.TH DSCONF "1" "2025\-02\-11" "lib389 3.1.2" "Generated Python Manual" .SH NAME dsconf .SH SYNOPSIS .B dsconf [-h] [-v] [-j] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN] [-Z] instance {backend,backup,chaining,config,directory_manager,logging,monitor,plugin,pwpolicy,localpwp,replication,repl,repl-agmt,repl-winsync-agmt,repl-tasks,repl-conflict,sasl,security,schema} ... .SH POSITIONAL ARGUMENTS .TP \fBdsconf\fR \fI\,backend\/\fR Manage database suffixes and backends .TP \fBdsconf\fR \fI\,backup\/\fR Manage online backups .TP \fBdsconf\fR \fI\,chaining\/\fR Manage database chaining and database links .TP \fBdsconf\fR \fI\,config\/\fR Manage the server configuration .TP \fBdsconf\fR \fI\,directory_manager\/\fR Manage the Directory Manager account .TP \fBdsconf\fR \fI\,logging\/\fR Manage the server logs .TP \fBdsconf\fR \fI\,monitor\/\fR Monitor the state of the instance .TP \fBdsconf\fR \fI\,plugin\/\fR Manage plug\-ins available on the server .TP \fBdsconf\fR \fI\,pwpolicy\/\fR Manage the global password policy settings .TP \fBdsconf\fR \fI\,localpwp\/\fR Manage the local user and subtree password policies .TP \fBdsconf\fR \fI\,replication\/\fR Manage replication for a suffix .TP \fBdsconf\fR \fI\,repl\-agmt\/\fR Manage replication agreements .TP \fBdsconf\fR \fI\,repl\-winsync\-agmt\/\fR Manage Winsync agreements .TP \fBdsconf\fR \fI\,repl\-tasks\/\fR Manage replication tasks .TP \fBdsconf\fR \fI\,repl\-conflict\/\fR Manage replication conflicts .TP \fBdsconf\fR \fI\,sasl\/\fR Manage SASL mappings .TP \fBdsconf\fR \fI\,security\/\fR Manage security settings .TP \fBdsconf\fR \fI\,schema\/\fR Manage the directory schema .SH COMMAND \fI\,'dsconf backend'\/\fR usage: dsconf [\-v] [\-j] instance backend [\-h] {suffix,index,vlv\-index,attr\-encrypt,config,monitor,import,export,create,delete,get\-tree,compact\-db} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf backend'\/\fR .TP \fBdsconf backend\fR \fI\,suffix\/\fR Manage backend suffixes .TP \fBdsconf backend\fR \fI\,index\/\fR Manage backend indexes .TP \fBdsconf backend\fR \fI\,vlv\-index\/\fR Manage VLV searches and indexes .TP \fBdsconf backend\fR \fI\,attr\-encrypt\/\fR Manage encrypted attribute settings .TP \fBdsconf backend\fR \fI\,config\/\fR Manage the global database configuration settings .TP \fBdsconf backend\fR \fI\,monitor\/\fR Displays global database or suffix monitoring information .TP \fBdsconf backend\fR \fI\,import\/\fR Online import of a suffix .TP \fBdsconf backend\fR \fI\,export\/\fR Online export of a suffix .TP \fBdsconf backend\fR \fI\,create\/\fR Create a backend database .TP \fBdsconf backend\fR \fI\,delete\/\fR Delete a backend database .TP \fBdsconf backend\fR \fI\,get\-tree\/\fR Display the suffix tree .TP \fBdsconf backend\fR \fI\,compact\-db\/\fR Compact the database and the replication changelog .SH COMMAND \fI\,'dsconf backend suffix'\/\fR usage: dsconf [\-v] [\-j] instance backend suffix [\-h] {list,get,get\-dn,get\-sub\-suffixes,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf backend suffix'\/\fR .TP \fBdsconf backend suffix\fR \fI\,list\/\fR List active backends and suffixes .TP \fBdsconf backend suffix\fR \fI\,get\/\fR Display the suffix entry .TP \fBdsconf backend suffix\fR \fI\,get\-dn\/\fR Display the DN of a backend .TP \fBdsconf backend suffix\fR \fI\,get\-sub\-suffixes\/\fR Display sub\-suffixes .TP \fBdsconf backend suffix\fR \fI\,set\/\fR Set configuration settings for a specific backend .SH COMMAND \fI\,'dsconf backend suffix list'\/\fR usage: dsconf [\-v] [\-j] instance backend suffix list [\-h] [\-\-suffix] [\-\-skip\-subsuffixes] .SH OPTIONS \fI\,'dsconf backend suffix list'\/\fR .TP \fB\-\-suffix\fR Displays the suffixes without backend name .TP \fB\-\-skip\-subsuffixes\fR Displays the list of suffixes without sub\-suffixes .SH COMMAND \fI\,'dsconf backend suffix get'\/\fR usage: dsconf [\-v] [\-j] instance backend suffix get [\-h] [selector] .TP \fBselector\fR The backend database name to search for .SH COMMAND \fI\,'dsconf backend suffix get\-dn'\/\fR usage: dsconf [\-v] [\-j] instance backend suffix get\-dn [\-h] [dn] .TP \fBdn\fR The DN to the database entry in cn=ldbm database,cn=plugins,cn=config .SH COMMAND \fI\,'dsconf backend suffix get\-sub\-suffixes'\/\fR usage: dsconf [\-v] [\-j] instance backend suffix get\-sub\-suffixes [\-h] [\-\-suffix] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend suffix get\-sub\-suffixes'\/\fR .TP \fB\-\-suffix\fR Displays the list of suffixes without backend name .SH COMMAND \fI\,'dsconf backend suffix set'\/\fR usage: dsconf [\-v] [\-j] instance backend suffix set [\-h] [\-\-enable\-readonly] [\-\-disable\-readonly] [\-\-enable\-orphan] [\-\-disable\-orphan] [\-\-require\-index] [\-\-ignore\-index] [\-\-add\-referral ADD_REFERRAL] [\-\-del\-referral DEL_REFERRAL] [\-\-enable] [\-\-disable] [\-\-cache\-size CACHE_SIZE] [\-\-cache\-memsize CACHE_MEMSIZE] [\-\-dncache\-memsize DNCACHE_MEMSIZE] [\-\-state STATE] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend suffix set'\/\fR .TP \fB\-\-enable\-readonly\fR Enables read\-only mode for the backend database .TP \fB\-\-disable\-readonly\fR Disables read\-only mode for the backend database .TP \fB\-\-enable\-orphan\fR Disconnect a subsuffix from its parent suffix. .TP \fB\-\-disable\-orphan\fR Let the subsuffix be connected to its parent suffix. .TP \fB\-\-require\-index\fR Allows only indexed searches .TP \fB\-\-ignore\-index\fR Allows all searches even if they are unindexed .TP \fB\-\-add\-referral\fR \fI\,ADD_REFERRAL\/\fR Adds an LDAP referral to the backend .TP \fB\-\-del\-referral\fR \fI\,DEL_REFERRAL\/\fR Removes an LDAP referral from the backend .TP \fB\-\-enable\fR Enables the backend database .TP \fB\-\-disable\fR Disables the backend database .TP \fB\-\-cache\-size\fR \fI\,CACHE_SIZE\/\fR Sets the maximum number of entries to keep in the entry cache .TP \fB\-\-cache\-memsize\fR \fI\,CACHE_MEMSIZE\/\fR Sets the maximum size in bytes that the entry cache can grow to .TP \fB\-\-dncache\-memsize\fR \fI\,DNCACHE_MEMSIZE\/\fR Sets the maximum size in bytes that the DN cache can grow to .TP \fB\-\-state\fR \fI\,STATE\/\fR Changes the backend state to: "backend", "disabled", "referral", or "referral on update" .SH COMMAND \fI\,'dsconf backend index'\/\fR usage: dsconf [\-v] [\-j] instance backend index [\-h] {add,set,get,list,delete,reindex} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf backend index'\/\fR .TP \fBdsconf backend index\fR \fI\,add\/\fR Add an index .TP \fBdsconf backend index\fR \fI\,set\/\fR Update an index .TP \fBdsconf backend index\fR \fI\,get\/\fR Display an index entry .TP \fBdsconf backend index\fR \fI\,list\/\fR Display the index .TP \fBdsconf backend index\fR \fI\,delete\/\fR Delete an index .TP \fBdsconf backend index\fR \fI\,reindex\/\fR Re\-index the database for a single index or all indexes .SH COMMAND \fI\,'dsconf backend index add'\/\fR usage: dsconf [\-v] [\-j] instance backend index add [\-h] \-\-index\-type INDEX_TYPE [\-\-matching\-rule MATCHING_RULE] [\-\-reindex] \-\-attr ATTR be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend index add'\/\fR .TP \fB\-\-index\-type\fR \fI\,INDEX_TYPE\/\fR Sets the indexing type (eq, sub, pres, or approx) .TP \fB\-\-matching\-rule\fR \fI\,MATCHING_RULE\/\fR Sets the matching rule for the index .TP \fB\-\-reindex\fR Re\-indexes the database after adding a new index .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Sets the attribute name to index .SH COMMAND \fI\,'dsconf backend index set'\/\fR usage: dsconf [\-v] [\-j] instance backend index set [\-h] \-\-attr ATTR [\-\-add\-type ADD_TYPE] [\-\-del\-type DEL_TYPE] [\-\-add\-mr ADD_MR] [\-\-del\-mr DEL_MR] [\-\-reindex] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend index set'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Sets the indexed attribute to update .TP \fB\-\-add\-type\fR \fI\,ADD_TYPE\/\fR Adds an index type to the index (eq, sub, pres, or approx) .TP \fB\-\-del\-type\fR \fI\,DEL_TYPE\/\fR Removes an index type from the index: (eq, sub, pres, or approx) .TP \fB\-\-add\-mr\fR \fI\,ADD_MR\/\fR Adds a matching\-rule to the index .TP \fB\-\-del\-mr\fR \fI\,DEL_MR\/\fR Removes a matching\-rule from the index .TP \fB\-\-reindex\fR Re\-indexes the database after editing the index .SH COMMAND \fI\,'dsconf backend index get'\/\fR usage: dsconf [\-v] [\-j] instance backend index get [\-h] \-\-attr ATTR be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend index get'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Sets the index name to display .SH COMMAND \fI\,'dsconf backend index list'\/\fR usage: dsconf [\-v] [\-j] instance backend index list [\-h] [\-\-just\-names] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend index list'\/\fR .TP \fB\-\-just\-names\fR Displays only the names of indexed attributes .SH COMMAND \fI\,'dsconf backend index delete'\/\fR usage: dsconf [\-v] [\-j] instance backend index delete [\-h] [\-\-attr ATTR] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend index delete'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Sets the name of the attribute to delete from the index .SH COMMAND \fI\,'dsconf backend index reindex'\/\fR usage: dsconf [\-v] [\-j] instance backend index reindex [\-h] [\-\-attr ATTR] [\-\-wait] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend index reindex'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Sets the name of the attribute to re\-index. Omit this argument to re\-index all attributes .TP \fB\-\-wait\fR Waits for the index task to complete and reports the status .SH COMMAND \fI\,'dsconf backend vlv\-index'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index [\-h] {list,get,add\-search,edit\-search,del\-search,add\-index,del\-index,reindex} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf backend vlv\-index'\/\fR .TP \fBdsconf backend vlv\-index\fR \fI\,list\/\fR List VLV search and index entries .TP \fBdsconf backend vlv\-index\fR \fI\,get\/\fR Display a VLV search and indexes .TP \fBdsconf backend vlv\-index\fR \fI\,add\-search\/\fR Add a VLV search entry. The search entry is the parent entry of the VLV index entries, and it specifies the search parameters that are used to match entries for those indexes. .TP \fBdsconf backend vlv\-index\fR \fI\,edit\-search\/\fR Update a VLV search and index .TP \fBdsconf backend vlv\-index\fR \fI\,del\-search\/\fR Delete VLV search & index .TP \fBdsconf backend vlv\-index\fR \fI\,add\-index\/\fR Create a VLV index under a VLV search entry (parent entry, formatter_class=CustomHelpFormatter). The VLV index specifies the attributes to sort .TP \fBdsconf backend vlv\-index\fR \fI\,del\-index\/\fR Delete a VLV index under a VLV search entry (parent entry) .TP \fBdsconf backend vlv\-index\fR \fI\,reindex\/\fR Index/re\-index the VLV database index .SH COMMAND \fI\,'dsconf backend vlv\-index list'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index list [\-h] [\-\-just\-names] be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index list'\/\fR .TP \fB\-\-just\-names\fR Displays only the names of VLV search entries .SH COMMAND \fI\,'dsconf backend vlv\-index get'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index get [\-h] [\-\-name NAME] be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index get'\/\fR .TP \fB\-\-name\fR \fI\,NAME\/\fR Displays the VLV search entry and its index entries .SH COMMAND \fI\,'dsconf backend vlv\-index add\-search'\/\fR usage: dsconf instance [\-v] [\-j] backend vlv\-index add\-search [\-h] \-\-name NAME \-\-search\-base SEARCH_BASE \-\-search\-scope SEARCH_SCOPE \-\-search\-filter SEARCH_FILTER be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index add\-search'\/\fR .TP \fB\-\-name\fR \fI\,NAME\/\fR Sets the name of the VLV search entry .TP \fB\-\-search\-base\fR \fI\,SEARCH_BASE\/\fR Sets the VLV search base .TP \fB\-\-search\-scope\fR \fI\,SEARCH_SCOPE\/\fR Sets the VLV search scope: 0 (base search), 1 (one\-level search), or 2 (subtree search) .TP \fB\-\-search\-filter\fR \fI\,SEARCH_FILTER\/\fR Sets the VLV search filter .SH COMMAND \fI\,'dsconf backend vlv\-index edit\-search'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index edit\-search [\-h] \-\-name NAME [\-\-search\-base SEARCH_BASE] [\-\-search\-scope SEARCH_SCOPE] [\-\-search\-filter SEARCH_FILTER] [\-\-reindex] be_name .TP \fBbe_name\fR The backend name of the VLV index to update .SH OPTIONS \fI\,'dsconf backend vlv\-index edit\-search'\/\fR .TP \fB\-\-name\fR \fI\,NAME\/\fR Sets the name of the VLV index .TP \fB\-\-search\-base\fR \fI\,SEARCH_BASE\/\fR Sets the VLV search base .TP \fB\-\-search\-scope\fR \fI\,SEARCH_SCOPE\/\fR Sets the VLV search scope: 0 (base search), 1 (one\-level search), or 2 (subtree search) .TP \fB\-\-search\-filter\fR \fI\,SEARCH_FILTER\/\fR Sets the VLV search filter .TP \fB\-\-reindex\fR Re\-indexes all VLV database indexes .SH COMMAND \fI\,'dsconf backend vlv\-index del\-search'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index del\-search [\-h] \-\-name NAME be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index del\-search'\/\fR .TP \fB\-\-name\fR \fI\,NAME\/\fR Sets the name of the VLV search index .SH COMMAND \fI\,'dsconf backend vlv\-index add\-index'\/\fR usage: dsconf instance [\-v] [\-j] backend vlv\-index add\-index [\-h] \-\-parent\-name PARENT_NAME \-\-index\-name INDEX_NAME \-\-sort SORT [\-\-index\-it] be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index add\-index'\/\fR .TP \fB\-\-parent\-name\fR \fI\,PARENT_NAME\/\fR Sets the name or "cn" attribute of the parent VLV search entry .TP \fB\-\-index\-name\fR \fI\,INDEX_NAME\/\fR Sets the name of the new VLV index .TP \fB\-\-sort\fR \fI\,SORT\/\fR Sets a space\-separated list of attributes to sort for this VLV index .TP \fB\-\-index\-it\fR Creates the database index for this VLV index definition .SH COMMAND \fI\,'dsconf backend vlv\-index del\-index'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index del\-index [\-h] \-\-parent\-name PARENT_NAME [\-\-index\-name INDEX_NAME] [\-\-sort SORT] be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index del\-index'\/\fR .TP \fB\-\-parent\-name\fR \fI\,PARENT_NAME\/\fR Sets the name or "cn" attribute value of the parent VLV search entry .TP \fB\-\-index\-name\fR \fI\,INDEX_NAME\/\fR Sets the name of the VLV index to delete .TP \fB\-\-sort\fR \fI\,SORT\/\fR Delete a VLV index that has this vlvsort value .SH COMMAND \fI\,'dsconf backend vlv\-index reindex'\/\fR usage: dsconf [\-v] [\-j] instance backend vlv\-index reindex [\-h] [\-\-index\-name INDEX_NAME] \-\-parent\-name PARENT_NAME be_name .TP \fBbe_name\fR The backend name of the VLV index .SH OPTIONS \fI\,'dsconf backend vlv\-index reindex'\/\fR .TP \fB\-\-index\-name\fR \fI\,INDEX_NAME\/\fR Sets the name of the VLV index entry to re\-index. If not set, all indexes are re\-indexed .TP \fB\-\-parent\-name\fR \fI\,PARENT_NAME\/\fR Sets the name or "cn" attribute value of the parent VLV search entry .SH COMMAND \fI\,'dsconf backend attr\-encrypt'\/\fR usage: dsconf [\-v] [\-j] instance backend attr\-encrypt [\-h] [\-\-list] [\-\-just\-names] [\-\-add\-attr ADD_ATTR] [\-\-del\-attr DEL_ATTR] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend attr\-encrypt'\/\fR .TP \fB\-\-list\fR Lists all encrypted attributes in the backend .TP \fB\-\-just\-names\fR List only the names of the encrypted attributes when used with \-\-list .TP \fB\-\-add\-attr\fR \fI\,ADD_ATTR\/\fR Enables encryption for the specified attribute .TP \fB\-\-del\-attr\fR \fI\,DEL_ATTR\/\fR Disables encryption for the specified attribute .SH COMMAND \fI\,'dsconf backend config'\/\fR usage: dsconf [\-v] [\-j] instance backend config [\-h] {get,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf backend config'\/\fR .TP \fBdsconf backend config\fR \fI\,get\/\fR Display the global database configuration .TP \fBdsconf backend config\fR \fI\,set\/\fR Set the global database configuration .SH COMMAND \fI\,'dsconf backend config get'\/\fR usage: dsconf [\-v] [\-j] instance backend config get [\-h] .SH COMMAND \fI\,'dsconf backend config set'\/\fR usage: dsconf [\-v] [\-j] instance backend config set [\-h] [\-\-lookthroughlimit LOOKTHROUGHLIMIT] [\-\-mode MODE] [\-\-idlistscanlimit IDLISTSCANLIMIT] [\-\-directory DIRECTORY] [\-\-dbcachesize DBCACHESIZE] [\-\-logdirectory LOGDIRECTORY] [\-\-txn\-wait TXN_WAIT] [\-\-checkpoint\-interval CHECKPOINT_INTERVAL] [\-\-compactdb\-interval COMPACTDB_INTERVAL] [\-\-compactdb\-time COMPACTDB_TIME] [\-\-txn\-batch\-val TXN_BATCH_VAL] [\-\-txn\-batch\-min TXN_BATCH_MIN] [\-\-txn\-batch\-max TXN_BATCH_MAX] [\-\-logbufsize LOGBUFSIZE] [\-\-locks LOCKS] [\-\-locks\-monitoring\-enabled LOCKS_MONITORING_ENABLED] [\-\-locks\-monitoring\-threshold LOCKS_MONITORING_THRESHOLD] [\-\-locks\-monitoring\-pause LOCKS_MONITORING_PAUSE] [\-\-import\-cache\-autosize IMPORT_CACHE_AUTOSIZE] [\-\-cache\-autosize CACHE_AUTOSIZE] [\-\-cache\-autosize\-split CACHE_AUTOSIZE_SPLIT] [\-\-import\-cachesize IMPORT_CACHESIZE] [\-\-exclude\-from\-export EXCLUDE_FROM_EXPORT] [\-\-pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT] [\-\-pagedidlistscanlimit PAGEDIDLISTSCANLIMIT] [\-\-rangelookthroughlimit RANGELOOKTHROUGHLIMIT] [\-\-backend\-opt\-level BACKEND_OPT_LEVEL] [\-\-deadlock\-policy DEADLOCK_POLICY] [\-\-db\-home\-directory DB_HOME_DIRECTORY] [\-\-db\-lib DB_LIB] [\-\-mdb\-max\-size MDB_MAX_SIZE] [\-\-mdb\-max\-readers MDB_MAX_READERS] [\-\-mdb\-max\-dbs MDB_MAX_DBS] .SH OPTIONS \fI\,'dsconf backend config set'\/\fR .TP \fB\-\-lookthroughlimit\fR \fI\,LOOKTHROUGHLIMIT\/\fR Specifies the maximum number of entries that the server will check when examining candidate entries in response to a search request .TP \fB\-\-mode\fR \fI\,MODE\/\fR Specifies the permissions used for newly created index files .TP \fB\-\-idlistscanlimit\fR \fI\,IDLISTSCANLIMIT\/\fR Specifies the number of entry IDs that are searched during a search operation .TP \fB\-\-directory\fR \fI\,DIRECTORY\/\fR Specifies absolute path to database instance .TP \fB\-\-dbcachesize\fR \fI\,DBCACHESIZE\/\fR Specifies the database index cache size in bytes .TP \fB\-\-logdirectory\fR \fI\,LOGDIRECTORY\/\fR Specifies the path to the directory that contains the database transaction logs .TP \fB\-\-txn\-wait\fR \fI\,TXN_WAIT\/\fR Sets whether the server should should wait if there are no db locks available .TP \fB\-\-checkpoint\-interval\fR \fI\,CHECKPOINT_INTERVAL\/\fR Sets the amount of time in seconds after which the server sends a checkpoint entry to the database transaction log .TP \fB\-\-compactdb\-interval\fR \fI\,COMPACTDB_INTERVAL\/\fR Sets the interval in seconds when the database is compacted .TP \fB\-\-compactdb\-time\fR \fI\,COMPACTDB_TIME\/\fR Sets the time (HH:MM format) of day when to compact the database after the "compactdb interval" has been reached .TP \fB\-\-txn\-batch\-val\fR \fI\,TXN_BATCH_VAL\/\fR Specifies how many transactions will be batched before being committed .TP \fB\-\-txn\-batch\-min\fR \fI\,TXN_BATCH_MIN\/\fR Controls when transactions should be flushed earliest, independently of the batch count. Requires that txn\-batch\-val is set .TP \fB\-\-txn\-batch\-max\fR \fI\,TXN_BATCH_MAX\/\fR Controls when transactions should be flushed latest, independently of the batch count. Requires that txn\-batch\-val is set) .TP \fB\-\-logbufsize\fR \fI\,LOGBUFSIZE\/\fR Specifies the transaction log information buffer size .TP \fB\-\-locks\fR \fI\,LOCKS\/\fR Sets the maximum number of database locks .TP \fB\-\-locks\-monitoring\-enabled\fR \fI\,LOCKS_MONITORING_ENABLED\/\fR Enables or disables monitoring of DB locks when the value crosses the percentage set with "\-\-locks\-monitoring\-threshold" .TP \fB\-\-locks\-monitoring\-threshold\fR \fI\,LOCKS_MONITORING_THRESHOLD\/\fR Sets the DB lock exhaustion threshold in percentage (valid range is 70\-90). When the threshold is reached, all searches are aborted until the number of active locks decreases below the configured threshold and/or the administrator increases the number of database locks (nsslapd\-db\-locks). This threshold is a safeguard against DB corruption which might be caused by locks exhaustion. .TP \fB\-\-locks\-monitoring\-pause\fR \fI\,LOCKS_MONITORING_PAUSE\/\fR Sets the DB lock monitoring value in milliseconds for the amount of time that the monitoring thread spends waiting between checks. .TP \fB\-\-import\-cache\-autosize\fR \fI\,IMPORT_CACHE_AUTOSIZE\/\fR Enables or disables to automatically set the size of the import cache to be used during the import process of LDIF files .TP \fB\-\-cache\-autosize\fR \fI\,CACHE_AUTOSIZE\/\fR Sets the percentage of free memory that is used in total for the database and entry cache. "0" disables this feature. .TP \fB\-\-cache\-autosize\-split\fR \fI\,CACHE_AUTOSIZE_SPLIT\/\fR Sets the percentage of RAM that is used for the database cache. The remaining percentage is used for the entry cache .TP \fB\-\-import\-cachesize\fR \fI\,IMPORT_CACHESIZE\/\fR Sets the size in bytes of the database cache used in the import process. .TP \fB\-\-exclude\-from\-export\fR \fI\,EXCLUDE_FROM_EXPORT\/\fR List of attributes to not include during database export operations .TP \fB\-\-pagedlookthroughlimit\fR \fI\,PAGEDLOOKTHROUGHLIMIT\/\fR Specifies the maximum number of entries that the server will check when examining candidate entries for a search which uses the simple paged results control .TP \fB\-\-pagedidlistscanlimit\fR \fI\,PAGEDIDLISTSCANLIMIT\/\fR Specifies the number of entry IDs that are searched, specifically, for a search operation using the simple paged results control. .TP \fB\-\-rangelookthroughlimit\fR \fI\,RANGELOOKTHROUGHLIMIT\/\fR Specifies the maximum number of entries that the server will check when examining candidate entries in response to a range search request. .TP \fB\-\-backend\-opt\-level\fR \fI\,BACKEND_OPT_LEVEL\/\fR Sets the backend optimization level for write performance (0, 1, 2, or 4). WARNING: This parameter can trigger experimental code. .TP \fB\-\-deadlock\-policy\fR \fI\,DEADLOCK_POLICY\/\fR Adjusts the backend database deadlock policy (Advanced setting) .TP \fB\-\-db\-home\-directory\fR \fI\,DB_HOME_DIRECTORY\/\fR Sets the directory for the database mmapped files (Advanced setting) .TP \fB\-\-db\-lib\fR \fI\,DB_LIB\/\fR Sets which db lib is used. Valid values are: bdb or mdb .TP \fB\-\-mdb\-max\-size\fR \fI\,MDB_MAX_SIZE\/\fR Sets the lmdb database maximum size (in bytes). .TP \fB\-\-mdb\-max\-readers\fR \fI\,MDB_MAX_READERS\/\fR Sets the lmdb database maximum number of readers (Advanced setting) .TP \fB\-\-mdb\-max\-dbs\fR \fI\,MDB_MAX_DBS\/\fR Sets the lmdb database maximum number of sub databases (Advanced setting) .SH COMMAND \fI\,'dsconf backend monitor'\/\fR usage: dsconf [\-v] [\-j] instance backend monitor [\-h] [\-\-suffix SUFFIX] .SH OPTIONS \fI\,'dsconf backend monitor'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Displays monitoring information only for the specified suffix .SH COMMAND \fI\,'dsconf backend import'\/\fR usage: dsconf [\-v] [\-j] instance backend import [\-h] [\-c CHUNKS_SIZE] [\-E] [\-g GEN_UNIQ_ID] [\-O] [\-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]] [\-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]] [\-\-timeout TIMEOUT] [be_name] [ldifs ...] .TP \fBbe_name\fR The backend name or the root suffix .TP \fBldifs\fR Specifies the filename of the input LDIF files. Multiple files are imported in the specified order. .SH OPTIONS \fI\,'dsconf backend import'\/\fR .TP \fB\-c\fR \fI\,CHUNKS_SIZE\/\fR, \fB\-\-chunks\-size\fR \fI\,CHUNKS_SIZE\/\fR The number of chunks to have during the import operation .TP \fB\-E\fR, \fB\-\-encrypted\fR Encrypt attributes configured in the database for encryption .TP \fB\-g\fR \fI\,GEN_UNIQ_ID\/\fR, \fB\-\-gen\-uniq\-id\fR \fI\,GEN_UNIQ_ID\/\fR Generate a unique id. Set "none" for no unique ID to be generated and "deterministic" for the generated unique ID to be name\-based. By default, a time\-based unique ID is generated. When using the deterministic generation to have a name\-based unique ID, it is also possible to specify the namespace for the server to use. namespaceId is a string of characters in the format 00\-xxxxxxxx\-xxxxxxxx\-xxxxxxxx\-xxxxxxxx. .TP \fB\-O\fR, \fB\-\-only\-core\fR Creates only the core database attribute indexes .TP \fB\-s\fR \fI\,INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]\/\fR, \fB\-\-include\-suffixes\fR \fI\,INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]\/\fR Specifies the suffixes or the subtrees to be included .TP \fB\-x\fR \fI\,EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]\/\fR, \fB\-\-exclude\-suffixes\fR \fI\,EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]\/\fR Specifies the suffixes to be excluded .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the export task. Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf backend export'\/\fR usage: dsconf [\-v] [\-j] instance backend export [\-h] [\-l LDIF] [\-C] [\-E] [\-m] [\-N] [\-r] [\-u] [\-U] [\-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]] [\-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]] [\-\-timeout TIMEOUT] be_names [be_names ...] .TP \fBbe_names\fR The backend names or the root suffixes .SH OPTIONS \fI\,'dsconf backend export'\/\fR .TP \fB\-l\fR \fI\,LDIF\/\fR, \fB\-\-ldif\fR \fI\,LDIF\/\fR Sets the filename of the output LDIF file. Separate multiple file names with spaces. .TP \fB\-C\fR, \fB\-\-use\-id2entry\fR Uses only the main database file .TP \fB\-E\fR, \fB\-\-encrypted\fR Decrypts encrypted data during export. This option is used only if database encryption is enabled. .TP \fB\-m\fR, \fB\-\-min\-base64\fR Sets minimal base\-64 encoding .TP \fB\-N\fR, \fB\-\-no\-seq\-num\fR Suppresses printing the sequence numbers .TP \fB\-r\fR, \fB\-\-replication\fR Exports the data with information required to initialize a replica .TP \fB\-u\fR, \fB\-\-no\-dump\-uniq\-id\fR Omits exporting the unique ID .TP \fB\-U\fR, \fB\-\-not\-folded\fR Disables folding the output .TP \fB\-s\fR \fI\,INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]\/\fR, \fB\-\-include\-suffixes\fR \fI\,INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]\/\fR Specifies the suffixes or the subtrees to be included .TP \fB\-x\fR \fI\,EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]\/\fR, \fB\-\-exclude\-suffixes\fR \fI\,EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]\/\fR Specifies the suffixes to be excluded .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the export task. Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf backend create'\/\fR usage: dsconf [\-v] [\-j] instance backend create [\-h] [\-\-parent\-suffix PARENT_SUFFIX] \-\-suffix SUFFIX \-\-be\-name BE_NAME [\-\-create\-entries] [\-\-create\-suffix] .SH OPTIONS \fI\,'dsconf backend create'\/\fR .TP \fB\-\-parent\-suffix\fR \fI\,PARENT_SUFFIX\/\fR Sets the parent suffix only if this backend is a sub\-suffix .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the database suffix DN .TP \fB\-\-be\-name\fR \fI\,BE_NAME\/\fR Sets the database backend name" .TP \fB\-\-create\-entries\fR Adds sample entries to the database .TP \fB\-\-create\-suffix\fR Creates the suffix object entry in the database. Only suffixes using the 'dc', 'o', 'ou', or 'cn' attributes are supported. .SH COMMAND \fI\,'dsconf backend delete'\/\fR usage: dsconf [\-v] [\-j] instance backend delete [\-h] [\-\-do\-it] be_name .TP \fBbe_name\fR The backend name or suffix .SH OPTIONS \fI\,'dsconf backend delete'\/\fR .TP \fB\-\-do\-it\fR Remove backend and its subsuffixes .SH COMMAND \fI\,'dsconf backend get\-tree'\/\fR usage: dsconf [\-v] [\-j] instance backend get\-tree [\-h] .SH COMMAND \fI\,'dsconf backend compact\-db'\/\fR usage: dsconf [\-v] [\-j] instance backend compact\-db [\-h] [\-\-only\-changelog] [\-\-timeout TIMEOUT] .SH OPTIONS \fI\,'dsconf backend compact\-db'\/\fR .TP \fB\-\-only\-changelog\fR Compacts only the replication change log .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the compaction task. Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf backup'\/\fR usage: dsconf [\-v] [\-j] instance backup [\-h] {create,restore} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf backup'\/\fR .TP \fBdsconf backup\fR \fI\,create\/\fR Creates a backup of the database .TP \fBdsconf backup\fR \fI\,restore\/\fR Restores a database from a backup .SH COMMAND \fI\,'dsconf backup create'\/\fR usage: dsconf [\-v] [\-j] instance backup create [\-h] [\-t DB_TYPE] [\-\-timeout TIMEOUT] [archive] .TP \fBarchive\fR Sets the directory where to store the backup files. Format: instance_name\- year_month_date_hour_minutes_seconds. Default: /var/lib/dirsrv/slapd\- instance/bak/ .SH OPTIONS \fI\,'dsconf backup create'\/\fR .TP \fB\-t\fR \fI\,DB_TYPE\/\fR, \fB\-\-db\-type\fR \fI\,DB_TYPE\/\fR Sets the database type. Default: ldbm database .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Sets the task timeout. Default is 120 seconds, .SH COMMAND \fI\,'dsconf backup restore'\/\fR usage: dsconf [\-v] [\-j] instance backup restore [\-h] [\-t DB_TYPE] [\-\-timeout TIMEOUT] archive .TP \fBarchive\fR Set the directory that contains the backup files .SH OPTIONS \fI\,'dsconf backup restore'\/\fR .TP \fB\-t\fR \fI\,DB_TYPE\/\fR, \fB\-\-db\-type\fR \fI\,DB_TYPE\/\fR Sets the database type. Default: ldbm database .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Sets the task timeout. Default is 120 seconds. .SH COMMAND \fI\,'dsconf chaining'\/\fR usage: dsconf [\-v] [\-j] instance chaining [\-h] {config\-get,config\-set,config\-get\-def,config\-set\-def,link\-create,link\-get,link\-set,link\-delete,monitor,link\-list} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf chaining'\/\fR .TP \fBdsconf chaining\fR \fI\,config\-get\/\fR Display the chaining controls and server component lists .TP \fBdsconf chaining\fR \fI\,config\-set\/\fR Set the chaining controls and server component lists .TP \fBdsconf chaining\fR \fI\,config\-get\-def\/\fR Display the default creation parameters for new database links .TP \fBdsconf chaining\fR \fI\,config\-set\-def\/\fR Set the default creation parameters for new database links .TP \fBdsconf chaining\fR \fI\,link\-create\/\fR Create a database link to a remote server .TP \fBdsconf chaining\fR \fI\,link\-get\/\fR Displays chaining database links .TP \fBdsconf chaining\fR \fI\,link\-set\/\fR Edit a database link to a remote server .TP \fBdsconf chaining\fR \fI\,link\-delete\/\fR Delete a database link .TP \fBdsconf chaining\fR \fI\,monitor\/\fR Display monitor information for a database chaining link .TP \fBdsconf chaining\fR \fI\,link\-list\/\fR List database links .SH COMMAND \fI\,'dsconf chaining config\-get'\/\fR usage: dsconf [\-v] [\-j] instance chaining config\-get [\-h] [\-\-avail\-controls] [\-\-avail\-comps] .SH OPTIONS \fI\,'dsconf chaining config\-get'\/\fR .TP \fB\-\-avail\-controls\fR Lists available chaining controls .TP \fB\-\-avail\-comps\fR Lists available chaining plugin components .SH COMMAND \fI\,'dsconf chaining config\-set'\/\fR usage: dsconf [\-v] [\-j] instance chaining config\-set [\-h] [\-\-add\-control ADD_CONTROL] [\-\-del\-control DEL_CONTROL] [\-\-add\-comp ADD_COMP] [\-\-del\-comp DEL_COMP] .SH OPTIONS \fI\,'dsconf chaining config\-set'\/\fR .TP \fB\-\-add\-control\fR \fI\,ADD_CONTROL\/\fR Adds a transmitted control OID .TP \fB\-\-del\-control\fR \fI\,DEL_CONTROL\/\fR Deletes a transmitted control OID .TP \fB\-\-add\-comp\fR \fI\,ADD_COMP\/\fR Adds a chaining component .TP \fB\-\-del\-comp\fR \fI\,DEL_COMP\/\fR Deletes a chaining component .SH COMMAND \fI\,'dsconf chaining config\-get\-def'\/\fR usage: dsconf [\-v] [\-j] instance chaining config\-get\-def [\-h] .SH COMMAND \fI\,'dsconf chaining config\-set\-def'\/\fR usage: dsconf [\-v] [\-j] instance chaining config\-set\-def [\-h] [\-\-conn\-bind\-limit CONN_BIND_LIMIT] [\-\-conn\-op\-limit CONN_OP_LIMIT] [\-\-abandon\-check\-interval ABANDON_CHECK_INTERVAL] [\-\-bind\-limit BIND_LIMIT] [\-\-op\-limit OP_LIMIT] [\-\-proxied\-auth PROXIED_AUTH] [\-\-conn\-lifetime CONN_LIFETIME] [\-\-bind\-timeout BIND_TIMEOUT] [\-\-return\-ref RETURN_REF] [\-\-check\-aci CHECK_ACI] [\-\-bind\-attempts BIND_ATTEMPTS] [\-\-size\-limit SIZE_LIMIT] [\-\-time\-limit TIME_LIMIT] [\-\-hop\-limit HOP_LIMIT] [\-\-response\-delay RESPONSE_DELAY] [\-\-test\-response\-delay TEST_RESPONSE_DELAY] [\-\-use\-starttls USE_STARTTLS] .SH OPTIONS \fI\,'dsconf chaining config\-set\-def'\/\fR .TP \fB\-\-conn\-bind\-limit\fR \fI\,CONN_BIND_LIMIT\/\fR Sets the maximum number of BIND connections the database link establishes with the remote server .TP \fB\-\-conn\-op\-limit\fR \fI\,CONN_OP_LIMIT\/\fR Sets the maximum number of LDAP connections the database link establishes with the remote server .TP \fB\-\-abandon\-check\-interval\fR \fI\,ABANDON_CHECK_INTERVAL\/\fR Sets the number of seconds that pass before the server checks for abandoned operations .TP \fB\-\-bind\-limit\fR \fI\,BIND_LIMIT\/\fR Sets the maximum number of concurrent bind operations per TCP connection .TP \fB\-\-op\-limit\fR \fI\,OP_LIMIT\/\fR Sets the maximum number of concurrent operations allowed .TP \fB\-\-proxied\-auth\fR \fI\,PROXIED_AUTH\/\fR Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute. .TP \fB\-\-conn\-lifetime\fR \fI\,CONN_LIFETIME\/\fR Specifies connection lifetime in seconds. "0" keeps the connection open forever. .TP \fB\-\-bind\-timeout\fR \fI\,BIND_TIMEOUT\/\fR Sets the amount of time in seconds before a bind attempt times out .TP \fB\-\-return\-ref\fR \fI\,RETURN_REF\/\fR Enables or disables whether referrals are returned by scoped searches .TP \fB\-\-check\-aci\fR \fI\,CHECK_ACI\/\fR Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server .TP \fB\-\-bind\-attempts\fR \fI\,BIND_ATTEMPTS\/\fR Sets the number of times the server tries to bind to the remote server .TP \fB\-\-size\-limit\fR \fI\,SIZE_LIMIT\/\fR Sets the maximum number of entries to return from a search operation .TP \fB\-\-time\-limit\fR \fI\,TIME_LIMIT\/\fR Sets the maximum number of seconds allowed for an operation .TP \fB\-\-hop\-limit\fR \fI\,HOP_LIMIT\/\fR Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another. .TP \fB\-\-response\-delay\fR \fI\,RESPONSE_DELAY\/\fR Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected .TP \fB\-\-test\-response\-delay\fR \fI\,TEST_RESPONSE_DELAY\/\fR Sets the duration of the test issued by the database link to check whether the remote server is responding .TP \fB\-\-use\-starttls\fR \fI\,USE_STARTTLS\/\fR Configured that database links use StartTLS if set to "on" .SH COMMAND \fI\,'dsconf chaining link\-create'\/\fR usage: dsconf instance [\-v] [\-j] chaining link\-create [\-h] [\-\-conn\-bind\-limit CONN_BIND_LIMIT] [\-\-conn\-op\-limit CONN_OP_LIMIT] [\-\-abandon\-check\-interval ABANDON_CHECK_INTERVAL] [\-\-bind\-limit BIND_LIMIT] [\-\-op\-limit OP_LIMIT] [\-\-proxied\-auth PROXIED_AUTH] [\-\-conn\-lifetime CONN_LIFETIME] [\-\-bind\-timeout BIND_TIMEOUT] [\-\-return\-ref RETURN_REF] [\-\-check\-aci CHECK_ACI] [\-\-bind\-attempts BIND_ATTEMPTS] [\-\-size\-limit SIZE_LIMIT] [\-\-time\-limit TIME_LIMIT] [\-\-hop\-limit HOP_LIMIT] [\-\-response\-delay RESPONSE_DELAY] [\-\-test\-response\-delay TEST_RESPONSE_DELAY] [\-\-use\-starttls USE_STARTTLS] \-\-suffix SUFFIX \-\-server\-url SERVER_URL \-\-bind\-mech BIND_MECH \-\-bind\-dn BIND_DN [\-\-bind\-pw BIND_PW] [\-\-bind\-pw\-file BIND_PW_FILE] [\-\-bind\-pw\-prompt] CHAIN_NAME .TP \fBCHAIN_NAME\fR The name of the database link .SH OPTIONS \fI\,'dsconf chaining link\-create'\/\fR .TP \fB\-\-conn\-bind\-limit\fR \fI\,CONN_BIND_LIMIT\/\fR Sets the maximum number of BIND connections the database link establishes with the remote server .TP \fB\-\-conn\-op\-limit\fR \fI\,CONN_OP_LIMIT\/\fR Sets the maximum number of LDAP connections the database link establishes with the remote server .TP \fB\-\-abandon\-check\-interval\fR \fI\,ABANDON_CHECK_INTERVAL\/\fR Sets the number of seconds that pass before the server checks for abandoned operations .TP \fB\-\-bind\-limit\fR \fI\,BIND_LIMIT\/\fR Sets the maximum number of concurrent bind operations per TCP connection .TP \fB\-\-op\-limit\fR \fI\,OP_LIMIT\/\fR Sets the maximum number of concurrent operations allowed .TP \fB\-\-proxied\-auth\fR \fI\,PROXIED_AUTH\/\fR Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute. .TP \fB\-\-conn\-lifetime\fR \fI\,CONN_LIFETIME\/\fR Specifies connection lifetime in seconds. "0" keeps the connection open forever. .TP \fB\-\-bind\-timeout\fR \fI\,BIND_TIMEOUT\/\fR Sets the amount of time in seconds before a bind attempt times out .TP \fB\-\-return\-ref\fR \fI\,RETURN_REF\/\fR Enables or disables whether referrals are returned by scoped searches .TP \fB\-\-check\-aci\fR \fI\,CHECK_ACI\/\fR Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server .TP \fB\-\-bind\-attempts\fR \fI\,BIND_ATTEMPTS\/\fR Sets the number of times the server tries to bind to the remote server .TP \fB\-\-size\-limit\fR \fI\,SIZE_LIMIT\/\fR Sets the maximum number of entries to return from a search operation .TP \fB\-\-time\-limit\fR \fI\,TIME_LIMIT\/\fR Sets the maximum number of seconds allowed for an operation .TP \fB\-\-hop\-limit\fR \fI\,HOP_LIMIT\/\fR Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another. .TP \fB\-\-response\-delay\fR \fI\,RESPONSE_DELAY\/\fR Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected .TP \fB\-\-test\-response\-delay\fR \fI\,TEST_RESPONSE_DELAY\/\fR Sets the duration of the test issued by the database link to check whether the remote server is responding .TP \fB\-\-use\-starttls\fR \fI\,USE_STARTTLS\/\fR Configured that database links use StartTLS if set to "on" .