DSCONF(1) Generated Python Manual DSCONF(1) NAME dsconf SYNOPSIS dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN] [-Z] [-j] instance {backend,backup,chaining,config,directory_manager,monitor,plugin,pwpolicy,localpwp,replication,repl,repl- agmt,repl-winsync-agmt,repl-tasks,sasl,security,schema,repl-conflict} ... POSITIONAL ARGUMENTS dsconf backend Manage database suffixes and backends dsconf backup Manage online backups dsconf chaining Manage database chaining and database links dsconf config Manage the server configuration dsconf directory_manager Manage the Directory Manager account dsconf monitor Monitor the state of the instance dsconf plugin Manage plug-ins available on the server dsconf pwpolicy Manage the global password policy settings dsconf localpwp Manage the local user and subtree password policies dsconf replication Manage replication for a suffix dsconf repl-agmt Manage replication agreements dsconf repl-winsync-agmt Manage Winsync agreements dsconf repl-tasks Manage replication tasks dsconf sasl Manage SASL mappings dsconf security Manage security settings dsconf schema Manage the directory schema dsconf repl-conflict Manage replication conflicts COMMAND 'dsconf backend' usage: dsconf instance backend [-h] {suffix,index,vlv-index,attr-encrypt,config,monitor,import,export,create,delete,get-tree,compact-db} ... POSITIONAL ARGUMENTS 'dsconf backend' dsconf backend suffix Manage backend suffixes dsconf backend index Manage backend indexes dsconf backend vlv-index Manage VLV searches and indexes dsconf backend attr-encrypt Manage encrypted attribute settings dsconf backend config Manage the global database configuration settings dsconf backend monitor Displays global database or suffix monitoring information dsconf backend import Online import of a suffix dsconf backend export Online export of a suffix dsconf backend create Create a backend database dsconf backend delete Delete a backend database dsconf backend get-tree Display the suffix tree dsconf backend compact-db Compact the database and the replication changelog COMMAND 'dsconf backend suffix' usage: dsconf instance backend suffix [-h] {list,get,get-dn,get-sub-suffixes,set} ... POSITIONAL ARGUMENTS 'dsconf backend suffix' dsconf backend suffix list List active backends and suffixes dsconf backend suffix get Display the suffix entry dsconf backend suffix get-dn Display the DN of a backend dsconf backend suffix get-sub-suffixes Display sub-suffixes dsconf backend suffix set Set configuration settings for a specific backend COMMAND 'dsconf backend suffix list' usage: dsconf instance backend suffix list [-h] [--suffix] [--skip-subsuffixes] OPTIONS 'dsconf backend suffix list' --suffix Displays the suffixes without backend name --skip-subsuffixes Displays the list of suffixes without sub-suffixes COMMAND 'dsconf backend suffix get' usage: dsconf instance backend suffix get [-h] [selector] selector The backend database name to search for COMMAND 'dsconf backend suffix get-dn' usage: dsconf instance backend suffix get-dn [-h] [dn] dn The DN to the database entry in cn=ldbm database,cn=plugins,cn=config COMMAND 'dsconf backend suffix get-sub-suffixes' usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix] be_name be_name The backend name or suffix OPTIONS 'dsconf backend suffix get-sub-suffixes' --suffix Displays the list of suffixes without backend name COMMAND 'dsconf backend suffix set' usage: dsconf instance backend suffix set [-h] [--enable-readonly] [--disable-readonly] [--enable-orphan] [--disable-orphan] [--require-index] [--ignore-index] [--add-referral ADD_REFERRAL] [--del-referral DEL_REFERRAL] [--enable] [--disable] [--cache-size CACHE_SIZE] [--cache-memsize CACHE_MEMSIZE] [--dncache-memsize DNCACHE_MEMSIZE] [--state STATE] be_name be_name The backend name or suffix OPTIONS 'dsconf backend suffix set' --enable-readonly Enables read-only mode for the backend database --disable-readonly Disables read-only mode for the backend database --enable-orphan Disconnect a subsuffix from its parent suffix. --disable-orphan Let the subsuffix be connected to its parent suffix. --require-index Allows only indexed searches --ignore-index Allows all searches even if they are unindexed --add-referral ADD_REFERRAL Adds an LDAP referral to the backend --del-referral DEL_REFERRAL Removes an LDAP referral from the backend --enable Enables the backend database --disable Disables the backend database --cache-size CACHE_SIZE Sets the maximum number of entries to keep in the entry cache --cache-memsize CACHE_MEMSIZE Sets the maximum size in bytes that the entry cache can grow to --dncache-memsize DNCACHE_MEMSIZE Sets the maximum size in bytes that the DN cache can grow to --state STATE Changes the backend state to: "backend", "disabled", "referral", or "referral on update" COMMAND 'dsconf backend index' usage: dsconf instance backend index [-h] {add,set,get,list,delete,reindex} ... POSITIONAL ARGUMENTS 'dsconf backend index' dsconf backend index add Add an index dsconf backend index set Update an index dsconf backend index get Display an index entry dsconf backend index list Display the index dsconf backend index delete Delete an index dsconf backend index reindex Re-index the database for a single index or all indexes COMMAND 'dsconf backend index add' usage: dsconf instance backend index add [-h] --index-type INDEX_TYPE [--matching-rule MATCHING_RULE] [--reindex] --attr ATTR be_name be_name The backend name or suffix OPTIONS 'dsconf backend index add' --index-type INDEX_TYPE Sets the indexing type (eq, sub, pres, or approx) --matching-rule MATCHING_RULE Sets the matching rule for the index --reindex Re-indexes the database after adding a new index --attr ATTR Sets the attribute name to index COMMAND 'dsconf backend index set' usage: dsconf instance backend index set [-h] --attr ATTR [--add-type ADD_TYPE] [--del-type DEL_TYPE] [--add-mr ADD_MR] [--del-mr DEL_MR] [--reindex] be_name be_name The backend name or suffix OPTIONS 'dsconf backend index set' --attr ATTR Sets the indexed attribute to update --add-type ADD_TYPE Adds an index type to the index (eq, sub, pres, or approx) --del-type DEL_TYPE Removes an index type from the index: (eq, sub, pres, or approx) --add-mr ADD_MR Adds a matching-rule to the index --del-mr DEL_MR Removes a matching-rule from the index --reindex Re-indexes the database after editing the index COMMAND 'dsconf backend index get' usage: dsconf instance backend index get [-h] --attr ATTR be_name be_name The backend name or suffix OPTIONS 'dsconf backend index get' --attr ATTR Sets the index name to display COMMAND 'dsconf backend index list' usage: dsconf instance backend index list [-h] [--just-names] be_name be_name The backend name or suffix OPTIONS 'dsconf backend index list' --just-names Displays only the names of indexed attributes COMMAND 'dsconf backend index delete' usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name be_name The backend name or suffix OPTIONS 'dsconf backend index delete' --attr ATTR Sets the name of the attribute to delete from the index COMMAND 'dsconf backend index reindex' usage: dsconf instance backend index reindex [-h] [--attr ATTR] [--wait] be_name be_name The backend name or suffix OPTIONS 'dsconf backend index reindex' --attr ATTR Sets the name of the attribute to re-index. Omit this argument to re-index all attributes --wait Waits for the index task to complete and reports the status COMMAND 'dsconf backend vlv-index' usage: dsconf instance backend vlv-index [-h] {list,get,add-search,edit-search,del-search,add-index,del-index,reindex} ... POSITIONAL ARGUMENTS 'dsconf backend vlv-index' dsconf backend vlv-index list List VLV search and index entries dsconf backend vlv-index get Display a VLV search and indexes dsconf backend vlv-index add-search Add a VLV search entry. The search entry is the parent entry of the VLV index entries, and it specifies the search parameters that are used to match entries for those indexes. dsconf backend vlv-index edit-search Update a VLV search and index dsconf backend vlv-index del-search Delete VLV search & index dsconf backend vlv-index add-index Create a VLV index under a VLV search entry (parent entry). The VLV index specifies the attributes to sort dsconf backend vlv-index del-index Delete a VLV index under a VLV search entry (parent entry) dsconf backend vlv-index reindex Index/re-index the VLV database index COMMAND 'dsconf backend vlv-index list' usage: dsconf instance backend vlv-index list [-h] [--just-names] be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index list' --just-names Displays only the names of VLV search entries COMMAND 'dsconf backend vlv-index get' usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index get' --name NAME Displays the VLV search entry and its index entries COMMAND 'dsconf backend vlv-index add-search' usage: dsconf instance backend vlv-index add-search [-h] --name NAME --search-base SEARCH_BASE --search-scope SEARCH_SCOPE --search-filter SEARCH_FILTER be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index add-search' --name NAME Sets the name of the VLV search entry --search-base SEARCH_BASE Sets the VLV search base --search-scope SEARCH_SCOPE Sets the VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree search) --search-filter SEARCH_FILTER Sets the VLV search filter COMMAND 'dsconf backend vlv-index edit-search' usage: dsconf instance backend vlv-index edit-search [-h] --name NAME [--search-base SEARCH_BASE] [--search-scope SEARCH_SCOPE] [--search-filter SEARCH_FILTER] [--reindex] be_name be_name The backend name of the VLV index to update OPTIONS 'dsconf backend vlv-index edit-search' --name NAME Sets the name of the VLV index --search-base SEARCH_BASE Sets the VLV search base --search-scope SEARCH_SCOPE Sets the VLV search scope: 0 (base search), 1 (one-level search), or 2 (subtree search) --search-filter SEARCH_FILTER Sets the VLV search filter --reindex Re-indexes all VLV database indexes COMMAND 'dsconf backend vlv-index del-search' usage: dsconf instance backend vlv-index del-search [-h] --name NAME be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index del-search' --name NAME Sets the name of the VLV search index COMMAND 'dsconf backend vlv-index add-index' usage: dsconf instance backend vlv-index add-index [-h] --parent-name PARENT_NAME --index-name INDEX_NAME --sort SORT [--index-it] be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index add-index' --parent-name PARENT_NAME Sets the name or "cn" attribute of the parent VLV search entry --index-name INDEX_NAME Sets the name of the new VLV index --sort SORT Sets a space-separated list of attributes to sort for this VLV index --index-it Creates the database index for this VLV index definition COMMAND 'dsconf backend vlv-index del-index' usage: dsconf instance backend vlv-index del-index [-h] --parent-name PARENT_NAME [--index-name INDEX_NAME] [--sort SORT] be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index del-index' --parent-name PARENT_NAME Sets the name or "cn" attribute value of the parent VLV search entry --index-name INDEX_NAME Sets the name of the VLV index to delete --sort SORT Delete a VLV index that has this vlvsort value COMMAND 'dsconf backend vlv-index reindex' usage: dsconf instance backend vlv-index reindex [-h] [--index-name INDEX_NAME] --parent-name PARENT_NAME be_name be_name The backend name of the VLV index OPTIONS 'dsconf backend vlv-index reindex' --index-name INDEX_NAME Sets the name of the VLV index entry to re-index. If not set, all indexes are re-indexed --parent-name PARENT_NAME Sets the name or "cn" attribute value of the parent VLV search entry COMMAND 'dsconf backend attr-encrypt' usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-names] [--add-attr ADD_ATTR] [--del-attr DEL_ATTR] be_name be_name The backend name or suffix OPTIONS 'dsconf backend attr-encrypt' --list Lists all encrypted attributes in the backend --just-names List only the names of the encrypted attributes when used with --list --add-attr ADD_ATTR Enables encryption for the specified attribute --del-attr DEL_ATTR Disables encryption for the specified attribute COMMAND 'dsconf backend config' usage: dsconf instance backend config [-h] {get,set} ... POSITIONAL ARGUMENTS 'dsconf backend config' dsconf backend config get Display the global database configuration dsconf backend config set Set the global database configuration COMMAND 'dsconf backend config get' usage: dsconf instance backend config get [-h] COMMAND 'dsconf backend config set' usage: dsconf instance backend config set [-h] [--lookthroughlimit LOOKTHROUGHLIMIT] [--mode MODE] [--idlistscanlimit IDLISTSCANLIMIT] [--directory DIRECTORY] [--dbcachesize DBCACHESIZE] [--logdirectory LOGDIRECTORY] [--txn-wait TXN_WAIT] [--checkpoint-interval CHECKPOINT_INTERVAL] [--compactdb-interval COMPACTDB_INTERVAL] [--compactdb-time COMPACTDB_TIME] [--txn-batch-val TXN_BATCH_VAL] [--txn-batch-min TXN_BATCH_MIN] [--txn-batch-max TXN_BATCH_MAX] [--logbufsize LOGBUFSIZE] [--locks LOCKS] [--locks-monitoring-enabled LOCKS_MONITORING_ENABLED] [--locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD] [--locks-monitoring-pause LOCKS_MONITORING_PAUSE] [--import-cache-autosize