpit'
- POSITIONAL ARGUMENTS 'dsctl cockpit'
- COMMAND 'dsctl cockpit enable'
- COMMAND 'dsctl cockpit open-firewall'
- OPTIONS 'dsctl cockpit open-firewall'
- COMMAND 'dsctl cockpit disable'
- COMMAND 'dsctl cockpit close-firewall'
- COMMAND 'dsctl dblib'
- POSITIONAL ARGUMENTS 'dsctl dblib'
- COMMAND 'dsctl dblib bdb2mdb'
- OPTIONS 'dsctl dblib bdb2mdb'
- COMMAND 'dsctl dblib mdb2bdb'
- OPTIONS 'dsctl dblib mdb2bdb'
- COMMAND 'dsctl dblib cleanup'
- OPTIONS
- AUTHOR
- DISTRIBUTION
DSCTL(8) | Generated Python Manual | DSCTL(8) |
NAME¶
dsctl
SYNOPSIS¶
dsctl [-h] [-v] [-j] [-l] [instance] {restart,start,stop,status,remove,db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ldifs,tls,healthcheck,get-nsstate,ldifgen,dsrc,cockpit,dblib} ...
POSITIONAL ARGUMENTS¶
- dsctl restart
- Restart an instance of Directory Server, if it is running: else start it.
- dsctl start
- Start an instance of Directory Server, if it is not currently running
- dsctl stop
- Stop an instance of Directory Server, if it is currently running
- dsctl status
- Check running status of an instance of Directory Server
- dsctl remove
- Destroy an instance of Directory Server, and remove all data.
- dsctl db2index
- Initialise a reindex of the server database. The server must be stopped for this to proceed.
- dsctl db2bak
- Initialise a BDB backup of the database. The server must be stopped for this to proceed.
- dsctl db2ldif
- Initialise an LDIF dump of the database. The server must be stopped for this to proceed.
- dsctl dbverify
- Perform a db verification. You should only do this at direction of support
- dsctl bak2db
- Restore a BDB backup of the database. The server must be stopped for this to proceed.
- dsctl ldif2db
- Restore an LDIF dump of the database. The server must be stopped for this to proceed.
- dsctl backups
- List backup's found in the server's default backup directory
- dsctl ldifs
- List all the LDIF files located in the server's LDIF directory
- dsctl tls
- Manage TLS certificates
- dsctl healthcheck
- Run a healthcheck report on a local Directory Server instance. This is a safe and read-only operation. Do not attempt to run this on a remote Directory Server as this tool needs access to local resources, otherwise the report may be inaccurate.
- dsctl get-nsstate
- Get the replication nsState in a human readable format
Replica DN: The DN of the replication configuration entry Replica Suffix: The replicated suffix Replica ID: The Replica identifier Gen Time The time the CSN generator was created Gen Time String: The time string of generator Gen as CSN: The generation CSN Local Offset: The offset due to the local clock being set back Local Offset String: The offset in a nice human format Remote Offset: The offset due to clock difference with remote systems Remote Offset String: The offset in a nice human format Time Skew: The time skew between this server and its replicas Time Skew String: The time skew in a nice human format Seq Num: The number of multiple csns within a second System Time: The local system time Diff in Seconds: The time difference in seconds from the CSN generator creation to now Diff in days/secs: The time difference broken up into days and seconds Endian: Little/Big Endian
- dsctl ldifgen
- LDIF generator to make sample LDIF files for testing
- dsctl dsrc
- Manage the .dsrc file
- dsctl cockpit
- Enable the Cockpit interface/UI
- dsctl dblib
- database library (i.e bdb/lmdb) migration
COMMAND 'dsctl restart'¶
usage: dsctl [instance] restart [-h]
COMMAND 'dsctl start'¶
usage: dsctl [instance] start [-h]
COMMAND 'dsctl stop'¶
usage: dsctl [instance] stop [-h]
COMMAND 'dsctl status'¶
usage: dsctl [instance] status [-h]
COMMAND 'dsctl remove'¶
usage: dsctl [instance] remove [-h] [--do-it]
OPTIONS 'dsctl remove'¶
- --do-it
- By default we do a dry run. This actually initiates the removal of the instance.
COMMAND 'dsctl db2index'¶
usage: dsctl [instance] db2index [-h] [--attr [ATTR ...]] [backend]
- backend
- The backend to reindex. IE userRoot
OPTIONS 'dsctl db2index'¶
- --attr [ATTR ...]