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the suffix managed by the database link .TP \fB\-\-server\-url\fR \fI\,SERVER_URL\/\fR Sets the LDAP/LDAPS URL to the remote server .TP \fB\-\-bind\-mech\fR \fI\,BIND_MECH\/\fR Sets the authentication method to use to authenticate to the remote server. Valid values: "SIMPLE" (default), "EXTERNAL", "DIGEST\-MD5", or "GSSAPI" .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the DN of the administrative entry used to communicate with the remote server .TP \fB\-\-bind\-pw\fR \fI\,BIND_PW\/\fR Sets the password of the administrative user .TP \fB\-\-bind\-pw\-file\fR \fI\,BIND_PW_FILE\/\fR File containing the password .TP \fB\-\-bind\-pw\-prompt\fR Prompt for password .SH COMMAND \fI\,'dsconf chaining link\-get'\/\fR usage: dsconf [\-v] [\-j] instance chaining link\-get [\-h] CHAIN_NAME .TP \fBCHAIN_NAME\fR The chaining link name or suffix to retrieve .SH COMMAND \fI\,'dsconf chaining link\-set'\/\fR usage: dsconf instance [\-v] [\-j] chaining link\-set [\-h] [\-\-conn\-bind\-limit CONN_BIND_LIMIT] [\-\-conn\-op\-limit CONN_OP_LIMIT] [\-\-abandon\-check\-interval ABANDON_CHECK_INTERVAL] [\-\-bind\-limit BIND_LIMIT] [\-\-op\-limit OP_LIMIT] [\-\-proxied\-auth PROXIED_AUTH] [\-\-conn\-lifetime CONN_LIFETIME] [\-\-bind\-timeout BIND_TIMEOUT] [\-\-return\-ref RETURN_REF] [\-\-check\-aci CHECK_ACI] [\-\-bind\-attempts BIND_ATTEMPTS] [\-\-size\-limit SIZE_LIMIT] [\-\-time\-limit TIME_LIMIT] [\-\-hop\-limit HOP_LIMIT] [\-\-response\-delay RESPONSE_DELAY] [\-\-test\-response\-delay TEST_RESPONSE_DELAY] [\-\-use\-starttls USE_STARTTLS] [\-\-suffix SUFFIX] [\-\-server\-url SERVER_URL] [\-\-bind\-mech BIND_MECH] [\-\-bind\-dn BIND_DN] [\-\-bind\-pw BIND_PW] [\-\-bind\-pw\-file BIND_PW_FILE] [\-\-bind\-pw\-prompt] CHAIN_NAME .TP \fBCHAIN_NAME\fR The name of the database link .SH OPTIONS \fI\,'dsconf chaining link\-set'\/\fR .TP \fB\-\-conn\-bind\-limit\fR \fI\,CONN_BIND_LIMIT\/\fR Sets the maximum number of BIND connections the database link establishes with the remote server .TP \fB\-\-conn\-op\-limit\fR \fI\,CONN_OP_LIMIT\/\fR Sets the maximum number of LDAP connections the database link establishes with the remote server .TP \fB\-\-abandon\-check\-interval\fR \fI\,ABANDON_CHECK_INTERVAL\/\fR Sets the number of seconds that pass before the server checks for abandoned operations .TP \fB\-\-bind\-limit\fR \fI\,BIND_LIMIT\/\fR Sets the maximum number of concurrent bind operations per TCP connection .TP \fB\-\-op\-limit\fR \fI\,OP_LIMIT\/\fR Sets the maximum number of concurrent operations allowed .TP \fB\-\-proxied\-auth\fR \fI\,PROXIED_AUTH\/\fR Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute. .TP \fB\-\-conn\-lifetime\fR \fI\,CONN_LIFETIME\/\fR Specifies connection lifetime in seconds. "0" keeps the connection open forever. .TP \fB\-\-bind\-timeout\fR \fI\,BIND_TIMEOUT\/\fR Sets the amount of time in seconds before a bind attempt times out .TP \fB\-\-return\-ref\fR \fI\,RETURN_REF\/\fR Enables or disables whether referrals are returned by scoped searches .TP \fB\-\-check\-aci\fR \fI\,CHECK_ACI\/\fR Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server .TP \fB\-\-bind\-attempts\fR \fI\,BIND_ATTEMPTS\/\fR Sets the number of times the server tries to bind to the remote server .TP \fB\-\-size\-limit\fR \fI\,SIZE_LIMIT\/\fR Sets the maximum number of entries to return from a search operation .TP \fB\-\-time\-limit\fR \fI\,TIME_LIMIT\/\fR Sets the maximum number of seconds allowed for an operation .TP \fB\-\-hop\-limit\fR \fI\,HOP_LIMIT\/\fR Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another. .TP \fB\-\-response\-delay\fR \fI\,RESPONSE_DELAY\/\fR Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected .TP \fB\-\-test\-response\-delay\fR \fI\,TEST_RESPONSE_DELAY\/\fR Sets the duration of the test issued by the database link to check whether the remote server is responding .TP \fB\-\-use\-starttls\fR \fI\,USE_STARTTLS\/\fR Configured that database links use StartTLS if set to "on" .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the suffix managed by the database link .TP \fB\-\-server\-url\fR \fI\,SERVER_URL\/\fR Sets the LDAP/LDAPS URL to the remote server .TP \fB\-\-bind\-mech\fR \fI\,BIND_MECH\/\fR Sets the authentication method to use to authenticate to the remote server: Valid values: "SIMPLE" (default), "EXTERNAL", "DIGEST\-MD5", or "GSSAPI" .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the DN of the administrative entry used to communicate with the remote server .TP \fB\-\-bind\-pw\fR \fI\,BIND_PW\/\fR Sets the password of the administrative user .TP \fB\-\-bind\-pw\-file\fR \fI\,BIND_PW_FILE\/\fR File containing the password .TP \fB\-\-bind\-pw\-prompt\fR Prompt for password .SH COMMAND \fI\,'dsconf chaining link\-delete'\/\fR usage: dsconf [\-v] [\-j] instance chaining link\-delete [\-h] CHAIN_NAME .TP \fBCHAIN_NAME\fR The name of the database link .SH COMMAND \fI\,'dsconf chaining monitor'\/\fR usage: dsconf [\-v] [\-j] instance chaining monitor [\-h] CHAIN_NAME .TP \fBCHAIN_NAME\fR The name of the database link .SH COMMAND \fI\,'dsconf chaining link\-list'\/\fR usage: dsconf [\-v] [\-j] instance chaining link\-list [\-h] .SH COMMAND \fI\,'dsconf config'\/\fR usage: dsconf [\-v] [\-j] instance config [\-h] {get,add,replace,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf config'\/\fR .TP \fBdsconf config\fR \fI\,get\/\fR get .TP \fBdsconf config\fR \fI\,add\/\fR Add attribute value to configuration .TP \fBdsconf config\fR \fI\,replace\/\fR Replace attribute value in configuration .TP \fBdsconf config\fR \fI\,delete\/\fR Delete attribute value in configuration .SH COMMAND \fI\,'dsconf config get'\/\fR usage: dsconf [\-v] [\-j] instance config get [\-h] [attrs ...] .TP \fBattrs\fR Configuration attribute(s) to get .SH COMMAND \fI\,'dsconf config add'\/\fR usage: dsconf [\-v] [\-j] instance config add [\-h] [attr ...] .TP \fBattr\fR Configuration attribute to add .SH COMMAND \fI\,'dsconf config replace'\/\fR usage: dsconf [\-v] [\-j] instance config replace [\-h] [attr ...] .TP \fBattr\fR Configuration attribute to replace .SH COMMAND \fI\,'dsconf config delete'\/\fR usage: dsconf [\-v] [\-j] instance config delete [\-h] [attr ...] .TP \fBattr\fR Configuration attribute to delete .SH COMMAND \fI\,'dsconf directory_manager'\/\fR usage: dsconf [\-v] [\-j] instance directory_manager [\-h] {password_change} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf directory_manager'\/\fR .TP \fBdsconf directory_manager\fR \fI\,password_change\/\fR Changes the password of the Directory Manager account .SH COMMAND \fI\,'dsconf directory_manager password_change'\/\fR usage: dsconf [\-v] [\-j] instance directory_manager password_change [\-h] .SH COMMAND \fI\,'dsconf logging'\/\fR usage: dsconf [\-v] [\-j] instance logging [\-h] {access,audit,auditfail,error,security} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging'\/\fR .TP \fBdsconf logging\fR \fI\,access\/\fR Manage access log settings .TP \fBdsconf logging\fR \fI\,audit\/\fR Manage audit log settings .TP \fBdsconf logging\fR \fI\,auditfail\/\fR Manage auditfail log settings .TP \fBdsconf logging\fR \fI\,error\/\fR Manage error log settings .TP \fBdsconf logging\fR \fI\,security\/\fR Manage security log settings .SH COMMAND \fI\,'dsconf logging access'\/\fR usage: dsconf [\-v] [\-j] instance logging access [\-h] {get,set,list\-levels} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging access'\/\fR .TP \fBdsconf logging access\fR \fI\,get\/\fR Get access log configuration .TP \fBdsconf logging access\fR \fI\,set\/\fR Set access log configuration .TP \fBdsconf logging access\fR \fI\,list\-levels\/\fR List all the log levels .SH COMMAND \fI\,'dsconf logging access get'\/\fR usage: dsconf [\-v] [\-j] instance logging access get [\-h] .SH COMMAND \fI\,'dsconf logging access set'\/\fR usage: dsconf [\-v] [\-j] instance logging access set [\-h] {level,logging\-enabled,logging\-disabled,mode,location,compress\-enabled,compress\-disabled,buffering\-enabled,buffering\-disabled,max\-logs,max\-logsize,rotation\-interval,rotation\-interval\-unit,rotation\-tod\-enabled,rotation\-tod\-disabled,rotation\-tod\-hour,rotation\-tod\-minute,deletion\-interval,deletion\-interval\-unit,max\-disk\-space,free\-disk\-space,log\-format,time\-format} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging access set'\/\fR .TP \fBdsconf logging access set\fR \fI\,level\/\fR Set the log level .TP \fBdsconf logging access set\fR \fI\,logging\-enabled\/\fR Enable access logging .TP \fBdsconf logging access set\fR \fI\,logging\-disabled\/\fR Disable access logging .TP \fBdsconf logging access set\fR \fI\,mode\/\fR Set the log file permissions. Default is 600 .TP \fBdsconf logging access set\fR \fI\,location\/\fR Set the log name and location .TP \fBdsconf logging access set\fR \fI\,compress\-enabled\/\fR Enable log compression for rotated logs .TP \fBdsconf logging access set\fR \fI\,compress\-disabled\/\fR Disable log compression for rotated logs .TP \fBdsconf logging access set\fR \fI\,buffering\-enabled\/\fR Enable log buffering .TP \fBdsconf logging access set\fR \fI\,buffering\-disabled\/\fR Disable log buffering .TP \fBdsconf logging access set\fR \fI\,max\-logs\/\fR Set the maximum number of rotated logs the server will maintain .TP \fBdsconf logging access set\fR \fI\,max\-logsize\/\fR Set the maximum size for a log in MB .TP \fBdsconf logging access set\fR \fI\,rotation\-interval\/\fR Set the interval for when a log is rotated.This works with the interval unit .TP \fBdsconf logging access set\fR \fI\,rotation\-interval\-unit\/\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .TP \fBdsconf logging access set\fR \fI\,rotation\-tod\-enabled\/\fR Enable "time of day" rotation for expired logs .TP \fBdsconf logging access set\fR \fI\,rotation\-tod\-disabled\/\fR Disable "time of day" rotation for expired logs .TP \fBdsconf logging access set\fR \fI\,rotation\-tod\-hour\/\fR Set the hour when an expired log should be rotated .TP \fBdsconf logging access set\fR \fI\,rotation\-tod\-minute\/\fR Set the minute when an expired log should be rotated .TP \fBdsconf logging access set\fR \fI\,deletion\-interval\/\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .TP \fBdsconf logging access set\fR \fI\,deletion\-interval\-unit\/\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .TP \fBdsconf logging access set\fR \fI\,max\-disk\-space\/\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .TP \fBdsconf logging access set\fR \fI\,free\-disk\-space\/\fR The server deletes the oldest rotated log file when the available disk space in MB is less than this amount. .TP \fBdsconf logging access set\fR \fI\,log\-format\/\fR Choose between "default", "json", or "json\-pretty" .TP \fBdsconf logging access set\fR \fI\,time\-format\/\fR Time format for JSON logging (strftime) .SH COMMAND \fI\,'dsconf logging access set level'\/\fR usage: dsconf [\-v] [\-j] instance logging access set level [\-h] levels [levels ...] .TP \fBlevels\fR log level .SH COMMAND \fI\,'dsconf logging access set logging\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set logging\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging access set logging\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set logging\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging access set mode'\/\fR usage: dsconf [\-v] [\-j] instance logging access set mode [\-h] values .TP \fBvalues\fR File permissions. Default is 600 .SH COMMAND \fI\,'dsconf logging access set location'\/\fR usage: dsconf [\-v] [\-j] instance logging access set location [\-h] values .TP \fBvalues\fR Log name and location .SH COMMAND \fI\,'dsconf logging access set compress\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set compress\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging access set compress\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set compress\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging access set buffering\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set buffering\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging access set buffering\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set buffering\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging access set max\-logs'\/\fR usage: dsconf [\-v] [\-j] instance logging access set max\-logs [\-h] values .TP \fBvalues\fR Set the maximum number of rotated logs the server will maintain .SH COMMAND \fI\,'dsconf logging access set max\-logsize'\/\fR usage: dsconf [\-v] [\-j] instance logging access set max\-logsize [\-h] values .TP \fBvalues\fR Set the maximum size for a log in MB .SH COMMAND \fI\,'dsconf logging access set rotation\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging access set rotation\-interval [\-h] values .TP \fBvalues\fR Set the interval for when a log is rotated.This works with the interval unit .SH COMMAND \fI\,'dsconf logging access set rotation\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging access set rotation\-interval\-unit [\-h] values .TP \fBvalues\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .SH COMMAND \fI\,'dsconf logging access set rotation\-tod\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set rotation\-tod\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging access set rotation\-tod\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging access set rotation\-tod\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging access set rotation\-tod\-hour'\/\fR usage: dsconf [\-v] [\-j] instance logging access set rotation\-tod\-hour [\-h] values .TP \fBvalues\fR Set the hour when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging access set rotation\-tod\-minute'\/\fR usage: dsconf [\-v] [\-j] instance logging access set rotation\-tod\-minute [\-h] values .TP \fBvalues\fR Set the minute when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging access set deletion\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging access set deletion\-interval [\-h] values .TP \fBvalues\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .SH COMMAND \fI\,'dsconf logging access set deletion\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging access set deletion\-interval\-unit [\-h] values .TP \fBvalues\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .SH COMMAND \fI\,'dsconf logging access set max\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging access set max\-disk\-space [\-h] values .TP \fBvalues\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .SH COMMAND \fI\,'dsconf logging access set free\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging access set free\-disk\-space [\-h] values .TP \fBvalues\fR Set the minimum available disk space in MB that triggers the server to delete rotated log files. .SH COMMAND \fI\,'dsconf logging access set log\-format'\/\fR usage: dsconf [\-v] [\-j] instance logging access set log\-format [\-h] values .TP \fBvalues\fR Choose between "default", "json", or "json\-pretty" .SH COMMAND \fI\,'dsconf logging access set time\-format'\/\fR usage: dsconf [\-v] [\-j] instance logging access set time\-format [\-h] values .TP \fBvalues\fR Time format for JSON logging (strftime) .SH COMMAND \fI\,'dsconf logging access list\-levels'\/\fR usage: dsconf [\-v] [\-j] instance logging access list\-levels [\-h] .SH COMMAND \fI\,'dsconf logging audit'\/\fR usage: dsconf [\-v] [\-j] instance logging audit [\-h] {get,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging audit'\/\fR .TP \fBdsconf logging audit\fR \fI\,get\/\fR Get audit log configuration .TP \fBdsconf logging audit\fR \fI\,set\/\fR Set audit log configuration .SH COMMAND \fI\,'dsconf logging audit get'\/\fR usage: dsconf [\-v] [\-j] instance logging audit get [\-h] .SH COMMAND \fI\,'dsconf logging audit set'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set [\-h] {logging\-enabled,logging\-disabled,mode,location,compress\-enabled,compress\-disabled,buffering\-enabled,buffering\-disabled,max\-logs,max\-logsize,rotation\-interval,rotation\-interval\-unit,rotation\-tod\-enabled,rotation\-tod\-disabled,rotation\-tod\-hour,rotation\-tod\-minute,deletion\-interval,deletion\-interval\-unit,max\-disk\-space,free\-disk\-space,log\-format,time\-format,display\-attrs} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging audit set'\/\fR .TP \fBdsconf logging audit set\fR \fI\,logging\-enabled\/\fR Enable access logging .TP \fBdsconf logging audit set\fR \fI\,logging\-disabled\/\fR Disable audit logging .TP \fBdsconf logging audit set\fR \fI\,mode\/\fR Set the log file permissions. Default is 600 .TP \fBdsconf logging audit set\fR \fI\,location\/\fR Set the log name and location .TP \fBdsconf logging audit set\fR \fI\,compress\-enabled\/\fR Enable log compression for rotated logs .TP \fBdsconf logging audit set\fR \fI\,compress\-disabled\/\fR Disable log compression for rotated logs .TP \fBdsconf logging audit set\fR \fI\,buffering\-enabled\/\fR Enable log buffering .TP \fBdsconf logging audit set\fR \fI\,buffering\-disabled\/\fR Disable log buffering .TP \fBdsconf logging audit set\fR \fI\,max\-logs\/\fR Set the maximum number of rotated logs the server will maintain .TP \fBdsconf logging audit set\fR \fI\,max\-logsize\/\fR Set the maximum size for a log in MB .TP \fBdsconf logging audit set\fR \fI\,rotation\-interval\/\fR Set the interval for when a log is rotated.This works with the interval unit .TP \fBdsconf logging audit set\fR \fI\,rotation\-interval\-unit\/\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .TP \fBdsconf logging audit set\fR \fI\,rotation\-tod\-enabled\/\fR Enable "time of day" rotation for expired logs .TP \fBdsconf logging audit set\fR \fI\,rotation\-tod\-disabled\/\fR Disable "time of day" rotation for expired logs .TP \fBdsconf logging audit set\fR \fI\,rotation\-tod\-hour\/\fR Set the hour when an expired log should be rotated .TP \fBdsconf logging audit set\fR \fI\,rotation\-tod\-minute\/\fR Set the minute when an expired log should be rotated .TP \fBdsconf logging audit set\fR \fI\,deletion\-interval\/\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .TP \fBdsconf logging audit set\fR \fI\,deletion\-interval\-unit\/\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .TP \fBdsconf logging audit set\fR \fI\,max\-disk\-space\/\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .TP \fBdsconf logging audit set\fR \fI\,free\-disk\-space\/\fR The server deletes the oldest rotated log file when the available disk space in MB is less than this amount. .TP \fBdsconf logging audit set\fR \fI\,log\-format\/\fR Choose between "default", "json", or "json\-pretty" .TP \fBdsconf logging audit set\fR \fI\,time\-format\/\fR Time format for JSON logging (strftime) .TP \fBdsconf logging audit set\fR \fI\,display\-attrs\/\fR Sets additional identifying attrs to display .SH COMMAND \fI\,'dsconf logging audit set logging\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set logging\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set logging\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set logging\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set mode'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set mode [\-h] values .TP \fBvalues\fR File permissions. Default is 600 .SH COMMAND \fI\,'dsconf logging audit set location'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set location [\-h] values .TP \fBvalues\fR Log name and location .SH COMMAND \fI\,'dsconf logging audit set compress\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set compress\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set compress\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set compress\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set buffering\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set buffering\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set buffering\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set buffering\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set max\-logs'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set max\-logs [\-h] values .TP \fBvalues\fR Set the maximum number of rotated logs the server will maintain .SH COMMAND \fI\,'dsconf logging audit set max\-logsize'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set max\-logsize [\-h] values .TP \fBvalues\fR Set the maximum size for a log in MB .SH COMMAND \fI\,'dsconf logging audit set rotation\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set rotation\-interval [\-h] values .TP \fBvalues\fR Set the interval for when a log is rotated.This works with the interval unit .SH COMMAND \fI\,'dsconf logging audit set rotation\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set rotation\-interval\-unit [\-h] values .TP \fBvalues\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .SH COMMAND \fI\,'dsconf logging audit set rotation\-tod\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set rotation\-tod\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set rotation\-tod\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set rotation\-tod\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging audit set rotation\-tod\-hour'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set rotation\-tod\-hour [\-h] values .TP \fBvalues\fR Set the hour when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging audit set rotation\-tod\-minute'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set rotation\-tod\-minute [\-h] values .TP \fBvalues\fR Set the minute when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging audit set deletion\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set deletion\-interval [\-h] values .TP \fBvalues\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .SH COMMAND \fI\,'dsconf logging audit set deletion\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set deletion\-interval\-unit [\-h] values .TP \fBvalues\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .SH COMMAND \fI\,'dsconf logging audit set max\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set max\-disk\-space [\-h] values .TP \fBvalues\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .SH COMMAND \fI\,'dsconf logging audit set free\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set free\-disk\-space [\-h] values .TP \fBvalues\fR Set the minimum available disk space in MB that triggers the server to delete rotated log files. .SH COMMAND \fI\,'dsconf logging audit set log\-format'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set log\-format [\-h] values .TP \fBvalues\fR Choose between "default", "json", or "json\-pretty" .SH COMMAND \fI\,'dsconf logging audit set time\-format'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set time\-format [\-h] values .TP \fBvalues\fR Time format for JSON logging (strftime) .SH COMMAND \fI\,'dsconf logging audit set display\-attrs'\/\fR usage: dsconf [\-v] [\-j] instance logging audit set display\-attrs [\-h] values [values ...] .TP \fBvalues\fR Sets additional identifying attrs to display .SH COMMAND \fI\,'dsconf logging auditfail'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail [\-h] {get,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging auditfail'\/\fR .TP \fBdsconf logging auditfail\fR \fI\,get\/\fR Get auditfail log configuration .TP \fBdsconf logging auditfail\fR \fI\,set\/\fR Set auditfail log configuration .SH COMMAND \fI\,'dsconf logging auditfail get'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail get [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set [\-h] {logging\-enabled,logging\-disabled,mode,location,compress\-enabled,compress\-disabled,max\-logs,max\-logsize,rotation\-interval,rotation\-interval\-unit,rotation\-tod\-enabled,rotation\-tod\-disabled,rotation\-tod\-hour,rotation\-tod\-minute,deletion\-interval,deletion\-interval\-unit,max\-disk\-space,free\-disk\-space} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging auditfail set'\/\fR .TP \fBdsconf logging auditfail set\fR \fI\,logging\-enabled\/\fR Enable access logging .TP \fBdsconf logging auditfail set\fR \fI\,logging\-disabled\/\fR Disable auditfail logging .TP \fBdsconf logging auditfail set\fR \fI\,mode\/\fR Set the log file permissions. Default is 600 .TP \fBdsconf logging auditfail set\fR \fI\,location\/\fR Set the log name and location .TP \fBdsconf logging auditfail set\fR \fI\,compress\-enabled\/\fR Enable log compression for rotated logs .TP \fBdsconf logging auditfail set\fR \fI\,compress\-disabled\/\fR Disable log compression for rotated logs .TP \fBdsconf logging auditfail set\fR \fI\,max\-logs\/\fR Set the maximum number of rotated logs the server will maintain .TP \fBdsconf logging auditfail set\fR \fI\,max\-logsize\/\fR Set the maximum size for a log in MB .TP \fBdsconf logging auditfail set\fR \fI\,rotation\-interval\/\fR Set the interval for when a log is rotated.This works with the interval unit .TP \fBdsconf logging auditfail set\fR \fI\,rotation\-interval\-unit\/\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .TP \fBdsconf logging auditfail set\fR \fI\,rotation\-tod\-enabled\/\fR Enable "time of day" rotation for expired logs .TP \fBdsconf logging auditfail set\fR \fI\,rotation\-tod\-disabled\/\fR Disable "time of day" rotation for expired logs .TP \fBdsconf logging auditfail set\fR \fI\,rotation\-tod\-hour\/\fR Set the hour when an expired log should be rotated .TP \fBdsconf logging auditfail set\fR \fI\,rotation\-tod\-minute\/\fR Set the minute when an expired log should be rotated .TP \fBdsconf logging auditfail set\fR \fI\,deletion\-interval\/\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .TP \fBdsconf logging auditfail set\fR \fI\,deletion\-interval\-unit\/\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .TP \fBdsconf logging auditfail set\fR \fI\,max\-disk\-space\/\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .TP \fBdsconf logging auditfail set\fR \fI\,free\-disk\-space\/\fR The server deletes the oldest rotated log file when the available disk space in MB is less than this amount. .SH COMMAND \fI\,'dsconf logging auditfail set logging\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set logging\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set logging\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set logging\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set mode'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set mode [\-h] values .TP \fBvalues\fR File permissions. Default is 600 .SH COMMAND \fI\,'dsconf logging auditfail set location'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set location [\-h] values .TP \fBvalues\fR Log name and location .SH COMMAND \fI\,'dsconf logging auditfail set compress\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set compress\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set compress\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set compress\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set max\-logs'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set max\-logs [\-h] values .TP \fBvalues\fR Set the maximum number of rotated logs the server will maintain .SH COMMAND \fI\,'dsconf logging auditfail set max\-logsize'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set max\-logsize [\-h] values .TP \fBvalues\fR Set the maximum size for a log in MB .SH COMMAND \fI\,'dsconf logging auditfail set rotation\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set rotation\-interval [\-h] values .TP \fBvalues\fR Set the interval for when a log is rotated.This works with the interval unit .SH COMMAND \fI\,'dsconf logging auditfail set rotation\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set rotation\-interval\-unit [\-h] values .TP \fBvalues\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .SH COMMAND \fI\,'dsconf logging auditfail set rotation\-tod\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set rotation\-tod\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set rotation\-tod\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set rotation\-tod\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging auditfail set rotation\-tod\-hour'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set rotation\-tod\-hour [\-h] values .TP \fBvalues\fR Set the hour when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging auditfail set rotation\-tod\-minute'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set rotation\-tod\-minute [\-h] values .TP \fBvalues\fR Set the minute when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging auditfail set deletion\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set deletion\-interval [\-h] values .TP \fBvalues\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .SH COMMAND \fI\,'dsconf logging auditfail set deletion\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set deletion\-interval\-unit [\-h] values .TP \fBvalues\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .SH COMMAND \fI\,'dsconf logging auditfail set max\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set max\-disk\-space [\-h] values .TP \fBvalues\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .SH COMMAND \fI\,'dsconf logging auditfail set free\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging auditfail set free\-disk\-space [\-h] values .TP \fBvalues\fR Set the minimum available disk space in MB that triggers the server to delete rotated log files. .SH COMMAND \fI\,'dsconf logging error'\/\fR usage: dsconf [\-v] [\-j] instance logging error [\-h] {get,set,list\-levels} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging error'\/\fR .TP \fBdsconf logging error\fR \fI\,get\/\fR Get error log configuration .TP \fBdsconf logging error\fR \fI\,set\/\fR Set error log configuration .TP \fBdsconf logging error\fR \fI\,list\-levels\/\fR List all the log levels .SH COMMAND \fI\,'dsconf logging error get'\/\fR usage: dsconf [\-v] [\-j] instance logging error get [\-h] .SH COMMAND \fI\,'dsconf logging error set'\/\fR usage: dsconf [\-v] [\-j] instance logging error set [\-h] {level,logging\-enabled,logging\-disabled,mode,location,compress\-enabled,compress\-disabled,buffering\-enabled,buffering\-disabled,max\-logs,max\-logsize,rotation\-interval,rotation\-interval\-unit,rotation\-tod\-enabled,rotation\-tod\-disabled,rotation\-tod\-hour,rotation\-tod\-minute,deletion\-interval,deletion\-interval\-unit,max\-disk\-space,free\-disk\-space} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging error set'\/\fR .TP \fBdsconf logging error set\fR \fI\,level\/\fR Set the log level .TP \fBdsconf logging error set\fR \fI\,logging\-enabled\/\fR Enable access logging .TP \fBdsconf logging error set\fR \fI\,logging\-disabled\/\fR Disable error logging .TP \fBdsconf logging error set\fR \fI\,mode\/\fR Set the log file permissions. Default is 600 .TP \fBdsconf logging error set\fR \fI\,location\/\fR Set the log name and location .TP \fBdsconf logging error set\fR \fI\,compress\-enabled\/\fR Enable log compression for rotated logs .TP \fBdsconf logging error set\fR \fI\,compress\-disabled\/\fR Disable log compression for rotated logs .TP \fBdsconf logging error set\fR \fI\,buffering\-enabled\/\fR Enable log buffering .TP \fBdsconf logging error set\fR \fI\,buffering\-disabled\/\fR Disable log buffering .TP \fBdsconf logging error set\fR \fI\,max\-logs\/\fR