IMPORT_CACHE_AUTOSIZE] [--cache-autosize CACHE_AUTOSIZE] [--cache-autosize-split CACHE_AUTOSIZE_SPLIT] [--import-cachesize IMPORT_CACHESIZE] [--exclude-from-export EXCLUDE_FROM_EXPORT] [--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT] [--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT] [--rangelookthroughlimit RANGELOOKTHROUGHLIMIT] [--backend-opt-level BACKEND_OPT_LEVEL] [--deadlock-policy DEADLOCK_POLICY] [--db-home-directory DB_HOME_DIRECTORY] [--db-lib DB_LIB] [--mdb-max-size MDB_MAX_SIZE] [--mdb-max-readers MDB_MAX_READERS] [--mdb-max-dbs MDB_MAX_DBS] OPTIONS 'dsconf backend config set' --lookthroughlimit LOOKTHROUGHLIMIT Specifies the maximum number of entries that the server will check when examining candidate entries in response to a search request --mode MODE Specifies the permissions used for newly created index files --idlistscanlimit IDLISTSCANLIMIT Specifies the number of entry IDs that are searched during a search operation --directory DIRECTORY Specifies absolute path to database instance --dbcachesize DBCACHESIZE Specifies the database index cache size in bytes --logdirectory LOGDIRECTORY Specifies the path to the directory that contains the database transaction logs --txn-wait TXN_WAIT Sets whether the server should should wait if there are no db locks available --checkpoint-interval CHECKPOINT_INTERVAL Sets the amount of time in seconds after which the server sends a checkpoint entry to the database transaction log --compactdb-interval COMPACTDB_INTERVAL Sets the interval in seconds when the database is compacted --compactdb-time COMPACTDB_TIME Sets the time (HH:MM format) of day when to compact the database after the "compactdb interval" has been reached --txn-batch-val TXN_BATCH_VAL Specifies how many transactions will be batched before being committed --txn-batch-min TXN_BATCH_MIN Controls when transactions should be flushed earliest, independently of the batch count. Requires that txn-batch-val is set --txn-batch-max TXN_BATCH_MAX Controls when transactions should be flushed latest, independently of the batch count. Requires that txn-batch-val is set) --logbufsize LOGBUFSIZE Specifies the transaction log information buffer size --locks LOCKS Sets the maximum number of database locks --locks-monitoring-enabled LOCKS_MONITORING_ENABLED Enables or disables monitoring of DB locks when the value crosses the percentage set with "--locks-monitoring-threshold" --locks-monitoring-threshold LOCKS_MONITORING_THRESHOLD Sets the DB lock exhaustion threshold in percentage (valid range is 70-90). When the threshold is reached, all searches are aborted until the number of active locks decreases below the configured threshold and/or the administrator increases the number of database locks (nsslapd-db-locks). This threshold is a safeguard against DB corruption which might be caused by locks exhaustion. --locks-monitoring-pause LOCKS_MONITORING_PAUSE Sets the DB lock monitoring value in milliseconds for the amount of time that the monitoring thread spends waiting between checks. --import-cache-autosize IMPORT_CACHE_AUTOSIZE Enables or disables to automatically set the size of the import cache to be used during the import process of LDIF files --cache-autosize CACHE_AUTOSIZE Sets the percentage of free memory that is used in total for the database and entry cache. "0" disables this feature. --cache-autosize-split CACHE_AUTOSIZE_SPLIT Sets the percentage of RAM that is used for the database cache. The remaining percentage is used for the entry cache --import-cachesize IMPORT_CACHESIZE Sets the size in bytes of the database cache used in the import process. --exclude-from-export EXCLUDE_FROM_EXPORT List of attributes to not include during database export operations --pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT Specifies the maximum number of entries that the server will check when examining candidate entries for a search which uses the simple paged results control --pagedidlistscanlimit PAGEDIDLISTSCANLIMIT Specifies the number of entry IDs that are searched, specifically, for a search operation using the simple paged results control. --rangelookthroughlimit RANGELOOKTHROUGHLIMIT Specifies the maximum number of entries that the server will check when examining candidate entries in response to a range search request. --backend-opt-level BACKEND_OPT_LEVEL Sets the backend optimization level for write performance (0, 1, 2, or 4). WARNING: This parameter can trigger experimental code. --deadlock-policy DEADLOCK_POLICY Adjusts the backend database deadlock policy (Advanced setting) --db-home-directory DB_HOME_DIRECTORY Sets the directory for the database mmapped files (Advanced setting) --db-lib DB_LIB Sets which db lib is used. Valid values are: bdb or mdb --mdb-max-size MDB_MAX_SIZE Sets the lmdb database maximum size (in bytes). --mdb-max-readers MDB_MAX_READERS Sets the lmdb database maximum number of readers (Advanced setting) --mdb-max-dbs MDB_MAX_DBS Sets the lmdb database maximum number of sub databases (Advanced setting) COMMAND 'dsconf backend monitor' usage: dsconf instance backend monitor [-h] [--suffix SUFFIX] OPTIONS 'dsconf backend monitor' --suffix SUFFIX Displays monitoring information only for the specified suffix COMMAND 'dsconf backend import' usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E] [-g GEN_UNIQ_ID] [-O] [-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]] [-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]] [--timeout TIMEOUT] [be_name] [ldifs ...] be_name The backend name or the root suffix ldifs Specifies the filename of the input LDIF files. Multiple files are imported in the specified order. OPTIONS 'dsconf backend import' -c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE The number of chunks to have during the import operation -E, --encrypted Encrypt attributes configured in the database for encryption -g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID Generate a unique id. Set "none" for no unique ID to be generated and "deterministic" for the generated unique ID to be name-based. By default, a time-based unique ID is generated. When using the deterministic generation to have a name-based unique ID, it is also possible to specify the namespace for the server to use. namespaceId is a string of characters in the format 00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx. -O, --only-core Creates only the core database attribute indexes -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...] Specifies the suffixes or the subtrees to be included -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...] Specifies the suffixes to be excluded --timeout TIMEOUT Set a timeout to wait for the export task. Default is 0 (no timeout) COMMAND 'dsconf backend export' usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m] [-N] [-r] [-u] [-U] [-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]] [-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]] [--timeout TIMEOUT] be_names [be_names ...] be_names The backend names or the root suffixes OPTIONS 'dsconf backend export' -l LDIF, --ldif LDIF Sets the filename of the output LDIF file. Separate multiple file names with spaces. -C, --use-id2entry Uses only the main database file -E, --encrypted Decrypts encrypted data during export. This option is used only if database encryption is enabled. -m, --min-base64 Sets minimal base-64 encoding -N, --no-seq-num Suppresses printing the sequence numbers -r, --replication Exports the data with information required to initialize a replica -u, --no-dump-uniq-id Omits exporting the unique ID -U, --not-folded Disables folding the output -s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...] Specifies the suffixes or the subtrees to be included -x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...] Specifies the suffixes to be excluded --timeout TIMEOUT Set a timeout to wait for the export task. Default is 0 (no timeout) COMMAND 'dsconf backend create' usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUFFIX] --suffix SUFFIX --be-name BE_NAME [--create-entries] [--create-suffix] OPTIONS 'dsconf backend create' --parent-suffix PARENT_SUFFIX Sets the parent suffix only if this backend is a sub-suffix --suffix SUFFIX Sets the database suffix DN --be-name BE_NAME Sets the database backend name" --create-entries Adds sample entries to the database --create-suffix Creates the suffix object entry in the database. Only suffixes using the 'dc', COMMAND 'dsconf backend delete' usage: dsconf instance backend delete [-h] [--do-it] be_name be_name The backend name or suffix OPTIONS 'dsconf backend delete' --do-it Remove backend and its subsuffixes COMMAND 'dsconf backend get-tree' usage: dsconf instance backend get-tree [-h] COMMAND 'dsconf backend compact-db' usage: dsconf instance backend compact-db [-h] [--only-changelog] [--timeout TIMEOUT] OPTIONS 'dsconf backend compact-db' --only-changelog Compacts only the replication change log --timeout TIMEOUT Set a timeout to wait for the compaction task. Default is 0 (no timeout) COMMAND 'dsconf backup' usage: dsconf instance backup [-h] {create,restore} ... POSITIONAL ARGUMENTS 'dsconf backup' dsconf backup create Creates a backup of the database dsconf backup restore Restores a database from a backup COMMAND 'dsconf backup create' usage: dsconf instance backup create [-h] [-t DB_TYPE] [--timeout TIMEOUT] [archive] archive Sets the directory where to store the backup files. Format: instance_name- year_month_date_hour_minutes_seconds. Default: /var/lib/dirsrv/slapd- instance/bak/ OPTIONS 'dsconf backup create' -t DB_TYPE, --db-type DB_TYPE Sets the database type. Default: ldbm database --timeout TIMEOUT Sets the task timeout. Default is 120 seconds, COMMAND 'dsconf backup restore' usage: dsconf instance backup restore [-h] [-t DB_TYPE] [--timeout TIMEOUT] archive archive Set the directory that contains the backup files OPTIONS 'dsconf backup restore' -t DB_TYPE, --db-type DB_TYPE Sets the database type. Default: ldbm database --timeout TIMEOUT Sets the task timeout. Default is 120 seconds. COMMAND 'dsconf chaining' usage: dsconf instance chaining [-h] {config-get,config-set,config-get-def,config-set-def,link-create,link-get,link-set,link-delete,monitor,link-list} ... POSITIONAL ARGUMENTS 'dsconf chaining' dsconf chaining config-get Display the chaining controls and server component lists dsconf chaining config-set Set the chaining controls and server component lists dsconf chaining config-get-def Display the default creation parameters for new database links dsconf chaining config-set-def Set the default creation parameters for new database links dsconf chaining link-create Create a database link to a remote server dsconf chaining link-get Displays chaining database links dsconf chaining link-set Edit a database link to a remote server dsconf chaining link-delete Delete a database link dsconf chaining monitor Display monitor information for a database chaining link dsconf chaining link-list List database links COMMAND 'dsconf chaining config-get' usage: dsconf instance chaining config-get [-h] [--avail-controls] [--avail-comps] OPTIONS 'dsconf chaining config-get' --avail-controls Lists available chaining controls --avail-comps Lists available chaining plugin components COMMAND 'dsconf chaining config-set' usage: dsconf instance chaining config-set [-h] [--add-control ADD_CONTROL] [--del-control DEL_CONTROL] [--add-comp ADD_COMP] [--del-comp DEL_COMP] OPTIONS 'dsconf chaining config-set' --add-control ADD_CONTROL Adds a transmitted control OID --del-control DEL_CONTROL Deletes a transmitted control OID --add-comp ADD_COMP Adds a chaining component --del-comp DEL_COMP Deletes a chaining component COMMAND 'dsconf chaining config-get-def' usage: dsconf instance chaining config-get-def [-h] COMMAND 'dsconf chaining config-set-def' usage: dsconf instance chaining config-set-def [-h] [--conn-bind-limit CONN_BIND_LIMIT] [--conn-op-limit CONN_OP_LIMIT] [--abandon-check-interval ABANDON_CHECK_INTERVAL] [--bind-limit BIND_LIMIT] [--op-limit OP_LIMIT] [--proxied-auth PROXIED_AUTH] [--conn-lifetime CONN_LIFETIME] [--bind-timeout BIND_TIMEOUT] [--return-ref RETURN_REF] [--check-aci CHECK_ACI] [--bind-attempts BIND_ATTEMPTS] [--size-limit SIZE_LIMIT] [--time-limit TIME_LIMIT] [--hop-limit HOP_LIMIT] [--response-delay RESPONSE_DELAY] [--test-response-delay TEST_RESPONSE_DELAY] [--use-starttls USE_STARTTLS] OPTIONS 'dsconf chaining config-set-def' --conn-bind-limit CONN_BIND_LIMIT Sets the maximum number of BIND connections the database link establishes with the remote server --conn-op-limit CONN_OP_LIMIT Sets the maximum number of LDAP connections the database link establishes with the remote server --abandon-check-interval ABANDON_CHECK_INTERVAL Sets the number of seconds that pass before the server checks for abandoned operations --bind-limit BIND_LIMIT Sets the maximum number of concurrent bind operations per TCP connection --op-limit OP_LIMIT Sets the maximum number of concurrent operations allowed --proxied-auth PROXIED_AUTH Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute. --conn-lifetime CONN_LIFETIME Specifies connection lifetime in seconds. "0" keeps the connection