- The attribute's to reindex. IE --attr aci cn givenname
COMMAND 'dsctl db2bak'¶
usage: dsctl [instance] db2bak [-h] [archive]
- archive
- The destination for the archive. This will be created during the db2bak process.
COMMAND 'dsctl db2ldif'¶
usage: dsctl [instance] db2ldif [-h] [--replication] [--encrypted]
backend [ldif]
OPTIONS 'dsctl db2ldif'¶
- --replication
- Export replication information, suitable for importing on a new consumer or backups.
- --encrypted
- Export encrypted attributes
COMMAND 'dsctl dbverify'¶
usage: dsctl [instance] dbverify [-h] backend
- backend
- The backend to verify. IE userRoot
COMMAND 'dsctl bak2db'¶
usage: dsctl [instance] bak2db [-h] archive
- archive
- The archive to restore. This will erase all current server databases.
COMMAND 'dsctl ldif2db'¶
usage: dsctl [instance] ldif2db [-h] [--encrypted] backend ldif
OPTIONS 'dsctl ldif2db'¶
- --encrypted
- Import encrypted attributes
COMMAND 'dsctl backups'¶
usage: dsctl [instance] backups [-h] [--delete DELETE]
OPTIONS 'dsctl backups'¶
- --delete DELETE
- Delete backup directory
COMMAND 'dsctl ldifs'¶
usage: dsctl [instance] ldifs [-h] [--delete DELETE]
OPTIONS 'dsctl ldifs'¶
- --delete DELETE
- Delete LDIF file
COMMAND 'dsctl tls'¶
usage: dsctl [instance] tls [-h]
{list-ca,list-client-ca,show-server-cert,show-cert,generate-server-cert-csr,import-client-ca,import-ca,import-server-cert,import-server-key-cert,remove-cert,export-cert}
...
POSITIONAL ARGUMENTS 'dsctl tls'¶
- dsctl tls list-ca
- list server certificate authorities including intermediates
- dsctl tls list-client-ca
- list client certificate authorities including intermediates
- dsctl tls show-server-cert
- Show the active server certificate that clients will see and verify
- dsctl tls show-cert
- Show a certificate's details referenced by it's nickname. This is analogous to certutil -L -d <path> -n <nickname>
- dsctl tls generate-server-cert-csr
- Generate a Server-Cert certificate signing request - the csr is then submitted to a CA for verification, and when signed you import with import-ca and import-server-cert
- dsctl tls import-client-ca
- Import a CA trusted to issue user (client) certificates. This is part of how client certificate authentication functions.
- dsctl tls import-ca
- Import a CA or intermediate CA for signing this servers certificates (aka Server-Cert). You should import all the CA's in the chain as required. PEM bundles are accepted
- dsctl tls import-server-cert
- Import a new Server-Cert after the csr has been signed from a CA.
- dsctl tls import-server-key-cert
- Import a new key and Server-Cert after having been signed from a CA. This is used if you have an external csr tool or a service like lets encrypt that generates PEM keys externally.
- dsctl tls remove-cert
- Delete a certificate from this database. This will remove it from acting as a CA, a client CA or the Server-Cert role.
- dsctl tls export-cert
- Export a certificate to PEM or DER/Binary format. PEM format is the default
COMMAND 'dsctl tls list-ca'¶
usage: dsctl [instance] tls list-ca [-h]
COMMAND 'dsctl tls list-client-ca'¶
usage: dsctl [instance] tls list-client-ca [-h]
COMMAND 'dsctl tls show-server-cert'¶
usage: dsctl [instance] tls show-server-cert [-h]
COMMAND 'dsctl tls show-cert'¶
usage: dsctl [instance] tls show-cert [-h] nickname
- nickname
- The nickname (friendly name) of the certificate to display
COMMAND 'dsctl tls generate-server-cert-csr'¶
usage: dsctl [instance] tls generate-server-cert-csr [-h]
[--subject SUBJECT]
[alt_names ...]
- alt_names
- Certificate requests subject alternative names. These are auto-detected if not provided
OPTIONS 'dsctl tls generate-server-cert-csr'¶
- --subject SUBJECT, -s SUBJECT
- Certificate Subject field to use
COMMAND 'dsctl tls import-client-ca'¶
usage: dsctl [instance] tls import-client-ca [-h] cert_path nickname
COMMAND 'dsctl tls import-ca'¶
usage: dsctl [instance] tls import-ca [-h] cert_path nickname [nickname ...]