Set the maximum number of rotated logs the server will maintain .TP \fBdsconf logging error set\fR \fI\,max\-logsize\/\fR Set the maximum size for a log in MB .TP \fBdsconf logging error set\fR \fI\,rotation\-interval\/\fR Set the interval for when a log is rotated.This works with the interval unit .TP \fBdsconf logging error set\fR \fI\,rotation\-interval\-unit\/\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .TP \fBdsconf logging error set\fR \fI\,rotation\-tod\-enabled\/\fR Enable "time of day" rotation for expired logs .TP \fBdsconf logging error set\fR \fI\,rotation\-tod\-disabled\/\fR Disable "time of day" rotation for expired logs .TP \fBdsconf logging error set\fR \fI\,rotation\-tod\-hour\/\fR Set the hour when an expired log should be rotated .TP \fBdsconf logging error set\fR \fI\,rotation\-tod\-minute\/\fR Set the minute when an expired log should be rotated .TP \fBdsconf logging error set\fR \fI\,deletion\-interval\/\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .TP \fBdsconf logging error set\fR \fI\,deletion\-interval\-unit\/\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .TP \fBdsconf logging error set\fR \fI\,max\-disk\-space\/\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .TP \fBdsconf logging error set\fR \fI\,free\-disk\-space\/\fR The server deletes the oldest rotated log file when the available disk space in MB is less than this amount. .SH COMMAND \fI\,'dsconf logging error set level'\/\fR usage: dsconf [\-v] [\-j] instance logging error set level [\-h] levels [levels ...] .TP \fBlevels\fR log level .SH COMMAND \fI\,'dsconf logging error set logging\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set logging\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging error set logging\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set logging\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging error set mode'\/\fR usage: dsconf [\-v] [\-j] instance logging error set mode [\-h] values .TP \fBvalues\fR File permissions. Default is 600 .SH COMMAND \fI\,'dsconf logging error set location'\/\fR usage: dsconf [\-v] [\-j] instance logging error set location [\-h] values .TP \fBvalues\fR Log name and location .SH COMMAND \fI\,'dsconf logging error set compress\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set compress\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging error set compress\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set compress\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging error set buffering\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set buffering\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging error set buffering\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set buffering\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging error set max\-logs'\/\fR usage: dsconf [\-v] [\-j] instance logging error set max\-logs [\-h] values .TP \fBvalues\fR Set the maximum number of rotated logs the server will maintain .SH COMMAND \fI\,'dsconf logging error set max\-logsize'\/\fR usage: dsconf [\-v] [\-j] instance logging error set max\-logsize [\-h] values .TP \fBvalues\fR Set the maximum size for a log in MB .SH COMMAND \fI\,'dsconf logging error set rotation\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging error set rotation\-interval [\-h] values .TP \fBvalues\fR Set the interval for when a log is rotated.This works with the interval unit .SH COMMAND \fI\,'dsconf logging error set rotation\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging error set rotation\-interval\-unit [\-h] values .TP \fBvalues\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .SH COMMAND \fI\,'dsconf logging error set rotation\-tod\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set rotation\-tod\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging error set rotation\-tod\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging error set rotation\-tod\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging error set rotation\-tod\-hour'\/\fR usage: dsconf [\-v] [\-j] instance logging error set rotation\-tod\-hour [\-h] values .TP \fBvalues\fR Set the hour when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging error set rotation\-tod\-minute'\/\fR usage: dsconf [\-v] [\-j] instance logging error set rotation\-tod\-minute [\-h] values .TP \fBvalues\fR Set the minute when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging error set deletion\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging error set deletion\-interval [\-h] values .TP \fBvalues\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .SH COMMAND \fI\,'dsconf logging error set deletion\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging error set deletion\-interval\-unit [\-h] values .TP \fBvalues\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .SH COMMAND \fI\,'dsconf logging error set max\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging error set max\-disk\-space [\-h] values .TP \fBvalues\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .SH COMMAND \fI\,'dsconf logging error set free\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging error set free\-disk\-space [\-h] values .TP \fBvalues\fR Set the minimum available disk space in MB that triggers the server to delete rotated log files. .SH COMMAND \fI\,'dsconf logging error list\-levels'\/\fR usage: dsconf [\-v] [\-j] instance logging error list\-levels [\-h] .SH COMMAND \fI\,'dsconf logging security'\/\fR usage: dsconf [\-v] [\-j] instance logging security [\-h] {get,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging security'\/\fR .TP \fBdsconf logging security\fR \fI\,get\/\fR Get security log configuration .TP \fBdsconf logging security\fR \fI\,set\/\fR Set security log configuration .SH COMMAND \fI\,'dsconf logging security get'\/\fR usage: dsconf [\-v] [\-j] instance logging security get [\-h] .SH COMMAND \fI\,'dsconf logging security set'\/\fR usage: dsconf [\-v] [\-j] instance logging security set [\-h] {logging\-enabled,logging\-disabled,mode,location,compress\-enabled,compress\-disabled,buffering\-enabled,buffering\-disabled,max\-logs,max\-logsize,rotation\-interval,rotation\-interval\-unit,rotation\-tod\-enabled,rotation\-tod\-disabled,rotation\-tod\-hour,rotation\-tod\-minute,deletion\-interval,deletion\-interval\-unit,max\-disk\-space,free\-disk\-space} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf logging security set'\/\fR .TP \fBdsconf logging security set\fR \fI\,logging\-enabled\/\fR Enable access logging .TP \fBdsconf logging security set\fR \fI\,logging\-disabled\/\fR Disable security logging .TP \fBdsconf logging security set\fR \fI\,mode\/\fR Set the log file permissions. Default is 600 .TP \fBdsconf logging security set\fR \fI\,location\/\fR Set the log name and location .TP \fBdsconf logging security set\fR \fI\,compress\-enabled\/\fR Enable log compression for rotated logs .TP \fBdsconf logging security set\fR \fI\,compress\-disabled\/\fR Disable log compression for rotated logs .TP \fBdsconf logging security set\fR \fI\,buffering\-enabled\/\fR Enable log buffering .TP \fBdsconf logging security set\fR \fI\,buffering\-disabled\/\fR Disable log buffering .TP \fBdsconf logging security set\fR \fI\,max\-logs\/\fR Set the maximum number of rotated logs the server will maintain .TP \fBdsconf logging security set\fR \fI\,max\-logsize\/\fR Set the maximum size for a log in MB .TP \fBdsconf logging security set\fR \fI\,rotation\-interval\/\fR Set the interval for when a log is rotated.This works with the interval unit .TP \fBdsconf logging security set\fR \fI\,rotation\-interval\-unit\/\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .TP \fBdsconf logging security set\fR \fI\,rotation\-tod\-enabled\/\fR Enable "time of day" rotation for expired logs .TP \fBdsconf logging security set\fR \fI\,rotation\-tod\-disabled\/\fR Disable "time of day" rotation for expired logs .TP \fBdsconf logging security set\fR \fI\,rotation\-tod\-hour\/\fR Set the hour when an expired log should be rotated .TP \fBdsconf logging security set\fR \fI\,rotation\-tod\-minute\/\fR Set the minute when an expired log should be rotated .TP \fBdsconf logging security set\fR \fI\,deletion\-interval\/\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .TP \fBdsconf logging security set\fR \fI\,deletion\-interval\-unit\/\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .TP \fBdsconf logging security set\fR \fI\,max\-disk\-space\/\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .TP \fBdsconf logging security set\fR \fI\,free\-disk\-space\/\fR The server deletes the oldest rotated log file when the available disk space in MB is less than this amount. .SH COMMAND \fI\,'dsconf logging security set logging\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set logging\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging security set logging\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set logging\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging security set mode'\/\fR usage: dsconf [\-v] [\-j] instance logging security set mode [\-h] values .TP \fBvalues\fR File permissions. Default is 600 .SH COMMAND \fI\,'dsconf logging security set location'\/\fR usage: dsconf [\-v] [\-j] instance logging security set location [\-h] values .TP \fBvalues\fR Log name and location .SH COMMAND \fI\,'dsconf logging security set compress\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set compress\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging security set compress\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set compress\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging security set buffering\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set buffering\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging security set buffering\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set buffering\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging security set max\-logs'\/\fR usage: dsconf [\-v] [\-j] instance logging security set max\-logs [\-h] values .TP \fBvalues\fR Set the maximum number of rotated logs the server will maintain .SH COMMAND \fI\,'dsconf logging security set max\-logsize'\/\fR usage: dsconf [\-v] [\-j] instance logging security set max\-logsize [\-h] values .TP \fBvalues\fR Set the maximum size for a log in MB .SH COMMAND \fI\,'dsconf logging security set rotation\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging security set rotation\-interval [\-h] values .TP \fBvalues\fR Set the interval for when a log is rotated.This works with the interval unit .SH COMMAND \fI\,'dsconf logging security set rotation\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging security set rotation\-interval\-unit [\-h] values .TP \fBvalues\fR Set the time unit for the rotation interval for whena log is rotated. Choose between: "minute", "hour", "day", "week", and "month" .SH COMMAND \fI\,'dsconf logging security set rotation\-tod\-enabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set rotation\-tod\-enabled [\-h] .SH COMMAND \fI\,'dsconf logging security set rotation\-tod\-disabled'\/\fR usage: dsconf [\-v] [\-j] instance logging security set rotation\-tod\-disabled [\-h] .SH COMMAND \fI\,'dsconf logging security set rotation\-tod\-hour'\/\fR usage: dsconf [\-v] [\-j] instance logging security set rotation\-tod\-hour [\-h] values .TP \fBvalues\fR Set the hour when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging security set rotation\-tod\-minute'\/\fR usage: dsconf [\-v] [\-j] instance logging security set rotation\-tod\-minute [\-h] values .TP \fBvalues\fR Set the minute when an expired log should be rotated .SH COMMAND \fI\,'dsconf logging security set deletion\-interval'\/\fR usage: dsconf [\-v] [\-j] instance logging security set deletion\-interval [\-h] values .TP \fBvalues\fR Set the interval a rotated log should be deleted. This works with the deletion internal unit setting .SH COMMAND \fI\,'dsconf logging security set deletion\-interval\-unit'\/\fR usage: dsconf [\-v] [\-j] instance logging security set deletion\-interval\-unit [\-h] values .TP \fBvalues\fR Set the interval unit a rotated log should be deleted. Choose from: "day", "week", or "month" .SH COMMAND \fI\,'dsconf logging security set max\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging security set max\-disk\-space [\-h] values .TP \fBvalues\fR Set the maximum amount of disk space in MB rotated logs can consume before rotated logs are deleted. .SH COMMAND \fI\,'dsconf logging security set free\-disk\-space'\/\fR usage: dsconf [\-v] [\-j] instance logging security set free\-disk\-space [\-h] values .TP \fBvalues\fR Set the minimum available disk space in MB that triggers the server to delete rotated log files. .SH COMMAND \fI\,'dsconf monitor'\/\fR usage: dsconf [\-v] [\-j] instance monitor [\-h] {server,dbmon,ldbm,backend,snmp,chaining,disk} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf monitor'\/\fR .TP \fBdsconf monitor\fR \fI\,server\/\fR Displays the server statistics, connections, and operations .TP \fBdsconf monitor\fR \fI\,dbmon\/\fR Monitor all database statistics in a single report .TP \fBdsconf monitor\fR \fI\,ldbm\/\fR Monitor the LDBM statistics, such as dbcache .TP \fBdsconf monitor\fR \fI\,backend\/\fR Monitor the behavior of a backend database .TP \fBdsconf monitor\fR \fI\,snmp\/\fR Displays the SNMP statistics .TP \fBdsconf monitor\fR \fI\,chaining\/\fR Monitor database chaining statistics .TP \fBdsconf monitor\fR \fI\,disk\/\fR Displays the disk space statistics. All values are in bytes. .SH COMMAND \fI\,'dsconf monitor server'\/\fR usage: dsconf [\-v] [\-j] instance monitor server [\-h] .SH COMMAND \fI\,'dsconf monitor dbmon'\/\fR usage: dsconf [\-v] [\-j] instance monitor dbmon [\-h] [\-b BACKENDS] [\-x] .SH OPTIONS \fI\,'dsconf monitor dbmon'\/\fR .TP \fB\-b\fR \fI\,BACKENDS\/\fR, \fB\-\-backends\fR \fI\,BACKENDS\/\fR Specifies a list of space\-separated backends to monitor. Default is all backends. .TP \fB\-x\fR, \fB\-\-indexes\fR Shows index stats for each backend .SH COMMAND \fI\,'dsconf monitor ldbm'\/\fR usage: dsconf [\-v] [\-j] instance monitor ldbm [\-h] .SH COMMAND \fI\,'dsconf monitor backend'\/\fR usage: dsconf [\-v] [\-j] instance monitor backend [\-h] [backend] .TP \fBbackend\fR The optional name of the backend to monitor .SH COMMAND \fI\,'dsconf monitor snmp'\/\fR usage: dsconf [\-v] [\-j] instance monitor snmp [\-h] .SH COMMAND \fI\,'dsconf monitor chaining'\/\fR usage: dsconf [\-v] [\-j] instance monitor chaining [\-h] [backend] .TP \fBbackend\fR The optional name of the chaining backend to monitor .SH COMMAND \fI\,'dsconf monitor disk'\/\fR usage: dsconf [\-v] [\-j] instance monitor disk [\-h] .SH COMMAND \fI\,'dsconf plugin'\/\fR usage: dsconf [\-v] [\-j] instance plugin [\-h] {memberof,automember,referential\-integrity,root\-dn,usn,account\-policy,attr\-uniq,dna,ldap\-pass\-through\-auth,linked\-attr,managed\-entries,pam\-pass\-through\-auth,retro\-changelog,posix\-winsync,contentsync,entryuuid,pwstorage\-scheme,list,show,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin'\/\fR .TP \fBdsconf plugin\fR \fI\,memberof\/\fR Manage and configure MemberOf plugin .TP \fBdsconf plugin\fR \fI\,automember\/\fR Manage and configure Automembership plugin .TP \fBdsconf plugin\fR \fI\,referential\-integrity\/\fR Manage and configure Referential Integrity Postoperation plugin .TP \fBdsconf plugin\fR \fI\,root\-dn\/\fR Manage and configure RootDN Access Control plugin .TP \fBdsconf plugin\fR \fI\,usn\/\fR Manage and configure USN plugin .TP \fBdsconf plugin\fR \fI\,account\-policy\/\fR Manage and configure Account Policy plugin .TP \fBdsconf plugin\fR \fI\,attr\-uniq\/\fR Manage and configure Attribute Uniqueness plugin .TP \fBdsconf plugin\fR \fI\,dna\/\fR Manage and configure DNA plugin .TP \fBdsconf plugin\fR \fI\,ldap\-pass\-through\-auth\/\fR Manage and configure LDAP Pass\-Through Authentication Plugin .TP \fBdsconf plugin\fR \fI\,linked\-attr\/\fR Manage and configure Linked Attributes plugin .TP \fBdsconf plugin\fR \fI\,managed\-entries\/\fR Manage and configure Managed Entries Plugin .TP \fBdsconf plugin\fR \fI\,pam\-pass\-through\-auth\/\fR Manage and configure Pass\-Through Authentication plugins (LDAP URLs and PAM) .TP \fBdsconf plugin\fR \fI\,retro\-changelog\/\fR Manage and configure Retro Changelog plugin .TP \fBdsconf plugin\fR \fI\,posix\-winsync\/\fR Manage and configure the Posix Winsync API plugin .TP \fBdsconf plugin\fR \fI\,contentsync\/\fR Manage and configure Content Sync Plugin (aka syncrepl) .TP \fBdsconf plugin\fR \fI\,entryuuid\/\fR Manage and configure EntryUUID plugin .TP \fBdsconf plugin\fR \fI\,pwstorage\-scheme\/\fR Manage password storage scheme plugins .TP \fBdsconf plugin\fR \fI\,list\/\fR List current configured (enabled and disabled) plugins .TP \fBdsconf plugin\fR \fI\,show\/\fR Show the plugin data .TP \fBdsconf plugin\fR \fI\,set\/\fR Edit the plugin settings .SH COMMAND \fI\,'dsconf plugin memberof'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof [\-h] {show,enable,disable,status,set,config\-entry,fixup,fixup\-status} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin memberof'\/\fR .TP \fBdsconf plugin memberof\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin memberof\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin memberof\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin memberof\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin memberof\fR \fI\,set\/\fR Edit the plugin settings .TP \fBdsconf plugin memberof\fR \fI\,config\-entry\/\fR Manage the config entry .TP \fBdsconf plugin memberof\fR \fI\,fixup\/\fR Run the fix\-up task for memberOf plugin .TP \fBdsconf plugin memberof\fR \fI\,fixup\-status\/\fR Check the status of a fix\-up task .SH COMMAND \fI\,'dsconf plugin memberof show'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof show [\-h] .SH COMMAND \fI\,'dsconf plugin memberof enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof enable [\-h] .SH COMMAND \fI\,'dsconf plugin memberof disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof disable [\-h] .SH COMMAND \fI\,'dsconf plugin memberof status'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof status [\-h] .SH COMMAND \fI\,'dsconf plugin memberof set'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof set [\-h] [\-\-attr ATTR] [\-\-groupattr GROUPATTR [GROUPATTR ...]] [\-\-allbackends {on,off}] [\-\-skipnested {on,off}] [\-\-scope SCOPE [SCOPE ...]] [\-\-exclude EXCLUDE [EXCLUDE ...]] [\-\-autoaddoc AUTOADDOC] [\-\-config\-entry CONFIG_ENTRY] .SH OPTIONS \fI\,'dsconf plugin memberof set'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr) .TP \fB\-\-groupattr\fR \fI\,GROUPATTR [GROUPATTR ...]\/\fR Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr) .TP \fB\-\-allbackends\fR \fI\,{on,off}\/\fR Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends) .TP \fB\-\-skipnested\fR \fI\,{on,off}\/\fR Specifies whether to skip nested groups or not (memberOfSkipNested) .TP \fB\-\-scope\fR \fI\,SCOPE [SCOPE ...]\/\fR Specifies backends or multiple\-nested suffixes for the MemberOf plug\-in to work on (memberOfEntryScope) .TP \fB\-\-exclude\fR \fI\,EXCLUDE [EXCLUDE ...]\/\fR Specifies backends or multiple\-nested suffixes for the MemberOf plug\-in to exclude (memberOfEntryScopeExcludeSubtree) .TP \fB\-\-autoaddoc\fR \fI\,AUTOADDOC\/\fR If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter .TP \fB\-\-config\-entry\fR \fI\,CONFIG_ENTRY\/\fR The value to set as nsslapd\-pluginConfigArea .SH COMMAND \fI\,'dsconf plugin memberof config\-entry'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof config\-entry [\-h] {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin memberof config\-entry'\/\fR .TP \fBdsconf plugin memberof config\-entry\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin memberof config\-entry\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin memberof config\-entry\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin memberof config\-entry\fR \fI\,delete\/\fR Delete the config entry .SH COMMAND \fI\,'dsconf plugin memberof config\-entry add'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof config\-entry add [\-h] [\-\-attr ATTR] [\-\-groupattr GROUPATTR [GROUPATTR ...]] [\-\-allbackends {on,off}] [\-\-skipnested {on,off}] [\-\-scope SCOPE [SCOPE ...]] [\-\-exclude EXCLUDE [EXCLUDE ...]] [\-\-autoaddoc AUTOADDOC] DN .TP \fBDN\fR The config entry full DN .SH OPTIONS \fI\,'dsconf plugin memberof config\-entry add'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr) .TP \fB\-\-groupattr\fR \fI\,GROUPATTR [GROUPATTR ...]\/\fR Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr) .TP \fB\-\-allbackends\fR \fI\,{on,off}\/\fR Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends) .TP \fB\-\-skipnested\fR \fI\,{on,off}\/\fR Specifies whether to skip nested groups or not (memberOfSkipNested) .TP \fB\-\-scope\fR \fI\,SCOPE [SCOPE ...]\/\fR Specifies backends or multiple\-nested suffixes for the MemberOf plug\-in to work on (memberOfEntryScope) .TP \fB\-\-exclude\fR \fI\,EXCLUDE [EXCLUDE ...]\/\fR Specifies backends or multiple\-nested suffixes for the MemberOf plug\-in to exclude (memberOfEntryScopeExcludeSubtree) .TP \fB\-\-autoaddoc\fR \fI\,AUTOADDOC\/\fR If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter .SH COMMAND \fI\,'dsconf plugin memberof config\-entry set'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof config\-entry set [\-h] [\-\-attr ATTR] [\-\-groupattr GROUPATTR [GROUPATTR ...]] [\-\-allbackends {on,off}] [\-\-skipnested {on,off}] [\-\-scope SCOPE [SCOPE ...]] [\-\-exclude EXCLUDE [EXCLUDE ...]] [\-\-autoaddoc AUTOADDOC] DN .TP \fBDN\fR The config entry full DN .SH OPTIONS \fI\,'dsconf plugin memberof config\-entry set'\/\fR .TP \fB\-\-attr\fR \fI\,ATTR\/\fR Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr) .TP \fB\-\-groupattr\fR \fI\,GROUPATTR [GROUPATTR ...]\/\fR Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr) .TP \fB\-\-allbackends\fR \fI\,{on,off}\/\fR Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends) .TP \fB\-\-skipnested\fR \fI\,{on,off}\/\fR Specifies whether to skip nested groups or not (memberOfSkipNested) .TP \fB\-\-scope\fR \fI\,SCOPE [SCOPE ...]\/\fR Specifies backends or multiple\-nested suffixes for the MemberOf plug\-in to work on (memberOfEntryScope) .TP \fB\-\-exclude\fR \fI\,EXCLUDE [EXCLUDE ...]\/\fR Specifies backends or multiple\-nested suffixes for the MemberOf plug\-in to exclude (memberOfEntryScopeExcludeSubtree) .TP \fB\-\-autoaddoc\fR \fI\,AUTOADDOC\/\fR If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter .SH COMMAND \fI\,'dsconf plugin memberof config\-entry show'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof config\-entry show [\-h] DN .TP \fBDN\fR The config entry full DN .SH COMMAND \fI\,'dsconf plugin memberof config\-entry delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof config\-entry delete [\-h] DN .TP \fBDN\fR The config entry full DN .SH COMMAND \fI\,'dsconf plugin memberof fixup'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof fixup [\-h] [\-f FILTER] [\-\-wait] [\-\-timeout TIMEOUT] DN .TP \fBDN\fR Base DN that contains entries to fix up .SH OPTIONS \fI\,'dsconf plugin memberof fixup'\/\fR .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Filter for entries to fix up. If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute regenerated. .TP \fB\-\-wait\fR Wait for the task to finish, this could take a long time .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Sets the task timeout. ,Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf plugin memberof fixup\-status'\/\fR usage: dsconf [\-v] [\-j] instance plugin memberof fixup\-status [\-h] [\-\-dn DN] [\-\-show\-log] [\-\-watch] .SH OPTIONS \fI\,'dsconf plugin memberof fixup\-status'\/\fR .TP \fB\-\-dn\fR \fI\,DN\/\fR The task entry's DN .TP \fB\-\-show\-log\fR Display the task log .TP \fB\-\-watch\fR Watch the task's status and wait for it to finish .SH COMMAND \fI\,'dsconf plugin automember'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember [\-h] {show,enable,disable,status,list,definition,fixup,fixup\-status,abort\-fixup} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin automember'\/\fR .TP \fBdsconf plugin automember\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin automember\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin automember\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin automember\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin automember\fR \fI\,list\/\fR List Automembership definitions or regex rules. .TP \fBdsconf plugin automember\fR \fI\,definition\/\fR Manage Automembership definition. .TP \fBdsconf plugin automember\fR \fI\,fixup\/\fR Run a rebuild membership task. .TP \fBdsconf plugin automember\fR \fI\,fixup\-status\/\fR Check the status of a fix\-up task .TP \fBdsconf plugin automember\fR \fI\,abort\-fixup\/\fR Abort the rebuild membership task. .SH COMMAND \fI\,'dsconf plugin automember show'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember show [\-h] .SH COMMAND \fI\,'dsconf plugin automember enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember enable [\-h] .SH COMMAND \fI\,'dsconf plugin automember disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember disable [\-h] .SH COMMAND \fI\,'dsconf plugin automember status'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember status [\-h] .SH COMMAND \fI\,'dsconf plugin automember list'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember list [\-h] {definitions,regexes} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin automember list'\/\fR .TP \fBdsconf plugin automember list\fR \fI\,definitions\/\fR Lists Automembership definitions. .TP \fBdsconf plugin automember list\fR \fI\,regexes\/\fR List Automembership regex rules. .SH COMMAND \fI\,'dsconf plugin automember list definitions'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember list definitions [\-h] .SH COMMAND \fI\,'dsconf plugin automember list regexes'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember list regexes [\-h] DEFNAME .TP \fBDEFNAME\fR The definition entry CN .SH COMMAND \fI\,'dsconf plugin automember definition'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition [\-h] DEFNAME {add,set,delete,show,regex} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin automember definition'\/\fR .TP \fBdsconf plugin automember definition\fR \fI\,add\/\fR Creates Automembership definition. .TP \fBdsconf plugin automember definition\fR \fI\,set\/\fR Edits Automembership definition. .TP \fBdsconf plugin automember definition\fR \fI\,delete\/\fR Removes Automembership definition. .TP \fBdsconf plugin automember definition\fR \fI\,show\/\fR Displays Automembership definition. .TP \fBdsconf plugin automember definition\fR \fI\,regex\/\fR Manage Automembership regex rules. .SH COMMAND \fI\,'dsconf plugin automember definition add'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME add [\-h] \-\-grouping\-attr GROUPING_ATTR [\-\-default\-group DEFAULT_GROUP] \-\-scope SCOPE \-\-filter FILTER .SH OPTIONS \fI\,'dsconf plugin automember definition add'\/\fR .TP \fB\-\-grouping\-attr\fR \fI\,GROUPING_ATTR\/\fR Specifies the name of the member attribute in the group entry and the attribute in the object entry that supplies the member attribute value, in the format group_member_attr:entry_attr (autoMemberGroupingAttr) .TP \fB\-\-default\-group\fR \fI\,DEFAULT_GROUP\/\fR Sets default or fallback group to add the entry to as a member attribute in group entry (autoMemberDefaultGroup) .TP \fB\-\-scope\fR \fI\,SCOPE\/\fR Sets the subtree DN to search for entries (autoMemberScope) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter) .SH COMMAND \fI\,'dsconf plugin automember definition set'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME set [\-h] \-\-grouping\-attr GROUPING_ATTR [\-\-default\-group DEFAULT_GROUP] \-\-scope SCOPE \-\-filter FILTER .SH OPTIONS \fI\,'dsconf plugin automember definition set'\/\fR .TP \fB\-\-grouping\-attr\fR \fI\,GROUPING_ATTR\/\fR Specifies the name of the member attribute in the group entry and the attribute in the object entry that supplies the member attribute value, in the format group_member_attr:entry_attr (autoMemberGroupingAttr) .TP \fB\-\-default\-group\fR \fI\,DEFAULT_GROUP\/\fR Sets default or fallback group to add the entry to as a member attribute in group entry (autoMemberDefaultGroup) .TP \fB\-\-scope\fR \fI\,SCOPE\/\fR Sets the subtree DN to search for entries (autoMemberScope) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter) .SH COMMAND \fI\,'dsconf plugin automember definition delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME delete [\-h] .SH COMMAND \fI\,'dsconf plugin automember definition show'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME show [\-h] .SH COMMAND \fI\,'dsconf plugin automember definition regex'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME regex [\-h] REGEXNAME {add,set,delete,show} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin automember definition regex'\/\fR .TP \fBdsconf plugin automember definition regex\fR \fI\,add\/\fR Creates Automembership regex. .TP \fBdsconf plugin automember definition regex\fR \fI\,set\/\fR Edits Automembership regex. .TP \fBdsconf plugin automember definition regex\fR \fI\,delete\/\fR Removes Automembership regex. .TP \fBdsconf plugin automember definition regex\fR \fI\,show\/\fR Displays Automembership regex. .SH COMMAND \fI\,'dsconf plugin automember definition regex add'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME regex REGEXNAME add [\-h] [\-\-exclusive EXCLUSIVE [EXCLUSIVE ...]] [\-\-inclusive INCLUSIVE [INCLUSIVE ...]] \-\-target\-group TARGET_GROUP .SH OPTIONS \fI\,'dsconf plugin automember definition regex add'\/\fR .TP \fB\-\-exclusive\fR \fI\,EXCLUSIVE [EXCLUSIVE ...]\/\fR Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex) .TP \fB\-\-inclusive\fR \fI\,INCLUSIVE [INCLUSIVE ...]\/\fR Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex) .TP \fB\-\-target\-group\fR \fI\,TARGET_GROUP\/\fR Sets which group to add the entry to as a member, if it meets the regular expression conditions (autoMemberTargetGroup) .SH COMMAND \fI\,'dsconf plugin automember definition regex set'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME regex REGEXNAME set [\-h] [\-\-exclusive EXCLUSIVE [EXCLUSIVE ...]] [\-\-inclusive INCLUSIVE [INCLUSIVE ...]] \-\-target\-group TARGET_GROUP .SH OPTIONS \fI\,'dsconf plugin automember definition regex set'\/\fR .TP \fB\-\-exclusive\fR \fI\,EXCLUSIVE [EXCLUSIVE ...]\/\fR Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex) .TP \fB\-\-inclusive\fR \fI\,INCLUSIVE [INCLUSIVE ...]\/\fR Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex) .TP \fB\-\-target\-group\fR \fI\,TARGET_GROUP\/\fR Sets which group to add the entry to as a member, if it meets the regular expression conditions (autoMemberTargetGroup) .SH COMMAND \fI\,'dsconf plugin automember definition regex delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME regex REGEXNAME delete [\-h] .SH COMMAND \fI\,'dsconf plugin automember definition regex show'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember definition DEFNAME regex REGEXNAME show [\-h] .SH COMMAND \fI\,'dsconf plugin automember fixup'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember fixup [\-h] \-f FILTER \-s {sub,base,one} [\-\-cleanup] [\-\-wait] [\-\-timeout TIMEOUT] DN .TP \fBDN\fR Base DN that contains entries to fix up .SH OPTIONS \fI\,'dsconf plugin automember fixup'\/\fR .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Sets the LDAP filter for entries to fix up .TP \fB\-s\fR \fI\,{sub,base,one}\/\fR, \fB\-\-scope\fR \fI\,{sub,base,one}\/\fR Sets the LDAP search scope for entries to fix up .TP \fB\-\-cleanup\fR Clean up previous group memberships before rebuilding .TP \fB\-\-wait\fR Wait for the task to finish, this could take a long time .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the fixup task. Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf plugin automember fixup\-status'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember fixup\-status [\-h] [\-\-dn DN] [\-\-show\-log] [\-\-watch] .SH OPTIONS \fI\,'dsconf plugin automember fixup\-status'\/\fR .TP \fB\-\-dn\fR \fI\,DN\/\fR The task entry's DN .TP \fB\-\-show\-log\fR Display the task log .TP \fB\-\-watch\fR Watch the task's status and wait for it to finish .SH COMMAND \fI\,'dsconf plugin automember abort\-fixup'\/\fR usage: dsconf [\-v] [\-j] instance plugin automember abort\-fixup [\-h] [\-\-timeout TIMEOUT] .SH OPTIONS \fI\,'dsconf plugin automember abort\-fixup'\/\fR .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the abort task. Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf plugin referential\-integrity'\/\fR usage: dsconf instance [\-v] [\-j] plugin referential\-integrity [\-h] {show,enable,disable,status,set,config\-entry} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin referential\-integrity'\/\fR .TP \fBdsconf plugin referential\-integrity\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin referential\-integrity\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin referential\-integrity\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin referential\-integrity\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin referential\-integrity\fR \fI\,set\/\fR Edit the plugin settings .TP \fBdsconf plugin referential\-integrity\fR \fI\,config\-entry\/\fR Manage the config entry .SH COMMAND \fI\,'dsconf plugin referential\-integrity show'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity show [\-h] .SH COMMAND \fI\,'dsconf plugin referential\-integrity enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity enable [\-h] .SH COMMAND \fI\,'dsconf plugin referential\-integrity disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity disable [\-h] .SH COMMAND \fI\,'dsconf plugin referential\-integrity status'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity status [\-h] .SH COMMAND \fI\,'dsconf plugin referential\-integrity set'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity set [\-h] [\-\-update\-delay UPDATE_DELAY] [\-\-membership\-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]] [\-\-entry\-scope ENTRY_SCOPE] [\-\-exclude\-entry\-scope EXCLUDE_ENTRY_SCOPE] [\-\-container\-scope CONTAINER_SCOPE] [\-\-log\-file LOG_FILE] [\-\-config\-entry CONFIG_ENTRY] .SH OPTIONS \fI\,'dsconf plugin referential\-integrity set'\/\fR .TP \fB\-\-update\-delay\fR \fI\,UPDATE_DELAY\/\fR Sets the update interval. Special values: 0 \- The check is performed immediately, \-1 \- No check is performed (referint\-update\-delay) .TP \fB\-\-membership\-attr\fR \fI\,MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]\/\fR Specifies attributes to check for and update (referint\-membership\-attr) .TP \fB\-\-entry\-scope\fR \fI\,ENTRY_SCOPE\/\fR Defines the subtree in which the plug\-in looks for the delete or rename operations of a user entry (nsslapd\-pluginEntryScope) .TP \fB\-\-exclude\-entry\-scope\fR \fI\,EXCLUDE_ENTRY_SCOPE\/\fR Defines the subtree in which the plug\-in ignores any operations for deleting or renaming a user (nsslapd\-pluginExcludeEntryScope) .TP \fB\-\-container\-scope\fR \fI\,CONTAINER_SCOPE\/\fR Specifies which branch the plug\-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd\-pluginContainerScope) .TP \fB\-\-log\-file\fR \fI\,LOG_FILE\/\fR Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd\-YOUR_INSTANCE/referint .TP \fB\-\-config\-entry\fR \fI\,CONFIG_ENTRY\/\fR The value to set as nsslapd\-pluginConfigArea .SH COMMAND \fI\,'dsconf plugin referential\-integrity config\-entry'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity config\-entry [\-h] {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin referential\-integrity config\-entry'\/\fR .TP \fBdsconf plugin referential\-integrity config\-entry\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin referential\-integrity config\-entry\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin referential\-integrity config\-entry\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin referential\-integrity config\-entry\fR \fI\,delete\/\fR Delete the config entry .SH COMMAND \fI\,'dsconf plugin referential\-integrity config\-entry add'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity config\-entry add [\-h] [\-\-update\-delay UPDATE_DELAY] [\-\-membership\-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]] [\-\-entry\-scope ENTRY_SCOPE] [\-\-exclude\-entry\-scope EXCLUDE_ENTRY_SCOPE] [\-\-container\-scope CONTAINER_SCOPE] [\-\-log\-file LOG_FILE] DN .TP \fBDN\fR The config entry full DN .SH OPTIONS \fI\,'dsconf plugin referential\-integrity config\-entry add'\/\fR .TP \fB\-\-update\-delay\fR \fI\,UPDATE_DELAY\/\fR Sets the update interval. Special values: 0 \- The check is performed immediately, \-1 \- No check is performed (referint\-update\-delay) .TP \fB\-\-membership\-attr\fR \fI\,MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]\/\fR Specifies attributes to check for and update (referint\-membership\-attr) .TP \fB\-\-entry\-scope\fR \fI\,ENTRY_SCOPE\/\fR Defines the subtree in which the plug\-in looks for the delete or rename operations of a user entry (nsslapd\-pluginEntryScope) .TP \fB\-\-exclude\-entry\-scope\fR \fI\,EXCLUDE_ENTRY_SCOPE\/\fR Defines the subtree in which the plug\-in ignores any operations for deleting or renaming a user (nsslapd\-pluginExcludeEntryScope) .TP \fB\-\-container\-scope\fR \fI\,CONTAINER_SCOPE\/\fR Specifies which branch the plug\-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd\-pluginContainerScope) .TP \fB\-\-log\-file\fR \fI\,LOG_FILE\/\fR Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd\-YOUR_INSTANCE/referint .SH COMMAND \fI\,'dsconf plugin referential\-integrity config\-entry set'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity config\-entry set [\-h] [\-\-update\-delay UPDATE_DELAY] [\-\-membership\-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]] [\-\-entry\-scope ENTRY_SCOPE] [\-\-exclude\-entry\-scope EXCLUDE_ENTRY_SCOPE] [\-\-container\-scope CONTAINER_SCOPE] [\-\-log\-file LOG_FILE] DN .TP \fBDN\fR The config entry full DN .SH OPTIONS \fI\,'dsconf plugin referential\-integrity config\-entry set'\/\fR .TP \fB\-\-update\-delay\fR \fI\,UPDATE_DELAY\/\fR Sets the update interval. Special values: 0 \- The check is performed immediately, \-1 \- No check is performed (referint\-update\-delay) .TP \fB\-\-membership\-attr\fR \fI\,MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]\/\fR Specifies attributes to check for and update (referint\-membership\-attr) .TP \fB\-\-entry\-scope\fR \fI\,ENTRY_SCOPE\/\fR Defines the subtree in which the plug\-in looks for the delete or rename operations of a user entry (nsslapd\-pluginEntryScope) .TP \fB\-\-exclude\-entry\-scope\fR \fI\,EXCLUDE_ENTRY_SCOPE\/\fR Defines the subtree in which the plug\-in ignores any operations for deleting or renaming a user (nsslapd\-pluginExcludeEntryScope) .TP \fB\-\-container\-scope\fR \fI\,CONTAINER_SCOPE\/\fR Specifies which branch the plug\-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd\-pluginContainerScope) .TP \fB\-\-log\-file\fR \fI\,LOG_FILE\/\fR Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd\-YOUR_INSTANCE/referint .SH COMMAND \fI\,'dsconf plugin referential\-integrity config\-entry show'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity config\-entry show [\-h] DN .TP \fBDN\fR The config entry full DN .SH COMMAND \fI\,'dsconf plugin referential\-integrity config\-entry delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin referential\-integrity config\-entry delete [\-h] DN .TP \fBDN\fR The config entry full DN .SH COMMAND \fI\,'dsconf plugin root\-dn'\/\fR usage: dsconf [\-v] [\-j] instance plugin root\-dn [\-h] {show,enable,disable,status,set} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin root\-dn'\/\fR .TP \fBdsconf plugin root\-dn\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin root\-dn\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin root\-dn\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin root\-dn\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin root\-dn\fR \fI\,set\/\fR Edit the plugin settings .SH COMMAND \fI\,'dsconf plugin root\-dn show'\/\fR usage: dsconf [\-v] [\-j] instance plugin root\-dn show [\-h] .SH COMMAND \fI\,'dsconf plugin root\-dn enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin root\-dn enable [\-h] .SH COMMAND \fI\,'dsconf plugin root\-dn disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin root\-dn disable [\-h] .SH COMMAND \fI\,'dsconf plugin root\-dn status'\/\fR usage: dsconf [\-v] [\-j] instance plugin root\-dn status [\-h] .SH COMMAND \fI\,'dsconf plugin root\-dn set'\/\fR usage: dsconf [\-v] [\-j] instance plugin root\-dn set [\-h] [\-\-allow\-host ALLOW_HOST [ALLOW_HOST ...]] [\-\-deny\-host DENY_HOST [DENY_HOST ...]] [\-\-allow\-ip ALLOW_IP [ALLOW_IP ...]] [\-\-deny\-ip DENY_IP [DENY_IP ...]] [\-\-open\-time OPEN_TIME] [\-\-close\-time CLOSE_TIME] [\-\-days\-allowed DAYS_ALLOWED] .SH OPTIONS \fI\,'dsconf plugin root\-dn set'\/\fR .TP \fB\-\-allow\-host\fR \fI\,ALLOW_HOST [ALLOW_HOST ...]\/\fR Sets what hosts, by fully\-qualified domain name, the root user is allowed to use to access Directory Server. Any hosts not listed are implicitly denied (rootdn\-allow\-host) .TP \fB\-\-deny\-host\fR \fI\,DENY_HOST [DENY_HOST ...]\/\fR Sets what hosts, by fully\-qualified domain name, the root user is not allowed to use to access Directory Server. Any hosts not listed are implicitly allowed (rootdn\-deny\-host). If a host address is listed in both the rootdn\-allow\-host and rootdn\-deny\-host attributes, it is denied access. .TP \fB\-\-allow\-ip\fR \fI\,ALLOW_IP [ALLOW_IP ...]\/\fR Sets what IP addresses, either IPv4 or IPv6, for machines the root user is allowed to use to access Directory Server. Any IP addresses not listed are implicitly denied (rootdn\-allow\-ip) .TP \fB\-\-deny\-ip\fR \fI\,DENY_IP [DENY_IP ...]\/\fR Sets what IP addresses, either IPv4 or IPv6, for machines the root user is not allowed to use to access Directory Server. Any IP addresses not listed are implicitly allowed (rootdn\-deny\-ip). If an IP address is listed in both the rootdn\-allow\-ip and rootdn\-deny\-ip attributes, it is denied access. .TP \fB\-\-open\-time\fR \fI\,OPEN_TIME\/\fR Sets part of a time period or range when the root user is allowed to access Directory Server. This sets when the time\-based access begins (rootdn\-open\- time) .TP \fB\-\-close\-time\fR \fI\,CLOSE_TIME\/\fR Sets part of a time period or range when the root user is allowed to access Directory Server. This sets when the time\-based access ends (rootdn\-close\- time) .TP \fB\-\-days\-allowed\fR \fI\,DAYS_ALLOWED\/\fR Sets a comma\-separated list of what days the root user is allowed to use to access Directory Server. Any days listed are implicitly denied (rootdn\-days\- allowed) .SH COMMAND \fI\,'dsconf plugin usn'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn [\-h] {show,enable,disable,status,global,cleanup} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin usn'\/\fR .TP \fBdsconf plugin usn\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin usn\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin usn\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin usn\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin usn\fR \fI\,global\/\fR Get or manage global USN mode (nsslapd\-entryusn\-global) .TP \fBdsconf plugin usn\fR \fI\,cleanup\/\fR Runs the USN tombstone cleanup task .SH COMMAND \fI\,'dsconf plugin usn show'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn show [\-h] .SH COMMAND \fI\,'dsconf plugin usn enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn enable [\-h] .SH COMMAND \fI\,'dsconf plugin usn disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn disable [\-h] .SH COMMAND \fI\,'dsconf plugin usn status'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn status [\-h] .SH COMMAND \fI\,'dsconf plugin usn global'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn global [\-h] {on,off} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin usn global'\/\fR .TP \fBdsconf plugin usn global\fR \fI\,on\/\fR Enables USN global mode .TP \fBdsconf plugin usn global\fR \fI\,off\/\fR Disables USN global mode .SH COMMAND \fI\,'dsconf plugin usn global on'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn global on [\-h] .SH COMMAND \fI\,'dsconf plugin usn global off'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn global off [\-h] .SH COMMAND \fI\,'dsconf plugin usn cleanup'\/\fR usage: dsconf [\-v] [\-j] instance plugin usn cleanup [\-h] (\-s SUFFIX | \-n BACKEND) [\-m MAX_USN] [\-\-timeout TIMEOUT] .SH OPTIONS \fI\,'dsconf plugin usn cleanup'\/\fR .TP \fB\-s\fR \fI\,SUFFIX\/\fR, \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the suffix or subtree in Directory Server to run the cleanup operation against. If the suffix is not specified, then the back end must be specified (suffix). .TP \fB\-n\fR \fI\,BACKEND\/\fR, \fB\-\-backend\fR \fI\,BACKEND\/\fR Sets the Directory Server instance back end, or database, to run the cleanup operation against. If the back end is not specified, then the suffix must be specified. Backend instance in which USN tombstone entries (backend) .TP \fB\-m\fR \fI\,MAX_USN\/\fR, \fB\-\-max\-usn\fR \fI\,MAX_USN\/\fR Sets the highest USN value to delete when removing tombstone entries (max_usn_to_delete) .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Sets the cleanup task timeout. Default is 120 seconds, .SH COMMAND \fI\,'dsconf plugin account\-policy'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy [\-h] {show,enable,disable,status,set,config\-entry} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin account\-policy'\/\fR .TP \fBdsconf plugin account\-policy\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin account\-policy\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin account\-policy\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin account\-policy\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin account\-policy\fR \fI\,set\/\fR Edit the plugin settings .TP \fBdsconf plugin account\-policy\fR \fI\,config\-entry\/\fR Manage the config entry .SH COMMAND \fI\,'dsconf plugin account\-policy show'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy show [\-h] .SH COMMAND \fI\,'dsconf plugin account\-policy enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy enable [\-h] .SH COMMAND \fI\,'dsconf plugin account\-policy disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy disable [\-h] .SH COMMAND \fI\,'dsconf plugin account\-policy status'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy status [\-h] .SH COMMAND \fI\,'dsconf plugin account\-policy set'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy set [\-h] [\-\-config\-entry CONFIG_ENTRY] .SH OPTIONS \fI\,'dsconf plugin account\-policy set'\/\fR .TP \fB\-\-config\-entry\fR \fI\,CONFIG_ENTRY\/\fR Sets the nsslapd\-pluginarg0 attribute .SH COMMAND \fI\,'dsconf plugin account\-policy config\-entry'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy config\-entry [\-h] {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin account\-policy config\-entry'\/\fR .TP \fBdsconf plugin account\-policy config\-entry\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin account\-policy config\-entry\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin account\-policy config\-entry\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin account\-policy config\-entry\fR \fI\,delete\/\fR Delete the config entry .SH COMMAND \fI\,'dsconf plugin account\-policy config\-entry add'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy config\-entry add [\-h] [\-\-always\-record\-login {yes,no}] [\-\-alt\-state\-attr ALT_STATE_ATTR] [\-\-always\-record\-login\-attr ALWAYS_RECORD_LOGIN_ATTR] [\-\-limit\-attr LIMIT_ATTR] [\-\-spec\-attr SPEC_ATTR] [\-\-state\-attr STATE_ATTR] [\-\-login\-history\-size LOGIN_HISTORY_SIZE] [\-\-check\-all\-state\-attrs {yes,no}] DN .TP \fBDN\fR The full DN of the config entry .SH OPTIONS \fI\,'dsconf plugin account\-policy config\-entry add'\/\fR .TP \fB\-\-always\-record\-login\fR \fI\,{yes,no}\/\fR Sets that every entry records its last login time (alwaysRecordLogin) .TP \fB\-\-alt\-state\-attr\fR \fI\,ALT_STATE_ATTR\/\fR Provides a backup attribute for the server to reference to evaluate the expiration time (altStateAttrName) .TP \fB\-\-always\-record\-login\-attr\fR \fI\,ALWAYS_RECORD_LOGIN_ATTR\/\fR Specifies the attribute to store the time of the last successful login in this attribute in the users directory entry (alwaysRecordLoginAttr) .TP \fB\-\-limit\-attr\fR \fI\,LIMIT_ATTR\/\fR Specifies the attribute within the policy to use for the account inactivation limit (limitAttrName) .TP \fB\-\-spec\-attr\fR \fI\,SPEC_ATTR\/\fR Specifies the attribute to identify which entries are account policy configuration entries (specAttrName) .TP \fB\-\-state\-attr\fR \fI\,STATE_ATTR\/\fR Specifies the primary time attribute used to evaluate an account policy (stateAttrName) .TP \fB\-\-login\-history\-size\fR \fI\,LOGIN_HISTORY_SIZE\/\fR Specifies the number of login timestamps to store (lastLoginHistSize) ) .TP \fB\-\-check\-all\-state\-attrs\fR \fI\,{yes,no}\/\fR Check both state and alternate state attributes for account state .SH COMMAND \fI\,'dsconf plugin account\-policy config\-entry set'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy config\-entry set [\-h] [\-\-always\-record\-login {yes,no}] [\-\-alt\-state\-attr ALT_STATE_ATTR] [\-\-always\-record\-login\-attr ALWAYS_RECORD_LOGIN_ATTR] [\-\-limit\-attr LIMIT_ATTR] [\-\-spec\-attr SPEC_ATTR] [\-\-state\-attr STATE_ATTR] [\-\-login\-history\-size LOGIN_HISTORY_SIZE] [\-\-check\-all\-state\-attrs {yes,no}] DN .TP \fBDN\fR The full DN of the config entry .SH OPTIONS \fI\,'dsconf plugin account\-policy config\-entry set'\/\fR .TP \fB\-\-always\-record\-login\fR \fI\,{yes,no}\/\fR Sets that every entry records its last login time (alwaysRecordLogin) .TP \fB\-\-alt\-state\-attr\fR \fI\,ALT_STATE_ATTR\/\fR Provides a backup attribute for the server to reference to evaluate the expiration time (altStateAttrName) .TP \fB\-\-always\-record\-login\-attr\fR \fI\,ALWAYS_RECORD_LOGIN_ATTR\/\fR Specifies the attribute to store the time of the last successful login in this attribute in the users directory entry (alwaysRecordLoginAttr) .TP \fB\-\-limit\-attr\fR \fI\,LIMIT_ATTR\/\fR Specifies the attribute within the policy to use for the account inactivation limit (limitAttrName) .TP \fB\-\-spec\-attr\fR \fI\,SPEC_ATTR\/\fR Specifies the attribute to identify which entries are account policy configuration entries (specAttrName) .TP \fB\-\-state\-attr\fR \fI\,STATE_ATTR\/\fR Specifies the primary time attribute used to evaluate an account policy (stateAttrName) .TP \fB\-\-login\-history\-size\fR \fI\,LOGIN_HISTORY_SIZE\/\fR Specifies the number of login timestamps to store (lastLoginHistSize) ) .TP \fB\-\-check\-all\-state\-attrs\fR \fI\,{yes,no}\/\fR Check both state and alternate state attributes for account state .SH COMMAND \fI\,'dsconf plugin account\-policy config\-entry show'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy config\-entry show [\-h] DN .TP \fBDN\fR The full DN of the config entry .SH COMMAND \fI\,'dsconf plugin account\-policy config\-entry delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin account\-policy config\-entry delete [\-h] DN .TP \fBDN\fR The full DN of the config entry .SH COMMAND \fI\,'dsconf plugin attr\-uniq'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq [\-h] {list,add,set,show,delete,enable,disable,status} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin attr\-uniq'\/\fR .TP \fBdsconf plugin attr\-uniq\fR \fI\,list\/\fR Lists available plugin configs .TP \fBdsconf plugin attr\-uniq\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin attr\-uniq\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin attr\-uniq\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin attr\-uniq\fR \fI\,delete\/\fR Delete the config entry .TP \fBdsconf plugin attr\-uniq\fR \fI\,enable\/\fR enable plugin .TP \fBdsconf plugin attr\-uniq\fR \fI\,disable\/\fR disable plugin .TP \fBdsconf plugin attr\-uniq\fR \fI\,status\/\fR display plugin status .SH COMMAND \fI\,'dsconf plugin attr\-uniq list'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq list [\-h] .SH COMMAND \fI\,'dsconf plugin attr\-uniq add'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq add [\-h] [\-\-enabled {on,off}] [\-\-attr\-name ATTR_NAME [ATTR_NAME ...]] [\-\-subtree SUBTREE [SUBTREE ...]] [\-\-across\-all\-subtrees {on,off}] [\-\-top\-entry\-oc TOP_ENTRY_OC] [\-\-subtree\-entries\-oc SUBTREE_ENTRIES_OC] NAME .TP \fBNAME\fR The name of the plug\-in configuration record. (cn) You can use any string, but "attribute_name Attribute Uniqueness" is recommended. .SH OPTIONS \fI\,'dsconf plugin attr\-uniq add'\/\fR .TP \fB\-\-enabled\fR \fI\,{on,off}\/\fR Identifies whether or not the config is enabled. .TP \fB\-\-attr\-name\fR \fI\,ATTR_NAME [ATTR_NAME ...]\/\fR Sets the name of the attribute whose values must be unique. This attribute is multi\-valued. (uniqueness\-attribute\-name) .TP \fB\-\-subtree\fR \fI\,SUBTREE [SUBTREE ...]\/\fR Sets the DN under which the plug\-in checks for uniqueness of the attributes value. This attribute is multi\-valued (uniqueness\-subtrees) .TP \fB\-\-across\-all\-subtrees\fR \fI\,{on,off}\/\fR If enabled (on), the plug\-in checks that the attribute is unique across all subtrees set. If you set the attribute to off, uniqueness is only enforced within the subtree of the updated entry (uniqueness\-across\-all\-subtrees) .TP \fB\-\-top\-entry\-oc\fR \fI\,TOP_ENTRY_OC\/\fR Verifies that the value of the attribute set in uniqueness\-attribute\-name is unique in this subtree (uniqueness\-top\-entry\-oc) .TP \fB\-\-subtree\-entries\-oc\fR \fI\,SUBTREE_ENTRIES_OC\/\fR Verifies if an attribute is unique, if the entry contains the object class set in this parameter (uniqueness\-subtree\-entries\-oc) .SH COMMAND \fI\,'dsconf plugin attr\-uniq set'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq set [\-h] [\-\-enabled {on,off}] [\-\-attr\-name ATTR_NAME [ATTR_NAME ...]] [\-\-subtree SUBTREE [SUBTREE ...]] [\-\-across\-all\-subtrees {on,off}] [\-\-top\-entry\-oc TOP_ENTRY_OC] [\-\-subtree\-entries\-oc SUBTREE_ENTRIES_OC] NAME .TP \fBNAME\fR The name of the plug\-in configuration record. (cn) You can use any string, but "attribute_name Attribute Uniqueness" is recommended. .SH OPTIONS \fI\,'dsconf plugin attr\-uniq set'\/\fR .TP \fB\-\-enabled\fR \fI\,{on,off}\/\fR Identifies whether or not the config is enabled. .TP \fB\-\-attr\-name\fR \fI\,ATTR_NAME [ATTR_NAME ...]\/\fR Sets the name of the attribute whose values must be unique. This attribute is multi\-valued. (uniqueness\-attribute\-name) .TP \fB\-\-subtree\fR \fI\,SUBTREE [SUBTREE ...]\/\fR Sets the DN under which the plug\-in checks for uniqueness of the attributes value. This attribute is multi\-valued (uniqueness\-subtrees) .TP \fB\-\-across\-all\-subtrees\fR \fI\,{on,off}\/\fR If enabled (on), the plug\-in checks that the attribute is unique across all subtrees set. If you set the attribute to off, uniqueness is only enforced within the subtree of the updated entry (uniqueness\-across\-all\-subtrees) .TP \fB\-\-top\-entry\-oc\fR \fI\,TOP_ENTRY_OC\/\fR Verifies that the value of the attribute set in uniqueness\-attribute\-name is unique in this subtree (uniqueness\-top\-entry\-oc) .TP \fB\-\-subtree\-entries\-oc\fR \fI\,SUBTREE_ENTRIES_OC\/\fR Verifies if an attribute is unique, if the entry contains the object class set in this parameter (uniqueness\-subtree\-entries\-oc) .SH COMMAND \fI\,'dsconf plugin attr\-uniq show'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq show [\-h] NAME .TP \fBNAME\fR The name of the plug\-in configuration record .SH COMMAND \fI\,'dsconf plugin attr\-uniq delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq delete [\-h] NAME .TP \fBNAME\fR The name of the plug\-in configuration record .SH COMMAND \fI\,'dsconf plugin attr\-uniq enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq enable [\-h] NAME .TP \fBNAME\fR The name of the plug\-in configuration record .SH COMMAND \fI\,'dsconf plugin attr\-uniq disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq disable [\-h] NAME .TP \fBNAME\fR The name of the plug\-in configuration record .SH COMMAND \fI\,'dsconf plugin attr\-uniq status'\/\fR usage: dsconf [\-v] [\-j] instance plugin attr\-uniq status [\-h] NAME .TP \fBNAME\fR The name of the plug\-in configuration record .SH COMMAND \fI\,'dsconf plugin dna'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna [\-h] {show,enable,disable,status,list,config} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin dna'\/\fR .TP \fBdsconf plugin dna\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin dna\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin dna\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin dna\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin dna\fR \fI\,list\/\fR List available plugin configs .TP \fBdsconf plugin dna\fR \fI\,config\/\fR Manage plugin configs .SH COMMAND \fI\,'dsconf plugin dna show'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna show [\-h] .SH COMMAND \fI\,'dsconf plugin dna enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna enable [\-h] .SH COMMAND \fI\,'dsconf plugin dna disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna disable [\-h] .SH COMMAND \fI\,'dsconf plugin dna status'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna status [\-h] .SH COMMAND \fI\,'dsconf plugin dna list'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna list [\-h] {configs,shared\-configs} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin dna list'\/\fR .TP \fBdsconf plugin dna list\fR \fI\,configs\/\fR List main DNA plugin config entries .TP \fBdsconf plugin dna list\fR \fI\,shared\-configs\/\fR List DNA plugin shared config entries .SH COMMAND \fI\,'dsconf plugin dna list configs'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna list configs [\-h] .SH COMMAND \fI\,'dsconf plugin dna list shared\-configs'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna list shared\-configs [\-h] BASEDN .TP \fBBASEDN\fR The search DN .SH COMMAND \fI\,'dsconf plugin dna config'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config [\-h] NAME {add,set,show,delete,shared\-config\-entry} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin dna config'\/\fR .TP \fBdsconf plugin dna config\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin dna config\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin dna config\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin dna config\fR \fI\,delete\/\fR Delete the config entry .TP \fBdsconf plugin dna config\fR \fI\,shared\-config\-entry\/\fR Manage the shared config entry .SH COMMAND \fI\,'dsconf plugin dna config add'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME add [\-h] [\-\-type TYPE [TYPE ...]] [\-\-prefix PREFIX] [\-\-next\-value NEXT_VALUE] [\-\-max\-value MAX_VALUE] [\-\-interval INTERVAL] [\-\-magic\-regen MAGIC_REGEN] [\-\-filter FILTER] [\-\-scope SCOPE] [\-\-remote\-bind\-dn REMOTE_BIND_DN] [\-\-remote\-bind\-cred REMOTE_BIND_CRED] [\-\-shared\-config\-entry SHARED_CONFIG_ENTRY] [\-\-threshold THRESHOLD] [\-\-next\-range NEXT_RANGE] [\-\-range\-request\-timeout RANGE_REQUEST_TIMEOUT] .SH OPTIONS \fI\,'dsconf plugin dna config add'\/\fR .TP \fB\-\-type\fR \fI\,TYPE [TYPE ...]\/\fR Sets which attributes have unique numbers being generated for them (dnaType) .TP \fB\-\-prefix\fR \fI\,PREFIX\/\fR Defines a prefix that can be prepended to the generated number values for the attribute (dnaPrefix) .TP \fB\-\-next\-value\fR \fI\,NEXT_VALUE\/\fR Sets the next available number which can be assigned (dnaNextValue) .TP \fB\-\-max\-value\fR \fI\,MAX_VALUE\/\fR Sets the maximum value that can be assigned for the range (dnaMaxValue) .TP \fB\-\-interval\fR \fI\,INTERVAL\/\fR Sets an interval to use to increment through numbers in a range (dnaInterval) .TP \fB\-\-magic\-regen\fR \fI\,MAGIC_REGEN\/\fR Sets a user\-defined value that instructs the plug\-in to assign a new value for the entry (dnaMagicRegen) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets an LDAP filter to use to search for and identify the entries to which to apply the distributed numeric assignment range (dnaFilter) .TP \fB\-\-scope\fR \fI\,SCOPE\/\fR Sets the base DN to search for entries to which to apply the distributed numeric assignment (dnaScope) .TP \fB\-\-remote\-bind\-dn\fR \fI\,REMOTE_BIND_DN\/\fR Specifies the Replication Manager DN (dnaRemoteBindDN) .TP \fB\-\-remote\-bind\-cred\fR \fI\,REMOTE_BIND_CRED\/\fR Specifies the Replication Manager's password (dnaRemoteBindCred) .TP \fB\-\-shared\-config\-entry\fR \fI\,SHARED_CONFIG_ENTRY\/\fR Defines a shared identity that the servers can use to transfer ranges to one another (dnaSharedCfgDN) .TP \fB\-\-threshold\fR \fI\,THRESHOLD\/\fR Sets a threshold of remaining available numbers in the range. When the server hits the threshold, it sends a request for a new range (dnaThreshold) .TP \fB\-\-next\-range\fR \fI\,NEXT_RANGE\/\fR Defines the next range to use when the current range is exhausted (dnaNextRange) .TP \fB\-\-range\-request\-timeout\fR \fI\,RANGE_REQUEST_TIMEOUT\/\fR Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on a new range from one server and can request a range from a new server (dnaRangeRequestTimeout) .SH COMMAND \fI\,'dsconf plugin dna config set'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME set [\-h] [\-\-type TYPE [TYPE ...]] [\-\-prefix PREFIX] [\-\-next\-value NEXT_VALUE] [\-\-max\-value MAX_VALUE] [\-\-interval INTERVAL] [\-\-magic\-regen MAGIC_REGEN] [\-\-filter FILTER] [\-\-scope SCOPE] [\-\-remote\-bind\-dn REMOTE_BIND_DN] [\-\-remote\-bind\-cred REMOTE_BIND_CRED] [\-\-shared\-config\-entry SHARED_CONFIG_ENTRY] [\-\-threshold THRESHOLD] [\-\-next\-range NEXT_RANGE] [\-\-range\-request\-timeout RANGE_REQUEST_TIMEOUT] .SH OPTIONS \fI\,'dsconf plugin dna config set'\/\fR .TP \fB\-\-type\fR \fI\,TYPE [TYPE ...]\/\fR Sets which attributes have unique numbers being generated for them (dnaType) .TP \fB\-\-prefix\fR \fI\,PREFIX\/\fR Defines a prefix that can be prepended to the generated number values for the attribute (dnaPrefix) .TP \fB\-\-next\-value\fR \fI\,NEXT_VALUE\/\fR Sets the next available number which can be assigned (dnaNextValue) .TP \fB\-\-max\-value\fR \fI\,MAX_VALUE\/\fR Sets the maximum value that can be assigned for the range (dnaMaxValue) .TP \fB\-\-interval\fR \fI\,INTERVAL\/\fR Sets an interval to use to increment through numbers in a range (dnaInterval) .TP \fB\-\-magic\-regen\fR \fI\,MAGIC_REGEN\/\fR Sets a user\-defined value that instructs the plug\-in to assign a new value for the entry (dnaMagicRegen) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets an LDAP filter to use to search for and identify the entries to which to apply the distributed numeric assignment range (dnaFilter) .TP \fB\-\-scope\fR \fI\,SCOPE\/\fR Sets the base DN to search for entries to which to apply the distributed numeric assignment (dnaScope) .TP \fB\-\-remote\-bind\-dn\fR \fI\,REMOTE_BIND_DN\/\fR Specifies the Replication Manager DN (dnaRemoteBindDN) .TP \fB\-\-remote\-bind\-cred\fR \fI\,REMOTE_BIND_CRED\/\fR Specifies the Replication Manager's password (dnaRemoteBindCred) .TP \fB\-\-shared\-config\-entry\fR \fI\,SHARED_CONFIG_ENTRY\/\fR Defines a shared identity that the servers can use to transfer ranges to one another (dnaSharedCfgDN) .TP \fB\-\-threshold\fR \fI\,THRESHOLD\/\fR Sets a threshold of remaining available numbers in the range. When the server hits the threshold, it sends a request for a new range (dnaThreshold) .TP \fB\-\-next\-range\fR \fI\,NEXT_RANGE\/\fR Defines the next range to use when the current range is exhausted (dnaNextRange) .TP \fB\-\-range\-request\-timeout\fR \fI\,RANGE_REQUEST_TIMEOUT\/\fR Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on a new range from one server and can request a range from a new server (dnaRangeRequestTimeout) .SH COMMAND \fI\,'dsconf plugin dna config show'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME show [\-h] .SH COMMAND \fI\,'dsconf plugin dna config delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME delete [\-h] .SH COMMAND \fI\,'dsconf plugin dna config shared\-config\-entry'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME shared\-config\-entry [\-h] SHARED_CFG {set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin dna config shared\-config\-entry'\/\fR .TP \fBdsconf plugin dna config shared\-config\-entry\fR \fI\,set\/\fR Edit the shared config entry .TP \fBdsconf plugin dna config shared\-config\-entry\fR \fI\,show\/\fR Display the shared config entry .TP \fBdsconf plugin dna config shared\-config\-entry\fR \fI\,delete\/\fR Delete the shared config entry .SH COMMAND \fI\,'dsconf plugin dna config shared\-config\-entry set'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME shared\-config\-entry SHARED_CFG set [\-h] [\-\-remote\-bind\-method REMOTE_BIND_METHOD] [\-\-remote\-conn\-protocol REMOTE_CONN_PROTOCOL] .SH OPTIONS \fI\,'dsconf plugin dna config shared\-config\-entry set'\/\fR .TP \fB\-\-remote\-bind\-method\fR \fI\,REMOTE_BIND_METHOD\/\fR Specifies the remote bind method "SIMPLE", "SSL" (for SSL client auth), "SASL/GSSAPI", or "SASL/DIGEST\-MD5" (dnaRemoteBindMethod) .TP \fB\-\-remote\-conn\-protocol\fR \fI\,REMOTE_CONN_PROTOCOL\/\fR Specifies the remote connection protocol "LDAP", or "TLS" (dnaRemoteConnProtocol) .SH COMMAND \fI\,'dsconf plugin dna config shared\-config\-entry show'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME shared\-config\-entry SHARED_CFG show [\-h] .SH COMMAND \fI\,'dsconf plugin dna config shared\-config\-entry delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin dna config NAME shared\-config\-entry SHARED_CFG delete [\-h] .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth'\/\fR usage: dsconf instance [\-v] [\-j] plugin ldap\-pass\-through\-auth [\-h] {show,enable,disable,status,list,add,modify,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin ldap\-pass\-through\-auth'\/\fR .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,list\/\fR Lists LDAP URLs .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,add\/\fR Add an LDAP url to the config entry .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,modify\/\fR Edit the LDAP pass through config entry .TP \fBdsconf plugin ldap\-pass\-through\-auth\fR \fI\,delete\/\fR Delete a URL from the config entry .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth show'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth show [\-h] .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth enable [\-h] .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth disable [\-h] .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth status'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth status [\-h] .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth list'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth list [\-h] .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth add'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth add [\-h] URL .TP \fBURL\fR The full LDAP URL in format "ldap|ldaps://authDS/subtree maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the rest should be specified too .