open forever. --bind-timeout BIND_TIMEOUT Sets the amount of time in seconds before a bind attempt times out --return-ref RETURN_REF Enables or disables whether referrals are returned by scoped searches --check-aci CHECK_ACI Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server --bind-attempts BIND_ATTEMPTS Sets the number of times the server tries to bind to the remote server --size-limit SIZE_LIMIT Sets the maximum number of entries to return from a search operation --time-limit TIME_LIMIT Sets the maximum number of seconds allowed for an operation --hop-limit HOP_LIMIT Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another. --response-delay RESPONSE_DELAY Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected --test-response-delay TEST_RESPONSE_DELAY Sets the duration of the test issued by the database link to check whether the remote server is responding --use-starttls USE_STARTTLS Configured that database links use StartTLS if set to "on" COMMAND 'dsconf chaining link-create' usage: dsconf instance chaining link-create [-h] [--conn-bind-limit CONN_BIND_LIMIT] [--conn-op-limit CONN_OP_LIMIT] [--abandon-check-interval ABANDON_CHECK_INTERVAL] [--bind-limit BIND_LIMIT] [--op-limit OP_LIMIT] [--proxied-auth PROXIED_AUTH] [--conn-lifetime CONN_LIFETIME] [--bind-timeout BIND_TIMEOUT] [--return-ref RETURN_REF] [--check-aci CHECK_ACI] [--bind-attempts BIND_ATTEMPTS] [--size-limit SIZE_LIMIT] [--time-limit TIME_LIMIT] [--hop-limit HOP_LIMIT] [--response-delay RESPONSE_DELAY] [--test-response-delay TEST_RESPONSE_DELAY] [--use-starttls USE_STARTTLS] --suffix SUFFIX --server-url SERVER_URL --bind-mech BIND_MECH --bind-dn BIND_DN [--bind-pw BIND_PW] [--bind-pw-file BIND_PW_FILE] [--bind-pw-prompt] CHAIN_NAME CHAIN_NAME The name of the database link OPTIONS 'dsconf chaining link-create' --conn-bind-limit CONN_BIND_LIMIT Sets the maximum number of BIND connections the database link establishes with the remote server --conn-op-limit CONN_OP_LIMIT Sets the maximum number of LDAP connections the database link establishes with the remote server --abandon-check-interval ABANDON_CHECK_INTERVAL Sets the number of seconds that pass before the server checks for abandoned operations --bind-limit BIND_LIMIT Sets the maximum number of concurrent bind operations per TCP connection --op-limit OP_LIMIT Sets the maximum number of concurrent operations allowed --proxied-auth PROXIED_AUTH Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute. --conn-lifetime CONN_LIFETIME Specifies connection lifetime in seconds. "0" keeps the connection open forever. --bind-timeout BIND_TIMEOUT Sets the amount of time in seconds before a bind attempt times out --return-ref RETURN_REF Enables or disables whether referrals are returned by scoped searches --check-aci CHECK_ACI Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server --bind-attempts BIND_ATTEMPTS Sets the number of times the server tries to bind to the remote server --size-limit SIZE_LIMIT Sets the maximum number of entries to return from a search operation --time-limit TIME_LIMIT Sets the maximum number of seconds allowed for an operation --hop-limit HOP_LIMIT Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another. --response-delay RESPONSE_DELAY Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected --test-response-delay TEST_RESPONSE_DELAY Sets the duration of the test issued by the database link to check whether the remote server is responding --use-starttls USE_STARTTLS Configured that database links use StartTLS if set to "on" --suffix SUFFIX Sets the suffix managed by the database link --server-url SERVER_URL Sets the LDAP/LDAPS URL to the remote server --bind-mech BIND_MECH Sets the authentication method to use to authenticate to the remote server. Valid values: "SIMPLE" (default), "EXTERNAL", "DIGEST-MD5", or "GSSAPI" --bind-dn BIND_DN Sets the DN of the administrative entry used to communicate with the remote server --bind-pw BIND_PW Sets the password of the administrative user --bind-pw-file BIND_PW_FILE File containing the password --bind-pw-prompt Prompt for password COMMAND 'dsconf chaining link-get' usage: dsconf instance chaining link-get [-h] CHAIN_NAME CHAIN_NAME The chaining link name or suffix to retrieve COMMAND 'dsconf chaining link-set' usage: dsconf instance chaining link-set [-h] [--conn-bind-limit CONN_BIND_LIMIT] [--conn-op-limit CONN_OP_LIMIT] [--abandon-check-interval ABANDON_CHECK_INTERVAL] [--bind-limit BIND_LIMIT] [--op-limit OP_LIMIT] [--proxied-auth PROXIED_AUTH] [--conn-lifetime CONN_LIFETIME] [--bind-timeout BIND_TIMEOUT] [--return-ref RETURN_REF] [--check-aci CHECK_ACI] [--bind-attempts BIND_ATTEMPTS] [--size-limit SIZE_LIMIT] [--time-limit TIME_LIMIT] [--hop-limit HOP_LIMIT] [--response-delay RESPONSE_DELAY] [--test-response-delay TEST_RESPONSE_DELAY] [--use-starttls USE_STARTTLS] [--suffix SUFFIX] [--server-url SERVER_URL] [--bind-mech BIND_MECH] [--bind-dn BIND_DN] [--bind-pw BIND_PW] [--bind-pw-file BIND_PW_FILE] [--bind-pw-prompt] CHAIN_NAME CHAIN_NAME The name of the database link OPTIONS 'dsconf chaining link-set' --conn-bind-limit CONN_BIND_LIMIT Sets the maximum number of BIND connections the database link establishes with the remote server --conn-op-limit CONN_OP_LIMIT Sets the maximum number of LDAP connections the database link establishes with the remote server --abandon-check-interval ABANDON_CHECK_INTERVAL Sets the number of seconds that pass before the server checks for abandoned operations --bind-limit BIND_LIMIT Sets the maximum number of concurrent bind operations per TCP connection --op-limit OP_LIMIT Sets the maximum number of concurrent operations allowed --proxied-auth PROXIED_AUTH Enables or disables proxied authorization. If set to "off", the server executes bind for chained operations as the user set in the nsMultiplexorBindDn attribute. --conn-lifetime CONN_LIFETIME Specifies connection lifetime in seconds. "0" keeps the connection open forever. --bind-timeout BIND_TIMEOUT Sets the amount of time in seconds before a bind attempt times out --return-ref RETURN_REF Enables or disables whether referrals are returned by scoped searches --check-aci CHECK_ACI Enables or disables whether the server evaluates ACIs on the database link as well as the remote data server --bind-attempts BIND_ATTEMPTS Sets the number of times the server tries to bind to the remote server --size-limit SIZE_LIMIT Sets the maximum number of entries to return from a search operation --time-limit TIME_LIMIT Sets the maximum number of seconds allowed for an operation --hop-limit HOP_LIMIT Sets the maximum number of times a database is allowed to chain. That is the number of times a request can be forwarded from one database link to another. --response-delay RESPONSE_DELAY Sets the maximum amount of time it can take a remote server to respond to an LDAP operation request made by a database link before an error is suspected --test-response-delay TEST_RESPONSE_DELAY Sets the duration of the test issued by the database link to check whether the remote server is responding --use-starttls USE_STARTTLS Configured that database links use StartTLS if set to "on" --suffix SUFFIX Sets the suffix managed by the database link --server-url SERVER_URL Sets the LDAP/LDAPS URL to the remote server --bind-mech BIND_MECH Sets the authentication method to use to authenticate to the remote server: Valid values: "SIMPLE" (default), "EXTERNAL", "DIGEST-MD5", or "GSSAPI" --bind-dn BIND_DN Sets the DN of the administrative entry used to communicate with the remote server --bind-pw BIND_PW Sets the password of the administrative user --bind-pw-file BIND_PW_FILE File containing the password --bind-pw-prompt Prompt for password COMMAND 'dsconf chaining link-delete' usage: dsconf instance chaining link-delete [-h] CHAIN_NAME CHAIN_NAME The name of the database link COMMAND 'dsconf chaining monitor' usage: dsconf instance chaining monitor [-h] CHAIN_NAME CHAIN_NAME The name of the database link COMMAND 'dsconf chaining link-list' usage: dsconf instance chaining link-list [-h] COMMAND 'dsconf config' usage: dsconf instance config [-h] {get,add,replace,delete} ... POSITIONAL ARGUMENTS 'dsconf config' dsconf config get get dsconf config add Add attribute value to configuration dsconf config replace Replace attribute value in configuration dsconf config delete Delete attribute value in configuration COMMAND 'dsconf config get' usage: dsconf instance config get [-h] [attrs ...] attrs Configuration attribute(s) to get COMMAND 'dsconf config add' usage: dsconf instance config add [-h] [attr ...] attr Configuration attribute to add COMMAND 'dsconf config replace' usage: dsconf instance config replace [-h] [attr ...] attr Configuration attribute to replace COMMAND 'dsconf config delete' usage: dsconf instance config delete [-h] [attr ...] attr Configuration attribute to delete COMMAND 'dsconf directory_manager' usage: dsconf instance directory_manager [-h] {password_change} ... POSITIONAL ARGUMENTS 'dsconf directory_manager' dsconf directory_manager password_change Changes the password of the Directory Manager account COMMAND 'dsconf directory_manager password_change' usage: dsconf instance directory_manager password_change [-h] COMMAND 'dsconf monitor' usage: dsconf instance monitor [-h] {server,dbmon,ldbm,backend,snmp,chaining,disk} ... POSITIONAL ARGUMENTS 'dsconf monitor' dsconf monitor server Displays the server statistics, connections, and operations dsconf monitor dbmon Monitor all database statistics in a single report dsconf monitor ldbm Monitor the LDBM statistics, such as dbcache dsconf monitor backend Monitor the behavior of a backend database dsconf monitor snmp Displays the SNMP statistics dsconf monitor chaining Monitor database chaining statistics dsconf monitor disk Displays the disk space statistics. All values are in bytes. COMMAND 'dsconf monitor server' usage: dsconf instance monitor server [-h] COMMAND 'dsconf monitor dbmon' usage: dsconf instance monitor dbmon [-h] [-b BACKENDS] [-x] OPTIONS 'dsconf monitor dbmon' -b BACKENDS, --backends BACKENDS Specifies a list of space-separated backends to monitor. Default is all backends. -x, --indexes Shows index stats for each backend COMMAND 'dsconf monitor ldbm' usage: dsconf instance monitor ldbm [-h] COMMAND 'dsconf monitor backend' usage: dsconf instance monitor backend [-h] [backend] backend The optional name of the backend to monitor COMMAND 'dsconf monitor snmp' usage: dsconf instance monitor snmp [-h] COMMAND 'dsconf monitor chaining' usage: dsconf instance monitor chaining [-h] [backend] backend The optional name of the chaining backend to monitor COMMAND 'dsconf monitor disk' usage: dsconf instance monitor disk [-h] COMMAND 'dsconf plugin' usage: dsconf instance plugin [-h] {memberof,automember,referential-integrity,root-dn,usn,account-policy,attr-uniq,dna,ldap-pass-through-auth,linked-attr,managed-entries,pam-pass-through-auth,retro-changelog,posix-winsync,contentsync,entryuuid,list,show,set} ... POSITIONAL ARGUMENTS 'dsconf plugin' dsconf plugin memberof Manage and configure MemberOf plugin dsconf plugin automember Manage and configure Automembership plugin dsconf plugin referential-integrity Manage and configure Referential Integrity Postoperation plugin dsconf plugin root-dn Manage and configure RootDN Access Control plugin dsconf plugin usn Manage and configure USN plugin dsconf plugin account-policy Manage and configure Account Policy plugin dsconf plugin attr-uniq Manage and configure Attribute Uniqueness plugin dsconf plugin dna Manage and configure DNA plugin dsconf plugin ldap-pass-through-auth Manage and configure LDAP Pass-Through Authentication Plugin dsconf plugin linked-attr Manage and configure Linked Attributes plugin dsconf plugin managed-entries Manage and configure Managed Entries Plugin dsconf plugin pam-pass-through-auth Manage and configure Pass-Through Authentication plugins (LDAP URLs and PAM) dsconf plugin retro-changelog Manage and configure Retro Changelog plugin dsconf plugin posix-winsync Manage and configure the Posix Winsync API plugin dsconf plugin contentsync Manage and configure Content Sync Plugin (aka syncrepl) dsconf plugin entryuuid Manage and configure EntryUUID plugin dsconf plugin list List current configured (enabled and disabled) plugins dsconf plugin show Show the plugin data dsconf plugin set Edit the plugin settings COMMAND 'dsconf plugin memberof' usage: dsconf instance plugin memberof [-h] {show,enable,disable,status,set,config-entry,fixup,fixup-status} ... POSITIONAL ARGUMENTS 'dsconf plugin memberof' dsconf plugin memberof show Displays the plugin configuration dsconf plugin memberof enable Enables the plugin dsconf plugin memberof disable Disables the plugin dsconf plugin memberof status Displays the plugin status dsconf plugin memberof set Edit the plugin settings dsconf plugin memberof config-entry Manage the config entry dsconf plugin memberof fixup Run the fix-up task for memberOf plugin dsconf plugin memberof fixup-status Check the status of a fix-up task COMMAND 'dsconf plugin memberof show' usage: dsconf instance plugin memberof show [-h] COMMAND 'dsconf plugin memberof enable' usage: dsconf instance plugin memberof enable [-h] COMMAND 'dsconf plugin memberof disable' usage: dsconf instance plugin memberof disable [-h] COMMAND 'dsconf plugin memberof status' usage: dsconf instance plugin memberof status [-h] COMMAND 'dsconf plugin memberof set' usage: dsconf instance plugin memberof set [-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]] [--allbackends {on,off}] [--skipnested {on,off}] [--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]] [--autoaddoc AUTOADDOC] [--config-entry CONFIG_ENTRY] OPTIONS 'dsconf plugin memberof set' --attr ATTR Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr) --groupattr GROUPATTR [GROUPATTR ...] Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr) --allbackends {on,off} Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends) --skipnested {on,off} Specifies whether to skip nested groups or not (memberOfSkipNested) --scope SCOPE [SCOPE ...] Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on (memberOfEntryScope) --exclude EXCLUDE [EXCLUDE ...] Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude (memberOfEntryScopeExcludeSubtree) --autoaddoc AUTOADDOC If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter --config-entry CONFIG_ENTRY The value to set as nsslapd-pluginConfigArea COMMAND 'dsconf plugin memberof config-entry' usage: dsconf instance plugin memberof config-entry [-h] {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin memberof config-entry' dsconf plugin memberof config-entry add Add the config entry dsconf plugin memberof config-entry set Edit the config entry dsconf plugin memberof config-entry show Display the config entry dsconf plugin memberof config-entry delete Delete the config entry COMMAND 'dsconf plugin memberof config-entry add' usage: dsconf instance plugin memberof config-entry add [-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]] [--allbackends {on,off}] [--skipnested {on,off}] [--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]] [--autoaddoc AUTOADDOC] DN DN The config entry full DN OPTIONS 'dsconf plugin memberof config-entry add' --attr ATTR Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr) --groupattr GROUPATTR [GROUPATTR ...] Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr) --allbackends {on,off} Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends) --skipnested {on,off} Specifies whether to skip nested groups or not (memberOfSkipNested) --scope SCOPE [SCOPE ...] Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on (memberOfEntryScope) --exclude EXCLUDE [EXCLUDE ...] Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude (memberOfEntryScopeExcludeSubtree) --autoaddoc AUTOADDOC If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter COMMAND 'dsconf plugin memberof config-entry set' usage: dsconf instance plugin memberof config-entry set [-h] [--attr ATTR] [--groupattr GROUPATTR [GROUPATTR ...]] [--allbackends {on,off}] [--skipnested {on,off}] [--scope SCOPE [SCOPE ...]] [--exclude EXCLUDE [EXCLUDE ...]] [--autoaddoc AUTOADDOC] DN DN The config entry full DN OPTIONS 'dsconf plugin memberof config-entry set' --attr ATTR Specifies the attribute in the user entry for the Directory Server to manage to reflect group membership (memberOfAttr) --groupattr GROUPATTR [GROUPATTR ...] Specifies the attribute in the group entry to use to identify the DNs of group members (memberOfGroupAttr) --allbackends {on,off} Specifies whether to search the local suffix for user entries on all available suffixes (memberOfAllBackends) --skipnested {on,off} Specifies whether to skip nested groups or not (memberOfSkipNested) --scope SCOPE [SCOPE ...] Specifies backends or multiple-nested suffixes for the MemberOf plug-in to work on (memberOfEntryScope) --exclude EXCLUDE [EXCLUDE ...] Specifies backends or multiple-nested suffixes for the MemberOf plug-in to exclude (memberOfEntryScopeExcludeSubtree) --autoaddoc AUTOADDOC If an entry does not have an object class that allows the memberOf attribute then the memberOf plugin will automatically add the object class listed in the memberOfAutoAddOC parameter COMMAND 'dsconf plugin memberof config-entry show' usage: dsconf instance plugin memberof config-entry show [-h] DN DN The config entry full DN COMMAND 'dsconf plugin memberof config-entry delete' usage: dsconf instance plugin memberof config-entry delete [-h] DN DN The config entry full DN COMMAND 'dsconf plugin memberof fixup' usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] [--wait] [--timeout TIMEOUT] DN DN Base DN that contains entries to fix up OPTIONS 'dsconf plugin memberof fixup' -f FILTER, --filter FILTER Filter for entries to fix up. If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute regenerated. --wait Wait for the task to finish, this could take a long time --timeout TIMEOUT Sets the task timeout. ,Default is 0 (no timeout) COMMAND 'dsconf plugin memberof fixup-status' usage: dsconf instance plugin memberof fixup-status [-h] [--dn DN] [--show-log] [--watch] OPTIONS 'dsconf plugin memberof fixup-status' --dn DN The task entry's DN --show-log Display the task log --watch Watch the task's status and wait for it to finish COMMAND 'dsconf plugin automember' usage: dsconf instance plugin automember [-h] {show,enable,disable,status,list,definition,fixup,fixup-status,abort-fixup} ... POSITIONAL ARGUMENTS 'dsconf plugin automember' dsconf plugin automember show Displays the plugin configuration dsconf plugin automember enable Enables the plugin dsconf plugin automember disable Disables the plugin dsconf plugin automember status Displays the plugin status dsconf plugin automember list List Automembership definitions or regex rules. dsconf plugin automember definition Manage Automembership definition. dsconf plugin automember fixup Run a rebuild membership task. dsconf plugin automember fixup-status Check the status of a fix-up task dsconf plugin automember abort-fixup Abort the rebuild membership task. COMMAND 'dsconf plugin automember show' usage: dsconf instance plugin automember show [-h] COMMAND 'dsconf plugin automember enable' usage: dsconf instance plugin automember enable [-h] COMMAND 'dsconf plugin automember disable' usage: dsconf instance plugin automember disable [-h] COMMAND 'dsconf plugin automember status' usage: dsconf instance plugin automember status [-h] COMMAND 'dsconf plugin automember list' usage: dsconf instance plugin automember list [-h] {definitions,regexes} ... POSITIONAL ARGUMENTS 'dsconf plugin automember list' dsconf plugin automember list definitions Lists Automembership definitions. dsconf plugin automember list regexes List Automembership regex rules. COMMAND 'dsconf plugin automember list definitions' usage: dsconf instance plugin automember list definitions [-h] COMMAND 'dsconf plugin automember list regexes' usage: dsconf instance plugin automember list regexes [-h] DEFNAME DEFNAME The definition entry CN COMMAND 'dsconf plugin automember definition' usage: dsconf instance plugin automember definition [-h] DEFNAME {add,set,delete,show,regex} ... POSITIONAL ARGUMENTS 'dsconf plugin automember definition' dsconf plugin automember definition add Creates Automembership definition. dsconf plugin automember definition set Edits Automembership definition. dsconf plugin automember definition delete Removes Automembership definition. dsconf plugin automember definition show Displays Automembership definition. dsconf plugin automember definition regex Manage Automembership regex rules. COMMAND 'dsconf plugin automember definition add' usage: dsconf instance plugin automember definition DEFNAME add [-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP] --scope SCOPE --filter FILTER OPTIONS 'dsconf plugin automember definition add' --grouping-attr GROUPING_ATTR Specifies the name of the member attribute in the group entry and the attribute in the object entry that supplies the member attribute value, in the format group_member_attr:entry_attr (autoMemberGroupingAttr) --default-group DEFAULT_GROUP Sets default or fallback group to add the entry to as a member attribute in group entry (autoMemberDefaultGroup) --scope SCOPE Sets the subtree DN to search for entries (autoMemberScope) --filter FILTER Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter) COMMAND 'dsconf plugin automember definition set' usage: dsconf instance plugin automember definition DEFNAME set [-h] --grouping-attr GROUPING_ATTR [--default-group DEFAULT_GROUP] --scope SCOPE --filter FILTER OPTIONS 'dsconf plugin automember definition set' --grouping-attr GROUPING_ATTR Specifies the name of the member attribute in the group entry and the attribute in the object entry that supplies the member attribute value, in the format group_member_attr:entry_attr (autoMemberGroupingAttr) --default-group DEFAULT_GROUP Sets default or fallback group to add the entry to as a member attribute in group entry (autoMemberDefaultGroup) --scope SCOPE Sets the subtree DN to search for entries (autoMemberScope) --filter FILTER Sets a standard LDAP search filter to use to search for matching entries (autoMemberFilter) COMMAND 'dsconf plugin automember definition delete' usage: dsconf instance plugin automember definition DEFNAME delete [-h] COMMAND 'dsconf plugin automember definition show' usage: dsconf instance plugin automember definition DEFNAME show [-h] COMMAND 'dsconf plugin automember definition regex' usage: dsconf instance plugin automember definition DEFNAME regex [-h] REGEXNAME {add,set,delete,show} ... POSITIONAL ARGUMENTS 'dsconf plugin automember definition regex' dsconf plugin automember definition regex add Creates Automembership regex. dsconf plugin automember definition regex set Edits Automembership regex. dsconf plugin automember definition regex delete Removes Automembership regex. dsconf plugin automember definition regex show Displays Automembership regex. COMMAND 'dsconf plugin automember definition regex add' usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME add [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]] [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP OPTIONS 'dsconf plugin automember definition regex add' --exclusive EXCLUSIVE [EXCLUSIVE ...] Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex) --inclusive INCLUSIVE [INCLUSIVE ...] Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex) --target-group TARGET_GROUP Sets which group to add the entry to as a member, if it meets the regular expression conditions (autoMemberTargetGroup) COMMAND 'dsconf plugin automember definition regex set' usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME set [-h] [--exclusive EXCLUSIVE [EXCLUSIVE ...]] [--inclusive INCLUSIVE [INCLUSIVE ...]] --target-group TARGET_GROUP OPTIONS 'dsconf plugin automember definition regex set' --exclusive EXCLUSIVE [EXCLUSIVE ...] Sets a single regular expression to use to identify entries to exclude (autoMemberExclusiveRegex) --inclusive INCLUSIVE [INCLUSIVE ...] Sets a single regular expression to use to identify entries to include (autoMemberInclusiveRegex) --target-group TARGET_GROUP Sets which group to add the entry to as a member, if it meets the regular expression conditions (autoMemberTargetGroup) COMMAND 'dsconf plugin automember definition regex delete' usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME delete [-h] COMMAND 'dsconf plugin automember definition regex show' usage: dsconf instance plugin automember definition DEFNAME regex REGEXNAME show [-h] COMMAND 'dsconf plugin automember fixup' usage: dsconf instance plugin automember fixup [-h] -f FILTER -s {sub,base,one} [--cleanup] [--wait] [--timeout TIMEOUT] DN DN Base DN that contains entries to fix up OPTIONS 'dsconf plugin automember fixup' -f FILTER, --filter FILTER Sets the LDAP filter for entries to fix up -s {sub,base,one}, --scope {sub,base,one} Sets the LDAP search scope for entries to fix up --cleanup Clean up previous group memberships before rebuilding --wait Wait for the task to finish, this could take a long time --timeout TIMEOUT Set a timeout to wait for the fixup task. Default is 0 (no timeout) COMMAND 'dsconf plugin automember fixup-status' usage: dsconf instance plugin automember fixup-status [-h] [--dn DN] [--show-log] [--watch] OPTIONS 'dsconf plugin automember fixup-status' --dn DN The task entry's DN --show-log Display the task log --watch Watch the task's status and wait for it to finish COMMAND 'dsconf plugin automember abort-fixup' usage: dsconf instance plugin automember abort-fixup [-h] [--timeout TIMEOUT] OPTIONS 'dsconf plugin automember abort-fixup' --timeout TIMEOUT Set a timeout to wait for the abort task. Default is 0 (no timeout) COMMAND 'dsconf plugin referential-integrity' usage: dsconf instance plugin referential-integrity [-h] {show,enable,disable,status,set,config-entry} ... POSITIONAL ARGUMENTS 'dsconf plugin referential-integrity' dsconf plugin referential-integrity show Displays the plugin configuration dsconf plugin referential-integrity enable Enables the plugin dsconf plugin referential-integrity disable Disables the plugin dsconf plugin referential-integrity status Displays the plugin status dsconf plugin referential-integrity set Edit the plugin settings dsconf plugin referential-integrity config-entry Manage the config entry COMMAND 'dsconf plugin