COMMAND 'dsctl tls import-server-cert'¶
usage: dsctl [instance] tls import-server-cert [-h] cert_path
- cert_path
- The path to the x509 cert to import as Server-Cert
COMMAND 'dsctl tls import-server-key-cert'¶
usage: dsctl [instance] tls import-server-key-cert [-h] cert_path key_path
COMMAND 'dsctl tls remove-cert'¶
usage: dsctl [instance] tls remove-cert [-h] nickname
- nickname
- The name of the certificate to delete
COMMAND 'dsctl tls export-cert'¶
usage: dsctl [instance] tls export-cert [-h] [--binary-format]
[--output-file OUTPUT_FILE]
nickname
- nickname
- The name of the certificate to export
OPTIONS 'dsctl tls export-cert'¶
- --binary-format
- Export certificate in DER/binary format
- --output-file OUTPUT_FILE
- The name for the exported certificate. Default name is the certificate nickname with an extension of ".pem" or ".crt"
COMMAND 'dsctl healthcheck'¶
usage: dsctl [instance] healthcheck [-h] [--list-checks]
[--list-errors]
[--dry-run] [--check CHECK [CHECK ...]]
OPTIONS 'dsctl healthcheck'¶
- --list-checks
- List of known checks
- --list-errors
- List of known error codes
- --dry-run
- Do not execute the actual check, only list what would be done
- --check CHECK [CHECK ...]
- Areas to check. These can be obtained by --list-checks. Every element on the left of the colon (:) may be replaced by an asterisk if multiple options on the right are available.
COMMAND 'dsctl get-nsstate'¶
usage: dsctl [instance] get-nsstate [-h] [--suffix SUFFIX] [--flip FLIP]
OPTIONS 'dsctl get-nsstate'¶
- --suffix SUFFIX
- The DN of the replication suffix to read the state from
- --flip FLIP
- Flip between Little/Big Endian, this might be required for certain architectures
COMMAND 'dsctl ldifgen'¶
usage: dsctl [instance] ldifgen [-h]
{users,groups,cos-def,cos-template,roles,mod-load,nested}
...
POSITIONAL ARGUMENTS 'dsctl ldifgen'¶
- dsctl ldifgen users
- Generate a LDIF containing user entries
- dsctl ldifgen groups
- Generate a LDIF containing groups and members
- dsctl ldifgen cos-def
- Generate a LDIF containing a COS definition (classic, pointer, or indirect)
- dsctl ldifgen cos-template
- Generate a LDIF containing a COS template
- dsctl ldifgen roles
- Generate a LDIF containing a role entry (managed, filtered, or indirect)
- dsctl ldifgen mod-load
- Generate a LDIF containing modify operations. This is intended to be consumed by ldapmodify.
- dsctl ldifgen nested
- Generate a heavily nested database LDIF in a cascading/fractal tree design
COMMAND 'dsctl ldifgen users'¶
usage: dsctl [instance] ldifgen users [-h] [--number NUMBER]
[--suffix SUFFIX]
[--parent PARENT] [--generic]
[--start-idx START_IDX] [--rdn-cn]
[--localize] [--ldif-file LDIF_FILE]
OPTIONS 'dsctl ldifgen users'¶
- --number NUMBER
- The number of users to create.
- --suffix SUFFIX
- The database suffix where the entries will be created.
- --parent PARENT
- The parent entry that the user entries should be created under. If not specified, the entries are stored under random Organizational Units.
- --generic
- Create generic entries in the format of "uid=user####". These entries are also compatible with ldclt.
- --start-idx START_IDX
- For generic LDIF's you can choose the starting index for the user entries. The default is "0".
- --rdn-cn
- Use the attribute "cn" as the RDN attribute in the DN instead of "uid"
- --localize
- Localize the LDIF data
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl ldifgen groups'¶
usage: dsctl [instance] ldifgen groups [-h] [--number NUMBER]
[--suffix SUFFIX] [--parent PARENT]
[--num-members NUM_MEMBERS]
[--create-members]
[--member-parent MEMBER_PARENT]
[--member-attr MEMBER_ATTR]
[--ldif-file LDIF_FILE]
NAME
- NAME
- The group name.
OPTIONS 'dsctl ldifgen groups'¶
- --number NUMBER
- The number of groups to create.