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth modify'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth modify [\-h] OLD_URL NEW_URL .TP \fBOLD_URL\fR The full LDAP URL you get from the "list" command .TP \fBNEW_URL\fR Sets the full LDAP URL in format "ldap|ldaps://authDS/subtree maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the rest should be specified too. .SH COMMAND \fI\,'dsconf plugin ldap\-pass\-through\-auth delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin ldap\-pass\-through\-auth delete [\-h] URL .TP \fBURL\fR The full LDAP URL you get from the "list" command .SH COMMAND \fI\,'dsconf plugin linked\-attr'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr [\-h] {show,enable,disable,status,fixup,fixup\-status,list,config} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin linked\-attr'\/\fR .TP \fBdsconf plugin linked\-attr\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin linked\-attr\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin linked\-attr\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin linked\-attr\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin linked\-attr\fR \fI\,fixup\/\fR Run the fix\-up task for linked attributes plugin .TP \fBdsconf plugin linked\-attr\fR \fI\,fixup\-status\/\fR Check the status of a fix\-up task .TP \fBdsconf plugin linked\-attr\fR \fI\,list\/\fR List available plugin configs .TP \fBdsconf plugin linked\-attr\fR \fI\,config\/\fR Manage plugin configs .SH COMMAND \fI\,'dsconf plugin linked\-attr show'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr show [\-h] .SH COMMAND \fI\,'dsconf plugin linked\-attr enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr enable [\-h] .SH COMMAND \fI\,'dsconf plugin linked\-attr disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr disable [\-h] .SH COMMAND \fI\,'dsconf plugin linked\-attr status'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr status [\-h] .SH COMMAND \fI\,'dsconf plugin linked\-attr fixup'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr fixup [\-h] [\-l LINKDN] [\-\-wait] .SH OPTIONS \fI\,'dsconf plugin linked\-attr fixup'\/\fR .TP \fB\-l\fR \fI\,LINKDN\/\fR, \fB\-\-linkdn\fR \fI\,LINKDN\/\fR Sets the base DN that contains entries to fix up .TP \fB\-\-wait\fR Wait for the task to finish, this could take a long time .SH COMMAND \fI\,'dsconf plugin linked\-attr fixup\-status'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr fixup\-status [\-h] [\-\-dn DN] [\-\-show\-log] [\-\-watch] .SH OPTIONS \fI\,'dsconf plugin linked\-attr fixup\-status'\/\fR .TP \fB\-\-dn\fR \fI\,DN\/\fR The task entry's DN .TP \fB\-\-show\-log\fR Display the task log .TP \fB\-\-watch\fR Watch the task's status and wait for it to finish .SH COMMAND \fI\,'dsconf plugin linked\-attr list'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr list [\-h] .SH COMMAND \fI\,'dsconf plugin linked\-attr config'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr config [\-h] NAME {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin linked\-attr config'\/\fR .TP \fBdsconf plugin linked\-attr config\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin linked\-attr config\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin linked\-attr config\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin linked\-attr config\fR \fI\,delete\/\fR Delete the config entry .SH COMMAND \fI\,'dsconf plugin linked\-attr config add'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr config NAME add [\-h] [\-\-link\-type LINK_TYPE] [\-\-managed\-type MANAGED_TYPE] [\-\-link\-scope LINK_SCOPE] .SH OPTIONS \fI\,'dsconf plugin linked\-attr config add'\/\fR .TP \fB\-\-link\-type\fR \fI\,LINK_TYPE\/\fR Sets the attribute that is managed manually by administrators (linkType) .TP \fB\-\-managed\-type\fR \fI\,MANAGED_TYPE\/\fR Sets the attribute that is created dynamically by the plugin (managedType) .TP \fB\-\-link\-scope\fR \fI\,LINK_SCOPE\/\fR Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope) .SH COMMAND \fI\,'dsconf plugin linked\-attr config set'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr config NAME set [\-h] [\-\-link\-type LINK_TYPE] [\-\-managed\-type MANAGED_TYPE] [\-\-link\-scope LINK_SCOPE] .SH OPTIONS \fI\,'dsconf plugin linked\-attr config set'\/\fR .TP \fB\-\-link\-type\fR \fI\,LINK_TYPE\/\fR Sets the attribute that is managed manually by administrators (linkType) .TP \fB\-\-managed\-type\fR \fI\,MANAGED_TYPE\/\fR Sets the attribute that is created dynamically by the plugin (managedType) .TP \fB\-\-link\-scope\fR \fI\,LINK_SCOPE\/\fR Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope) .SH COMMAND \fI\,'dsconf plugin linked\-attr config show'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr config NAME show [\-h] .SH COMMAND \fI\,'dsconf plugin linked\-attr config delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin linked\-attr config NAME delete [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries [\-h] {show,enable,disable,status,set,list,config,template} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin managed\-entries'\/\fR .TP \fBdsconf plugin managed\-entries\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin managed\-entries\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin managed\-entries\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin managed\-entries\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin managed\-entries\fR \fI\,set\/\fR Edit the plugin settings .TP \fBdsconf plugin managed\-entries\fR \fI\,list\/\fR List Managed Entries Plugin configs and templates .TP \fBdsconf plugin managed\-entries\fR \fI\,config\/\fR Handle Managed Entries Plugin configs .TP \fBdsconf plugin managed\-entries\fR \fI\,template\/\fR Handle Managed Entries Plugin templates .SH COMMAND \fI\,'dsconf plugin managed\-entries show'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries show [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries enable [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries disable [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries status'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries status [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries set'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries set [\-h] [\-\-config\-area CONFIG_AREA] .SH OPTIONS \fI\,'dsconf plugin managed\-entries set'\/\fR .TP \fB\-\-config\-area\fR \fI\,CONFIG_AREA\/\fR Sets the value of the nsslapd\-pluginConfigArea attribute .SH COMMAND \fI\,'dsconf plugin managed\-entries list'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries list [\-h] {configs,templates} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin managed\-entries list'\/\fR .TP \fBdsconf plugin managed\-entries list\fR \fI\,configs\/\fR List Managed Entries Plugin configs (list config\-area if specified in the main plugin entry) .TP \fBdsconf plugin managed\-entries list\fR \fI\,templates\/\fR List Managed Entries Plugin templates in the directory .SH COMMAND \fI\,'dsconf plugin managed\-entries list configs'\/\fR usage: dsconf instance [\-v] [\-j] plugin managed\-entries list configs [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries list templates'\/\fR usage: dsconf instance [\-v] [\-j] plugin managed\-entries list templates [\-h] [BASEDN] .TP \fBBASEDN\fR The base DN where to search the templates .SH COMMAND \fI\,'dsconf plugin managed\-entries config'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries config [\-h] NAME {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin managed\-entries config'\/\fR .TP \fBdsconf plugin managed\-entries config\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin managed\-entries config\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin managed\-entries config\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin managed\-entries config\fR \fI\,delete\/\fR Delete the config entry .SH COMMAND \fI\,'dsconf plugin managed\-entries config add'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries config NAME add [\-h] [\-\-scope SCOPE] [\-\-filter FILTER] [\-\-managed\-base MANAGED_BASE] [\-\-managed\-template MANAGED_TEMPLATE] .SH OPTIONS \fI\,'dsconf plugin managed\-entries config add'\/\fR .TP \fB\-\-scope\fR \fI\,SCOPE\/\fR Sets the scope of the search to use to see which entries the plug\-in monitors (originScope) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets the search filter to use to search for and identify the entries within the subtree which require a managed entry (originFilter) .TP \fB\-\-managed\-base\fR \fI\,MANAGED_BASE\/\fR Sets the subtree under which to create the managed entries (managedBase) .TP \fB\-\-managed\-template\fR \fI\,MANAGED_TEMPLATE\/\fR Identifies the template entry to use to create the managed entry (managedTemplate) .SH COMMAND \fI\,'dsconf plugin managed\-entries config set'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries config NAME set [\-h] [\-\-scope SCOPE] [\-\-filter FILTER] [\-\-managed\-base MANAGED_BASE] [\-\-managed\-template MANAGED_TEMPLATE] .SH OPTIONS \fI\,'dsconf plugin managed\-entries config set'\/\fR .TP \fB\-\-scope\fR \fI\,SCOPE\/\fR Sets the scope of the search to use to see which entries the plug\-in monitors (originScope) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets the search filter to use to search for and identify the entries within the subtree which require a managed entry (originFilter) .TP \fB\-\-managed\-base\fR \fI\,MANAGED_BASE\/\fR Sets the subtree under which to create the managed entries (managedBase) .TP \fB\-\-managed\-template\fR \fI\,MANAGED_TEMPLATE\/\fR Identifies the template entry to use to create the managed entry (managedTemplate) .SH COMMAND \fI\,'dsconf plugin managed\-entries config show'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries config NAME show [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries config delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries config NAME delete [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries template'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries template [\-h] DN {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin managed\-entries template'\/\fR .TP \fBdsconf plugin managed\-entries template\fR \fI\,add\/\fR Add the template entry .TP \fBdsconf plugin managed\-entries template\fR \fI\,set\/\fR Edit the template entry .TP \fBdsconf plugin managed\-entries template\fR \fI\,show\/\fR Display the template entry .TP \fBdsconf plugin managed\-entries template\fR \fI\,delete\/\fR Delete the template entry .SH COMMAND \fI\,'dsconf plugin managed\-entries template add'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries template DN add [\-h] [\-\-rdn\-attr RDN_ATTR] [\-\-static\-attr STATIC_ATTR [STATIC_ATTR ...]] [\-\-mapped\-attr MAPPED_ATTR [MAPPED_ATTR ...]] .SH OPTIONS \fI\,'dsconf plugin managed\-entries template add'\/\fR .TP \fB\-\-rdn\-attr\fR \fI\,RDN_ATTR\/\fR Sets which attribute to use as the naming attribute in the automatically\- generated entry (mepRDNAttr) .TP \fB\-\-static\-attr\fR \fI\,STATIC_ATTR [STATIC_ATTR ...]\/\fR Sets an attribute with a defined value that must be added to the automatically\-generated entry (mepStaticAttr) .TP \fB\-\-mapped\-attr\fR \fI\,MAPPED_ATTR [MAPPED_ATTR ...]\/\fR Sets attributes in the Managed Entries template entry which must exist in the generated entry (mepMappedAttr) .SH COMMAND \fI\,'dsconf plugin managed\-entries template set'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries template DN set [\-h] [\-\-rdn\-attr RDN_ATTR] [\-\-static\-attr STATIC_ATTR [STATIC_ATTR ...]] [\-\-mapped\-attr MAPPED_ATTR [MAPPED_ATTR ...]] .SH OPTIONS \fI\,'dsconf plugin managed\-entries template set'\/\fR .TP \fB\-\-rdn\-attr\fR \fI\,RDN_ATTR\/\fR Sets which attribute to use as the naming attribute in the automatically\- generated entry (mepRDNAttr) .TP \fB\-\-static\-attr\fR \fI\,STATIC_ATTR [STATIC_ATTR ...]\/\fR Sets an attribute with a defined value that must be added to the automatically\-generated entry (mepStaticAttr) .TP \fB\-\-mapped\-attr\fR \fI\,MAPPED_ATTR [MAPPED_ATTR ...]\/\fR Sets attributes in the Managed Entries template entry which must exist in the generated entry (mepMappedAttr) .SH COMMAND \fI\,'dsconf plugin managed\-entries template show'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries template DN show [\-h] .SH COMMAND \fI\,'dsconf plugin managed\-entries template delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin managed\-entries template DN delete [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth'\/\fR usage: dsconf instance [\-v] [\-j] plugin pam\-pass\-through\-auth [\-h] {show,enable,disable,status,list,config} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pam\-pass\-through\-auth'\/\fR .TP \fBdsconf plugin pam\-pass\-through\-auth\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin pam\-pass\-through\-auth\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin pam\-pass\-through\-auth\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin pam\-pass\-through\-auth\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin pam\-pass\-through\-auth\fR \fI\,list\/\fR Lists PAM configurations .TP \fBdsconf plugin pam\-pass\-through\-auth\fR \fI\,config\/\fR Manage PAM PTA configurations. .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth show'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth show [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth enable [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth disable [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth status'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth status [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth list'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth list [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth config'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth config [\-h] NAME {add,set,show,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pam\-pass\-through\-auth config'\/\fR .TP \fBdsconf plugin pam\-pass\-through\-auth config\fR \fI\,add\/\fR Add the config entry .TP \fBdsconf plugin pam\-pass\-through\-auth config\fR \fI\,set\/\fR Edit the config entry .TP \fBdsconf plugin pam\-pass\-through\-auth config\fR \fI\,show\/\fR Display the config entry .TP \fBdsconf plugin pam\-pass\-through\-auth config\fR \fI\,delete\/\fR Delete the config entry .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth config add'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth config NAME add [\-h] [\-\-exclude\-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]] [\-\-include\-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]] [\-\-missing\-suffix {ERROR,ALLOW,IGNORE,delete,}] [\-\-filter FILTER] [\-\-id\-attr ID_ATTR] [\-\-id_map_method ID_MAP_METHOD] [\-\-fallback {TRUE,FALSE}] [\-\-secure {TRUE,FALSE}] [\-\-service SERVICE] .SH OPTIONS \fI\,'dsconf plugin pam\-pass\-through\-auth config add'\/\fR .TP \fB\-\-exclude\-suffix\fR \fI\,EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]\/\fR Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix) .TP \fB\-\-include\-suffix\fR \fI\,INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]\/\fR Sets a suffix to include for PAM authentication (pamIncludeSuffix) .TP \fB\-\-missing\-suffix\fR \fI\,{ERROR,ALLOW,IGNORE,delete,}\/\fR Identifies how to handle missing include or exclude suffixes (pamMissingSuffix) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets an LDAP filter to use to identify specific entries within the included suffixes for which to use PAM pass\-through authentication (pamFilter) .TP \fB\-\-id\-attr\fR \fI\,ID_ATTR\/\fR Contains the attribute name which is used to hold the PAM user ID (pamIDAttr) .TP \fB\-\-id_map_method\fR \fI\,ID_MAP_METHOD\/\fR Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod) .TP \fB\-\-fallback\fR \fI\,{TRUE,FALSE}\/\fR Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback) .TP \fB\-\-secure\fR \fI\,{TRUE,FALSE}\/\fR Requires secure TLS connection for PAM authentication (pamSecure) .TP \fB\-\-service\fR \fI\,SERVICE\/\fR Contains the service name to pass to PAM (pamService) .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth config set'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth config NAME set [\-h] [\-\-exclude\-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]] [\-\-include\-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]] [\-\-missing\-suffix {ERROR,ALLOW,IGNORE,delete,}] [\-\-filter FILTER] [\-\-id\-attr ID_ATTR] [\-\-id_map_method ID_MAP_METHOD] [\-\-fallback {TRUE,FALSE}] [\-\-secure {TRUE,FALSE}] [\-\-service SERVICE] .SH OPTIONS \fI\,'dsconf plugin pam\-pass\-through\-auth config set'\/\fR .TP \fB\-\-exclude\-suffix\fR \fI\,EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]\/\fR Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix) .TP \fB\-\-include\-suffix\fR \fI\,INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]\/\fR Sets a suffix to include for PAM authentication (pamIncludeSuffix) .TP \fB\-\-missing\-suffix\fR \fI\,{ERROR,ALLOW,IGNORE,delete,}\/\fR Identifies how to handle missing include or exclude suffixes (pamMissingSuffix) .TP \fB\-\-filter\fR \fI\,FILTER\/\fR Sets an LDAP filter to use to identify specific entries within the included suffixes for which to use PAM pass\-through authentication (pamFilter) .TP \fB\-\-id\-attr\fR \fI\,ID_ATTR\/\fR Contains the attribute name which is used to hold the PAM user ID (pamIDAttr) .TP \fB\-\-id_map_method\fR \fI\,ID_MAP_METHOD\/\fR Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod) .TP \fB\-\-fallback\fR \fI\,{TRUE,FALSE}\/\fR Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback) .TP \fB\-\-secure\fR \fI\,{TRUE,FALSE}\/\fR Requires secure TLS connection for PAM authentication (pamSecure) .TP \fB\-\-service\fR \fI\,SERVICE\/\fR Contains the service name to pass to PAM (pamService) .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth config show'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth config NAME show [\-h] .SH COMMAND \fI\,'dsconf plugin pam\-pass\-through\-auth config delete'\/\fR usage: dsconf [\-v] [\-j] instance plugin pam\-pass\-through\-auth config NAME delete [\-h] .SH COMMAND \fI\,'dsconf plugin retro\-changelog'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog [\-h] {show,enable,disable,status,set,add,del} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin retro\-changelog'\/\fR .TP \fBdsconf plugin retro\-changelog\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin retro\-changelog\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin retro\-changelog\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin retro\-changelog\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin retro\-changelog\fR \fI\,set\/\fR Edit the plugin .TP \fBdsconf plugin retro\-changelog\fR \fI\,add\/\fR Add attributes to the plugin .TP \fBdsconf plugin retro\-changelog\fR \fI\,del\/\fR Delete an attribute from plugin scope .SH COMMAND \fI\,'dsconf plugin retro\-changelog show'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog show [\-h] .SH COMMAND \fI\,'dsconf plugin retro\-changelog enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog enable [\-h] .SH COMMAND \fI\,'dsconf plugin retro\-changelog disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog disable [\-h] .SH COMMAND \fI\,'dsconf plugin retro\-changelog status'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog status [\-h] .SH COMMAND \fI\,'dsconf plugin retro\-changelog set'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog set [\-h] [\-\-is\-replicated {TRUE,FALSE}] [\-\-attribute ATTRIBUTE] [\-\-directory DIRECTORY] [\-\-max\-age MAX_AGE] [\-\-trim\-interval TRIM_INTERVAL] [\-\-exclude\-suffix [EXCLUDE_SUFFIX ...]] [\-\-exclude\-attrs [EXCLUDE_ATTRS ...]] .SH OPTIONS \fI\,'dsconf plugin retro\-changelog set'\/\fR .TP \fB\-\-is\-replicated\fR \fI\,{TRUE,FALSE}\/\fR Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated) .TP \fB\-\-attribute\fR \fI\,ATTRIBUTE\/\fR Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd\-attribute) .TP \fB\-\-directory\fR \fI\,DIRECTORY\/\fR Specifies the name of the directory in which the changelog database is created the first time the plug\-in is run .TP \fB\-\-max\-age\fR \fI\,MAX_AGE\/\fR Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd\-changelogmaxage) .TP \fB\-\-trim\-interval\fR \fI\,TRIM_INTERVAL\/\fR . nsslapd\-changelog\-trim\-interval) .TP \fB\-\-exclude\-suffix\fR \fI\,[EXCLUDE_SUFFIX ...]\/\fR Specifies the suffix which will be excluded from the scope of the plugin (nsslapd\-exclude\-suffix) .TP \fB\-\-exclude\-attrs\fR \fI\,[EXCLUDE_ATTRS ...]\/\fR Specifies the attributes which will be excluded from the scope of the plugin (nsslapd\-exclude\-attrs) .SH COMMAND \fI\,'dsconf plugin retro\-changelog add'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog add [\-h] [\-\-is\-replicated {TRUE,FALSE}] [\-\-attribute ATTRIBUTE] [\-\-directory DIRECTORY] [\-\-max\-age MAX_AGE] [\-\-trim\-interval TRIM_INTERVAL] [\-\-exclude\-suffix [EXCLUDE_SUFFIX ...]] [\-\-exclude\-attrs [EXCLUDE_ATTRS ...]] .SH OPTIONS \fI\,'dsconf plugin retro\-changelog add'\/\fR .TP \fB\-\-is\-replicated\fR \fI\,{TRUE,FALSE}\/\fR Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated) .TP \fB\-\-attribute\fR \fI\,ATTRIBUTE\/\fR Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd\-attribute) .TP \fB\-\-directory\fR \fI\,DIRECTORY\/\fR Specifies the name of the directory in which the changelog database is created the first time the plug\-in is run .TP \fB\-\-max\-age\fR \fI\,MAX_AGE\/\fR Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd\-changelogmaxage) .TP \fB\-\-trim\-interval\fR \fI\,TRIM_INTERVAL\/\fR . nsslapd\-changelog\-trim\-interval) .TP \fB\-\-exclude\-suffix\fR \fI\,[EXCLUDE_SUFFIX ...]\/\fR Specifies the suffix which will be excluded from the scope of the plugin (nsslapd\-exclude\-suffix) .TP \fB\-\-exclude\-attrs\fR \fI\,[EXCLUDE_ATTRS ...]\/\fR Specifies the attributes which will be excluded from the scope of the plugin (nsslapd\-exclude\-attrs) .SH COMMAND \fI\,'dsconf plugin retro\-changelog del'\/\fR usage: dsconf [\-v] [\-j] instance plugin retro\-changelog del [\-h] [\-\-is\-replicated {TRUE,FALSE}] [\-\-attribute ATTRIBUTE] [\-\-directory DIRECTORY] [\-\-max\-age MAX_AGE] [\-\-trim\-interval TRIM_INTERVAL] [\-\-exclude\-suffix [EXCLUDE_SUFFIX ...]] [\-\-exclude\-attrs [EXCLUDE_ATTRS ...]] .SH OPTIONS \fI\,'dsconf plugin retro\-changelog del'\/\fR .TP \fB\-\-is\-replicated\fR \fI\,{TRUE,FALSE}\/\fR Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated) .TP \fB\-\-attribute\fR \fI\,ATTRIBUTE\/\fR Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd\-attribute) .TP \fB\-\-directory\fR \fI\,DIRECTORY\/\fR Specifies the name of the directory in which the changelog database is created the first time the plug\-in is run .TP \fB\-\-max\-age\fR \fI\,MAX_AGE\/\fR Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd\-changelogmaxage) .TP \fB\-\-trim\-interval\fR \fI\,TRIM_INTERVAL\/\fR . nsslapd\-changelog\-trim\-interval) .TP \fB\-\-exclude\-suffix\fR \fI\,[EXCLUDE_SUFFIX ...]\/\fR Specifies the suffix which will be excluded from the scope of the plugin (nsslapd\-exclude\-suffix) .TP \fB\-\-exclude\-attrs\fR \fI\,[EXCLUDE_ATTRS ...]\/\fR Specifies the attributes which will be excluded from the scope of the plugin (nsslapd\-exclude\-attrs) .SH COMMAND \fI\,'dsconf plugin posix\-winsync'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync [\-h] {show,enable,disable,status,set,fixup} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin posix\-winsync'\/\fR .TP \fBdsconf plugin posix\-winsync\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin posix\-winsync\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin posix\-winsync\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin posix\-winsync\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin posix\-winsync\fR \fI\,set\/\fR Edit the plugin settings .TP \fBdsconf plugin posix\-winsync\fR \fI\,fixup\/\fR Run the memberOf fix\-up task to correct mismatched member and uniquemember values for synced users .SH COMMAND \fI\,'dsconf plugin posix\-winsync show'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync show [\-h] .SH COMMAND \fI\,'dsconf plugin posix\-winsync enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync enable [\-h] .SH COMMAND \fI\,'dsconf plugin posix\-winsync disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync disable [\-h] .SH COMMAND \fI\,'dsconf plugin posix\-winsync status'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync status [\-h] .SH COMMAND \fI\,'dsconf plugin posix\-winsync set'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync set [\-h] [\-\-create\-memberof\-task {true,false}] [\-\-lower\-case\-uid {true,false}] [\-\-map\-member\-uid {true,false}] [\-\-map\-nested\-grouping {true,false}] [\-\-ms\-sfu\-schema {true,false}] .SH OPTIONS \fI\,'dsconf plugin posix\-winsync set'\/\fR .TP \fB\-\-create\-memberof\-task\fR \fI\,{true,false}\/\fR Sets whether to run the memberUID fix\-up task immediately after a sync run in order to update group memberships for synced users (posixWinsyncCreateMemberOfTask) .TP \fB\-\-lower\-case\-uid\fR \fI\,{true,false}\/\fR Sets whether to store (and, if necessary, convert) the UID value in the memberUID attribute in lower case.(posixWinsyncLowerCaseUID) .TP \fB\-\-map\-member\-uid\fR \fI\,{true,false}\/\fR Sets whether to map the memberUID attribute in an Active Directory group to the uniqueMember attribute in a Directory Server group (posixWinsyncMapMemberUID) .TP \fB\-\-map\-nested\-grouping\fR \fI\,{true,false}\/\fR Manages if nested groups are updated when memberUID attributes in an Active Directory POSIX group change (posixWinsyncMapNestedGrouping) .TP \fB\-\-ms\-sfu\-schema\fR \fI\,{true,false}\/\fR Sets whether to the older Microsoft System Services for Unix 3.0 (msSFU30) schema when syncing Posix attributes from Active Directory (posixWinsyncMsSFUSchema) .SH COMMAND \fI\,'dsconf plugin posix\-winsync fixup'\/\fR usage: dsconf [\-v] [\-j] instance plugin posix\-winsync fixup [\-h] [\-f FILTER] [\-\-timeout TIMEOUT] DN .TP \fBDN\fR Set the base DN that contains entries to fix up .SH OPTIONS \fI\,'dsconf plugin posix\-winsync fixup'\/\fR .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Filter for entries to fix up. If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute regenerated. .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the fixup task. Default is 120 seconds .SH COMMAND \fI\,'dsconf plugin contentsync'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync [\-h] {show,enable,disable,status,set,add} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin contentsync'\/\fR .TP \fBdsconf plugin contentsync\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin contentsync\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin contentsync\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin contentsync\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin contentsync\fR \fI\,set\/\fR Edit the plugin settings .TP \fBdsconf plugin contentsync\fR \fI\,add\/\fR Add attributes to the plugin .SH COMMAND \fI\,'dsconf plugin contentsync show'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync show [\-h] .SH COMMAND \fI\,'dsconf plugin contentsync enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync enable [\-h] .SH COMMAND \fI\,'dsconf plugin contentsync disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync disable [\-h] .SH COMMAND \fI\,'dsconf plugin contentsync status'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync status [\-h] .SH COMMAND \fI\,'dsconf plugin contentsync set'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync set [\-h] [\-\-allow\-openldap {on,off}] .SH OPTIONS \fI\,'dsconf plugin contentsync set'\/\fR .TP \fB\-\-allow\-openldap\fR \fI\,{on,off}\/\fR Allows openldap servers to act as read only consumers of this server via syncrepl .SH COMMAND \fI\,'dsconf plugin contentsync add'\/\fR usage: dsconf [\-v] [\-j] instance plugin contentsync add [\-h] [\-\-allow\-openldap {on,off}] .SH OPTIONS \fI\,'dsconf plugin contentsync add'\/\fR .TP \fB\-\-allow\-openldap\fR \fI\,{on,off}\/\fR Allows openldap servers to act as read only consumers of this server via syncrepl .SH COMMAND \fI\,'dsconf plugin entryuuid'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid [\-h] {show,enable,disable,status,fixup,fixup\-status} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin entryuuid'\/\fR .TP \fBdsconf plugin entryuuid\fR \fI\,show\/\fR Displays the plugin configuration .TP \fBdsconf plugin entryuuid\fR \fI\,enable\/\fR Enables the plugin .TP \fBdsconf plugin entryuuid\fR \fI\,disable\/\fR Disables the plugin .TP \fBdsconf plugin entryuuid\fR \fI\,status\/\fR Displays the plugin status .TP \fBdsconf plugin entryuuid\fR \fI\,fixup\/\fR Run the fix\-up task for EntryUUID plugin .TP \fBdsconf plugin entryuuid\fR \fI\,fixup\-status\/\fR Check the status of a fix\-up task .SH COMMAND \fI\,'dsconf plugin entryuuid show'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid show [\-h] .SH COMMAND \fI\,'dsconf plugin entryuuid enable'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid enable [\-h] .SH COMMAND \fI\,'dsconf plugin entryuuid disable'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid disable [\-h] .SH COMMAND \fI\,'dsconf plugin entryuuid status'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid status [\-h] .SH COMMAND \fI\,'dsconf plugin entryuuid fixup'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid fixup [\-h] [\-f FILTER] [\-\-wait] [\-\-timeout TIMEOUT] DN .TP \fBDN\fR Base DN that contains entries to fix up .SH OPTIONS \fI\,'dsconf plugin entryuuid fixup'\/\fR .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Filter for entries to fix up. If omitted, all entries under base DNwill have their EntryUUID attribute regenerated if not present. .TP \fB\-\-wait\fR Wait for the task to finish, this could take a long time .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Sets the task timeout. Default is 0 (no timeout) .SH COMMAND \fI\,'dsconf plugin entryuuid fixup\-status'\/\fR usage: dsconf [\-v] [\-j] instance plugin entryuuid fixup\-status [\-h] [\-\-dn DN] [\-\-show\-log] [\-\-watch] .SH OPTIONS \fI\,'dsconf plugin entryuuid fixup\-status'\/\fR .TP \fB\-\-dn\fR \fI\,DN\/\fR The task entry's DN .TP \fB\-\-show\-log\fR Display the task log .TP \fB\-\-watch\fR Watch the task's status and wait for it to finish .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme [\-h] {pbkdf2,pbkdf2\-sha1,pbkdf2\-sha256,pbkdf2\-sha512} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pwstorage\-scheme'\/\fR .TP \fBdsconf plugin pwstorage\-scheme\fR \fI\,pbkdf2\/\fR Manage PBKDF2 scheme .TP \fBdsconf plugin pwstorage\-scheme\fR \fI\,pbkdf2\-sha1\/\fR Manage PBKDF2\-SHA1 scheme .TP \fBdsconf plugin pwstorage\-scheme\fR \fI\,pbkdf2\-sha256\/\fR Manage PBKDF2\-SHA256 scheme .TP \fBdsconf plugin pwstorage\-scheme\fR \fI\,pbkdf2\-sha512\/\fR Manage PBKDF2\-SHA512 scheme .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2 [\-h] {get\-num\-iterations,set\-num\-iterations} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pwstorage\-scheme pbkdf2'\/\fR .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\fR \fI\,get\-num\-iterations\/\fR Get number of iterations .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\fR \fI\,set\-num\-iterations\/\fR Set number of iterations .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2 get\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2 get\-num\-iterations [\-h] .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2 set\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2 set\-num\-iterations [\-h] iterations .TP \fBiterations\fR Number of iterations (10,000\-10,000,000) .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha1'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha1 [\-h] {get\-num\-iterations,set\-num\-iterations} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha1'\/\fR .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\-sha1\fR \fI\,get\-num\-iterations\/\fR Get number of iterations .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\-sha1\fR \fI\,set\-num\-iterations\/\fR Set number of iterations .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha1 get\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha1 get\-num\-iterations [\-h] .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha1 set\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha1 set\-num\-iterations [\-h] iterations .TP \fBiterations\fR Number of iterations (10,000\-10,000,000) .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha256'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha256 [\-h] {get\-num\-iterations,set\-num\-iterations} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha256'\/\fR .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\-sha256\fR \fI\,get\-num\-iterations\/\fR Get number of iterations .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\-sha256\fR \fI\,set\-num\-iterations\/\fR Set number of iterations .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha256 get\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha256 get\-num\-iterations [\-h] .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha256 set\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha256 set\-num\-iterations [\-h] iterations .TP \fBiterations\fR Number of iterations (10,000\-10,000,000) .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha512'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha512 [\-h] {get\-num\-iterations,set\-num\-iterations} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha512'\/\fR .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\-sha512\fR \fI\,get\-num\-iterations\/\fR Get number of iterations .TP \fBdsconf plugin pwstorage\-scheme pbkdf2\-sha512\fR \fI\,set\-num\-iterations\/\fR Set number of iterations .