referential-integrity show' usage: dsconf instance plugin referential-integrity show [-h] COMMAND 'dsconf plugin referential-integrity enable' usage: dsconf instance plugin referential-integrity enable [-h] COMMAND 'dsconf plugin referential-integrity disable' usage: dsconf instance plugin referential-integrity disable [-h] COMMAND 'dsconf plugin referential-integrity status' usage: dsconf instance plugin referential-integrity status [-h] COMMAND 'dsconf plugin referential-integrity set' usage: dsconf instance plugin referential-integrity set [-h] [--update-delay UPDATE_DELAY] [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]] [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE] [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE] [--config-entry CONFIG_ENTRY] OPTIONS 'dsconf plugin referential-integrity set' --update-delay UPDATE_DELAY Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is performed (referint-update-delay) --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...] Specifies attributes to check for and update (referint-membership-attr) --entry-scope ENTRY_SCOPE Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry (nsslapd-pluginEntryScope) --exclude-entry-scope EXCLUDE_ENTRY_SCOPE Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user (nsslapd-pluginExcludeEntryScope) --container-scope CONTAINER_SCOPE Specifies which branch the plug-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd-pluginContainerScope) --log-file LOG_FILE Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint --config-entry CONFIG_ENTRY The value to set as nsslapd-pluginConfigArea COMMAND 'dsconf plugin referential-integrity config-entry' usage: dsconf instance plugin referential-integrity config-entry [-h] {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin referential-integrity config-entry' dsconf plugin referential-integrity config-entry add Add the config entry dsconf plugin referential-integrity config-entry set Edit the config entry dsconf plugin referential-integrity config-entry show Display the config entry dsconf plugin referential-integrity config-entry delete Delete the config entry COMMAND 'dsconf plugin referential-integrity config-entry add' usage: dsconf instance plugin referential-integrity config-entry add [-h] [--update-delay UPDATE_DELAY] [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]] [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE] [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE] DN DN The config entry full DN OPTIONS 'dsconf plugin referential-integrity config-entry add' --update-delay UPDATE_DELAY Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is performed (referint-update-delay) --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...] Specifies attributes to check for and update (referint-membership-attr) --entry-scope ENTRY_SCOPE Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry (nsslapd-pluginEntryScope) --exclude-entry-scope EXCLUDE_ENTRY_SCOPE Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user (nsslapd-pluginExcludeEntryScope) --container-scope CONTAINER_SCOPE Specifies which branch the plug-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd-pluginContainerScope) --log-file LOG_FILE Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint COMMAND 'dsconf plugin referential-integrity config-entry set' usage: dsconf instance plugin referential-integrity config-entry set [-h] [--update-delay UPDATE_DELAY] [--membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...]] [--entry-scope ENTRY_SCOPE] [--exclude-entry-scope EXCLUDE_ENTRY_SCOPE] [--container-scope CONTAINER_SCOPE] [--log-file LOG_FILE] DN DN The config entry full DN OPTIONS 'dsconf plugin referential-integrity config-entry set' --update-delay UPDATE_DELAY Sets the update interval. Special values: 0 - The check is performed immediately, -1 - No check is performed (referint-update-delay) --membership-attr MEMBERSHIP_ATTR [MEMBERSHIP_ATTR ...] Specifies attributes to check for and update (referint-membership-attr) --entry-scope ENTRY_SCOPE Defines the subtree in which the plug-in looks for the delete or rename operations of a user entry (nsslapd-pluginEntryScope) --exclude-entry-scope EXCLUDE_ENTRY_SCOPE Defines the subtree in which the plug-in ignores any operations for deleting or renaming a user (nsslapd-pluginExcludeEntryScope) --container-scope CONTAINER_SCOPE Specifies which branch the plug-in searches for the groups to which the user belongs. It only updates groups that are under the specified container branch, and leaves all other groups not updated (nsslapd-pluginContainerScope) --log-file LOG_FILE Specifies a path to the Referential integrity logfile.For example: /var/log/dirsrv/slapd-YOUR_INSTANCE/referint COMMAND 'dsconf plugin referential-integrity config-entry show' usage: dsconf instance plugin referential-integrity config-entry show [-h] DN DN The config entry full DN COMMAND 'dsconf plugin referential-integrity config-entry delete' usage: dsconf instance plugin referential-integrity config-entry delete [-h] DN DN The config entry full DN COMMAND 'dsconf plugin root-dn' usage: dsconf instance plugin root-dn [-h] {show,enable,disable,status,set} ... POSITIONAL ARGUMENTS 'dsconf plugin root-dn' dsconf plugin root-dn show Displays the plugin configuration dsconf plugin root-dn enable Enables the plugin dsconf plugin root-dn disable Disables the plugin dsconf plugin root-dn status Displays the plugin status dsconf plugin root-dn set Edit the plugin settings COMMAND 'dsconf plugin root-dn show' usage: dsconf instance plugin root-dn show [-h] COMMAND 'dsconf plugin root-dn enable' usage: dsconf instance plugin root-dn enable [-h] COMMAND 'dsconf plugin root-dn disable' usage: dsconf instance plugin root-dn disable [-h] COMMAND 'dsconf plugin root-dn status' usage: dsconf instance plugin root-dn status [-h] COMMAND 'dsconf plugin root-dn set' usage: dsconf instance plugin root-dn set [-h] [--allow-host ALLOW_HOST [ALLOW_HOST ...]] [--deny-host DENY_HOST [DENY_HOST ...]] [--allow-ip ALLOW_IP [ALLOW_IP ...]] [--deny-ip DENY_IP [DENY_IP ...]] [--open-time OPEN_TIME] [--close-time CLOSE_TIME] [--days-allowed DAYS_ALLOWED] OPTIONS 'dsconf plugin root-dn set' --allow-host ALLOW_HOST [ALLOW_HOST ...] Sets what hosts, by fully-qualified domain name, the root user is allowed to use to access Directory Server. Any hosts not listed are implicitly denied (rootdn-allow-host) --deny-host DENY_HOST [DENY_HOST ...] Sets what hosts, by fully-qualified domain name, the root user is not allowed to use to access Directory Server. Any hosts not listed are implicitly allowed (rootdn-deny-host). If a host address is listed in both the rootdn-allow-host and rootdn-deny-host attributes, it is denied access. --allow-ip ALLOW_IP [ALLOW_IP ...] Sets what IP addresses, either IPv4 or IPv6, for machines the root user is allowed to use to access Directory Server. Any IP addresses not listed are implicitly denied (rootdn-allow-ip) --deny-ip DENY_IP [DENY_IP ...] Sets what IP addresses, either IPv4 or IPv6, for machines the root user is not allowed to use to access Directory Server. Any IP addresses not listed are implicitly allowed (rootdn-deny-ip). If an IP address is listed in both the rootdn-allow-ip and rootdn-deny-ip attributes, it is denied access. --open-time OPEN_TIME Sets part of a time period or range when the root user is allowed to access Directory Server. This sets when the time-based access begins (rootdn-open- time) --close-time CLOSE_TIME Sets part of a time period or range when the root user is allowed to access Directory Server. This sets when the time-based access ends (rootdn-close- time) --days-allowed DAYS_ALLOWED Sets a comma-separated list of what days the root user is allowed to use to access Directory Server. Any days listed are implicitly denied (rootdn-days- allowed) COMMAND 'dsconf plugin usn' usage: dsconf instance plugin usn [-h] {show,enable,disable,status,global,cleanup} ... POSITIONAL ARGUMENTS 'dsconf plugin usn' dsconf plugin usn show Displays the plugin configuration dsconf plugin usn enable Enables the plugin dsconf plugin usn disable Disables the plugin dsconf plugin usn status Displays the plugin status dsconf plugin usn global Get or manage global USN mode (nsslapd-entryusn-global) dsconf plugin usn cleanup Runs the USN tombstone cleanup task COMMAND 'dsconf plugin usn show' usage: dsconf instance plugin usn show [-h] COMMAND 'dsconf plugin usn enable' usage: dsconf instance plugin usn enable [-h] COMMAND 'dsconf plugin usn disable' usage: dsconf instance plugin usn disable [-h] COMMAND 'dsconf plugin usn status' usage: dsconf instance plugin usn status [-h] COMMAND 'dsconf plugin usn global' usage: dsconf instance plugin usn global [-h] {on,off} ... POSITIONAL ARGUMENTS 'dsconf plugin usn global' dsconf plugin usn global on Enables USN global mode dsconf plugin usn global off Disables USN global mode COMMAND 'dsconf plugin usn global on' usage: dsconf instance plugin usn global on [-h] COMMAND 'dsconf plugin usn global off' usage: dsconf instance plugin usn global off [-h] COMMAND 'dsconf plugin usn cleanup' usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND) [-m MAX_USN] [--timeout TIMEOUT] OPTIONS 'dsconf plugin usn cleanup' -s SUFFIX, --suffix SUFFIX Sets the suffix or subtree in Directory Server to run the cleanup operation against. If the suffix is not specified, then the back end must be specified (suffix). -n BACKEND, --backend BACKEND Sets the Directory Server instance back end, or database, to run the cleanup operation against. If the back end is not specified, then the suffix must be specified. Backend instance in which USN tombstone entries (backend) -m MAX_USN, --max-usn MAX_USN Sets the highest USN value to delete when removing tombstone entries (max_usn_to_delete) --timeout TIMEOUT Sets the cleanup task timeout. Default is 120 seconds, COMMAND 'dsconf plugin account-policy' usage: dsconf instance plugin account-policy [-h] {show,enable,disable,status,set,config-entry} ... POSITIONAL ARGUMENTS 'dsconf plugin account-policy' dsconf plugin account-policy show Displays the plugin configuration dsconf plugin account-policy enable Enables the plugin dsconf plugin account-policy disable Disables the plugin dsconf plugin account-policy status Displays the plugin status dsconf plugin account-policy set Edit the plugin settings dsconf plugin account-policy config-entry Manage the config entry COMMAND 'dsconf plugin account-policy show' usage: dsconf instance plugin account-policy show [-h] COMMAND 'dsconf plugin account-policy enable' usage: dsconf instance plugin account-policy enable [-h] COMMAND 'dsconf plugin account-policy disable' usage: dsconf instance plugin account-policy disable [-h] COMMAND 'dsconf plugin account-policy status' usage: dsconf instance plugin account-policy status [-h] COMMAND 'dsconf plugin account-policy set' usage: dsconf instance plugin account-policy set [-h] [--config-entry CONFIG_ENTRY] OPTIONS 'dsconf plugin account-policy set' --config-entry CONFIG_ENTRY Sets the nsslapd-pluginConfigArea attribute COMMAND 'dsconf plugin account-policy config-entry' usage: dsconf instance plugin account-policy config-entry [-h] {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin account-policy config-entry' dsconf plugin account-policy config-entry add Add the config entry dsconf plugin account-policy config-entry set Edit the config entry dsconf plugin account-policy config-entry show Display the config entry dsconf plugin account-policy config-entry delete Delete the config entry COMMAND 'dsconf plugin account-policy config-entry add' usage: dsconf instance plugin account-policy config-entry add [-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR] [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR] [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR] [--state-attr STATE_ATTR] [--login-history-size LOGIN_HISTORY_SIZE] [--check-all-state-attrs {yes,no}] DN DN The full DN of the config entry OPTIONS 'dsconf plugin account-policy config-entry add' --always-record-login {yes,no} Sets that every entry records its last login time (alwaysRecordLogin) --alt-state-attr ALT_STATE_ATTR Provides a backup attribute for the server to reference to evaluate the expiration time (altStateAttrName) --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR Specifies the attribute to store the time of the last successful login in this attribute in the users directory entry (alwaysRecordLoginAttr) --limit-attr LIMIT_ATTR Specifies the attribute within the policy to use for the account inactivation limit (limitAttrName) --spec-attr SPEC_ATTR Specifies the attribute to identify which entries are account policy configuration entries (specAttrName) --state-attr STATE_ATTR Specifies the primary time attribute used to evaluate an account policy (stateAttrName) --login-history-size LOGIN_HISTORY_SIZE Specifies the number of login timestamps to store (lastLoginHistSize) ) --check-all-state-attrs {yes,no} Check both state and alternate state attributes for account state COMMAND 'dsconf plugin account-policy config-entry set' usage: dsconf instance plugin account-policy config-entry set [-h] [--always-record-login {yes,no}] [--alt-state-attr ALT_STATE_ATTR] [--always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR] [--limit-attr LIMIT_ATTR] [--spec-attr SPEC_ATTR] [--state-attr STATE_ATTR] [--login-history-size LOGIN_HISTORY_SIZE] [--check-all-state-attrs {yes,no}] DN DN The full DN of the config entry OPTIONS 'dsconf plugin account-policy config-entry set' --always-record-login {yes,no} Sets that every entry records its last login time (alwaysRecordLogin) --alt-state-attr ALT_STATE_ATTR Provides a backup attribute for the server to reference to evaluate the expiration time (altStateAttrName) --always-record-login-attr ALWAYS_RECORD_LOGIN_ATTR Specifies the attribute to store the time of the last successful login in this attribute in the users directory entry (alwaysRecordLoginAttr) --limit-attr LIMIT_ATTR Specifies the attribute within the policy to use for the account inactivation limit (limitAttrName) --spec-attr SPEC_ATTR Specifies the attribute to identify which entries are account policy configuration entries (specAttrName) --state-attr STATE_ATTR Specifies the primary time attribute used to evaluate an account policy (stateAttrName) --login-history-size LOGIN_HISTORY_SIZE Specifies the number of login timestamps to store (lastLoginHistSize) ) --check-all-state-attrs {yes,no} Check both state and alternate state attributes for account state COMMAND 'dsconf plugin account-policy config-entry show' usage: dsconf instance plugin account-policy config-entry show [-h] DN DN The full DN of the config entry COMMAND 'dsconf plugin account-policy config-entry delete' usage: dsconf instance plugin account-policy config-entry delete [-h] DN DN The full DN of the config entry COMMAND 'dsconf plugin attr-uniq' usage: dsconf instance plugin attr-uniq [-h] {list,add,set,show,delete,enable,disable,status} ... POSITIONAL ARGUMENTS 'dsconf plugin attr-uniq' dsconf plugin attr-uniq list Lists available plugin configs dsconf plugin attr-uniq add Add the config entry dsconf plugin attr-uniq set Edit the config entry dsconf plugin attr-uniq show Display the config entry dsconf plugin attr-uniq delete Delete the config entry dsconf plugin attr-uniq enable enable plugin dsconf plugin attr-uniq disable disable plugin dsconf plugin attr-uniq status display plugin status COMMAND 'dsconf plugin attr-uniq list' usage: dsconf instance plugin attr-uniq list [-h] COMMAND 'dsconf plugin attr-uniq add' usage: dsconf instance plugin attr-uniq add [-h] [--enabled {on,off}] [--attr-name ATTR_NAME [ATTR_NAME ...]] [--subtree SUBTREE [SUBTREE ...]] [--across-all-subtrees {on,off}] [--top-entry-oc TOP_ENTRY_OC] [--subtree-entries-oc SUBTREE_ENTRIES_OC] NAME NAME The name of the plug-in configuration record. (cn) You can use any string, but "attribute_name Attribute Uniqueness" is recommended. OPTIONS 'dsconf plugin attr-uniq add' --enabled {on,off} Identifies whether or not the config is enabled. --attr-name ATTR_NAME [ATTR_NAME ...] Sets the name of the attribute whose values must be unique. This attribute is multi-valued. (uniqueness-attribute-name) --subtree SUBTREE [SUBTREE ...] Sets the DN under which the plug-in checks for uniqueness of the attributes value. This attribute is multi-valued (uniqueness-subtrees) --across-all-subtrees {on,off} If enabled (on), the plug-in checks that the attribute is unique across all subtrees set. If you set the attribute to off, uniqueness is only enforced within the subtree of the updated entry (uniqueness-across-all-subtrees) --top-entry-oc TOP_ENTRY_OC Verifies that the value of the attribute set in uniqueness-attribute-name is unique in this subtree (uniqueness-top-entry-oc) --subtree-entries-oc SUBTREE_ENTRIES_OC Verifies if an attribute is unique, if the entry contains the object class set in this parameter (uniqueness-subtree-entries-oc) COMMAND 'dsconf plugin attr-uniq set' usage: dsconf instance plugin attr-uniq set [-h] [--enabled {on,off}] [--attr-name ATTR_NAME [ATTR_NAME ...]] [--subtree SUBTREE [SUBTREE ...]] [--across-all-subtrees {on,off}] [--top-entry-oc TOP_ENTRY_OC] [--subtree-entries-oc SUBTREE_ENTRIES_OC] NAME NAME The name of the plug-in configuration record. (cn) You can use any string, but "attribute_name Attribute Uniqueness" is recommended. OPTIONS 'dsconf plugin attr-uniq set' --enabled {on,off} Identifies whether or not the config is enabled. --attr-name ATTR_NAME [ATTR_NAME ...] Sets the name of the attribute whose values must be unique. This attribute is multi-valued. (uniqueness-attribute-name) --subtree SUBTREE [SUBTREE ...] Sets the DN under which the plug-in checks for uniqueness of the attributes value. This attribute is multi-valued (uniqueness-subtrees) --across-all-subtrees {on,off} If enabled (on), the plug-in checks that the attribute is unique across all subtrees set. If you set the attribute to off, uniqueness is only enforced within the subtree of the updated entry (uniqueness-across-all-subtrees) --top-entry-oc TOP_ENTRY_OC Verifies that the value of the attribute set in uniqueness-attribute-name is unique in this subtree (uniqueness-top-entry-oc) --subtree-entries-oc SUBTREE_ENTRIES_OC Verifies if an attribute is unique, if the entry contains the object class set in this parameter (uniqueness-subtree-entries-oc) COMMAND 'dsconf plugin attr-uniq show' usage: dsconf instance plugin attr-uniq show [-h] NAME NAME The name of the plug-in configuration record COMMAND 'dsconf plugin attr-uniq delete' usage: dsconf instance plugin attr-uniq delete [-h] NAME NAME The name of the plug-in configuration record COMMAND 'dsconf plugin attr-uniq enable' usage: dsconf instance plugin attr-uniq enable [-h] NAME NAME The name of the plug-in configuration record COMMAND 'dsconf plugin attr-uniq disable' usage: dsconf instance plugin attr-uniq disable [-h] NAME NAME The name of the plug-in configuration record COMMAND 'dsconf plugin attr-uniq status' usage: dsconf instance plugin attr-uniq status [-h] NAME NAME The name of the plug-in configuration record COMMAND 'dsconf plugin dna' usage: dsconf instance plugin dna [-h] {show,enable,disable,status,list,config} ... POSITIONAL ARGUMENTS 'dsconf plugin dna' dsconf plugin dna show Displays the plugin configuration dsconf plugin dna enable Enables the plugin dsconf plugin dna disable Disables the plugin dsconf plugin dna status Displays the plugin status dsconf plugin dna list List available plugin configs dsconf plugin dna config Manage plugin configs COMMAND 'dsconf plugin dna show' usage: dsconf instance plugin dna show [-h] COMMAND 'dsconf plugin dna enable' usage: dsconf instance plugin dna enable [-h] COMMAND 'dsconf plugin dna disable' usage: dsconf instance plugin dna disable [-h] COMMAND 'dsconf plugin dna status' usage: dsconf instance plugin dna status [-h] COMMAND 'dsconf plugin dna list' usage: dsconf instance plugin dna list [-h] {configs,shared-configs} ... POSITIONAL ARGUMENTS 'dsconf plugin dna list' dsconf plugin dna list configs List main DNA plugin config entries dsconf plugin dna list shared-configs List DNA plugin shared config entries COMMAND 'dsconf plugin dna list configs' usage: dsconf instance plugin dna list configs [-h] COMMAND 'dsconf plugin dna list shared-configs' usage: dsconf instance plugin dna list shared-configs [-h] BASEDN BASEDN The search DN COMMAND 'dsconf plugin dna config' usage: dsconf instance plugin dna config [-h] NAME {add,set,show,delete,shared-config-entry} ... POSITIONAL ARGUMENTS 'dsconf plugin dna config' dsconf plugin dna config add Add the config entry dsconf plugin dna config set Edit the config entry dsconf plugin dna config show Display the config entry dsconf plugin dna config delete Delete the config entry dsconf plugin dna config shared-config-entry Manage the shared config entry COMMAND 'dsconf plugin dna config add' usage: dsconf instance plugin dna config NAME add [-h] [--type TYPE [TYPE ...]] [--prefix PREFIX] [--next-value NEXT_VALUE] [--max-value MAX_VALUE] [--interval INTERVAL] [--magic-regen MAGIC_REGEN] [--filter FILTER] [--scope SCOPE] [--remote-bind-dn REMOTE_BIND_DN] [--remote-bind-cred REMOTE_BIND_CRED] [--shared-config-entry SHARED_CONFIG_ENTRY] [--threshold THRESHOLD] [--next-range NEXT_RANGE] [--range-request-timeout RANGE_REQUEST_TIMEOUT] OPTIONS 'dsconf plugin dna config add' --type TYPE [TYPE ...] Sets which attributes have unique numbers being generated for them (dnaType) --prefix PREFIX Defines a prefix that can be prepended to the generated number values for the attribute (dnaPrefix) --next-value NEXT_VALUE Sets the next available number which can be assigned (dnaNextValue) --max-value MAX_VALUE Sets the maximum value that can be assigned for the range (dnaMaxValue) --interval INTERVAL Sets an interval to use to increment through numbers in a range (dnaInterval) --magic-regen MAGIC_REGEN Sets a user-defined value that instructs the plug-in to assign a new value for the entry (dnaMagicRegen) --filter FILTER Sets an LDAP filter to use to search for and identify the entries to which to apply the distributed numeric assignment range (dnaFilter) --scope SCOPE Sets the base DN to search for entries to which to apply the distributed numeric assignment (dnaScope) --remote-bind-dn REMOTE_BIND_DN Specifies the Replication Manager DN (dnaRemoteBindDN) --remote-bind-cred REMOTE_BIND_CRED Specifies the Replication Manager's password (dnaRemoteBindCred) --shared-config-entry SHARED_CONFIG_ENTRY Defines a shared identity that the servers can use to transfer ranges to one another (dnaSharedCfgDN) --threshold THRESHOLD Sets a threshold of remaining available numbers in the range. When the server hits the threshold, it sends a request for a new range (dnaThreshold) --next-range NEXT_RANGE Defines the next range to use when the current range is exhausted (dnaNextRange) --range-request-timeout RANGE_REQUEST_TIMEOUT Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on a new range from one server and can request a range from a new server (dnaRangeRequestTimeout) COMMAND 'dsconf plugin dna config set' usage: dsconf instance plugin dna config NAME set [-h] [--type TYPE [TYPE ...]] [--prefix PREFIX] [--next-value NEXT_VALUE] [--max-value MAX_VALUE] [--interval INTERVAL] [--magic-regen MAGIC_REGEN] [--filter FILTER] [--scope SCOPE] [--remote-bind-dn REMOTE_BIND_DN] [--remote-bind-cred REMOTE_BIND_CRED] [--shared-config-entry SHARED_CONFIG_ENTRY] [--threshold THRESHOLD] [--next-range NEXT_RANGE] [--range-request-timeout RANGE_REQUEST_TIMEOUT] OPTIONS 'dsconf plugin dna config set' --type TYPE [TYPE ...] Sets which attributes have unique numbers being generated for them (dnaType) --prefix PREFIX Defines a prefix that can be prepended to the generated number values for the attribute (dnaPrefix) --next-value NEXT_VALUE Sets the next available number which can be assigned (dnaNextValue) --max-value MAX_VALUE Sets the maximum value that can be assigned for the range (dnaMaxValue) --interval INTERVAL Sets an interval to use to increment through numbers in a range (dnaInterval) --magic-regen MAGIC_REGEN Sets a user-defined value that instructs the plug-in to assign a new value for the entry (dnaMagicRegen) --filter FILTER Sets an LDAP filter to use to search for and identify the entries to which to apply the distributed numeric assignment range (dnaFilter) --scope SCOPE Sets the base DN to search for entries to which to apply the distributed numeric assignment (dnaScope) --remote-bind-dn REMOTE_BIND_DN Specifies the Replication Manager DN (dnaRemoteBindDN) --remote-bind-cred REMOTE_BIND_CRED Specifies the Replication Manager's password (dnaRemoteBindCred) --shared-config-entry SHARED_CONFIG_ENTRY Defines a shared identity that the servers can use to transfer ranges to one another (dnaSharedCfgDN) --threshold THRESHOLD Sets a threshold of remaining available numbers in the range. When the server hits the threshold, it sends a request for a new range (dnaThreshold) --next-range NEXT_RANGE Defines the next range to use when the current range is exhausted (dnaNextRange) --range-request-timeout RANGE_REQUEST_TIMEOUT Sets a timeout period, in seconds, for range requests so that the server does not stall waiting on a new range from one server and can request a range from a new server (dnaRangeRequestTimeout) COMMAND 'dsconf plugin dna config show' usage: dsconf instance plugin dna config NAME show [-h] COMMAND 'dsconf plugin dna config delete' usage: dsconf instance plugin dna config NAME delete [-h] COMMAND 'dsconf plugin dna config shared-config-entry' usage: dsconf instance plugin dna config NAME shared-config-entry [-h] SHARED_CFG {set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin dna config shared-config-entry' dsconf plugin dna config shared-config-entry set Edit the shared config entry dsconf plugin dna config shared-config-entry show Display the shared config entry dsconf plugin dna config shared-config-entry delete Delete the shared config entry COMMAND 'dsconf plugin dna config shared-config-entry set' usage: dsconf instance plugin dna config NAME shared-config-entry SHARED_CFG set [-h] [--remote-bind-method REMOTE_BIND_METHOD] [--remote-conn-protocol REMOTE_CONN_PROTOCOL] OPTIONS 'dsconf plugin dna config shared-config-entry set' --remote-bind-method REMOTE_BIND_METHOD