- --suffix SUFFIX
- The database suffix where the groups will be created.
- --parent PARENT
- The parent entry that the group entries should be created under. If not specified the groups are stored under the suffix.
- --num-members NUM_MEMBERS
- The number of members in the group. Default is 10000
- --create-members
- Create the member user entries.
- --member-parent MEMBER_PARENT
- The entry DN that the members should be created under. The default is the suffix entry.
- --member-attr MEMBER_ATTR
- The membership attribute to use in the group. Default is "uniquemember".
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl ldifgen cos-def'¶
usage: dsctl [instance] ldifgen cos-def [-h] [--type TYPE]
[--parent PARENT]
[--create-parent]
[--cos-specifier COS_SPECIFIER]
[--cos-template COS_TEMPLATE]
[--cos-attr [COS_ATTR ...]]
[--ldif-file LDIF_FILE]
NAME
- NAME
- The COS definition name.
OPTIONS 'dsctl ldifgen cos-def'¶
- --type TYPE
- The COS definition type: "classic", "pointer", or "indirect".
- --parent PARENT
- The parent entry that the COS definition should be created under.
- --create-parent
- Create the parent entry
- --cos-specifier COS_SPECIFIER
- Used in a classic COS definition, this attribute located in the user entry is used to select which COS template to use.
- --cos-template COS_TEMPLATE
- The DN of the COS template entry, only used for "classic" and "pointer" COS definitions.
- --cos-attr [COS_ATTR ...]
- A list of attributes which defines which attribute the COS generates values for.
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl ldifgen cos-template'¶
usage: dsctl [instance] ldifgen cos-template [-h] [--parent
PARENT]
[--create-parent]
[--cos-priority COS_PRIORITY]
[--cos-attr-val COS_ATTR_VAL]
[--ldif-file LDIF_FILE]
NAME
- NAME
- The COS template name.
OPTIONS 'dsctl ldifgen cos-template'¶
- --parent PARENT
- The DN of the entry to store the COS template entry under.
- --create-parent
- Create the parent entry
- --cos-priority COS_PRIORITY
- Sets the priority of this conflicting/competing COS templates.
- --cos-attr-val COS_ATTR_VAL
- defines the attribute and value that the template provides.
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl ldifgen roles'¶
usage: dsctl [instance] ldifgen roles [-h] [--type TYPE] [--parent
PARENT]
[--create-parent] [--filter FILTER]
[--role-dn [ROLE_DN ...]]
[--ldif-file LDIF_FILE]
NAME
- NAME
- The Role name.
OPTIONS 'dsctl ldifgen roles'¶
- --type TYPE
- The Role type: "managed", "filtered", or "nested".
- --parent PARENT
- The DN of the entry to store the Role entry under
- --create-parent
- Create the parent entry
- --filter FILTER
- A search filter for gathering Role members. Required for a "filtered" role.
- --role-dn [ROLE_DN ...]
- A DN of a role entry that should be included in this role. Used for "nested" roles only.
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl ldifgen mod-load'¶
usage: dsctl [instance] ldifgen mod-load [-h] [--create-users]
[--delete-users]
[--num-users NUM_USERS]
[--parent PARENT] [--create-parent]
[--add-users ADD_USERS]
[--del-users DEL_USERS]
[--modrdn-users MODRDN_USERS]
[--mod-users MOD_USERS]
[--mod-attrs [MOD_ATTRS ...]]
[--randomize] [--ldif-file LDIF_FILE]
OPTIONS 'dsctl ldifgen mod-load'¶
- --create-users
- Create the entries that will be modified or deleted. By default the script assumes the user entries already exist.
- --delete-users
- Delete all the user entries at the end of the LDIF.
- --num-users NUM_USERS
- The number of user entries that will be modified or deleted
- --parent PARENT
- The DN of the parent entry where the user entries are located.
- --create-parent
- Create the parent entry
- --add-users ADD_USERS
- The number of additional entries to add during the load.
- --del-users DEL_USERS
- The number of entries to delete during the load.
- --modrdn-users MODRDN_USERS
- The number of entries to perform a modrdn operation on.
- --mod-users MOD_USERS
- The number of entries to modify.
- --mod-attrs [MOD_ATTRS ...]
- List of attributes the script will randomly choose from when modifying an entry. The default is "description".