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha512 get\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha512 get\-num\-iterations [\-h] .SH COMMAND \fI\,'dsconf plugin pwstorage\-scheme pbkdf2\-sha512 set\-num\-iterations'\/\fR usage: dsconf [\-v] [\-j] instance plugin pwstorage\-scheme pbkdf2\-sha512 set\-num\-iterations [\-h] iterations .TP \fBiterations\fR Number of iterations (10,000\-10,000,000) .SH COMMAND \fI\,'dsconf plugin list'\/\fR usage: dsconf [\-v] [\-j] instance plugin list [\-h] .SH COMMAND \fI\,'dsconf plugin show'\/\fR usage: dsconf [\-v] [\-j] instance plugin show [\-h] [selector] .TP \fBselector\fR The plugin to search for .SH COMMAND \fI\,'dsconf plugin set'\/\fR usage: dsconf [\-v] [\-j] instance plugin set [\-h] [\-\-type TYPE] [\-\-enabled {on,off}] [\-\-path PATH] [\-\-initfunc INITFUNC] [\-\-id ID] [\-\-vendor VENDOR] [\-\-version VERSION] [\-\-description DESCRIPTION] [\-\-depends\-on\-type DEPENDS_ON_TYPE] [\-\-depends\-on\-named DEPENDS_ON_NAMED] [\-\-precedence PRECEDENCE] [selector] .TP \fBselector\fR The plugin to edit .SH OPTIONS \fI\,'dsconf plugin set'\/\fR .TP \fB\-\-type\fR \fI\,TYPE\/\fR The type of plugin. .TP \fB\-\-enabled\fR \fI\,{on,off}\/\fR Identifies whether or not the plugin is enabled. .TP \fB\-\-path\fR \fI\,PATH\/\fR The plugin library name (without the library suffix). .TP \fB\-\-initfunc\fR \fI\,INITFUNC\/\fR An initialization function of the plugin. .TP \fB\-\-id\fR \fI\,ID\/\fR The plugin ID. .TP \fB\-\-vendor\fR \fI\,VENDOR\/\fR The vendor of plugin. .TP \fB\-\-version\fR \fI\,VERSION\/\fR The version of plugin. .TP \fB\-\-description\fR \fI\,DESCRIPTION\/\fR The description of the plugin. .TP \fB\-\-depends\-on\-type\fR \fI\,DEPENDS_ON_TYPE\/\fR All plug\-ins with a type value which matches one of the values in the following valid range will be started by the server prior to this plug\-in. .TP \fB\-\-depends\-on\-named\fR \fI\,DEPENDS_ON_NAMED\/\fR The plug\-in name matching one of the following values will be started by the server prior to this plug\-in .TP \fB\-\-precedence\fR \fI\,PRECEDENCE\/\fR The priority it has in the execution order of plug\-ins .SH COMMAND \fI\,'dsconf pwpolicy'\/\fR usage: dsconf [\-v] [\-j] instance pwpolicy [\-h] {get,set,list\-schemes} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf pwpolicy'\/\fR .TP \fBdsconf pwpolicy\fR \fI\,get\/\fR Get the global password policy entry .TP \fBdsconf pwpolicy\fR \fI\,set\/\fR Set an attribute in a global password policy .TP \fBdsconf pwpolicy\fR \fI\,list\-schemes\/\fR Get a list of the current password storage schemes .SH COMMAND \fI\,'dsconf pwpolicy get'\/\fR usage: dsconf [\-v] [\-j] instance pwpolicy get [\-h] .SH COMMAND \fI\,'dsconf pwpolicy set'\/\fR usage: dsconf instance [\-v] [\-j] pwpolicy set [\-h] [\-\-pwdscheme PWDSCHEME] [\-\-pwdchange PWDCHANGE] [\-\-pwdmustchange PWDMUSTCHANGE] [\-\-pwdhistory PWDHISTORY] [\-\-pwdhistorycount PWDHISTORYCOUNT] [\-\-pwdadmin PWDADMIN] [\-\-pwdadminskipupdates PWDADMINSKIPUPDATES] [\-\-pwdtrack PWDTRACK] [\-\-pwdwarning PWDWARNING] [\-\-pwdexpire PWDEXPIRE] [\-\-pwdmaxage PWDMAXAGE] [\-\-pwdminage PWDMINAGE] [\-\-pwdgracelimit PWDGRACELIMIT] [\-\-pwdsendexpiring PWDSENDEXPIRING] [\-\-pwdlockout PWDLOCKOUT] [\-\-pwdunlock PWDUNLOCK] [\-\-pwdlockoutduration PWDLOCKOUTDURATION] [\-\-pwdmaxfailures PWDMAXFAILURES] [\-\-pwdresetfailcount PWDRESETFAILCOUNT] [\-\-pwdchecksyntax PWDCHECKSYNTAX] [\-\-pwdminlen PWDMINLEN] [\-\-pwdmindigits PWDMINDIGITS] [\-\-pwdminalphas PWDMINALPHAS] [\-\-pwdminuppers PWDMINUPPERS] [\-\-pwdminlowers PWDMINLOWERS] [\-\-pwdminspecials PWDMINSPECIALS] [\-\-pwdmin8bits PWDMIN8BITS] [\-\-pwdmaxrepeats PWDMAXREPEATS] [\-\-pwdpalindrome PWDPALINDROME] [\-\-pwdmaxseq PWDMAXSEQ] [\-\-pwdmaxseqsets PWDMAXSEQSETS] [\-\-pwdmaxclasschars PWDMAXCLASSCHARS] [\-\-pwdmincatagories PWDMINCATAGORIES] [\-\-pwdmintokenlen PWDMINTOKENLEN] [\-\-pwdbadwords PWDBADWORDS] [\-\-pwduserattrs PWDUSERATTRS] [\-\-pwddictcheck PWDDICTCHECK] [\-\-pwddictpath PWDDICTPATH] [\-\-pwptprmaxuse PWPTPRMAXUSE] [\-\-pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [\-\-pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] [\-\-pwdlocal PWDLOCAL] [\-\-pwdisglobal PWDISGLOBAL] [\-\-pwdallowhash PWDALLOWHASH] [\-\-pwpinheritglobal PWPINHERITGLOBAL] .SH OPTIONS \fI\,'dsconf pwpolicy set'\/\fR .TP \fB\-\-pwdscheme\fR \fI\,PWDSCHEME\/\fR The password storage scheme .TP \fB\-\-pwdchange\fR \fI\,PWDCHANGE\/\fR Allow users to change their passwords .TP \fB\-\-pwdmustchange\fR \fI\,PWDMUSTCHANGE\/\fR Users must change their password after it was reset by an administrator .TP \fB\-\-pwdhistory\fR \fI\,PWDHISTORY\/\fR To enable password history set this to "on", otherwise "off" .TP \fB\-\-pwdhistorycount\fR \fI\,PWDHISTORYCOUNT\/\fR The number of passwords to keep in history .TP \fB\-\-pwdadmin\fR \fI\,PWDADMIN\/\fR The DN of an entry or a group of account that can bypass password policy constraints .TP \fB\-\-pwdadminskipupdates\fR \fI\,PWDADMINSKIPUPDATES\/\fR Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). .TP \fB\-\-pwdtrack\fR \fI\,PWDTRACK\/\fR Set to "on" to track the time the password was last changed .TP \fB\-\-pwdwarning\fR \fI\,PWDWARNING\/\fR Send an expiring warning if password expires within this time (in seconds) .TP \fB\-\-pwdexpire\fR \fI\,PWDEXPIRE\/\fR Set to "on" to enable password expiration .TP \fB\-\-pwdmaxage\fR \fI\,PWDMAXAGE\/\fR The password expiration time in seconds .TP \fB\-\-pwdminage\fR \fI\,PWDMINAGE\/\fR The number of seconds that must pass before a user can change their password .TP \fB\-\-pwdgracelimit\fR \fI\,PWDGRACELIMIT\/\fR The number of allowed logins after the password has expired .TP \fB\-\-pwdsendexpiring\fR \fI\,PWDSENDEXPIRING\/\fR Set to "on" to always send the expiring control regardless of the warning period .TP \fB\-\-pwdlockout\fR \fI\,PWDLOCKOUT\/\fR Set to "on" to enable account lockout .TP \fB\-\-pwdunlock\fR \fI\,PWDUNLOCK\/\fR Set to "on" to allow an account to become unlocked after the lockout duration .TP \fB\-\-pwdlockoutduration\fR \fI\,PWDLOCKOUTDURATION\/\fR The number of seconds an account stays locked out .TP \fB\-\-pwdmaxfailures\fR \fI\,PWDMAXFAILURES\/\fR The maximum number of allowed failed password attempts before the account gets locked .TP \fB\-\-pwdresetfailcount\fR \fI\,PWDRESETFAILCOUNT\/\fR The number of seconds to wait before reducing the failed login count on an account .TP \fB\-\-pwdchecksyntax\fR \fI\,PWDCHECKSYNTAX\/\fR Set to "on" to enable password syntax checking .TP \fB\-\-pwdminlen\fR \fI\,PWDMINLEN\/\fR The minimum number of characters required in a password .TP \fB\-\-pwdmindigits\fR \fI\,PWDMINDIGITS\/\fR The minimum number of digit/number characters in a password .TP \fB\-\-pwdminalphas\fR \fI\,PWDMINALPHAS\/\fR The minimum number of alpha characters required in a password .TP \fB\-\-pwdminuppers\fR \fI\,PWDMINUPPERS\/\fR The minimum number of uppercase characters required in a password .TP \fB\-\-pwdminlowers\fR \fI\,PWDMINLOWERS\/\fR The minimum number of lowercase characters required in a password .TP \fB\-\-pwdminspecials\fR \fI\,PWDMINSPECIALS\/\fR The minimum number of special characters required in a password .TP \fB\-\-pwdmin8bits\fR \fI\,PWDMIN8BITS\/\fR The minimum number of 8\-bit characters required in a password .TP \fB\-\-pwdmaxrepeats\fR \fI\,PWDMAXREPEATS\/\fR The maximum number of times the same character can appear sequentially in the password .TP \fB\-\-pwdpalindrome\fR \fI\,PWDPALINDROME\/\fR Set to "on" to reject passwords that are palindromes .TP \fB\-\-pwdmaxseq\fR \fI\,PWDMAXSEQ\/\fR The maximum number of allowed monotonic character sequences in a password .TP \fB\-\-pwdmaxseqsets\fR \fI\,PWDMAXSEQSETS\/\fR The maximum number of allowed monotonic character sequences that can be duplicated in a password .TP \fB\-\-pwdmaxclasschars\fR \fI\,PWDMAXCLASSCHARS\/\fR The maximum number of sequential characters from the same character class that is allowed in a password .TP \fB\-\-pwdmincatagories\fR \fI\,PWDMINCATAGORIES\/\fR The minimum number of syntax category checks .TP \fB\-\-pwdmintokenlen\fR \fI\,PWDMINTOKENLEN\/\fR Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "\-\-pwduserattrs" .TP \fB\-\-pwdbadwords\fR \fI\,PWDBADWORDS\/\fR A space\-separated list of words that can not be in a password .TP \fB\-\-pwduserattrs\fR \fI\,PWDUSERATTRS\/\fR A space\-separated list of attributes whose values can not appear in the password (See "\-\-pwdmintokenlen") .TP \fB\-\-pwddictcheck\fR \fI\,PWDDICTCHECK\/\fR Set to "on" to enforce CrackLib dictionary checking .TP \fB\-\-pwddictpath\fR \fI\,PWDDICTPATH\/\fR Filesystem path to specific/custom CrackLib dictionary files .TP \fB\-\-pwptprmaxuse\fR \fI\,PWPTPRMAXUSE\/\fR Number of times a reset password can be used for authentication .TP \fB\-\-pwptprdelayexpireat\fR \fI\,PWPTPRDELAYEXPIREAT\/\fR Number of seconds after which a reset password expires .TP \fB\-\-pwptprdelayvalidfrom\fR \fI\,PWPTPRDELAYVALIDFROM\/\fR Number of seconds to wait before using a reset password to authenticated .TP \fB\-\-pwdlocal\fR \fI\,PWDLOCAL\/\fR Set to "on" to enable fine\-grained (subtree/user\-level) password policies .TP \fB\-\-pwdisglobal\fR \fI\,PWDISGLOBAL\/\fR Set to "on" to enable password policy state attributes to be replicated .TP \fB\-\-pwdallowhash\fR \fI\,PWDALLOWHASH\/\fR Set to "on" to allow adding prehashed passwords .TP \fB\-\-pwpinheritglobal\fR \fI\,PWPINHERITGLOBAL\/\fR Set to "on" to allow local policies to inherit the global policy .SH COMMAND \fI\,'dsconf pwpolicy list\-schemes'\/\fR usage: dsconf [\-v] [\-j] instance pwpolicy list\-schemes [\-h] .SH COMMAND \fI\,'dsconf localpwp'\/\fR usage: dsconf [\-v] [\-j] instance localpwp [\-h] {list,get,set,remove,adduser,addsubtree} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf localpwp'\/\fR .TP \fBdsconf localpwp\fR \fI\,list\/\fR List all the local password policies .TP \fBdsconf localpwp\fR \fI\,get\/\fR Get local password policy entry .TP \fBdsconf localpwp\fR \fI\,set\/\fR Set an attribute in a local password policy .TP \fBdsconf localpwp\fR \fI\,remove\/\fR Remove a local password policy .TP \fBdsconf localpwp\fR \fI\,adduser\/\fR Add new user password policy .TP \fBdsconf localpwp\fR \fI\,addsubtree\/\fR Add new subtree password policy .SH COMMAND \fI\,'dsconf localpwp list'\/\fR usage: dsconf [\-v] [\-j] instance localpwp list [\-h] [DN] .TP \fBDN\fR Suffix to search for local password policies .SH COMMAND \fI\,'dsconf localpwp get'\/\fR usage: dsconf [\-v] [\-j] instance localpwp get [\-h] DN .TP \fBDN\fR Get the local policy for this entry DN .SH COMMAND \fI\,'dsconf localpwp set'\/\fR usage: dsconf [\-v] [\-j] instance localpwp set [\-h] [\-\-pwdscheme PWDSCHEME] [\-\-pwdchange PWDCHANGE] [\-\-pwdmustchange PWDMUSTCHANGE] [\-\-pwdhistory PWDHISTORY] [\-\-pwdhistorycount PWDHISTORYCOUNT] [\-\-pwdadmin PWDADMIN] [\-\-pwdadminskipupdates PWDADMINSKIPUPDATES] [\-\-pwdtrack PWDTRACK] [\-\-pwdwarning PWDWARNING] [\-\-pwdexpire PWDEXPIRE] [\-\-pwdmaxage PWDMAXAGE] [\-\-pwdminage PWDMINAGE] [\-\-pwdgracelimit PWDGRACELIMIT] [\-\-pwdsendexpiring PWDSENDEXPIRING] [\-\-pwdlockout PWDLOCKOUT] [\-\-pwdunlock PWDUNLOCK] [\-\-pwdlockoutduration PWDLOCKOUTDURATION] [\-\-pwdmaxfailures PWDMAXFAILURES] [\-\-pwdresetfailcount PWDRESETFAILCOUNT] [\-\-pwdchecksyntax PWDCHECKSYNTAX] [\-\-pwdminlen PWDMINLEN] [\-\-pwdmindigits PWDMINDIGITS] [\-\-pwdminalphas PWDMINALPHAS] [\-\-pwdminuppers PWDMINUPPERS] [\-\-pwdminlowers PWDMINLOWERS] [\-\-pwdminspecials PWDMINSPECIALS] [\-\-pwdmin8bits PWDMIN8BITS] [\-\-pwdmaxrepeats PWDMAXREPEATS] [\-\-pwdpalindrome PWDPALINDROME] [\-\-pwdmaxseq PWDMAXSEQ] [\-\-pwdmaxseqsets PWDMAXSEQSETS] [\-\-pwdmaxclasschars PWDMAXCLASSCHARS] [\-\-pwdmincatagories PWDMINCATAGORIES] [\-\-pwdmintokenlen PWDMINTOKENLEN] [\-\-pwdbadwords PWDBADWORDS] [\-\-pwduserattrs PWDUSERATTRS] [\-\-pwddictcheck PWDDICTCHECK] [\-\-pwddictpath PWDDICTPATH] [\-\-pwptprmaxuse PWPTPRMAXUSE] [\-\-pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [\-\-pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] DN .TP \fBDN\fR Set the local policy for this entry DN .SH OPTIONS \fI\,'dsconf localpwp set'\/\fR .TP \fB\-\-pwdscheme\fR \fI\,PWDSCHEME\/\fR The password storage scheme .TP \fB\-\-pwdchange\fR \fI\,PWDCHANGE\/\fR Allow users to change their passwords .TP \fB\-\-pwdmustchange\fR \fI\,PWDMUSTCHANGE\/\fR Users must change their password after it was reset by an administrator .TP \fB\-\-pwdhistory\fR \fI\,PWDHISTORY\/\fR To enable password history set this to "on", otherwise "off" .TP \fB\-\-pwdhistorycount\fR \fI\,PWDHISTORYCOUNT\/\fR The number of passwords to keep in history .TP \fB\-\-pwdadmin\fR \fI\,PWDADMIN\/\fR The DN of an entry or a group of account that can bypass password policy constraints .TP \fB\-\-pwdadminskipupdates\fR \fI\,PWDADMINSKIPUPDATES\/\fR Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). .TP \fB\-\-pwdtrack\fR \fI\,PWDTRACK\/\fR Set to "on" to track the time the password was last changed .TP \fB\-\-pwdwarning\fR \fI\,PWDWARNING\/\fR Send an expiring warning if password expires within this time (in seconds) .TP \fB\-\-pwdexpire\fR \fI\,PWDEXPIRE\/\fR Set to "on" to enable password expiration .TP \fB\-\-pwdmaxage\fR \fI\,PWDMAXAGE\/\fR The password expiration time in seconds .TP \fB\-\-pwdminage\fR \fI\,PWDMINAGE\/\fR The number of seconds that must pass before a user can change their password .TP \fB\-\-pwdgracelimit\fR \fI\,PWDGRACELIMIT\/\fR The number of allowed logins after the password has expired .TP \fB\-\-pwdsendexpiring\fR \fI\,PWDSENDEXPIRING\/\fR Set to "on" to always send the expiring control regardless of the warning period .TP \fB\-\-pwdlockout\fR \fI\,PWDLOCKOUT\/\fR Set to "on" to enable account lockout .TP \fB\-\-pwdunlock\fR \fI\,PWDUNLOCK\/\fR Set to "on" to allow an account to become unlocked after the lockout duration .TP \fB\-\-pwdlockoutduration\fR \fI\,PWDLOCKOUTDURATION\/\fR The number of seconds an account stays locked out .TP \fB\-\-pwdmaxfailures\fR \fI\,PWDMAXFAILURES\/\fR The maximum number of allowed failed password attempts before the account gets locked .TP \fB\-\-pwdresetfailcount\fR \fI\,PWDRESETFAILCOUNT\/\fR The number of seconds to wait before reducing the failed login count on an account .TP \fB\-\-pwdchecksyntax\fR \fI\,PWDCHECKSYNTAX\/\fR Set to "on" to enable password syntax checking .TP \fB\-\-pwdminlen\fR \fI\,PWDMINLEN\/\fR The minimum number of characters required in a password .TP \fB\-\-pwdmindigits\fR \fI\,PWDMINDIGITS\/\fR The minimum number of digit/number characters in a password .TP \fB\-\-pwdminalphas\fR \fI\,PWDMINALPHAS\/\fR The minimum number of alpha characters required in a password .TP \fB\-\-pwdminuppers\fR \fI\,PWDMINUPPERS\/\fR The minimum number of uppercase characters required in a password .TP \fB\-\-pwdminlowers\fR \fI\,PWDMINLOWERS\/\fR The minimum number of lowercase characters required in a password .TP \fB\-\-pwdminspecials\fR \fI\,PWDMINSPECIALS\/\fR The minimum number of special characters required in a password .TP \fB\-\-pwdmin8bits\fR \fI\,PWDMIN8BITS\/\fR The minimum number of 8\-bit characters required in a password .TP \fB\-\-pwdmaxrepeats\fR \fI\,PWDMAXREPEATS\/\fR The maximum number of times the same character can appear sequentially in the password .TP \fB\-\-pwdpalindrome\fR \fI\,PWDPALINDROME\/\fR Set to "on" to reject passwords that are palindromes .TP \fB\-\-pwdmaxseq\fR \fI\,PWDMAXSEQ\/\fR The maximum number of allowed monotonic character sequences in a password .TP \fB\-\-pwdmaxseqsets\fR \fI\,PWDMAXSEQSETS\/\fR The maximum number of allowed monotonic character sequences that can be duplicated in a password .TP \fB\-\-pwdmaxclasschars\fR \fI\,PWDMAXCLASSCHARS\/\fR The maximum number of sequential characters from the same character class that is allowed in a password .TP \fB\-\-pwdmincatagories\fR \fI\,PWDMINCATAGORIES\/\fR The minimum number of syntax category checks .TP \fB\-\-pwdmintokenlen\fR \fI\,PWDMINTOKENLEN\/\fR Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "\-\-pwduserattrs" .TP \fB\-\-pwdbadwords\fR \fI\,PWDBADWORDS\/\fR A space\-separated list of words that can not be in a password .TP \fB\-\-pwduserattrs\fR \fI\,PWDUSERATTRS\/\fR A space\-separated list of attributes whose values can not appear in the password (See "\-\-pwdmintokenlen") .TP \fB\-\-pwddictcheck\fR \fI\,PWDDICTCHECK\/\fR Set to "on" to enforce CrackLib dictionary checking .TP \fB\-\-pwddictpath\fR \fI\,PWDDICTPATH\/\fR Filesystem path to specific/custom CrackLib dictionary files .TP \fB\-\-pwptprmaxuse\fR \fI\,PWPTPRMAXUSE\/\fR Number of times a reset password can be used for authentication .TP \fB\-\-pwptprdelayexpireat\fR \fI\,PWPTPRDELAYEXPIREAT\/\fR Number of seconds after which a reset password expires .TP \fB\-\-pwptprdelayvalidfrom\fR \fI\,PWPTPRDELAYVALIDFROM\/\fR Number of seconds to wait before using a reset password to authenticated .SH COMMAND \fI\,'dsconf localpwp remove'\/\fR usage: dsconf [\-v] [\-j] instance localpwp remove [\-h] DN .TP \fBDN\fR Remove local policy for this entry DN .SH COMMAND \fI\,'dsconf localpwp adduser'\/\fR usage: dsconf [\-v] [\-j] instance localpwp adduser [\-h] [\-\-pwdscheme PWDSCHEME] [\-\-pwdchange PWDCHANGE] [\-\-pwdmustchange PWDMUSTCHANGE] [\-\-pwdhistory PWDHISTORY] [\-\-pwdhistorycount PWDHISTORYCOUNT] [\-\-pwdadmin PWDADMIN] [\-\-pwdadminskipupdates PWDADMINSKIPUPDATES] [\-\-pwdtrack PWDTRACK] [\-\-pwdwarning PWDWARNING] [\-\-pwdexpire PWDEXPIRE] [\-\-pwdmaxage PWDMAXAGE] [\-\-pwdminage PWDMINAGE] [\-\-pwdgracelimit PWDGRACELIMIT] [\-\-pwdsendexpiring PWDSENDEXPIRING] [\-\-pwdlockout PWDLOCKOUT] [\-\-pwdunlock PWDUNLOCK] [\-\-pwdlockoutduration PWDLOCKOUTDURATION] [\-\-pwdmaxfailures PWDMAXFAILURES] [\-\-pwdresetfailcount PWDRESETFAILCOUNT] [\-\-pwdchecksyntax PWDCHECKSYNTAX] [\-\-pwdminlen PWDMINLEN] [\-\-pwdmindigits PWDMINDIGITS] [\-\-pwdminalphas PWDMINALPHAS] [\-\-pwdminuppers PWDMINUPPERS] [\-\-pwdminlowers PWDMINLOWERS] [\-\-pwdminspecials PWDMINSPECIALS] [\-\-pwdmin8bits PWDMIN8BITS] [\-\-pwdmaxrepeats PWDMAXREPEATS] [\-\-pwdpalindrome PWDPALINDROME] [\-\-pwdmaxseq PWDMAXSEQ] [\-\-pwdmaxseqsets PWDMAXSEQSETS] [\-\-pwdmaxclasschars PWDMAXCLASSCHARS] [\-\-pwdmincatagories PWDMINCATAGORIES] [\-\-pwdmintokenlen PWDMINTOKENLEN] [\-\-pwdbadwords PWDBADWORDS] [\-\-pwduserattrs PWDUSERATTRS] [\-\-pwddictcheck PWDDICTCHECK] [\-\-pwddictpath PWDDICTPATH] [\-\-pwptprmaxuse PWPTPRMAXUSE] [\-\-pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [\-\-pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] DN .TP \fBDN\fR Add/replace the local password policy for this entry DN .SH OPTIONS \fI\,'dsconf localpwp adduser'\/\fR .TP \fB\-\-pwdscheme\fR \fI\,PWDSCHEME\/\fR The password storage scheme .TP \fB\-\-pwdchange\fR \fI\,PWDCHANGE\/\fR Allow users to change their passwords .TP \fB\-\-pwdmustchange\fR \fI\,PWDMUSTCHANGE\/\fR Users must change their password after it was reset by an administrator .TP \fB\-\-pwdhistory\fR \fI\,PWDHISTORY\/\fR To enable password history set this to "on", otherwise "off" .TP \fB\-\-pwdhistorycount\fR \fI\,PWDHISTORYCOUNT\/\fR The number of passwords to keep in history .TP \fB\-\-pwdadmin\fR \fI\,PWDADMIN\/\fR The DN of an entry or a group of account that can bypass password policy constraints .TP \fB\-\-pwdadminskipupdates\fR \fI\,PWDADMINSKIPUPDATES\/\fR Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). .TP \fB\-\-pwdtrack\fR \fI\,PWDTRACK\/\fR Set to "on" to track the time the password was last changed .TP \fB\-\-pwdwarning\fR \fI\,PWDWARNING\/\fR Send an expiring warning if password expires within this time (in seconds) .TP \fB\-\-pwdexpire\fR \fI\,PWDEXPIRE\/\fR Set to "on" to enable password expiration .TP \fB\-\-pwdmaxage\fR \fI\,PWDMAXAGE\/\fR The password expiration time in seconds .TP \fB\-\-pwdminage\fR \fI\,PWDMINAGE\/\fR The number of seconds that must pass before a user can change their password .TP \fB\-\-pwdgracelimit\fR \fI\,PWDGRACELIMIT\/\fR The number of allowed logins after the password has expired .TP \fB\-\-pwdsendexpiring\fR \fI\,PWDSENDEXPIRING\/\fR Set to "on" to always send the expiring control regardless of the warning period .TP \fB\-\-pwdlockout\fR \fI\,PWDLOCKOUT\/\fR Set to "on" to enable account lockout .TP \fB\-\-pwdunlock\fR \fI\,PWDUNLOCK\/\fR Set to "on" to allow an account to become unlocked after the lockout duration .TP \fB\-\-pwdlockoutduration\fR \fI\,PWDLOCKOUTDURATION\/\fR The number of seconds an account stays locked out .TP \fB\-\-pwdmaxfailures\fR \fI\,PWDMAXFAILURES\/\fR The maximum number of allowed failed password attempts before the account gets locked .TP \fB\-\-pwdresetfailcount\fR \fI\,PWDRESETFAILCOUNT\/\fR The number of seconds to wait before reducing the failed login count on an account .TP \fB\-\-pwdchecksyntax\fR \fI\,PWDCHECKSYNTAX\/\fR Set to "on" to enable password syntax checking .TP \fB\-\-pwdminlen\fR \fI\,PWDMINLEN\/\fR The minimum number of characters required in a password .TP \fB\-\-pwdmindigits\fR \fI\,PWDMINDIGITS\/\fR The minimum number of digit/number characters in a password .TP \fB\-\-pwdminalphas\fR \fI\,PWDMINALPHAS\/\fR The minimum number of alpha characters required in a password .TP \fB\-\-pwdminuppers\fR \fI\,PWDMINUPPERS\/\fR The minimum number of uppercase characters required in a password .TP \fB\-\-pwdminlowers\fR \fI\,PWDMINLOWERS\/\fR The minimum number of lowercase characters required in a password .TP \fB\-\-pwdminspecials\fR \fI\,PWDMINSPECIALS\/\fR The minimum number of special characters required in a password .TP \fB\-\-pwdmin8bits\fR \fI\,PWDMIN8BITS\/\fR The minimum number of 8\-bit characters required in a password .TP \fB\-\-pwdmaxrepeats\fR \fI\,PWDMAXREPEATS\/\fR The maximum number of times the same character can appear sequentially in the password .TP \fB\-\-pwdpalindrome\fR \fI\,PWDPALINDROME\/\fR Set to "on" to reject passwords that are palindromes .TP \fB\-\-pwdmaxseq\fR \fI\,PWDMAXSEQ\/\fR The maximum number of allowed monotonic character sequences in a password .TP \fB\-\-pwdmaxseqsets\fR \fI\,PWDMAXSEQSETS\/\fR The maximum number of allowed monotonic character sequences that can be duplicated in a password .TP \fB\-\-pwdmaxclasschars\fR \fI\,PWDMAXCLASSCHARS\/\fR The maximum number of sequential characters from the same character class that is allowed in a password .TP \fB\-\-pwdmincatagories\fR \fI\,PWDMINCATAGORIES\/\fR The minimum number of syntax category checks .TP \fB\-\-pwdmintokenlen\fR \fI\,PWDMINTOKENLEN\/\fR Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "\-\-pwduserattrs" .TP \fB\-\-pwdbadwords\fR \fI\,PWDBADWORDS\/\fR A space\-separated list of words that can not be in a password .TP \fB\-\-pwduserattrs\fR \fI\,PWDUSERATTRS\/\fR A space\-separated list of attributes whose values can not appear in the password (See "\-\-pwdmintokenlen") .TP \fB\-\-pwddictcheck\fR \fI\,PWDDICTCHECK\/\fR Set to "on" to enforce CrackLib dictionary checking .TP \fB\-\-pwddictpath\fR \fI\,PWDDICTPATH\/\fR Filesystem path to specific/custom CrackLib dictionary files .TP \fB\-\-pwptprmaxuse\fR \fI\,PWPTPRMAXUSE\/\fR Number of times a reset password can be used for authentication .TP \fB\-\-pwptprdelayexpireat\fR \fI\,PWPTPRDELAYEXPIREAT\/\fR Number of seconds after which a reset password expires .TP \fB\-\-pwptprdelayvalidfrom\fR \fI\,PWPTPRDELAYVALIDFROM\/\fR Number of seconds to wait before using a reset password to authenticated .SH COMMAND \fI\,'dsconf localpwp addsubtree'\/\fR usage: dsconf [\-v] [\-j] instance localpwp addsubtree [\-h] [\-\-pwdscheme PWDSCHEME] [\-\-pwdchange PWDCHANGE] [\-\-pwdmustchange PWDMUSTCHANGE] [\-\-pwdhistory PWDHISTORY] [\-\-pwdhistorycount PWDHISTORYCOUNT] [\-\-pwdadmin PWDADMIN] [\-\-pwdadminskipupdates PWDADMINSKIPUPDATES] [\-\-pwdtrack PWDTRACK] [\-\-pwdwarning PWDWARNING] [\-\-pwdexpire PWDEXPIRE] [\-\-pwdmaxage PWDMAXAGE] [\-\-pwdminage PWDMINAGE] [\-\-pwdgracelimit PWDGRACELIMIT] [\-\-pwdsendexpiring PWDSENDEXPIRING] [\-\-pwdlockout PWDLOCKOUT] [\-\-pwdunlock PWDUNLOCK] [\-\-pwdlockoutduration PWDLOCKOUTDURATION] [\-\-pwdmaxfailures PWDMAXFAILURES] [\-\-pwdresetfailcount PWDRESETFAILCOUNT] [\-\-pwdchecksyntax PWDCHECKSYNTAX] [\-\-pwdminlen PWDMINLEN] [\-\-pwdmindigits PWDMINDIGITS] [\-\-pwdminalphas PWDMINALPHAS] [\-\-pwdminuppers PWDMINUPPERS] [\-\-pwdminlowers PWDMINLOWERS] [\-\-pwdminspecials PWDMINSPECIALS] [\-\-pwdmin8bits PWDMIN8BITS] [\-\-pwdmaxrepeats PWDMAXREPEATS] [\-\-pwdpalindrome PWDPALINDROME] [\-\-pwdmaxseq PWDMAXSEQ] [\-\-pwdmaxseqsets PWDMAXSEQSETS] [\-\-pwdmaxclasschars PWDMAXCLASSCHARS] [\-\-pwdmincatagories PWDMINCATAGORIES] [\-\-pwdmintokenlen PWDMINTOKENLEN] [\-\-pwdbadwords PWDBADWORDS] [\-\-pwduserattrs PWDUSERATTRS] [\-\-pwddictcheck PWDDICTCHECK] [\-\-pwddictpath PWDDICTPATH] [\-\-pwptprmaxuse PWPTPRMAXUSE] [\-\-pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [\-\-pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] DN .TP \fBDN\fR Add/replace the subtree policy for this entry DN .SH OPTIONS \fI\,'dsconf localpwp addsubtree'\/\fR .TP \fB\-\-pwdscheme\fR \fI\,PWDSCHEME\/\fR The password storage scheme .TP \fB\-\-pwdchange\fR \fI\,PWDCHANGE\/\fR Allow users to change their passwords .TP \fB\-\-pwdmustchange\fR \fI\,PWDMUSTCHANGE\/\fR Users must change their password after it was reset by an administrator .TP \fB\-\-pwdhistory\fR \fI\,PWDHISTORY\/\fR To enable password history set this to "on", otherwise "off" .TP \fB\-\-pwdhistorycount\fR \fI\,PWDHISTORYCOUNT\/\fR The number of passwords to keep in history .TP \fB\-\-pwdadmin\fR \fI\,PWDADMIN\/\fR The DN of an entry or a group of account that can bypass password policy constraints .TP \fB\-\-pwdadminskipupdates\fR \fI\,PWDADMINSKIPUPDATES\/\fR Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). .TP \fB\-\-pwdtrack\fR \fI\,PWDTRACK\/\fR Set to "on" to track the time the password was last changed .TP \fB\-\-pwdwarning\fR \fI\,PWDWARNING\/\fR Send an expiring warning if password expires within this time (in seconds) .TP \fB\-\-pwdexpire\fR \fI\,PWDEXPIRE\/\fR Set to "on" to enable password expiration .TP \fB\-\-pwdmaxage\fR \fI\,PWDMAXAGE\/\fR The password expiration time in seconds .TP \fB\-\-pwdminage\fR \fI\,PWDMINAGE\/\fR The number of seconds that must pass before a user can change their password .TP \fB\-\-pwdgracelimit\fR \fI\,PWDGRACELIMIT\/\fR The number of allowed logins after the password has expired .TP \fB\-\-pwdsendexpiring\fR \fI\,PWDSENDEXPIRING\/\fR Set to "on" to always send the expiring control regardless of the warning period .TP \fB\-\-pwdlockout\fR \fI\,PWDLOCKOUT\/\fR Set to "on" to enable account lockout .TP \fB\-\-pwdunlock\fR \fI\,PWDUNLOCK\/\fR Set to "on" to allow an account to become unlocked after the lockout duration .TP \fB\-\-pwdlockoutduration\fR \fI\,PWDLOCKOUTDURATION\/\fR The number of seconds an account stays locked out .TP \fB\-\-pwdmaxfailures\fR \fI\,PWDMAXFAILURES\/\fR The maximum number of allowed failed password attempts before the account gets locked .TP \fB\-\-pwdresetfailcount\fR \fI\,PWDRESETFAILCOUNT\/\fR The number of seconds to wait before reducing the failed login count on an account .TP \fB\-\-pwdchecksyntax\fR \fI\,PWDCHECKSYNTAX\/\fR Set to "on" to enable password syntax checking .TP \fB\-\-pwdminlen\fR \fI\,PWDMINLEN\/\fR The minimum number of characters required in a password .TP \fB\-\-pwdmindigits\fR \fI\,PWDMINDIGITS\/\fR The minimum number of digit/number characters in a password .TP \fB\-\-pwdminalphas\fR \fI\,PWDMINALPHAS\/\fR The minimum number of alpha characters required in a password .TP \fB\-\-pwdminuppers\fR \fI\,PWDMINUPPERS\/\fR The minimum number of uppercase characters required in a password .TP \fB\-\-pwdminlowers\fR \fI\,PWDMINLOWERS\/\fR The minimum number of lowercase characters required in a password .TP \fB\-\-pwdminspecials\fR \fI\,PWDMINSPECIALS\/\fR The minimum number of special characters required in a password .TP \fB\-\-pwdmin8bits\fR \fI\,PWDMIN8BITS\/\fR The minimum number of 8\-bit characters required in a password .TP \fB\-\-pwdmaxrepeats\fR \fI\,PWDMAXREPEATS\/\fR The maximum number of times the same character can appear sequentially in the password .TP \fB\-\-pwdpalindrome\fR \fI\,PWDPALINDROME\/\fR Set to "on" to reject passwords that are palindromes .TP \fB\-\-pwdmaxseq\fR \fI\,PWDMAXSEQ\/\fR The maximum number of allowed monotonic character sequences in a password .TP \fB\-\-pwdmaxseqsets\fR \fI\,PWDMAXSEQSETS\/\fR The maximum number of allowed monotonic character sequences that can be duplicated in a password .TP \fB\-\-pwdmaxclasschars\fR \fI\,PWDMAXCLASSCHARS\/\fR The maximum number of sequential characters from the same character class that is allowed in a password .TP \fB\-\-pwdmincatagories\fR \fI\,PWDMINCATAGORIES\/\fR The minimum number of syntax category checks .TP \fB\-\-pwdmintokenlen\fR \fI\,PWDMINTOKENLEN\/\fR Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "\-\-pwduserattrs" .TP \fB\-\-pwdbadwords\fR \fI\,PWDBADWORDS\/\fR A space\-separated list of words that can not be in a password .TP \fB\-\-pwduserattrs\fR \fI\,PWDUSERATTRS\/\fR A space\-separated list of attributes whose values can not appear in the password (See "\-\-pwdmintokenlen") .TP \fB\-\-pwddictcheck\fR \fI\,PWDDICTCHECK\/\fR Set to "on" to enforce CrackLib dictionary checking .TP \fB\-\-pwddictpath\fR \fI\,PWDDICTPATH\/\fR Filesystem path to specific/custom CrackLib dictionary files .TP \fB\-\-pwptprmaxuse\fR \fI\,PWPTPRMAXUSE\/\fR Number of times a reset password can be used for authentication .TP \fB\-\-pwptprdelayexpireat\fR \fI\,PWPTPRDELAYEXPIREAT\/\fR Number of seconds after which a reset password expires .TP \fB\-\-pwptprdelayvalidfrom\fR \fI\,PWPTPRDELAYVALIDFROM\/\fR Number of seconds to wait before using a reset password to authenticated .SH COMMAND \fI\,'dsconf replication'\/\fR usage: dsconf [\-v] [\-j] instance replication [\-h] {enable,disable,get\-ruv,list,status,winsync\-status,promote,create\-manager,delete\-manager,demote,get,set\-changelog,get\-changelog,export\-changelog,import\-changelog,set,monitor} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf replication'\/\fR .TP \fBdsconf replication\fR \fI\,enable\/\fR Enable replication for a suffix .TP \fBdsconf replication\fR \fI\,disable\/\fR Disable replication for a suffix .TP \fBdsconf replication\fR \fI\,get\-ruv\/\fR Display the database RUV entry for a suffix .TP \fBdsconf replication\fR \fI\,list\/\fR Lists all the replicated suffixes .TP \fBdsconf replication\fR \fI\,status\/\fR Display the current status of all the replication agreements .TP \fBdsconf replication\fR \fI\,winsync\-status\/\fR Display the current status of all the replication agreements .TP \fBdsconf replication\fR \fI\,promote\/\fR Promote a replica to a hub or supplier .TP \fBdsconf replication\fR \fI\,create\-manager\/\fR Create a replication manager entry .TP \fBdsconf replication\fR \fI\,delete\-manager\/\fR Delete a replication manager entry .TP \fBdsconf replication\fR \fI\,demote\/\fR Demote replica to a hub or consumer .TP \fBdsconf replication\fR \fI\,get\/\fR Display the replication configuration .TP \fBdsconf replication\fR \fI\,set\-changelog\/\fR Set replication changelog attributes .TP \fBdsconf replication\fR \fI\,get\-changelog\/\fR Display replication changelog attributes .TP \fBdsconf replication\fR \fI\,export\-changelog\/\fR Export the Directory Server replication changelog to an LDIF file .TP \fBdsconf replication\fR \fI\,import\-changelog\/\fR Restore/import Directory Server replication change log from an LDIF file. This is typically used when managing changelog encryption .TP \fBdsconf replication\fR \fI\,set\/\fR Set an attribute in the replication configuration .TP \fBdsconf replication\fR \fI\,monitor\/\fR Display the full replication topology report .SH COMMAND \fI\,'dsconf replication enable'\/\fR usage: dsconf [\-v] [\-j] instance replication enable [\-h] \-\-suffix SUFFIX \-\-role ROLE [\-\-replica\-id REPLICA_ID] [\-\-bind\-group\-dn BIND_GROUP_DN] [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] .SH OPTIONS \fI\,'dsconf replication enable'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the suffix to be enabled for replication .TP \fB\-\-role\fR \fI\,ROLE\/\fR Sets the replication role: "supplier", "hub", or "consumer" .TP \fB\-\-replica\-id\fR \fI\,REPLICA_ID\/\fR Sets the replication identifier for a "supplier". Values range from 1 \- 65534 .TP \fB\-\-bind\-group\-dn\fR \fI\,BIND_GROUP_DN\/\fR Sets a group entry DN containing members that are "bind/supplier" DNs .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the bind or supplier DN that can make replication updates .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the password for replication manager (\-\-bind\-dn). This will create the manager entry if a value is set .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for password .SH COMMAND \fI\,'dsconf replication disable'\/\fR usage: dsconf [\-v] [\-j] instance replication disable [\-h] \-\-suffix SUFFIX .SH OPTIONS \fI\,'dsconf replication disable'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the suffix to have replication disabled .SH COMMAND \fI\,'dsconf replication get\-ruv'\/\fR usage: dsconf [\-v] [\-j] instance replication get\-ruv [\-h] \-\-suffix SUFFIX .SH OPTIONS \fI\,'dsconf replication get\-ruv'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replicated suffix .SH COMMAND \fI\,'dsconf replication list'\/\fR usage: dsconf [\-v] [\-j] instance replication list [\-h] .SH COMMAND \fI\,'dsconf replication status'\/\fR usage: dsconf [\-v] [\-j] instance replication status [\-h] \-\-suffix SUFFIX [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] .SH OPTIONS \fI\,'dsconf replication status'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the DN to use to authenticate to the consumer. If not set, current instance's root DN will be used. It will be used for all agreements .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the password for the bind DN. It will be used for all agreements .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password. It will be used for all agreements .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for passwords for each agreement's instance separately .SH COMMAND \fI\,'dsconf replication winsync\-status'\/\fR usage: dsconf instance [\-v] [\-j] replication winsync\-status [\-h] \-\-suffix SUFFIX [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] .SH OPTIONS \fI\,'dsconf replication winsync\-status'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the DN to use to authenticate to the consumer. Currectly not used .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the password of the bind DN. Currectly not used .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password. Currectly not used .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for password. Currectly not used .SH COMMAND \fI\,'dsconf replication promote'\/\fR usage: dsconf [\-v] [\-j] instance replication promote [\-h] \-\-suffix SUFFIX \-\-newrole NEWROLE [\-\-replica\-id REPLICA_ID] [\-\-bind\-group\-dn BIND_GROUP_DN] [\-\-bind\-dn BIND_DN] .SH OPTIONS \fI\,'dsconf replication promote'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix to promote .TP \fB\-\-newrole\fR \fI\,NEWROLE\/\fR Sets the new replica role to "hub" or "supplier" .TP \fB\-\-replica\-id\fR \fI\,REPLICA_ID\/\fR Sets the replication identifier for a "supplier". Values range from 1 \- 65534 .TP \fB\-\-bind\-group\-dn\fR \fI\,BIND_GROUP_DN\/\fR Sets a group entry DN containing members that are "bind/supplier" DNs .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the bind or supplier DN that can make replication updates .SH COMMAND \fI\,'dsconf replication create\-manager'\/\fR usage: dsconf [\-v] [\-j] instance replication create\-manager [\-h] [\-\-name NAME] [\-\-passwd PASSWD] [\-\-passwd\-file PASSWD_FILE] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-suffix SUFFIX] .SH OPTIONS \fI\,'dsconf replication create\-manager'\/\fR .TP \fB\-\-name\fR \fI\,NAME\/\fR Sets the name of the new replication manager entry.For example, if the name is "replication manager" then the new manager entry's DN would be "cn=replication manager,cn=config". .TP \fB\-\-passwd\fR \fI\,PASSWD\/\fR Sets the password for replication manager. If not provided, you will be prompted for the password .TP \fB\-\-passwd\-file\fR \fI\,PASSWD_FILE\/\fR File containing the password for back compatibility .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR The DN of the replication suffix whose replication configuration you want to add this new manager to (OPTIONAL) .SH COMMAND \fI\,'dsconf replication delete\-manager'\/\fR usage: dsconf [\-v] [\-j] instance replication delete\-manager [\-h] [\-\-name NAME] [\-\-suffix SUFFIX] .SH OPTIONS \fI\,'dsconf replication delete\-manager'\/\fR .TP \fB\-\-name\fR \fI\,NAME\/\fR Sets the name of the replication manager entry under cn=config: "cn=NAME,cn=config" .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix whose replication configuration you want to remove this manager from (OPTIONAL) .SH COMMAND \fI\,'dsconf replication demote'\/\fR usage: dsconf [\-v] [\-j] instance replication demote [\-h] \-\-suffix SUFFIX \-\-newrole NEWROLE .SH OPTIONS \fI\,'dsconf replication demote'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-newrole\fR \fI\,NEWROLE\/\fR Sets the new replication role to "hub", or "consumer" .SH COMMAND \fI\,'dsconf replication get'\/\fR usage: dsconf [\-v] [\-j] instance replication get [\-h] \-\-suffix SUFFIX .SH OPTIONS \fI\,'dsconf replication get'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the suffix DN for the replication configuration to display .SH COMMAND \fI\,'dsconf replication set\-changelog'\/\fR usage: dsconf [\-v] [\-j] instance replication set\-changelog [\-h] \-\-suffix SUFFIX [\-\-max\-entries MAX_ENTRIES] [\-\-max\-age MAX_AGE] [\-\-trim\-interval TRIM_INTERVAL] [\-\-encrypt] [\-\-disable\-encrypt] .SH OPTIONS \fI\,'dsconf replication set\-changelog'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the suffix that uses the changelog .TP \fB\-\-max\-entries\fR \fI\,MAX_ENTRIES\/\fR Sets the maximum number of entries to get in the replication changelog .TP \fB\-\-max\-age\fR \fI\,MAX_AGE\/\fR Set the maximum age of a replication changelog entry .TP \fB\-\-trim\-interval\fR \fI\,TRIM_INTERVAL\/\fR Sets the interval to check if the replication changelog can be trimmed .TP \fB\-\-encrypt\fR Sets the replication changelog to use encryption. You must export and import the changelog after setting this. .TP \fB\-\-disable\-encrypt\fR Sets the replication changelog to not use encryption. You must export and import the changelog after setting this. .SH COMMAND \fI\,'dsconf replication get\-changelog'\/\fR usage: dsconf [\-v] [\-j] instance replication get\-changelog [\-h] \-\-suffix SUFFIX .SH OPTIONS \fI\,'dsconf replication get\-changelog'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the suffix that uses the changelog .SH COMMAND \fI\,'dsconf replication export\-changelog'\/\fR usage: dsconf [\-v] [\-j] instance replication export\-changelog [\-h] {to\-ldif,default} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf replication export\-changelog'\/\fR .TP \fBdsconf replication export\-changelog\fR \fI\,to\-ldif\/\fR Sets the LDIF file name. This is typically used for setting up changelog encryption .TP \fBdsconf replication export\-changelog\fR \fI\,default\/\fR Export the replication changelog to the server's default LDIF directory .SH COMMAND \fI\,'dsconf replication export\-changelog to\-ldif'\/\fR usage: dsconf instance [\-v] [\-j] replication export\-changelog to\-ldif [\-h] [\-c] [\-d] [\-l] [\-i CHANGELOG_LDIF] \-o OUTPUT_FILE \-r REPLICA_ROOT .SH OPTIONS \fI\,'dsconf replication export\-changelog to\-ldif'\/\fR .TP \fB\-c\fR, \fB\-\-csn\-only\fR Enables to export and interpret CSN only. This option can be used with or without \-i option. The LDIF file that is generated can not be imported and is only used for debugging purposes. .TP \fB\-d\fR, \fB\-\-decode\fR Decodes the base64 values in each changelog entry. The LDIF file that is generated can not be imported and is only used for debugging purposes. .TP \fB\-l\fR, \fB\-\-preserve\-ldif\-done\fR Preserves generated LDIF "files.done" files in changelog directory. .TP \fB\-i\fR \fI\,CHANGELOG_LDIF\/\fR, \fB\-\-changelog\-ldif\fR \fI\,CHANGELOG_LDIF\/\fR Decodes changes in an LDIF file. Use this option if you already have a changelog LDIF file, but the changes in that file are encoded. .TP \fB\-o\fR \fI\,OUTPUT_FILE\/\fR, \fB\-\-output\-file\fR \fI\,OUTPUT_FILE\/\fR Sets the path name for the final result .TP \fB\-r\fR \fI\,REPLICA_ROOT\/\fR, \fB\-\-replica\-root\fR \fI\,REPLICA_ROOT\/\fR Specifies the replica root whose changelog you want to export .SH COMMAND \fI\,'dsconf replication export\-changelog default'\/\fR usage: dsconf [\-v] [\-j] instance replication export\-changelog default [\-h] \-r REPLICA_ROOT .SH OPTIONS \fI\,'dsconf replication export\-changelog default'\/\fR .TP \fB\-r\fR \fI\,REPLICA_ROOT\/\fR, \fB\-\-replica\-root\fR \fI\,REPLICA_ROOT\/\fR Specifies the replica root whose changelog you want to export .SH COMMAND \fI\,'dsconf replication import\-changelog'\/\fR usage: dsconf instance [\-v] [\-j] replication import\-changelog [\-h] {from\-ldif,default} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf replication import\-changelog'\/\fR .TP \fBdsconf replication import\-changelog\fR \fI\,from\-ldif\/\fR Restore/import a specific single LDIF file .TP \fBdsconf replication import\-changelog\fR \fI\,default\/\fR Import the default changelog LDIF file created by the server .SH COMMAND \fI\,'dsconf replication import\-changelog from\-ldif'\/\fR usage: dsconf [\-v] [\-j] instance replication import\-changelog from\-ldif [\-h] \-r REPLICA_ROOT LDIF_PATH .TP \fBLDIF_PATH\fR The path of the changelog LDIF file .SH OPTIONS \fI\,'dsconf replication import\-changelog from\-ldif'\/\fR .TP \fB\-r\fR \fI\,REPLICA_ROOT\/\fR, \fB\-\-replica\-root\fR \fI\,REPLICA_ROOT\/\fR Specifies the replica root whose changelog you want to import .SH COMMAND \fI\,'dsconf replication import\-changelog default'\/\fR usage: dsconf instance [\-v] [\-j] replication import\-changelog default [\-h] \-r REPLICA_ROOT .SH OPTIONS \fI\,'dsconf replication import\-changelog default'\/\fR .TP \fB\-r\fR \fI\,REPLICA_ROOT\/\fR, \fB\-\-replica\-root\fR \fI\,REPLICA_ROOT\/\fR Specifies the replica root whose changelog you want to import .SH COMMAND \fI\,'dsconf replication set'\/\fR usage: dsconf [\-v] [\-j] instance replication set [\-h] \-\-suffix SUFFIX [\-\-repl\-add\-bind\-dn REPL_ADD_BIND_DN] [\-\-repl\-del\-bind\-dn REPL_DEL_BIND_DN] [\-\-repl\-add\-ref REPL_ADD_REF] [\-\-repl\-del\-ref REPL_DEL_REF] [\-\-repl\-purge\-delay REPL_PURGE_DELAY] [\-\-repl\-tombstone\-purge\-interval REPL_TOMBSTONE_PURGE_INTERVAL] [\-\-repl\-fast\-tombstone\-purging REPL_FAST_TOMBSTONE_PURGING] [\-\-repl\-bind\-group REPL_BIND_GROUP] [\-\-repl\-bind\-group\-interval REPL_BIND_GROUP_INTERVAL] [\-\-repl\-protocol\-timeout REPL_PROTOCOL_TIMEOUT] [\-\-repl\-backoff\-max REPL_BACKOFF_MAX] [\-\-repl\-backoff\-min REPL_BACKOFF_MIN] [\-\-repl\-release\-timeout REPL_RELEASE_TIMEOUT] [\-\-repl\-keepalive\-update\-interval REPL_KEEPALIVE_UPDATE_INTERVAL] .SH OPTIONS \fI\,'dsconf replication set'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-repl\-add\-bind\-dn\fR \fI\,REPL_ADD_BIND_DN\/\fR Adds a bind (supplier) DN .TP \fB\-\-repl\-del\-bind\-dn\fR \fI\,REPL_DEL_BIND_DN\/\fR Removes a bind (supplier) DN .TP \fB\-\-repl\-add\-ref\fR \fI\,REPL_ADD_REF\/\fR Adds a replication referral (for consumers only) .TP \fB\-\-repl\-del\-ref\fR \fI\,REPL_DEL_REF\/\fR Removes a replication referral (for conusmers only) .TP \fB\-\-repl\-purge\-delay\fR \fI\,REPL_PURGE_DELAY\/\fR Sets the replication purge delay .TP \fB\-\-repl\-tombstone\-purge\-interval\fR \fI\,REPL_TOMBSTONE_PURGE_INTERVAL\/\fR Sets the interval in seconds to check for tombstones that can be purged .TP \fB\-\-repl\-fast\-tombstone\-purging\fR \fI\,REPL_FAST_TOMBSTONE_PURGING\/\fR Enables or disables improving the tombstone purging performance .TP \fB\-\-repl\-bind\-group\fR \fI\,REPL_BIND_GROUP\/\fR Sets a group entry DN containing members that are "bind/supplier" DNs .TP \fB\-\-repl\-bind\-group\-interval\fR \fI\,REPL_BIND_GROUP_INTERVAL\/\fR Sets an interval in seconds to check if the bind group has been updated .TP \fB\-\-repl\-protocol\-timeout\fR \fI\,REPL_PROTOCOL_TIMEOUT\/\fR Sets a timeout in seconds on how long to wait before stopping replication when the server is under load .TP \fB\-\-repl\-backoff\-max\fR \fI\,REPL_BACKOFF_MAX\/\fR The maximum time in seconds a replication agreement should stay in a backoff state while waiting to acquire the consumer. Default is 300 seconds .TP \fB\-\-repl\-backoff\-min\fR \fI\,REPL_BACKOFF_MIN\/\fR The starting time in seconds a replication agreement should stay in a backoff state while waiting to acquire the consumer. Default is 3 seconds .TP \fB\-\-repl\-release\-timeout\fR \fI\,REPL_RELEASE_TIMEOUT\/\fR A timeout in seconds a replication supplier should send updates before it yields its replication session .TP \fB\-\-repl\-keepalive\-update\-interval\fR \fI\,REPL_KEEPALIVE_UPDATE_INTERVAL\/\fR Interval in seconds for how often the server will apply an internal update to keep the RUV from getting stale. The default is 1 hour (3600 seconds) .SH COMMAND \fI\,'dsconf replication monitor'\/\fR usage: dsconf [\-v] [\-j] instance replication monitor [\-h] [\-c [CONNECTIONS ...]] [\-a [ALIASES ...]] .SH OPTIONS \fI\,'dsconf replication monitor'\/\fR .TP \fB\-c\fR \fI\,[CONNECTIONS ...]\/\fR, \fB\-\-connections\fR \fI\,[CONNECTIONS ...]\/\fR Sets the connection values for monitoring other not connected topologies. The format: 'host:port:binddn:bindpwd'. You can use regex for host and port. You can set bindpwd to * and it will be requested at the runtime or you can include the path to the password file in square brackets \- [~/pwd.txt] .TP \fB\-a\fR \fI\,[ALIASES ...]\/\fR, \fB\-\-aliases\fR \fI\,[ALIASES ...]\/\fR Enables displaying an alias instead of host:port, if an alias is assigned to a host:port combination. The format: alias=host:port .SH COMMAND \fI\,'dsconf repl\-agmt'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt [\-h] {list,enable,disable,init,init\-status,poke,status,delete,create,set,get} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf repl\-agmt'\/\fR .TP \fBdsconf repl\-agmt\fR \fI\,list\/\fR List all replication agreements .TP \fBdsconf repl\-agmt\fR \fI\,enable\/\fR Enable replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,disable\/\fR Disable replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,init\/\fR Initialize replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,init\-status\/\fR Check the agreement initialization status .TP \fBdsconf repl\-agmt\fR \fI\,poke\/\fR Trigger replication to send updates now .TP \fBdsconf repl\-agmt\fR \fI\,status\/\fR Displays the current status of the replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,delete\/\fR Delete replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,create\/\fR Initialize replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,set\/\fR Set an attribute in the replication agreement .TP \fBdsconf repl\-agmt\fR \fI\,get\/\fR Get replication configuration .SH COMMAND \fI\,'dsconf repl\-agmt list'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt list [\-h] \-\-suffix SUFFIX [\-\-entry ENTRY] .SH OPTIONS \fI\,'dsconf repl\-agmt list'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the suffix to look up replication agreements for .TP \fB\-\-entry\fR \fI\,ENTRY\/\fR Returns the entire entry for each agreement .SH COMMAND \fI\,'dsconf repl\-agmt enable'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt enable [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt enable'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-agmt disable'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt disable [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt disable'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-agmt init'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt init [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt init'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-agmt init\-status'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt init\-status [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt init\-status'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-agmt poke'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt poke [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt poke'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-agmt status'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt status [\-h] \-\-suffix SUFFIX [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt status'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the DN to use to authenticate to the consumer. If not set, current instance's root DN will be used. It will be used for all agreements .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the password for the bind DN. It will be used for all agreements .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password. It will be used for all agreements .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for passwords for each agreement's instance separately .SH COMMAND \fI\,'dsconf repl\-agmt delete'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt delete [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt delete'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-agmt create'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt create [\-h] \-\-suffix SUFFIX \-\-host HOST \-\-port PORT \-\-conn\-protocol CONN_PROTOCOL [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] \-\-bind\-method BIND_METHOD [\-\-frac\-list FRAC_LIST] [\-\-frac\-list\-total FRAC_LIST_TOTAL] [\-\-strip\-list STRIP_LIST] [\-\-schedule SCHEDULE] [\-\-conn\-timeout CONN_TIMEOUT] [\-\-protocol\-timeout PROTOCOL_TIMEOUT] [\-\-wait\-async\-results WAIT_ASYNC_RESULTS] [\-\-busy\-wait\-time BUSY_WAIT_TIME] [\-\-session\-pause\-time SESSION_PAUSE_TIME] [\-\-flow\-control\-window FLOW_CONTROL_WINDOW] [\-\-flow\-control\-pause FLOW_CONTROL_PAUSE] [\-\-bootstrap\-bind\-dn BOOTSTRAP_BIND_DN] [\-\-bootstrap\-bind\-passwd BOOTSTRAP_BIND_PASSWD] [\-\-bootstrap\-bind\-passwd\-file BOOTSTRAP_BIND_PASSWD_FILE] [\-\-bootstrap\-bind\-passwd\-prompt] [\-\-bootstrap\-conn\-protocol BOOTSTRAP_CONN_PROTOCOL] [\-\-bootstrap\-bind\-method BOOTSTRAP_BIND_METHOD] [\-\-init] AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt create'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-host\fR \fI\,HOST\/\fR Sets the hostname of the remote replica .TP \fB\-\-port\fR \fI\,PORT\/\fR Sets the port number of the remote replica .TP \fB\-\-conn\-protocol\fR \fI\,CONN_PROTOCOL\/\fR Sets the replication connection protocol: LDAP, LDAPS, or StartTLS .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the bind DN the agreement uses to authenticate to the replica .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the credentials for the bind DN .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for password .TP \fB\-\-bind\-method\fR \fI\,BIND_METHOD\/\fR Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI" .TP \fB\-\-frac\-list\fR \fI\,FRAC_LIST\/\fR Sets the list of attributes to NOT replicate to the consumer during incremental updates .TP \fB\-\-frac\-list\-total\fR \fI\,FRAC_LIST_TOTAL\/\fR Sets the list of attributes to NOT replicate during a total initialization .TP \fB\-\-strip\-list\fR \fI\,STRIP_LIST\/\fR Sets a list of attributes that are removed from updates only if the event would otherwise be empty. Typically this is set to "modifiersname" and "modifytimestmap" .TP \fB\-\-schedule\fR \fI\,SCHEDULE\/\fR Sets the replication update schedule: 'HHMM\-HHMM DDDDDDD' D = 0\-6 (Sunday \- Saturday). .TP \fB\-\-conn\-timeout\fR \fI\,CONN_TIMEOUT\/\fR Sets the timeout used for replication connections .TP \fB\-\-protocol\-timeout\fR \fI\,PROTOCOL_TIMEOUT\/\fR Sets a timeout in seconds on how long to wait before stopping replication when the server is under load .TP \fB\-\-wait\-async\-results\fR \fI\,WAIT_ASYNC_RESULTS\/\fR Sets the amount of time in milliseconds the server waits if the consumer is not ready before resending data .TP \fB\-\-busy\-wait\-time\fR \fI\,BUSY_WAIT_TIME\/\fR Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. .TP \fB\-\-session\-pause\-time\fR \fI\,SESSION_PAUSE_TIME\/\fR Sets the amount of time in seconds a supplier should wait between update sessions. .TP \fB\-\-flow\-control\-window\fR \fI\,FLOW_CONTROL_WINDOW\/\fR Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by the consumer. .TP \fB\-\-flow\-control\-pause\fR \fI\,FLOW_CONTROL_PAUSE\/\fR Sets the time in milliseconds to pause after reaching the number of entries and updates set in "\-\-flow\-control\-window" .TP \fB\-\-bootstrap\-bind\-dn\fR \fI\,BOOTSTRAP_BIND_DN\/\fR Sets an optional bind DN the agreement can use to bootstrap initialization when bind groups are being used .TP \fB\-\-bootstrap\-bind\-passwd\fR \fI\,BOOTSTRAP_BIND_PASSWD\/\fR Sets the bootstrap credentials for the bind DN .TP \fB\-\-bootstrap\-bind\-passwd\-file\fR \fI\,BOOTSTRAP_BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bootstrap\-bind\-passwd\-prompt\fR File containing the password .TP \fB\-\-bootstrap\-conn\-protocol\fR \fI\,BOOTSTRAP_CONN_PROTOCOL\/\fR Sets the replication bootstrap connection protocol: LDAP, LDAPS, or StartTLS .TP \fB\-\-bootstrap\-bind\-method\fR \fI\,BOOTSTRAP_BIND_METHOD\/\fR Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH" .TP \fB\-\-init\fR Initializes the agreement after creating it .SH COMMAND \fI\,'dsconf repl\-agmt set'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt set [\-h] \-\-suffix SUFFIX [\-\-host HOST] [\-\-port PORT] [\-\-conn\-protocol CONN_PROTOCOL] [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] [\-\-bind\-method BIND_METHOD] [\-\-frac\-list FRAC_LIST] [\-\-frac\-list\-total FRAC_LIST_TOTAL] [\-\-strip\-list STRIP_LIST] [\-\-schedule SCHEDULE] [\-\-conn\-timeout CONN_TIMEOUT] [\-\-protocol\-timeout PROTOCOL_TIMEOUT] [\-\-wait\-async\-results WAIT_ASYNC_RESULTS] [\-\-busy\-wait\-time BUSY_WAIT_TIME] [\-\-session\-pause\-time SESSION_PAUSE_TIME] [\-\-flow\-control\-window FLOW_CONTROL_WINDOW] [\-\-flow\-control\-pause FLOW_CONTROL_PAUSE] [\-\-bootstrap\-bind\-dn BOOTSTRAP_BIND_DN] [\-\-bootstrap\-bind\-passwd BOOTSTRAP_BIND_PASSWD] [\-\-bootstrap\-bind\-passwd\-file BOOTSTRAP_BIND_PASSWD_FILE] [\-\-bootstrap\-bind\-passwd\-prompt] [\-\-bootstrap\-conn\-protocol BOOTSTRAP_CONN_PROTOCOL] [\-\-bootstrap\-bind\-method BOOTSTRAP_BIND_METHOD] AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-agmt set'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .TP \fB\-\-host\fR \fI\,HOST\/\fR Sets the hostname of the remote replica .TP \fB\-\-port\fR \fI\,PORT\/\fR Sets the port number of the remote replica .TP \fB\-\-conn\-protocol\fR \fI\,CONN_PROTOCOL\/\fR Sets the replication connection protocol: LDAP, LDAPS, or StartTLS .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the Bind DN the agreement uses to authenticate to the replica .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the credentials for the bind DN .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for password .TP \fB\-\-bind\-method\fR \fI\,BIND_METHOD\/\fR Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI" .TP \fB\-\-frac\-list\fR \fI\,FRAC_LIST\/\fR Sets a list of attributes to NOT replicate to the consumer during incremental updates .TP \fB\-\-frac\-list\-total\fR \fI\,FRAC_LIST_TOTAL\/\fR Sets a list of attributes to NOT replicate during a total initialization .TP \fB\-\-strip\-list\fR \fI\,STRIP_LIST\/\fR Sets a list of attributes that are removed from updates only if the event would otherwise be empty. Typically this is set to "modifiersname" and "modifytimestmap" .TP \fB\-\-schedule\fR \fI\,SCHEDULE\/\fR Sets the replication update schedule: 'HHMM\-HHMM DDDDDDD' D = 0\-6 (Sunday \- Saturday). .TP \fB\-\-conn\-timeout\fR \fI\,CONN_TIMEOUT\/\fR Sets the timeout used for replication connections .TP \fB\-\-protocol\-timeout\fR \fI\,PROTOCOL_TIMEOUT\/\fR Sets a timeout in seconds on how long to wait before stopping replication when the server is under load .TP \fB\-\-wait\-async\-results\fR \fI\,WAIT_ASYNC_RESULTS\/\fR Sets the amount of time in milliseconds the server waits if the consumer is not ready before resending data .TP \fB\-\-busy\-wait\-time\fR \fI\,BUSY_WAIT_TIME\/\fR Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. .TP \fB\-\-session\-pause\-time\fR \fI\,SESSION_PAUSE_TIME\/\fR Sets the amount of time in seconds a supplier should wait between update sessions. .TP \fB\-\-flow\-control\-window\fR \fI\,FLOW_CONTROL_WINDOW\/\fR Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by the consumer. .TP \fB\-\-flow\-control\-pause\fR \fI\,FLOW_CONTROL_PAUSE\/\fR Sets the time in milliseconds to pause after reaching the number of entries and updates set in "\-\-flow\-control\-window" .TP \fB\-\-bootstrap\-bind\-dn\fR \fI\,BOOTSTRAP_BIND_DN\/\fR Sets an optional bind DN the agreement can use to bootstrap initialization when bind groups are being used .TP \fB\-\-bootstrap\-bind\-passwd\fR \fI\,BOOTSTRAP_BIND_PASSWD\/\fR sets the bootstrap credentials for the bind DN .TP \fB\-\-bootstrap\-bind\-passwd\-file\fR \fI\,BOOTSTRAP_BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bootstrap\-bind\-passwd\-prompt\fR Prompt for password .TP \fB\-\-bootstrap\-conn\-protocol\fR \fI\,BOOTSTRAP_CONN_PROTOCOL\/\fR Sets the replication bootstrap connection protocol: LDAP, LDAPS, or StartTLS .TP \fB\-\-bootstrap\-bind\-method\fR \fI\,BOOTSTRAP_BIND_METHOD\/\fR Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH" .SH COMMAND \fI\,'dsconf repl\-agmt get'\/\fR usage: dsconf [\-v] [\-j] instance repl\-agmt get [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The suffix DN for which to display the replication configuration .SH OPTIONS \fI\,'dsconf repl\-agmt get'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt [\-h] {list,enable,disable,init,init\-status,poke,status,delete,create,set,get} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf repl\-winsync\-agmt'\/\fR .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,list\/\fR List all the replication winsync agreements .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,enable\/\fR Enable replication winsync agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,disable\/\fR Disable replication winsync agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,init\/\fR Initialize replication winsync agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,init\-status\/\fR Check the agreement initialization status .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,poke\/\fR Trigger replication to send updates now .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,status\/\fR Display the current status of the replication agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,delete\/\fR Delete replication winsync agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,create\/\fR Initialize replication winsync agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,set\/\fR Set an attribute in the replication winsync agreement .TP \fBdsconf repl\-winsync\-agmt\fR \fI\,get\/\fR Display replication configuration .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt list'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt list [\-h] \-\-suffix SUFFIX .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt list'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the suffix to look up replication winsync agreements .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt enable'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt enable [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt enable'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt disable'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt disable [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt disable'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt init'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt init [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt init'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt init\-status'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt init\-status [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt init\-status'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt poke'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt poke [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt poke'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt status'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt status [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt status'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt delete'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt delete [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt delete'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt create'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt create [\-h] \-\-suffix SUFFIX \-\-host HOST \-\-port PORT \-\-conn\-protocol CONN_PROTOCOL \-\-bind\-dn BIND_DN [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] [\-\-frac\-list FRAC_LIST] [\-\-schedule SCHEDULE] \-\-win\-subtree WIN_SUBTREE \-\-ds\-subtree DS_SUBTREE \-\-win\-domain WIN_DOMAIN [\-\-sync\-users SYNC_USERS] [\-\-sync\-groups SYNC_GROUPS] [\-\-sync\-interval SYNC_INTERVAL] [\-\-one\-way\-sync ONE_WAY_SYNC] [\-\-move\-action MOVE_ACTION] [\-\-win\-filter WIN_FILTER] [\-\-ds\-filter DS_FILTER] [\-\-subtree\-pair SUBTREE_PAIR] [\-\-conn\-timeout CONN_TIMEOUT] [\-\-busy\-wait\-time BUSY_WAIT_TIME] [\-\-session\-pause\-time SESSION_PAUSE_TIME] [\-\-flatten\-tree] [\-\-init] AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt create'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .TP \fB\-\-host\fR \fI\,HOST\/\fR Sets the hostname of the AD server .TP \fB\-\-port\fR \fI\,PORT\/\fR Sets the port number of the AD server .TP \fB\-\-conn\-protocol\fR \fI\,CONN_PROTOCOL\/\fR Sets the replication winsync connection protocol: LDAP, LDAPS, or StartTLS .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the bind DN the agreement uses to authenticate to the AD Server .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the credentials for the Bind DN .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for password .TP \fB\-\-frac\-list\fR \fI\,FRAC_LIST\/\fR Sets a list of attributes to NOT replicate to the consumer during incremental updates .TP \fB\-\-schedule\fR \fI\,SCHEDULE\/\fR Sets the replication update schedule .TP \fB\-\-win\-subtree\fR \fI\,WIN_SUBTREE\/\fR Sets the suffix of the AD Server .TP \fB\-\-ds\-subtree\fR \fI\,DS_SUBTREE\/\fR Sets the Directory Server suffix .TP \fB\-\-win\-domain\fR \fI\,WIN_DOMAIN\/\fR Sets the AD Domain .TP \fB\-\-sync\-users\fR \fI\,SYNC_USERS\/\fR Synchronizes users between AD and DS .TP \fB\-\-sync\-groups\fR \fI\,SYNC_GROUPS\/\fR Synchronizes groups between AD and DS .TP \fB\-\-sync\-interval\fR \fI\,SYNC_INTERVAL\/\fR Sets the interval that DS checks AD for changes in entries .TP \fB\-\-one\-way\-sync\fR \fI\,ONE_WAY_SYNC\/\fR Sets which direction to perform synchronization: "toWindows", or "fromWindows". By default sync occurs in both directions. .TP \fB\-\-move\-action\fR \fI\,MOVE_ACTION\/\fR Sets instructions on how to handle moved or deleted entries: "none", "unsync", or "delete" .TP \fB\-\-win\-filter\fR \fI\,WIN_FILTER\/\fR Sets a custom filter for finding users in AD Server .TP \fB\-\-ds\-filter\fR \fI\,DS_FILTER\/\fR Sets a custom filter for finding AD users in DS .TP \fB\-\-subtree\-pair\fR \fI\,SUBTREE_PAIR\/\fR Sets the subtree pair: : .TP \fB\-\-conn\-timeout\fR \fI\,CONN_TIMEOUT\/\fR Sets the timeout used for replicaton connections .TP \fB\-\-busy\-wait\-time\fR \fI\,BUSY_WAIT_TIME\/\fR Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access .TP \fB\-\-session\-pause\-time\fR \fI\,SESSION_PAUSE_TIME\/\fR Sets the amount of time in seconds a supplier should wait between update sessions .TP \fB\-\-flatten\-tree\fR By default, the tree structure of AD is preserved into 389. This MAY cause replication to fail in some cases, as you may need to create missing OU's to recreate the same treestructure. This setting when enabled, removes the tree structure of AD and flattens all entries into the ds\-subtree. This does NOT affect or change the tree structure of the AD directory. .TP \fB\-\-init\fR Initializes the agreement after creating it .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt set'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt set [\-h] [\-\-suffix SUFFIX] [\-\-host HOST] [\-\-port PORT] [\-\-conn\-protocol CONN_PROTOCOL] [\-\-bind\-dn BIND_DN] [\-\-bind\-passwd BIND_PASSWD] [\-\-bind\-passwd\-file BIND_PASSWD_FILE] [\-\-bind\-passwd\-prompt] [\-\-frac\-list FRAC_LIST] [\-\-schedule SCHEDULE] [\-\-win\-subtree WIN_SUBTREE] [\-\-ds\-subtree DS_SUBTREE] [\-\-win\-domain WIN_DOMAIN] [\-\-sync\-users SYNC_USERS] [\-\-sync\-groups SYNC_GROUPS] [\-\-sync\-interval SYNC_INTERVAL] [\-\-one\-way\-sync ONE_WAY_SYNC] [\-\-move\-action MOVE_ACTION] [\-\-win\-filter WIN_FILTER] [\-\-ds\-filter DS_FILTER] [\-\-subtree\-pair SUBTREE_PAIR] [\-\-conn\-timeout CONN_TIMEOUT] [\-\-busy\-wait\-time BUSY_WAIT_TIME] [\-\-session\-pause\-time SESSION_PAUSE_TIME] AGMT_NAME .TP \fBAGMT_NAME\fR The name of the replication winsync agreement .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt set'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication winsync suffix .TP \fB\-\-host\fR \fI\,HOST\/\fR Sets the hostname of the AD server .TP \fB\-\-port\fR \fI\,PORT\/\fR Sets the port number of the AD server .TP \fB\-\-conn\-protocol\fR \fI\,CONN_PROTOCOL\/\fR Sets the replication winsync connection protocol: LDAP, LDAPS, or StartTLS .TP \fB\-\-bind\-dn\fR \fI\,BIND_DN\/\fR Sets the bind DN the agreement uses to authenticate to the AD Server .TP \fB\-\-bind\-passwd\fR \fI\,BIND_PASSWD\/\fR Sets the credentials for the Bind DN .TP \fB\-\-bind\-passwd\-file\fR \fI\,BIND_PASSWD_FILE\/\fR File containing the password .TP \fB\-\-bind\-passwd\-prompt\fR Prompt for password .TP \fB\-\-frac\-list\fR \fI\,FRAC_LIST\/\fR Sets a list of attributes to NOT replicate to the consumer during incremental updates .TP \fB\-\-schedule\fR \fI\,SCHEDULE\/\fR Sets the replication update schedule .TP \fB\-\-win\-subtree\fR \fI\,WIN_SUBTREE\/\fR Sets the suffix of the AD Server .TP \fB\-\-ds\-subtree\fR \fI\,DS_SUBTREE\/\fR Sets the Directory Server suffix .TP \fB\-\-win\-domain\fR \fI\,WIN_DOMAIN\/\fR Sets the AD Domain .TP \fB\-\-sync\-users\fR \fI\,SYNC_USERS\/\fR Synchronizes users between AD and DS .TP \fB\-\-sync\-groups\fR \fI\,SYNC_GROUPS\/\fR Synchronizes groups between AD and DS .TP \fB\-\-sync\-interval\fR \fI\,SYNC_INTERVAL\/\fR Sets the interval that DS checks AD for changes in entries .TP \fB\-\-one\-way\-sync\fR \fI\,ONE_WAY_SYNC\/\fR Sets which direction to perform synchronization: "toWindows", or "fromWindows". By default sync occurs in both directions. .TP \fB\-\-move\-action\fR \fI\,MOVE_ACTION\/\fR Sets instructions on how to handle moved or deleted entries: "none", "unsync", or "delete" .TP \fB\-\-win\-filter\fR \fI\,WIN_FILTER\/\fR Sets a custom filter for finding users in AD Server .TP \fB\-\-ds\-filter\fR \fI\,DS_FILTER\/\fR Sets a custom filter for finding AD users in DS .TP \fB\-\-subtree\-pair\fR \fI\,SUBTREE_PAIR\/\fR Sets the subtree pair: : .TP \fB\-\-conn\-timeout\fR \fI\,CONN_TIMEOUT\/\fR Sets the timeout used for replicaton connections .TP \fB\-\-busy\-wait\-time\fR \fI\,BUSY_WAIT_TIME\/\fR Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access .TP \fB\-\-session\-pause\-time\fR \fI\,SESSION_PAUSE_TIME\/\fR Sets the amount of time in seconds a supplier should wait between update sessions .SH COMMAND \fI\,'dsconf repl\-winsync\-agmt get'\/\fR usage: dsconf [\-v] [\-j] instance repl\-winsync\-agmt get [\-h] \-\-suffix SUFFIX AGMT_NAME .TP \fBAGMT_NAME\fR The suffix DN for the replication configuration to display .SH OPTIONS \fI\,'dsconf repl\-winsync\-agmt get'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the DN of the replication suffix .SH COMMAND \fI\,'dsconf repl\-tasks'\/\fR usage: dsconf [\-v] [\-j] instance repl\-tasks [\-h] {cleanallruv,list\-cleanruv\-tasks,abort\-cleanallruv,list\-abortruv\-tasks} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf repl\-tasks'\/\fR .TP \fBdsconf repl\-tasks\fR \fI\,cleanallruv\/\fR Cleanup old/removed replica IDs .TP \fBdsconf repl\-tasks\fR \fI\,list\-cleanruv\-tasks\/\fR List all the running CleanAllRUV tasks .TP \fBdsconf repl\-tasks\fR \fI\,abort\-cleanallruv\/\fR Abort cleanallruv tasks .TP \fBdsconf repl\-tasks\fR \fI\,list\-abortruv\-tasks\/\fR List all the running CleanAllRUV abort tasks .SH COMMAND \fI\,'dsconf repl\-tasks cleanallruv'\/\fR usage: dsconf [\-v] [\-j] instance repl\-tasks cleanallruv [\-h] \-\-suffix SUFFIX \-\-replica\-id REPLICA_ID [\-\-force\-cleaning] .SH OPTIONS \fI\,'dsconf repl\-tasks cleanallruv'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the Directory Server suffix .TP \fB\-\-replica\-id\fR \fI\,REPLICA_ID\/\fR Sets the replica ID to remove/clean .TP \fB\-\-force\-cleaning\fR Ignores errors and make a best attempt to clean all replicas .SH COMMAND \fI\,'dsconf repl\-tasks list\-cleanruv\-tasks'\/\fR usage: dsconf [\-v] [\-j] instance repl\-tasks list\-cleanruv\-tasks [\-h] [\-\-suffix SUFFIX] .SH OPTIONS \fI\,'dsconf repl\-tasks list\-cleanruv\-tasks'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Lists only tasks for the specified suffix .SH COMMAND \fI\,'dsconf repl\-tasks abort\-cleanallruv'\/\fR usage: dsconf [\-v] [\-j] instance repl\-tasks abort\-cleanallruv [\-h] \-\-suffix SUFFIX \-\-replica\-id REPLICA_ID [\-\-certify] .SH OPTIONS \fI\,'dsconf repl\-tasks abort\-cleanallruv'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Sets the Directory Server suffix .TP \fB\-\-replica\-id\fR \fI\,REPLICA_ID\/\fR Sets the replica ID of the cleaning task to abort .TP \fB\-\-certify\fR Enforces that the abort task completed on all replicas .SH COMMAND \fI\,'dsconf repl\-tasks list\-abortruv\-tasks'\/\fR usage: dsconf [\-v] [\-j] instance repl\-tasks list\-abortruv\-tasks [\-h] [\-\-suffix SUFFIX] .SH OPTIONS \fI\,'dsconf repl\-tasks list\-abortruv\-tasks'\/\fR .TP \fB\-\-suffix\fR \fI\,SUFFIX\/\fR Lists only tasks for the specified suffix .SH COMMAND \fI\,'dsconf repl\-conflict'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict [\-h] {list,compare,delete,swap,convert,list\-glue,delete\-glue,convert\-glue} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf repl\-conflict'\/\fR .TP \fBdsconf repl\-conflict\fR \fI\,list\/\fR List conflict entries .TP \fBdsconf repl\-conflict\fR \fI\,compare\/\fR Compare the conflict entry with its valid counterpart .TP \fBdsconf repl\-conflict\fR \fI\,delete\/\fR Delete a conflict entry .TP \fBdsconf repl\-conflict\fR \fI\,swap\/\fR Replace the valid entry with the conflict entry .TP \fBdsconf repl\-conflict\fR \fI\,convert\/\fR Convert the conflict entry to a valid entry, while keeping the original valid entry counterpart. This requires that the converted conflict entry have a new RDN value. For example: "cn=my_new_rdn_value". .TP \fBdsconf repl\-conflict\fR \fI\,list\-glue\/\fR List replication glue entries .TP \fBdsconf repl\-conflict\fR \fI\,delete\-glue\/\fR Delete the glue entry and its child entries .TP \fBdsconf repl\-conflict\fR \fI\,convert\-glue\/\fR Convert the glue entry into a regular entry .SH COMMAND \fI\,'dsconf repl\-conflict list'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict list [\-h] suffix .TP \fBsuffix\fR Sets the backend name, or suffix, to look for conflict entries .SH COMMAND \fI\,'dsconf repl\-conflict compare'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict compare [\-h] DN .TP \fBDN\fR The DN of the conflict entry .SH COMMAND \fI\,'dsconf repl\-conflict delete'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict delete [\-h] DN .TP \fBDN\fR The DN of the conflict entry .SH COMMAND \fI\,'dsconf repl\-conflict swap'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict swap [\-h] DN .TP \fBDN\fR The DN of the conflict entry .SH COMMAND \fI\,'dsconf repl\-conflict convert'\/\fR usage: dsconf instance [\-v] [\-j] repl\-conflict convert [\-h] \-\-new\-rdn NEW_RDN DN .TP \fBDN\fR The DN of the conflict entry .SH OPTIONS \fI\,'dsconf repl\-conflict convert'\/\fR .TP \fB\-\-new\-rdn\fR \fI\,NEW_RDN\/\fR Sets the new RDN for the converted conflict entry. For example: "cn=my_new_rdn_value" .SH COMMAND \fI\,'dsconf repl\-conflict list\-glue'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict list\-glue [\-h] suffix .TP \fBsuffix\fR The backend name, or suffix, to look for glue entries .SH COMMAND \fI\,'dsconf repl\-conflict delete\-glue'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict delete\-glue [\-h] DN .TP \fBDN\fR The DN of the glue entry .SH COMMAND \fI\,'dsconf repl\-conflict convert\-glue'\/\fR usage: dsconf [\-v] [\-j] instance repl\-conflict convert\-glue [\-h] DN .TP \fBDN\fR The DN of the glue entry .SH COMMAND \fI\,'dsconf sasl'\/\fR usage: dsconf [\-v] [\-j] instance sasl [\-h] {list,get\-mechs,get\-available\-mechs,get,create,delete} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf sasl'\/\fR .TP \fBdsconf sasl\fR \fI\,list\/\fR Display available SASL mappings .TP \fBdsconf sasl\fR \fI\,get\-mechs\/\fR Display the SASL mechanisms that the server will accept .TP \fBdsconf sasl\fR \fI\,get\-available\-mechs\/\fR Display the SASL mechanisms that are available to the server .TP \fBdsconf sasl\fR \fI\,get\/\fR Displays SASL mappings .TP \fBdsconf sasl\fR \fI\,create\/\fR Create a SASL mapping .TP \fBdsconf sasl\fR \fI\,delete\/\fR Deletes the SASL object .SH COMMAND \fI\,'dsconf sasl list'\/\fR usage: dsconf [\-v] [\-j] instance sasl list [\-h] [\-\-details] .SH OPTIONS \fI\,'dsconf sasl list'\/\fR .TP \fB\-\-details\fR Displays each SASL mapping in detail .SH COMMAND \fI\,'dsconf sasl get\-mechs'\/\fR usage: dsconf [\-v] [\-j] instance sasl get\-mechs [\-h] .SH COMMAND \fI\,'dsconf sasl get\-available\-mechs'\/\fR usage: dsconf [\-v] [\-j] instance sasl get\-available\-mechs [\-h] .SH COMMAND \fI\,'dsconf sasl get'\/\fR usage: dsconf [\-v] [\-j] instance sasl get [\-h] [selector] .TP \fBselector\fR The SASL mapping name to display .SH COMMAND \fI\,'dsconf sasl create'\/\fR usage: dsconf [\-v] [\-j] instance sasl create [\-h] [\-\-cn [CN]] [\-\-nsSaslMapRegexString [NSSASLMAPREGEXSTRING]] [\-\-nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]] [\-\-nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]] [\-\-nsSaslMapPriority [NSSASLMAPPRIORITY]] .SH OPTIONS \fI\,'dsconf sasl create'\/\fR .TP \fB\-\-cn\fR \fI\,[CN]\/\fR Value of cn .TP \fB\-\-nsSaslMapRegexString\fR \fI\,[NSSASLMAPREGEXSTRING]\/\fR Value of nsSaslMapRegexString .TP \fB\-\-nsSaslMapBaseDNTemplate\fR \fI\,[NSSASLMAPBASEDNTEMPLATE]\/\fR Value of nsSaslMapBaseDNTemplate .TP \fB\-\-nsSaslMapFilterTemplate\fR \fI\,[NSSASLMAPFILTERTEMPLATE]\/\fR Value of nsSaslMapFilterTemplate .TP \fB\-\-nsSaslMapPriority\fR \fI\,[NSSASLMAPPRIORITY]\/\fR Value of nsSaslMapPriority .SH COMMAND \fI\,'dsconf sasl delete'\/\fR usage: dsconf [\-v] [\-j] instance sasl delete [\-h] map_name .TP \fBmap_name\fR The SASL mapping name ("cn" value) .SH COMMAND \fI\,'dsconf security'\/\fR usage: dsconf [\-v] [\-j] instance security [\-h] {set,get,enable,disable,disable_plain_port,certificate,ca\-certificate,rsa,ciphers,csr,key,export\-cert} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security'\/\fR .TP \fBdsconf security\fR \fI\,set\/\fR Set general security options .TP \fBdsconf security\fR \fI\,get\/\fR Display general security options .TP \fBdsconf security\fR \fI\,enable\/\fR Enable security .TP \fBdsconf security\fR \fI\,disable\/\fR Disable security .TP \fBdsconf security\fR \fI\,disable_plain_port\/\fR Disables the plain text LDAP port, allowing only LDAPS to function .TP \fBdsconf security\fR \fI\,certificate\/\fR Manage TLS certificates .TP \fBdsconf security\fR \fI\,ca\-certificate\/\fR Manage TLS certificate authorities .TP \fBdsconf security\fR \fI\,rsa\/\fR Query and update RSA security options .TP \fBdsconf security\fR \fI\,ciphers\/\fR Manage secure ciphers .TP \fBdsconf security\fR \fI\,csr\/\fR Manage certificate signing requests .TP \fBdsconf security\fR \fI\,key\/\fR Manage keys in NSS DB .TP \fBdsconf security\fR \fI\,export\-cert\/\fR Export a certificate to PEM or DER/Binary format. PEM format is the default .SH COMMAND \fI\,'dsconf security set'\/\fR usage: dsconf [\-v] [\-j] instance security set [\-h] [\-\-security SECURITY] [\-\-listen\-host LISTEN_HOST] [\-\-secure\-port SECURE_PORT] [\-\-tls\-client\-auth TLS_CLIENT_AUTH] [\-\-tls\-client\-renegotiation TLS_CLIENT_RENEGOTIATION] [\-\-require\-secure\-authentication REQUIRE_SECURE_AUTHENTICATION] [\-\-check\-hostname CHECK_HOSTNAME] [\-\-verify\-cert\-chain\-on\-startup VERIFY_CERT_CHAIN_ON_STARTUP] [\-\-session\-timeout SESSION_TIMEOUT] [\-\-tls\-protocol\-min TLS_PROTOCOL_MIN] [\-\-tls\-protocol\-max TLS_PROTOCOL_MAX] [\-\-allow\-insecure\-ciphers ALLOW_INSECURE_CIPHERS] [\-\-allow\-weak\-dh\-param ALLOW_WEAK_DH_PARAM] [\-\-cipher\-pref CIPHER_PREF] Use this command for setting security related options located in cn=config and cn=encryption,cn=config. To enable/disable security you can use enable and disable commands instead. .SH OPTIONS \fI\,'dsconf security set'\/\fR .TP \fB\-\-security\fR \fI\,SECURITY\/\fR Enables or disables security (nsslapd\-security) .TP \fB\-\-listen\-host\fR \fI\,LISTEN_HOST\/\fR Sets the host or IP address to listen on for LDAPS (nsslapd\-securelistenhost) .TP \fB\-\-secure\-port\fR \fI\,SECURE_PORT\/\fR Sets the port for LDAPS to listen on (nsslapd\-securePort) .TP \fB\-\-tls\-client\-auth\fR \fI\,TLS_CLIENT_AUTH\/\fR Configures client authentication requirement (nsSSLClientAuth) .TP \fB\-\-tls\-client\-renegotiation\fR \fI\,TLS_CLIENT_RENEGOTIATION\/\fR Allows client TLS renegotiation (nsTLSAllowClientRenegotiation) .TP \fB\-\-require\-secure\-authentication\fR \fI\,REQUIRE_SECURE_AUTHENTICATION\/\fR Configures whether binds over LDAPS, StartTLS, or SASL are required (nsslapd\- require\-secure\-binds) .TP \fB\-\-check\-hostname\fR \fI\,CHECK_HOSTNAME\/\fR Checks the subject of remote certificate against the hostname (nsslapd\-ssl\- check\-hostname) .TP \fB\-\-verify\-cert\-chain\-on\-startup\fR \fI\,VERIFY_CERT_CHAIN_ON_STARTUP\/\fR Validates the server certificate during startup (nsslapd\-validate\-cert) .TP \fB\-\-session\-timeout\fR \fI\,SESSION_TIMEOUT\/\fR Sets the secure session timeout (nsSSLSessionTimeout) .TP \fB\-\-tls\-protocol\-min\fR \fI\,TLS_PROTOCOL_MIN\/\fR Sets the minimal allowed secure protocol version (sslVersionMin) .TP \fB\-\-tls\-protocol\-max\fR \fI\,TLS_PROTOCOL_MAX\/\fR Sets the maximal allowed secure protocol version (sslVersionMax) .TP \fB\-\-allow\-insecure\-ciphers\fR \fI\,ALLOW_INSECURE_CIPHERS\/\fR Allows weak ciphers for legacy use (allowWeakCipher) .TP \fB\-\-allow\-weak\-dh\-param\fR \fI\,ALLOW_WEAK_DH_PARAM\/\fR Allows short DH params for legacy use (allowWeakDHParam) .TP \fB\-\-cipher\-pref\fR \fI\,CIPHER_PREF\/\fR Directly sets the nsSSL3Ciphers attribute. It is a comma\-separated list of cipher names (prefixed with + or \-), optionally including +all or \-all. The attribute may optionally be prefixed by keyword "default". Please refer to documentation of the attribute for a more detailed description. (nsSSL3Ciphers) .SH COMMAND \fI\,'dsconf security get'\/\fR usage: dsconf [\-v] [\-j] instance security get [\-h] .SH COMMAND \fI\,'dsconf security enable'\/\fR usage: dsconf instance [\-v] [\-j] security enable [\-h] [\-\-cert\-name CERT_NAME] If missing, create security database, then turn on security functionality. Please note this is usually not enough for TLS connections to work \- proper setup of CA and server certificate is necessary. .SH OPTIONS \fI\,'dsconf security enable'\/\fR .TP \fB\-\-cert\-name\fR \fI\,CERT_NAME\/\fR Sets the name of the certificate the server should use .SH COMMAND \fI\,'dsconf security disable'\/\fR usage: dsconf instance [\-v] [\-j] security disable [\-h] Turn off security functionality. The rest of the configuration will be left untouched. .SH COMMAND \fI\,'dsconf security disable_plain_port'\/\fR usage: dsconf instance [\-v] [\-j] security disable_plain_port [\-h] .SH COMMAND \fI\,'dsconf security certificate'\/\fR usage: dsconf [\-v] [\-j] instance security certificate [\-h] {add,set\-trust\-flags,del,get,list} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security certificate'\/\fR .TP \fBdsconf security certificate\fR \fI\,add\/\fR Add a server certificate .TP \fBdsconf security certificate\fR \fI\,set\-trust\-flags\/\fR Set the Trust flags .TP \fBdsconf security certificate\fR \fI\,del\/\fR Delete a certificate .TP \fBdsconf security certificate\fR \fI\,get\/\fR Display a server certificate's information .TP \fBdsconf security certificate\fR \fI\,list\/\fR List the server certificates .SH COMMAND \fI\,'dsconf security certificate add'\/\fR usage: dsconf instance [\-v] [\-j] security certificate add [\-h] \-\-file FILE \-\-name NAME [\-\-primary\-cert] Add a server certificate to the NSS database .SH OPTIONS \fI\,'dsconf security certificate add'\/\fR .TP \fB\-\-file\fR \fI\,FILE\/\fR Sets the file name of the certificate .TP \fB\-\-name\fR \fI\,NAME\/\fR Sets the name/nickname of the certificate .TP \fB\-\-primary\-cert\fR Sets this certificate as the server's certificate .SH COMMAND \fI\,'dsconf security certificate set\-trust\-flags'\/\fR usage: dsconf instance [\-v] [\-j] security certificate set\-trust\-flags [\-h] \-\-flags FLAGS name Change the trust flags of a server certificate .TP \fBname\fR The name/nickname of the certificate .SH OPTIONS \fI\,'dsconf security certificate set\-trust\-flags'\/\fR .TP \fB\-\-flags\fR \fI\,FLAGS\/\fR Sets the trust flags for the server certificate .SH COMMAND \fI\,'dsconf security certificate del'\/\fR usage: dsconf instance [\-v] [\-j] security certificate del [\-h] name Delete a certificate from the NSS database .TP \fBname\fR The name/nickname of the certificate .SH COMMAND \fI\,'dsconf security certificate get'\/\fR usage: dsconf instance [\-v] [\-j] security certificate get [\-h] name Displays detailed information about a certificate, such as trust attributes, expiration dates, Subject and Issuer DNs .TP \fBname\fR Set the name/nickname of the certificate .SH COMMAND \fI\,'dsconf security certificate list'\/\fR usage: dsconf instance [\-v] [\-j] security certificate list [\-h] Lists the server certificates in the NSS database .SH COMMAND \fI\,'dsconf security ca\-certificate'\/\fR usage: dsconf [\-v] [\-j] instance security ca\-certificate [\-h] {add,set\-trust\-flags,del,get,list} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security ca\-certificate'\/\fR .TP \fBdsconf security ca\-certificate\fR \fI\,add\/\fR Add a Certificate Authority .TP \fBdsconf security ca\-certificate\fR \fI\,set\-trust\-flags\/\fR Set the Trust flags .TP \fBdsconf security ca\-certificate\fR \fI\,del\/\fR Delete a certificate .TP \fBdsconf security ca\-certificate\fR \fI\,get\/\fR Displays a Certificate Authority's information .TP \fBdsconf security ca\-certificate\fR \fI\,list\/\fR List the Certificate Authorities .SH COMMAND \fI\,'dsconf security ca\-certificate add'\/\fR usage: dsconf instance [\-v] [\-j] security ca\-certificate add [\-h] \-\-file FILE \-\-name NAME [NAME ...] Add a Certificate Authority to the NSS database .SH OPTIONS \fI\,'dsconf security ca\-certificate add'\/\fR .TP \fB\-\-file\fR \fI\,FILE\/\fR Sets the file name of the CA certificate .TP \fB\-\-name\fR \fI\,NAME [NAME ...]\/\fR Sets the name/nickname of the CA certificate, if adding a PEM bundle then specify multiple names one for each certificate, otherwise a number increment will be added to the previous name. .SH COMMAND \fI\,'dsconf security ca\-certificate set\-trust\-flags'\/\fR usage: dsconf instance [\-v] [\-j] security ca\-certificate set\-trust\-flags [\-h] \-\-flags FLAGS name Change the trust attributes of a CA certificate. Certificate Authorities typically use "CT,," .TP \fBname\fR The name/nickname of the CA certificate .SH OPTIONS \fI\,'dsconf security ca\-certificate set\-trust\-flags'\/\fR .TP \fB\-\-flags\fR \fI\,FLAGS\/\fR Sets the trust flags for the CA certificate .SH COMMAND \fI\,'dsconf security ca\-certificate del'\/\fR usage: dsconf instance [\-v] [\-j] security ca\-certificate del [\-h] name Delete a CA certificate from the NSS database .TP \fBname\fR The name/nickname of the CA certificate .SH COMMAND \fI\,'dsconf security ca\-certificate get'\/\fR usage: dsconf instance [\-v] [\-j] security ca\-certificate get [\-h] name Get detailed information about a CA certificate, like trust attributes, expiration dates, Subject and Issuer DN .TP \fBname\fR The name/nickname of the CA certificate .SH COMMAND \fI\,'dsconf security ca\-certificate list'\/\fR usage: dsconf instance [\-v] [\-j] security ca\-certificate list [\-h] List the CA certificates in the NSS database .SH COMMAND \fI\,'dsconf security rsa'\/\fR usage: dsconf [\-v] [\-j] instance security rsa [\-h] {set,get,enable,disable} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security rsa'\/\fR .TP \fBdsconf security rsa\fR \fI\,set\/\fR Set RSA security options .TP \fBdsconf security rsa\fR \fI\,get\/\fR Get RSA security options .TP \fBdsconf security rsa\fR \fI\,enable\/\fR Enable RSA .TP \fBdsconf security rsa\fR \fI\,disable\/\fR Disable RSA .SH COMMAND \fI\,'dsconf security rsa set'\/\fR usage: dsconf [\-v] [\-j] instance security rsa set [\-h] [\-\-tls\-allow\-rsa\-certificates TLS_ALLOW_RSA_CERTIFICATES] [\-\-nss\-cert\-name NSS_CERT_NAME] [\-\-nss\-token NSS_TOKEN] Use this command for setting RSA (private key) related options located in cn=RSA,cn=encryption,cn=config. To enable/disable RSA you can use enable and disable commands instead. .SH OPTIONS \fI\,'dsconf security rsa set'\/\fR .TP \fB\-\-tls\-allow\-rsa\-certificates\fR \fI\,TLS_ALLOW_RSA_CERTIFICATES\/\fR Activates the use of RSA certificates (nsSSLActivation) .TP \fB\-\-nss\-cert\-name\fR \fI\,NSS_CERT_NAME\/\fR Sets the server certificate name in NSS DB (nsSSLPersonalitySSL) .TP \fB\-\-nss\-token\fR \fI\,NSS_TOKEN\/\fR Sets the security token name (module of NSS DB) (nsSSLToken) .SH COMMAND \fI\,'dsconf security rsa get'\/\fR usage: dsconf [\-v] [\-j] instance security rsa get [\-h] .SH COMMAND \fI\,'dsconf security rsa enable'\/\fR usage: dsconf [\-v] [\-j] instance security rsa enable [\-h] .SH COMMAND \fI\,'dsconf security rsa disable'\/\fR usage: dsconf [\-v] [\-j] instance security rsa disable [\-h] .SH COMMAND \fI\,'dsconf security ciphers'\/\fR usage: dsconf [\-v] [\-j] instance security ciphers [\-h] {enable,disable,get,set,list} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security ciphers'\/\fR .TP \fBdsconf security ciphers\fR \fI\,enable\/\fR Enable ciphers .TP \fBdsconf security ciphers\fR \fI\,disable\/\fR Disable ciphers .TP \fBdsconf security ciphers\fR \fI\,get\/\fR Get ciphers attribute .TP \fBdsconf security ciphers\fR \fI\,set\/\fR Set ciphers attribute .TP \fBdsconf security ciphers\fR \fI\,list\/\fR List ciphers .SH COMMAND \fI\,'dsconf security ciphers enable'\/\fR usage: dsconf instance [\-v] [\-j] security ciphers enable [\-h] cipher [cipher ...] Use this command to enable specific ciphers. .TP \fBcipher\fR .SH COMMAND \fI\,'dsconf security ciphers disable'\/\fR usage: dsconf instance [\-v] [\-j] security ciphers disable [\-h] cipher [cipher ...] Use this command to disable specific ciphers. .TP \fBcipher\fR .SH COMMAND \fI\,'dsconf security ciphers get'\/\fR usage: dsconf instance [\-v] [\-j] security ciphers get [\-h] Use this command to get contents of nsSSL3Ciphers attribute. .SH COMMAND \fI\,'dsconf security ciphers set'\/\fR usage: dsconf instance [\-v] [\-j] security ciphers set [\-h] cipher\-string Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names (prefixed with + or \-), optionally including +all or \-all. The attribute may optionally be set to keyword default. Please refer to documentation of the attribute for a more detailed description. .TP \fBcipher\-string\fR .SH COMMAND \fI\,'dsconf security ciphers list'\/\fR usage: dsconf instance [\-v] [\-j] security ciphers list [\-h] [\-\-enabled | \-\-supported | \-\-disabled] List secure ciphers. Without arguments, list ciphers as configured in nsSSL3Ciphers attribute. .SH OPTIONS \fI\,'dsconf security ciphers list'\/\fR .TP \fB\-\-enabled\fR Lists only enabled ciphers .TP \fB\-\-supported\fR Lists only supported ciphers .TP \fB\-\-disabled\fR Lists only supported ciphers but without enabled ciphers .SH COMMAND \fI\,'dsconf security csr'\/\fR usage: dsconf [\-v] [\-j] instance security csr [\-h] {list,get,req,del} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security csr'\/\fR .TP \fBdsconf security csr\fR \fI\,list\/\fR List CSRs .TP \fBdsconf security csr\fR \fI\,get\/\fR Display CSR content .TP \fBdsconf security csr\fR \fI\,req\/\fR Generate a Certificate Signing Request .TP \fBdsconf security csr\fR \fI\,del\/\fR Delete a CSR file .SH COMMAND \fI\,'dsconf security csr list'\/\fR usage: dsconf instance [\-v] [\-j] security csr list [\-h] [\-\-path PATH] List all CSR files in instance configuration directiory .SH OPTIONS \fI\,'dsconf security csr list'\/\fR .TP \fB\-\-path\fR \fI\,PATH\/\fR, \fB\-p\fR \fI\,PATH\/\fR Directory contanining CSR file .SH COMMAND \fI\,'dsconf security csr get'\/\fR usage: dsconf instance [\-v] [\-j] security csr get [\-h] name Displays the contents of a CSR, which can be used for submittal to CA .TP \fBname\fR Name of the CSR file to display .SH COMMAND \fI\,'dsconf security csr req'\/\fR usage: dsconf instance [\-v] [\-j] security csr req [\-h] \-\-subject SUBJECT \-\-name NAME [alt_names ...] Generate a CSR that can be submitted to a CA for verification .TP \fBalt_names\fR CSR alternative names. These are auto\-detected if not provided .SH OPTIONS \fI\,'dsconf security csr req'\/\fR .TP \fB\-\-subject\fR \fI\,SUBJECT\/\fR, \fB\-s\fR \fI\,SUBJECT\/\fR Subject field .TP \fB\-\-name\fR \fI\,NAME\/\fR, \fB\-n\fR \fI\,NAME\/\fR Name .SH COMMAND \fI\,'dsconf security csr del'\/\fR usage: dsconf [\-v] [\-j] instance security csr del [\-h] name Delete a CSR file .TP \fBname\fR Name of the CSR file to delete .SH COMMAND \fI\,'dsconf security key'\/\fR usage: dsconf [\-v] [\-j] instance security key [\-h] {list,del} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf security key'\/\fR .TP \fBdsconf security key\fR \fI\,list\/\fR List all keys in NSS DB .TP \fBdsconf security key\fR \fI\,del\/\fR Delete a key from NSS DB .SH COMMAND \fI\,'dsconf security key list'\/\fR usage: dsconf [\-v] [\-j] instance security key list [\-h] [\-\-orphan] .SH OPTIONS \fI\,'dsconf security key list'\/\fR .TP \fB\-\-orphan\fR List orphan keys (An orphan key is a private key in the NSS DB for which there is NO cert with the corresponding public key). An orphan key is created during CSR generation, when the associated certificate is imported into the NSS DB, its orphan state will be removed. .SH COMMAND \fI\,'dsconf security key del'\/\fR usage: dsconf instance [\-v] [\-j] security key del [\-h] key_id Remove a key from the NSS DB. Make sure the key is not in use before you delete .TP \fBkey_id\fR This is the key ID displayed when listing keys .SH COMMAND \fI\,'dsconf security export\-cert'\/\fR usage: dsconf instance [\-v] [\-j] security export\-cert [\-h] [\-\-binary\-format] [\-\-output\-file OUTPUT_FILE] nickname .TP \fBnickname\fR The name of the certificate to export .SH OPTIONS \fI\,'dsconf security export\-cert'\/\fR .TP \fB\-\-binary\-format\fR Export certificate in DER/binary format .TP \fB\-\-output\-file\fR \fI\,OUTPUT_FILE\/\fR The name for the exported certificate. Default name is the certificate nickname with an extension of ".pem" or ".crt" .SH COMMAND \fI\,'dsconf schema'\/\fR usage: dsconf [\-v] [\-j] instance schema [\-h] {list,attributetypes,objectclasses,matchingrules,reload,validate\-syntax,import\-openldap\-file} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf schema'\/\fR .TP \fBdsconf schema\fR \fI\,list\/\fR List all schema objects on this system .TP \fBdsconf schema\fR \fI\,attributetypes\/\fR Work with attribute types on this system .TP \fBdsconf schema\fR \fI\,objectclasses\/\fR Work with objectClasses on this system .TP \fBdsconf schema\fR \fI\,matchingrules\/\fR Work with matching rules on this system .TP \fBdsconf schema\fR \fI\,reload\/\fR Dynamically reload schema while server is running .TP \fBdsconf schema\fR \fI\,validate\-syntax\/\fR Run a task to check that all attributes in an entry have the correct syntax .TP \fBdsconf schema\fR \fI\,import\-openldap\-file\/\fR Import an openldap formatted dynamic schema ldifs. These will contain values like olcAttributeTypes and olcObjectClasses. .SH COMMAND \fI\,'dsconf schema list'\/\fR usage: dsconf [\-v] [\-j] instance schema list [\-h] .SH COMMAND \fI\,'dsconf schema attributetypes'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes [\-h] {get_syntaxes,list,query,add,replace,remove} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf schema attributetypes'\/\fR .TP \fBdsconf schema attributetypes\fR \fI\,get_syntaxes\/\fR List all available attribute type syntaxes .TP \fBdsconf schema attributetypes\fR \fI\,list\/\fR List available attribute types on this system .TP \fBdsconf schema attributetypes\fR \fI\,query\/\fR Query an attribute to determine object classes that may or must take it .TP \fBdsconf schema attributetypes\fR \fI\,add\/\fR Add an attribute type to this system .TP \fBdsconf schema attributetypes\fR \fI\,replace\/\fR Replace an attribute type on this system .TP \fBdsconf schema attributetypes\fR \fI\,remove\/\fR Remove an attribute type on this system .SH COMMAND \fI\,'dsconf schema attributetypes get_syntaxes'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes get_syntaxes [\-h] .SH COMMAND \fI\,'dsconf schema attributetypes list'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes list [\-h] .SH COMMAND \fI\,'dsconf schema attributetypes query'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes query [\-h] [name] .TP \fBname\fR Attribute type to query .SH COMMAND \fI\,'dsconf schema attributetypes add'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes add [\-h] [\-\-oid OID] [\-\-desc DESC] [\-\-x\-origin X_ORIGIN] [\-\-aliases ALIASES [ALIASES ...]] [\-\-single\-value] [\-\-multi\-value] [\-\-no\-user\-mod] [\-\-user\-mod] [\-\-equality EQUALITY] [\-\-substr SUBSTR] [\-\-ordering ORDERING] [\-\-usage USAGE] [\-\-sup SUP] \-\-syntax SYNTAX name .TP \fBname\fR NAME of the object .SH OPTIONS \fI\,'dsconf schema attributetypes add'\/\fR .TP \fB\-\-oid\fR \fI\,OID\/\fR OID assigned to the object .TP \fB\-\-desc\fR \fI\,DESC\/\fR Description text(DESC) of the object .TP \fB\-\-x\-origin\fR \fI\,X_ORIGIN\/\fR Provides information about where the attribute type is defined .TP \fB\-\-aliases\fR \fI\,ALIASES [ALIASES ...]\/\fR Additional NAMEs of the object. .TP \fB\-\-single\-value\fR True if the matching rule must have only one valueOnly one of the flags this or \-\-multi\-value should be specified .TP \fB\-\-multi\-value\fR True if the matching rule may have multiple values (default)Only one of the flags this or \-\-single\-value should be specified .TP \fB\-\-no\-user\-mod\fR True if the attribute is not modifiable by a client applicationOnly one of the flags this or \-\-user\-mod should be specified .TP \fB\-\-user\-mod\fR True if the attribute is modifiable by a client application (default)Only one of the flags this or \-\-no\-user\-mode should be specified .TP \fB\-\-equality\fR \fI\,EQUALITY\/\fR NAME or OID of the matching rule used for checkingwhether attribute values are equal .TP \fB\-\-substr\fR \fI\,SUBSTR\/\fR NAME or OID of the matching rule used for checkingwhether an attribute value contains another value .TP \fB\-\-ordering\fR \fI\,ORDERING\/\fR NAME or OID of the matching rule used for checkingwhether attribute values are lesser \- equal than .TP \fB\-\-usage\fR \fI\,USAGE\/\fR The flag indicates how the attribute type is to be used. Choose from the list: userApplications (default), directoryOperation, distributedOperation, dSAOperation .TP \fB\-\-sup\fR \fI\,SUP\/\fR The NAME or OID of attribute type this attribute type is derived from .TP \fB\-\-syntax\fR \fI\,SYNTAX\/\fR OID of the LDAP syntax assigned to the attribute .SH COMMAND \fI\,'dsconf schema attributetypes replace'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes replace [\-h] [\-\-oid OID] [\-\-desc DESC] [\-\-x\-origin X_ORIGIN] [\-\-aliases ALIASES [ALIASES ...]] [\-\-single\-value] [\-\-multi\-value] [\-\-no\-user\-mod] [\-\-user\-mod] [\-\-equality EQUALITY] [\-\-substr SUBSTR] [\-\-ordering ORDERING] [\-\-usage USAGE] [\-\-sup SUP] [\-\-syntax SYNTAX] name .TP \fBname\fR NAME of the object .SH OPTIONS \fI\,'dsconf schema attributetypes replace'\/\fR .TP \fB\-\-oid\fR \fI\,OID\/\fR OID assigned to the object .TP \fB\-\-desc\fR \fI\,DESC\/\fR Description text(DESC) of the object .TP \fB\-\-x\-origin\fR \fI\,X_ORIGIN\/\fR Provides information about where the attribute type is defined .TP \fB\-\-aliases\fR \fI\,ALIASES [ALIASES ...]\/\fR Additional NAMEs of the object. .TP \fB\-\-single\-value\fR True if the matching rule must have only one valueOnly one of the flags this or \-\-multi\-value should be specified .TP \fB\-\-multi\-value\fR True if the matching rule may have multiple values (default)Only one of the flags this or \-\-single\-value should be specified .TP \fB\-\-no\-user\-mod\fR True if the attribute is not modifiable by a client applicationOnly one of the flags this or \-\-user\-mod should be specified .TP \fB\-\-user\-mod\fR True if the attribute is modifiable by a client application (default)Only one of the flags this or \-\-no\-user\-mode should be specified .TP \fB\-\-equality\fR \fI\,EQUALITY\/\fR NAME or OID of the matching rule used for checkingwhether attribute values are equal .TP \fB\-\-substr\fR \fI\,SUBSTR\/\fR NAME or OID of the matching rule used for checkingwhether an attribute value contains another value .TP \fB\-\-ordering\fR \fI\,ORDERING\/\fR NAME or OID of the matching rule used for checkingwhether attribute values are lesser \- equal than .TP \fB\-\-usage\fR \fI\,USAGE\/\fR The flag indicates how the attribute type is to be used. Choose from the list: userApplications (default), directoryOperation, distributedOperation, dSAOperation .TP \fB\-\-sup\fR \fI\,SUP\/\fR The NAME or OID of attribute type this attribute type is derived from .TP \fB\-\-syntax\fR \fI\,SYNTAX\/\fR OID of the LDAP syntax assigned to the attribute .SH COMMAND \fI\,'dsconf schema attributetypes remove'\/\fR usage: dsconf [\-v] [\-j] instance schema attributetypes remove [\-h] name .TP \fBname\fR NAME of the object .SH COMMAND \fI\,'dsconf schema objectclasses'\/\fR usage: dsconf [\-v] [\-j] instance schema objectclasses [\-h] {list,query,add,replace,remove} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf schema objectclasses'\/\fR .TP \fBdsconf schema objectclasses\fR \fI\,list\/\fR List available objectClasses on this system .TP \fBdsconf schema objectclasses\fR \fI\,query\/\fR Query an objectClass .TP \fBdsconf schema objectclasses\fR \fI\,add\/\fR Add an objectClass to this system .TP \fBdsconf schema objectclasses\fR \fI\,replace\/\fR Replace an objectClass on this system .TP \fBdsconf schema objectclasses\fR \fI\,remove\/\fR Remove an objectClass on this system .SH COMMAND \fI\,'dsconf schema objectclasses list'\/\fR usage: dsconf [\-v] [\-j] instance schema objectclasses list [\-h] .SH COMMAND \fI\,'dsconf schema objectclasses query'\/\fR usage: dsconf [\-v] [\-j] instance schema objectclasses query [\-h] [name] .TP \fBname\fR ObjectClass to query .SH COMMAND \fI\,'dsconf schema objectclasses add'\/\fR usage: dsconf [\-v] [\-j] instance schema objectclasses add [\-h] [\-\-oid OID] [\-\-desc DESC] [\-\-x\-origin X_ORIGIN] [\-\-must MUST [MUST ...]] [\-\-may MAY [MAY ...]] [\-\-kind KIND] [\-\-sup SUP [SUP ...]] name .TP \fBname\fR NAME of the object .SH OPTIONS \fI\,'dsconf schema objectclasses add'\/\fR .TP \fB\-\-oid\fR \fI\,OID\/\fR OID assigned to the object .TP \fB\-\-desc\fR \fI\,DESC\/\fR Description text(DESC) of the object .TP \fB\-\-x\-origin\fR \fI\,X_ORIGIN\/\fR Provides information about where the attribute type is defined .TP \fB\-\-must\fR \fI\,MUST [MUST ...]\/\fR NAMEs or OIDs of all attributes an entry of the object must have .TP \fB\-\-may\fR \fI\,MAY [MAY ...]\/\fR NAMEs or OIDs of additional attributes an entry of the object may have .TP \fB\-\-kind\fR \fI\,KIND\/\fR Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY .TP \fB\-\-sup\fR \fI\,SUP [SUP ...]\/\fR NAME or OIDs of object classes this object is derived from .SH COMMAND \fI\,'dsconf schema objectclasses replace'\/\fR usage: dsconf [\-v] [\-j] instance schema objectclasses replace [\-h] [\-\-oid OID] [\-\-desc DESC] [\-\-x\-origin X_ORIGIN] [\-\-must MUST [MUST ...]] [\-\-may MAY [MAY ...]] [\-\-kind KIND] [\-\-sup SUP [SUP ...]] name .TP \fBname\fR NAME of the object .SH OPTIONS \fI\,'dsconf schema objectclasses replace'\/\fR .TP \fB\-\-oid\fR \fI\,OID\/\fR OID assigned to the object .TP \fB\-\-desc\fR \fI\,DESC\/\fR Description text(DESC) of the object .TP \fB\-\-x\-origin\fR \fI\,X_ORIGIN\/\fR Provides information about where the attribute type is defined .TP \fB\-\-must\fR \fI\,MUST [MUST ...]\/\fR NAMEs or OIDs of all attributes an entry of the object must have .TP \fB\-\-may\fR \fI\,MAY [MAY ...]\/\fR NAMEs or OIDs of additional attributes an entry of the object may have .TP \fB\-\-kind\fR \fI\,KIND\/\fR Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY .TP \fB\-\-sup\fR \fI\,SUP [SUP ...]\/\fR NAME or OIDs of object classes this object is derived from .SH COMMAND \fI\,'dsconf schema objectclasses remove'\/\fR usage: dsconf [\-v] [\-j] instance schema objectclasses remove [\-h] name .TP \fBname\fR NAME of the object .SH COMMAND \fI\,'dsconf schema matchingrules'\/\fR usage: dsconf [\-v] [\-j] instance schema matchingrules [\-h] {list,query} ... .SH POSITIONAL ARGUMENTS \fI\,'dsconf schema matchingrules'\/\fR .TP \fBdsconf schema matchingrules\fR \fI\,list\/\fR List available matching rules on this system .TP \fBdsconf schema matchingrules\fR \fI\,query\/\fR Query a matching rule .SH COMMAND \fI\,'dsconf schema matchingrules list'\/\fR usage: dsconf [\-v] [\-j] instance schema matchingrules list [\-h] .SH COMMAND \fI\,'dsconf schema matchingrules query'\/\fR usage: dsconf [\-v] [\-j] instance schema matchingrules query [\-h] [name] .TP \fBname\fR Matching rule to query .SH COMMAND \fI\,'dsconf schema reload'\/\fR usage: dsconf [\-v] [\-j] instance schema reload [\-h] [\-d SCHEMADIR] [\-\-wait] [\-\-timeout TIMEOUT] .SH OPTIONS \fI\,'dsconf schema reload'\/\fR .TP \fB\-d\fR \fI\,SCHEMADIR\/\fR, \fB\-\-schemadir\fR \fI\,SCHEMADIR\/\fR directory where schema files are located .TP \fB\-\-wait\fR Wait for the reload task to complete .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the reload task. Default is 120 seconds .SH COMMAND \fI\,'dsconf schema validate\-syntax'\/\fR usage: dsconf instance [\-v] [\-j] schema validate\-syntax [\-h] [\-f FILTER] [\-\-timeout TIMEOUT] DN .TP \fBDN\fR Base DN that contains entries to validate .SH OPTIONS \fI\,'dsconf schema validate\-syntax'\/\fR .TP \fB\-f\fR \fI\,FILTER\/\fR, \fB\-\-filter\fR \fI\,FILTER\/\fR Filter for entries to validate. If omitted, all entries with filter "(objectclass=*)" are validated .TP \fB\-\-timeout\fR \fI\,TIMEOUT\/\fR Set a timeout to wait for the validation task. Default is 120 seconds .SH COMMAND \fI\,'dsconf schema import\-openldap\-file'\/\fR usage: dsconf instance [\-v] [\-j] schema import\-openldap\-file [\-h] [\-\-confirm] schema_file .TP \fBschema_file\fR Path to the openldap dynamic schema ldif to import .SH OPTIONS \fI\,'dsconf schema import\-openldap\-file'\/\fR .TP \fB\-\-confirm\fR Confirm that you want to apply these schema migration actions to the 389\-ds instance. By default no actions are taken. .SH OPTIONS .TP \fB\-v\fR, \fB\-\-verbose\fR Display verbose operation tracing during command execution .TP \fB\-j\fR, \fB\-\-json\fR Return result in JSON object .TP \fB\-D\fR \fI\,BINDDN\/\fR, \fB\-\-binddn\fR \fI\,BINDDN\/\fR The account to bind as for executing operations .TP \fB\-w\fR \fI\,BINDPW\/\fR, \fB\-\-bindpw\fR \fI\,BINDPW\/\fR Password for the bind DN .TP \fB\-W\fR, \fB\-\-prompt\fR Prompt for password of the bind DN .TP \fB\-y\fR \fI\,PWDFILE\/\fR, \fB\-\-pwdfile\fR \fI\,PWDFILE\/\fR Specifies a file containing the password of the bind DN .TP \fB\-b\fR \fI\,BASEDN\/\fR, \fB\-\-basedn\fR \fI\,BASEDN\/\fR Base DN (root naming context) of the instance to manage .TP \fB\-Z\fR, \fB\-\-starttls\fR Connect with StartTLS .SH AUTHOR .nf Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org> .fi .SH DISTRIBUTION The latest version of lib389 may be downloaded from .UR http://www.port389.org/docs/389ds/FAQ/upstream\-test\-framework.html .UE