- --randomize
- Randomly perform the specified add, mod, delete, and modrdn operations
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl ldifgen nested'¶
usage: dsctl [instance] ldifgen nested [-h] [--num-users
NUM_USERS]
[--node-limit NODE_LIMIT]
[--suffix SUFFIX]
[--ldif-file LDIF_FILE]
OPTIONS 'dsctl ldifgen nested'¶
- --num-users NUM_USERS
- The total number of user entries to create in the entire LDIF (does not include the container entries).
- --node-limit NODE_LIMIT
- The total number of user entries to create under each node/subtree
- --suffix SUFFIX
- The suffix DN for the LDIF
- --ldif-file LDIF_FILE
- The LDIF file name. Default location is the server's LDIF directory using the name 'ldifgen.ldif'
COMMAND 'dsctl dsrc'¶
usage: dsctl [instance] dsrc [-h] {create,modify,delete,display,repl-mon} ...
POSITIONAL ARGUMENTS 'dsctl dsrc'¶
- dsctl dsrc create
- Generate the .dsrc file
- dsctl dsrc modify
- Modify the .dsrc file
- dsctl dsrc delete
- Delete instance configuration from the .dsrc file.
- dsctl dsrc display
- Display the contents of the .dsrc file.
- dsctl dsrc repl-mon
- Display the contents of the .dsrc file.
COMMAND 'dsctl dsrc create'¶
usage: dsctl [instance] dsrc create [-h] [--uri URI] [--basedn
BASEDN]
[--people-rdn PEOPLE_RDN]
[--groups-rdn GROUPS_RDN]
[--binddn BINDDN] [--saslmech SASLMECH]
[--tls-cacertdir TLS_CACERTDIR]
[--tls-cert TLS_CERT] [--tls-key TLS_KEY]
[--tls-reqcert TLS_REQCERT] [--starttls]
[--pwdfile PWDFILE] [--do-it]
OPTIONS 'dsctl dsrc create'¶
- --uri URI
- The URI (LDAP URL) for the Directory Server instance.
- --basedn BASEDN
- The default database suffix.
- --people-rdn PEOPLE_RDN
- Set the RDN for the 'people' subtree. Default is "ou=people"
- --groups-rdn GROUPS_RDN
- Set the RDN for the 'groups' subtree. Default is "ou=groups"
- --binddn BINDDN
- The default Bind DN used or authentication.
- --saslmech SASLMECH
- The SASL mechanism to use: PLAIN or EXTERNAL.
- --tls-cacertdir TLS_CACERTDIR
- The directory containing the Trusted Certificate Authority certificate.
- --tls-cert TLS_CERT
- The absolute file name to the server certificate.
- --tls-key TLS_KEY
- The absolute file name to the server certificate key.
- --tls-reqcert TLS_REQCERT
- Request certificate strength: 'never', 'allow', 'hard'
- --starttls
- Use startTLS for connection to the server.
- --pwdfile PWDFILE
- The absolute path to a file containing the Bind DN's password.
- --do-it
- Create the file without any confirmation.
COMMAND 'dsctl dsrc modify'¶
usage: dsctl [instance] dsrc modify [-h] [--uri [URI]] [--basedn
[BASEDN]]
[--people-rdn [PEOPLE_RDN]]
[--groups-rdn [GROUPS_RDN]]
[--binddn [BINDDN]]
[--saslmech [SASLMECH]]
[--tls-cacertdir [TLS_CACERTDIR]]
[--tls-cert [TLS_CERT]]
[--tls-key [TLS_KEY]]
[--tls-reqcert [TLS_REQCERT]] [--starttls]
[--cancel-starttls] [--pwdfile [PWDFILE]]
[--do-it]
OPTIONS 'dsctl dsrc modify'¶
- --uri [URI]
- The URI (LDAP URL) for the Directory Server instance.
- --basedn [BASEDN]
- The default database suffix.
- --people-rdn [PEOPLE_RDN]
- Sets the RDN used for the 'people' container
- --groups-rdn [GROUPS_RDN]
- Sets the RDN used for the 'groups' container
- --binddn [BINDDN]
- The default Bind DN used or authentication.
- --saslmech [SASLMECH]
- The SASL mechanism to use: PLAIN or EXTERNAL.
- --tls-cacertdir [TLS_CACERTDIR]
- The directory containing the Trusted Certificate Authority certificate.
- --tls-cert [TLS_CERT]
- The absolute file name to the server certificate.
- --tls-key [TLS_KEY]
- The absolute file name to the server certificate key.
- --tls-reqcert [TLS_REQCERT]
- Request certificate strength: 'never', 'allow', 'hard'
- --starttls
- Use startTLS for connection to the server.
- --cancel-starttls
- Do not use startTLS for connection to the server.
- --pwdfile [PWDFILE]
- The absolute path to a file containing the Bind DN's password.
- --do-it
- Update the file without any confirmation.
COMMAND 'dsctl dsrc delete'¶
usage: dsctl [instance] dsrc delete [-h] [--do-it]
OPTIONS 'dsctl dsrc delete'¶
- --do-it
- Delete this instance's configuration from the .dsrc file.
COMMAND 'dsctl dsrc display'¶
usage: dsctl [instance] dsrc display [-h]
COMMAND 'dsctl dsrc repl-mon'¶
usage: dsctl [instance] dsrc repl-mon [-h]
[--add-conn ADD_CONN [ADD_CONN ...]]
[--del-conn DEL_CONN [DEL_CONN ...]]
[--add-alias ADD_ALIAS [ADD_ALIAS ...]]
[--del-alias DEL_ALIAS [DEL_ALIAS ...]]
OPTIONS 'dsctl dsrc repl-mon'¶
- --add-conn ADD_CONN [ADD_CONN ...]
- Add a replica connection: 'NAME:HOST:PORT:BINDDN:CREDENTIAL'
- --del-conn DEL_CONN [DEL_CONN ...]
- delete a replica connection by its NAME
- --add-alias ADD_ALIAS [ADD_ALIAS ...]
- Add a host/port alias: 'ALIAS_NAME:HOST:PORT'
- --del-alias DEL_ALIAS [DEL_ALIAS ...]
- delete a host/port alias by its ALIAS_NAME
COMMAND 'dsctl cockpit'¶
usage: dsctl [instance] cockpit [-h]
{enable,open-firewall,disable,close-firewall}
...
POSITIONAL ARGUMENTS 'dsctl cockpit'¶
- dsctl cockpit enable
- Enable the Cockpit socket
- dsctl cockpit open-firewall
- Open the firewall for the "cockpit" service
- dsctl cockpit disable
- Disable the Cockpit socket
- dsctl cockpit close-firewall
- Remove the "cockpit" service from the firewall settings
COMMAND 'dsctl cockpit enable'¶
usage: dsctl [instance] cockpit enable [-h]
COMMAND 'dsctl cockpit open-firewall'¶
usage: dsctl [instance] cockpit open-firewall [-h] [--zone ZONE]
OPTIONS 'dsctl cockpit open-firewall'¶
- --zone ZONE
- The firewall zone
COMMAND 'dsctl cockpit disable'¶
usage: dsctl [instance] cockpit disable [-h]
COMMAND 'dsctl cockpit close-firewall'¶
usage: dsctl [instance] cockpit close-firewall [-h]
COMMAND 'dsctl dblib'¶
usage: dsctl [instance] dblib [-h] {bdb2mdb,mdb2bdb,cleanup} ...
POSITIONAL ARGUMENTS 'dsctl dblib'¶
- dsctl dblib bdb2mdb
- Migrate bdb databases to lmdb
- dsctl dblib mdb2bdb
- Migrate lmdb databases to bdb
- dsctl dblib cleanup
- Remove migration ldif file and old database
COMMAND 'dsctl dblib bdb2mdb'¶
usage: dsctl [instance] dblib bdb2mdb [-h] [--tmpdir TMPDIR]
OPTIONS 'dsctl dblib bdb2mdb'¶
- --tmpdir TMPDIR
- ldif migration files directory path.
COMMAND 'dsctl dblib mdb2bdb'¶
usage: dsctl [instance] dblib mdb2bdb [-h] [--tmpdir TMPDIR]
OPTIONS 'dsctl dblib mdb2bdb'¶
- --tmpdir TMPDIR
- ldif migration files directory path.
COMMAND 'dsctl dblib cleanup'¶
usage: dsctl [instance] dblib cleanup [-h]
OPTIONS¶
- -v, --verbose
- Display verbose operation tracing during command execution
- -j, --json
- Return result in JSON object
- -l, --list
- List available Directory Server instances
AUTHOR¶
Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>
DISTRIBUTION¶
The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html
2024-05-31 | lib389 2.4.5 |