Specifies the remote bind method "SIMPLE", "SSL" (for SSL client auth), "SASL/GSSAPI", or "SASL/DIGEST-MD5" (dnaRemoteBindMethod) --remote-conn-protocol REMOTE_CONN_PROTOCOL Specifies the remote connection protocol "LDAP", or "TLS" (dnaRemoteConnProtocol) COMMAND 'dsconf plugin dna config shared-config-entry show' usage: dsconf instance plugin dna config NAME shared-config-entry SHARED_CFG show [-h] COMMAND 'dsconf plugin dna config shared-config-entry delete' usage: dsconf instance plugin dna config NAME shared-config-entry SHARED_CFG delete [-h] COMMAND 'dsconf plugin ldap-pass-through-auth' usage: dsconf instance plugin ldap-pass-through-auth [-h] {show,enable,disable,status,list,add,modify,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin ldap-pass-through-auth' dsconf plugin ldap-pass-through-auth show Displays the plugin configuration dsconf plugin ldap-pass-through-auth enable Enables the plugin dsconf plugin ldap-pass-through-auth disable Disables the plugin dsconf plugin ldap-pass-through-auth status Displays the plugin status dsconf plugin ldap-pass-through-auth list Lists LDAP URLs dsconf plugin ldap-pass-through-auth add Add an LDAP url to the config entry dsconf plugin ldap-pass-through-auth modify Edit the LDAP pass through config entry dsconf plugin ldap-pass-through-auth delete Delete a URL from the config entry COMMAND 'dsconf plugin ldap-pass-through-auth show' usage: dsconf instance plugin ldap-pass-through-auth show [-h] COMMAND 'dsconf plugin ldap-pass-through-auth enable' usage: dsconf instance plugin ldap-pass-through-auth enable [-h] COMMAND 'dsconf plugin ldap-pass-through-auth disable' usage: dsconf instance plugin ldap-pass-through-auth disable [-h] COMMAND 'dsconf plugin ldap-pass-through-auth status' usage: dsconf instance plugin ldap-pass-through-auth status [-h] COMMAND 'dsconf plugin ldap-pass-through-auth list' usage: dsconf instance plugin ldap-pass-through-auth list [-h] COMMAND 'dsconf plugin ldap-pass-through-auth add' usage: dsconf instance plugin ldap-pass-through-auth add [-h] URL URL The full LDAP URL in format "ldap|ldaps://authDS/subtree maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the rest should be specified too COMMAND 'dsconf plugin ldap-pass-through-auth modify' usage: dsconf instance plugin ldap-pass-through-auth modify [-h] OLD_URL NEW_URL OLD_URL The full LDAP URL you get from the "list" command NEW_URL Sets the full LDAP URL in format "ldap|ldaps://authDS/subtree maxconns,maxops,timeout,ldver,connlifetime,startTLS". If one optional parameter is specified the rest should be specified too. COMMAND 'dsconf plugin ldap-pass-through-auth delete' usage: dsconf instance plugin ldap-pass-through-auth delete [-h] URL URL The full LDAP URL you get from the "list" command COMMAND 'dsconf plugin linked-attr' usage: dsconf instance plugin linked-attr [-h] {show,enable,disable,status,fixup,fixup-status,list,config} ... POSITIONAL ARGUMENTS 'dsconf plugin linked-attr' dsconf plugin linked-attr show Displays the plugin configuration dsconf plugin linked-attr enable Enables the plugin dsconf plugin linked-attr disable Disables the plugin dsconf plugin linked-attr status Displays the plugin status dsconf plugin linked-attr fixup Run the fix-up task for linked attributes plugin dsconf plugin linked-attr fixup-status Check the status of a fix-up task dsconf plugin linked-attr list List available plugin configs dsconf plugin linked-attr config Manage plugin configs COMMAND 'dsconf plugin linked-attr show' usage: dsconf instance plugin linked-attr show [-h] COMMAND 'dsconf plugin linked-attr enable' usage: dsconf instance plugin linked-attr enable [-h] COMMAND 'dsconf plugin linked-attr disable' usage: dsconf instance plugin linked-attr disable [-h] COMMAND 'dsconf plugin linked-attr status' usage: dsconf instance plugin linked-attr status [-h] COMMAND 'dsconf plugin linked-attr fixup' usage: dsconf instance plugin linked-attr fixup [-h] [-l LINKDN] [--wait] OPTIONS 'dsconf plugin linked-attr fixup' -l LINKDN, --linkdn LINKDN Sets the base DN that contains entries to fix up --wait Wait for the task to finish, this could take a long time COMMAND 'dsconf plugin linked-attr fixup-status' usage: dsconf instance plugin linked-attr fixup-status [-h] [--dn DN] [--show-log] [--watch] OPTIONS 'dsconf plugin linked-attr fixup-status' --dn DN The task entry's DN --show-log Display the task log --watch Watch the task's status and wait for it to finish COMMAND 'dsconf plugin linked-attr list' usage: dsconf instance plugin linked-attr list [-h] COMMAND 'dsconf plugin linked-attr config' usage: dsconf instance plugin linked-attr config [-h] NAME {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin linked-attr config' dsconf plugin linked-attr config add Add the config entry dsconf plugin linked-attr config set Edit the config entry dsconf plugin linked-attr config show Display the config entry dsconf plugin linked-attr config delete Delete the config entry COMMAND 'dsconf plugin linked-attr config add' usage: dsconf instance plugin linked-attr config NAME add [-h] [--link-type LINK_TYPE] [--managed-type MANAGED_TYPE] [--link-scope LINK_SCOPE] OPTIONS 'dsconf plugin linked-attr config add' --link-type LINK_TYPE Sets the attribute that is managed manually by administrators (linkType) --managed-type MANAGED_TYPE Sets the attribute that is created dynamically by the plugin (managedType) --link-scope LINK_SCOPE Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope) COMMAND 'dsconf plugin linked-attr config set' usage: dsconf instance plugin linked-attr config NAME set [-h] [--link-type LINK_TYPE] [--managed-type MANAGED_TYPE] [--link-scope LINK_SCOPE] OPTIONS 'dsconf plugin linked-attr config set' --link-type LINK_TYPE Sets the attribute that is managed manually by administrators (linkType) --managed-type MANAGED_TYPE Sets the attribute that is created dynamically by the plugin (managedType) --link-scope LINK_SCOPE Sets the scope that restricts the plugin to a specific part of the directory tree (linkScope) COMMAND 'dsconf plugin linked-attr config show' usage: dsconf instance plugin linked-attr config NAME show [-h] COMMAND 'dsconf plugin linked-attr config delete' usage: dsconf instance plugin linked-attr config NAME delete [-h] COMMAND 'dsconf plugin managed-entries' usage: dsconf instance plugin managed-entries [-h] {show,enable,disable,status,set,list,config,template} ... POSITIONAL ARGUMENTS 'dsconf plugin managed-entries' dsconf plugin managed-entries show Displays the plugin configuration dsconf plugin managed-entries enable Enables the plugin dsconf plugin managed-entries disable Disables the plugin dsconf plugin managed-entries status Displays the plugin status dsconf plugin managed-entries set Edit the plugin settings dsconf plugin managed-entries list List Managed Entries Plugin configs and templates dsconf plugin managed-entries config Handle Managed Entries Plugin configs dsconf plugin managed-entries template Handle Managed Entries Plugin templates COMMAND 'dsconf plugin managed-entries show' usage: dsconf instance plugin managed-entries show [-h] COMMAND 'dsconf plugin managed-entries enable' usage: dsconf instance plugin managed-entries enable [-h] COMMAND 'dsconf plugin managed-entries disable' usage: dsconf instance plugin managed-entries disable [-h] COMMAND 'dsconf plugin managed-entries status' usage: dsconf instance plugin managed-entries status [-h] COMMAND 'dsconf plugin managed-entries set' usage: dsconf instance plugin managed-entries set [-h] [--config-area CONFIG_AREA] OPTIONS 'dsconf plugin managed-entries set' --config-area CONFIG_AREA Sets the value of the nsslapd-pluginConfigArea attribute COMMAND 'dsconf plugin managed-entries list' usage: dsconf instance plugin managed-entries list [-h] {configs,templates} ... POSITIONAL ARGUMENTS 'dsconf plugin managed-entries list' dsconf plugin managed-entries list configs List Managed Entries Plugin configs (list config-area if specified in the main plugin entry) dsconf plugin managed-entries list templates List Managed Entries Plugin templates in the directory COMMAND 'dsconf plugin managed-entries list configs' usage: dsconf instance plugin managed-entries list configs [-h] COMMAND 'dsconf plugin managed-entries list templates' usage: dsconf instance plugin managed-entries list templates [-h] [BASEDN] BASEDN The base DN where to search the templates COMMAND 'dsconf plugin managed-entries config' usage: dsconf instance plugin managed-entries config [-h] NAME {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin managed-entries config' dsconf plugin managed-entries config add Add the config entry dsconf plugin managed-entries config set Edit the config entry dsconf plugin managed-entries config show Display the config entry dsconf plugin managed-entries config delete Delete the config entry COMMAND 'dsconf plugin managed-entries config add' usage: dsconf instance plugin managed-entries config NAME add [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE] [--managed-template MANAGED_TEMPLATE] OPTIONS 'dsconf plugin managed-entries config add' --scope SCOPE Sets the scope of the search to use to see which entries the plug-in monitors (originScope) --filter FILTER Sets the search filter to use to search for and identify the entries within the subtree which require a managed entry (originFilter) --managed-base MANAGED_BASE Sets the subtree under which to create the managed entries (managedBase) --managed-template MANAGED_TEMPLATE Identifies the template entry to use to create the managed entry (managedTemplate) COMMAND 'dsconf plugin managed-entries config set' usage: dsconf instance plugin managed-entries config NAME set [-h] [--scope SCOPE] [--filter FILTER] [--managed-base MANAGED_BASE] [--managed-template MANAGED_TEMPLATE] OPTIONS 'dsconf plugin managed-entries config set' --scope SCOPE Sets the scope of the search to use to see which entries the plug-in monitors (originScope) --filter FILTER Sets the search filter to use to search for and identify the entries within the subtree which require a managed entry (originFilter) --managed-base MANAGED_BASE Sets the subtree under which to create the managed entries (managedBase) --managed-template MANAGED_TEMPLATE Identifies the template entry to use to create the managed entry (managedTemplate) COMMAND 'dsconf plugin managed-entries config show' usage: dsconf instance plugin managed-entries config NAME show [-h] COMMAND 'dsconf plugin managed-entries config delete' usage: dsconf instance plugin managed-entries config NAME delete [-h] COMMAND 'dsconf plugin managed-entries template' usage: dsconf instance plugin managed-entries template [-h] DN {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin managed-entries template' dsconf plugin managed-entries template add Add the template entry dsconf plugin managed-entries template set Edit the template entry dsconf plugin managed-entries template show Display the template entry dsconf plugin managed-entries template delete Delete the template entry COMMAND 'dsconf plugin managed-entries template add' usage: dsconf instance plugin managed-entries template DN add [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR [STATIC_ATTR ...]] [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]] OPTIONS 'dsconf plugin managed-entries template add' --rdn-attr RDN_ATTR Sets which attribute to use as the naming attribute in the automatically- generated entry (mepRDNAttr) --static-attr STATIC_ATTR [STATIC_ATTR ...] Sets an attribute with a defined value that must be added to the automatically-generated entry (mepStaticAttr) --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...] Sets attributes in the Managed Entries template entry which must exist in the generated entry (mepMappedAttr) COMMAND 'dsconf plugin managed-entries template set' usage: dsconf instance plugin managed-entries template DN set [-h] [--rdn-attr RDN_ATTR] [--static-attr STATIC_ATTR [STATIC_ATTR ...]] [--mapped-attr MAPPED_ATTR [MAPPED_ATTR ...]] OPTIONS 'dsconf plugin managed-entries template set' --rdn-attr RDN_ATTR Sets which attribute to use as the naming attribute in the automatically- generated entry (mepRDNAttr) --static-attr STATIC_ATTR [STATIC_ATTR ...] Sets an attribute with a defined value that must be added to the automatically-generated entry (mepStaticAttr) --mapped-attr MAPPED_ATTR [MAPPED_ATTR ...] Sets attributes in the Managed Entries template entry which must exist in the generated entry (mepMappedAttr) COMMAND 'dsconf plugin managed-entries template show' usage: dsconf instance plugin managed-entries template DN show [-h] COMMAND 'dsconf plugin managed-entries template delete' usage: dsconf instance plugin managed-entries template DN delete [-h] COMMAND 'dsconf plugin pam-pass-through-auth' usage: dsconf instance plugin pam-pass-through-auth [-h] {show,enable,disable,status,list,config} ... POSITIONAL ARGUMENTS 'dsconf plugin pam-pass-through-auth' dsconf plugin pam-pass-through-auth show Displays the plugin configuration dsconf plugin pam-pass-through-auth enable Enables the plugin dsconf plugin pam-pass-through-auth disable Disables the plugin dsconf plugin pam-pass-through-auth status Displays the plugin status dsconf plugin pam-pass-through-auth list Lists PAM configurations dsconf plugin pam-pass-through-auth config Manage PAM PTA configurations. COMMAND 'dsconf plugin pam-pass-through-auth show' usage: dsconf instance plugin pam-pass-through-auth show [-h] COMMAND 'dsconf plugin pam-pass-through-auth enable' usage: dsconf instance plugin pam-pass-through-auth enable [-h] COMMAND 'dsconf plugin pam-pass-through-auth disable' usage: dsconf instance plugin pam-pass-through-auth disable [-h] COMMAND 'dsconf plugin pam-pass-through-auth status' usage: dsconf instance plugin pam-pass-through-auth status [-h] COMMAND 'dsconf plugin pam-pass-through-auth list' usage: dsconf instance plugin pam-pass-through-auth list [-h] COMMAND 'dsconf plugin pam-pass-through-auth config' usage: dsconf instance plugin pam-pass-through-auth config [-h] NAME {add,set,show,delete} ... POSITIONAL ARGUMENTS 'dsconf plugin pam-pass-through-auth config' dsconf plugin pam-pass-through-auth config add Add the config entry dsconf plugin pam-pass-through-auth config set Edit the config entry dsconf plugin pam-pass-through-auth config show Display the config entry dsconf plugin pam-pass-through-auth config delete Delete the config entry COMMAND 'dsconf plugin pam-pass-through-auth config add' usage: dsconf instance plugin pam-pass-through-auth config NAME add [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]] [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]] [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER] [--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD] [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE] OPTIONS 'dsconf plugin pam-pass-through-auth config add' --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...] Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix) --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...] Sets a suffix to include for PAM authentication (pamIncludeSuffix) --missing-suffix {ERROR,ALLOW,IGNORE,delete,} Identifies how to handle missing include or exclude suffixes (pamMissingSuffix) --filter FILTER Sets an LDAP filter to use to identify specific entries within the included suffixes for which to use PAM pass-through authentication (pamFilter) --id-attr ID_ATTR Contains the attribute name which is used to hold the PAM user ID (pamIDAttr) --id_map_method ID_MAP_METHOD Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod) --fallback {TRUE,FALSE} Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback) --secure {TRUE,FALSE} Requires secure TLS connection for PAM authentication (pamSecure) --service SERVICE Contains the service name to pass to PAM (pamService) COMMAND 'dsconf plugin pam-pass-through-auth config set' usage: dsconf instance plugin pam-pass-through-auth config NAME set [-h] [--exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...]] [--include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...]] [--missing-suffix {ERROR,ALLOW,IGNORE,delete,}] [--filter FILTER] [--id-attr ID_ATTR] [--id_map_method ID_MAP_METHOD] [--fallback {TRUE,FALSE}] [--secure {TRUE,FALSE}] [--service SERVICE] OPTIONS 'dsconf plugin pam-pass-through-auth config set' --exclude-suffix EXCLUDE_SUFFIX [EXCLUDE_SUFFIX ...] Specifies a suffix to exclude from PAM authentication (pamExcludeSuffix) --include-suffix INCLUDE_SUFFIX [INCLUDE_SUFFIX ...] Sets a suffix to include for PAM authentication (pamIncludeSuffix) --missing-suffix {ERROR,ALLOW,IGNORE,delete,} Identifies how to handle missing include or exclude suffixes (pamMissingSuffix) --filter FILTER Sets an LDAP filter to use to identify specific entries within the included suffixes for which to use PAM pass-through authentication (pamFilter) --id-attr ID_ATTR Contains the attribute name which is used to hold the PAM user ID (pamIDAttr) --id_map_method ID_MAP_METHOD Sets the method to use to map the LDAP bind DN to a PAM identity (pamIDMapMethod) --fallback {TRUE,FALSE} Sets whether to fallback to regular LDAP authentication if PAM authentication fails (pamFallback) --secure {TRUE,FALSE} Requires secure TLS connection for PAM authentication (pamSecure) --service SERVICE Contains the service name to pass to PAM (pamService) COMMAND 'dsconf plugin pam-pass-through-auth config show' usage: dsconf instance plugin pam-pass-through-auth config NAME show [-h] COMMAND 'dsconf plugin pam-pass-through-auth config delete' usage: dsconf instance plugin pam-pass-through-auth config NAME delete [-h] COMMAND 'dsconf plugin retro-changelog' usage: dsconf instance plugin retro-changelog [-h] {show,enable,disable,status,set,add,del} ... POSITIONAL ARGUMENTS 'dsconf plugin retro-changelog' dsconf plugin retro-changelog show Displays the plugin configuration dsconf plugin retro-changelog enable Enables the plugin dsconf plugin retro-changelog disable Disables the plugin dsconf plugin retro-changelog status Displays the plugin status dsconf plugin retro-changelog set Edit the plugin dsconf plugin retro-changelog add Add attributes to the plugin dsconf plugin retro-changelog del Delete an attribute from plugin scope COMMAND 'dsconf plugin retro-changelog show' usage: dsconf instance plugin retro-changelog show [-h] COMMAND 'dsconf plugin retro-changelog enable' usage: dsconf instance plugin retro-changelog enable [-h] COMMAND 'dsconf plugin retro-changelog disable' usage: dsconf instance plugin retro-changelog disable [-h] COMMAND 'dsconf plugin retro-changelog status' usage: dsconf instance plugin retro-changelog status [-h] COMMAND 'dsconf plugin retro-changelog set' usage: dsconf instance plugin retro-changelog set [-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE] [--directory DIRECTORY] [--max-age MAX_AGE] [--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]] [--exclude-attrs [EXCLUDE_ATTRS ...]] OPTIONS 'dsconf plugin retro-changelog set' --is-replicated {TRUE,FALSE} Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated) --attribute ATTRIBUTE Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd-attribute) --directory DIRECTORY Specifies the name of the directory in which the changelog database is created the first time the plug-in is run --max-age MAX_AGE Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd-changelogmaxage) --trim-interval TRIM_INTERVAL --exclude-suffix [EXCLUDE_SUFFIX ...] Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix) --exclude-attrs [EXCLUDE_ATTRS ...] Specifies the attributes which will be excluded from the scope of the plugin (nsslapd-exclude-attrs) COMMAND 'dsconf plugin retro-changelog add' usage: dsconf instance plugin retro-changelog add [-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE] [--directory DIRECTORY] [--max-age MAX_AGE] [--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]] [--exclude-attrs [EXCLUDE_ATTRS ...]] OPTIONS 'dsconf plugin retro-changelog add' --is-replicated {TRUE,FALSE} Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated) --attribute ATTRIBUTE Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd-attribute) --directory DIRECTORY Specifies the name of the directory in which the changelog database is created the first time the plug-in is run --max-age MAX_AGE Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd-changelogmaxage) --trim-interval TRIM_INTERVAL --exclude-suffix [EXCLUDE_SUFFIX ...] Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix) --exclude-attrs [EXCLUDE_ATTRS ...] Specifies the attributes which will be excluded from the scope of the plugin (nsslapd-exclude-attrs) COMMAND 'dsconf plugin retro-changelog del' usage: dsconf instance plugin retro-changelog del [-h] [--is-replicated {TRUE,FALSE}] [--attribute ATTRIBUTE] [--directory DIRECTORY] [--max-age MAX_AGE] [--trim-interval TRIM_INTERVAL] [--exclude-suffix [EXCLUDE_SUFFIX ...]] [--exclude-attrs [EXCLUDE_ATTRS ...]] OPTIONS 'dsconf plugin retro-changelog del' --is-replicated {TRUE,FALSE} Sets a flag to indicate on a change in the changelog whether the change is newly made on that server or whether it was replicated over from another server (isReplicated) --attribute ATTRIBUTE Specifies another Directory Server attribute which must be included in the retro changelog entries (nsslapd-attribute) --directory DIRECTORY Specifies the name of the directory in which the changelog database is created the first time the plug-in is run --max-age MAX_AGE Specifies the maximum age of any entry in the changelog. Used to trim the changelog (nsslapd-changelogmaxage) --trim-interval TRIM_INTERVAL --exclude-suffix [EXCLUDE_SUFFIX ...] Specifies the suffix which will be excluded from the scope of the plugin (nsslapd-exclude-suffix) --exclude-attrs [EXCLUDE_ATTRS ...] Specifies the attributes which will be excluded from the scope of the plugin (nsslapd-exclude-attrs) COMMAND 'dsconf plugin posix-winsync' usage: dsconf instance plugin posix-winsync [-h] {show,enable,disable,status,set,fixup} ... POSITIONAL ARGUMENTS 'dsconf plugin posix-winsync' dsconf plugin posix-winsync show Displays the plugin configuration dsconf plugin posix-winsync enable Enables the plugin dsconf plugin posix-winsync disable Disables the plugin dsconf plugin posix-winsync status Displays the plugin status dsconf plugin posix-winsync set Edit the plugin settings dsconf plugin posix-winsync fixup Run the memberOf fix-up task to correct mismatched member and uniquemember values for synced users COMMAND 'dsconf plugin posix-winsync show' usage: dsconf instance plugin posix-winsync show [-h] COMMAND 'dsconf plugin posix-winsync enable' usage: dsconf instance plugin posix-winsync enable [-h] COMMAND 'dsconf plugin posix-winsync disable' usage: dsconf instance plugin posix-winsync disable [-h] COMMAND 'dsconf plugin posix-winsync status' usage: dsconf instance plugin posix-winsync status [-h] COMMAND 'dsconf plugin posix-winsync set' usage: dsconf instance plugin posix-winsync set [-h] [--create-memberof-task {true,false}] [--lower-case-uid {true,false}] [--map-member-uid {true,false}] [--map-nested-grouping {true,false}] [--ms-sfu-schema {true,false}] OPTIONS 'dsconf plugin posix-winsync set' --create-memberof-task {true,false} Sets whether to run the memberUID fix-up task immediately after a sync run in order to update group memberships for synced users (posixWinsyncCreateMemberOfTask) --lower-case-uid {true,false} Sets whether to store (and, if necessary, convert) the UID value in the memberUID attribute in lower case.(posixWinsyncLowerCaseUID) --map-member-uid {true,false} Sets whether to map the memberUID attribute in an Active Directory group to the uniqueMember attribute in a Directory Server group (posixWinsyncMapMemberUID) --map-nested-grouping {true,false} Manages if nested groups are updated when memberUID attributes in an Active Directory POSIX group change (posixWinsyncMapNestedGrouping) --ms-sfu-schema {true,false} Sets whether to the older Microsoft System Services for Unix 3.0 (msSFU30) schema when syncing Posix attributes from Active Directory (posixWinsyncMsSFUSchema) COMMAND 'dsconf plugin posix-winsync fixup' usage: dsconf instance plugin posix-winsync fixup [-h] [-f FILTER] [--timeout TIMEOUT] DN DN Set the base DN that contains entries to fix up OPTIONS 'dsconf plugin posix-winsync fixup' -f FILTER, --filter FILTER Filter for entries to fix up. If omitted, all entries with objectclass inetuser/inetadmin/nsmemberof under the specified base will have their memberOf attribute regenerated. --timeout TIMEOUT Set a timeout to wait for the fixup task. Default is 120 seconds COMMAND 'dsconf plugin contentsync' usage: dsconf instance plugin contentsync [-h] {show,enable,disable,status,set,add} ... POSITIONAL ARGUMENTS 'dsconf plugin contentsync' dsconf plugin contentsync show Displays the plugin configuration dsconf plugin contentsync enable Enables the plugin dsconf plugin contentsync disable Disables the plugin dsconf plugin contentsync status Displays the plugin status dsconf plugin contentsync set Edit the plugin settings dsconf plugin contentsync add Add attributes to the plugin COMMAND 'dsconf plugin contentsync show' usage: dsconf instance plugin contentsync show [-h] COMMAND 'dsconf plugin contentsync enable' usage: dsconf instance plugin contentsync enable [-h] COMMAND 'dsconf plugin contentsync disable' usage: dsconf instance plugin contentsync disable [-h] COMMAND 'dsconf plugin contentsync status' usage: dsconf instance plugin contentsync status [-h] COMMAND 'dsconf plugin contentsync set' usage: dsconf instance plugin contentsync set [-h] [--allow-openldap {on,off}] OPTIONS 'dsconf plugin contentsync set' --allow-openldap {on,off} Allows openldap servers to act as read only consumers of this server via syncrepl COMMAND 'dsconf plugin contentsync add' usage: dsconf instance plugin contentsync add [-h] [--allow-openldap {on,off}] OPTIONS 'dsconf plugin contentsync add' --allow-openldap {on,off} Allows openldap servers to act as read only consumers of this server via syncrepl COMMAND 'dsconf plugin entryuuid' usage: dsconf instance plugin entryuuid [-h] {show,enable,disable,status,fixup,fixup-status} ... POSITIONAL ARGUMENTS 'dsconf plugin entryuuid' dsconf plugin entryuuid show Displays the plugin configuration dsconf plugin entryuuid enable Enables the plugin dsconf plugin entryuuid disable Disables the plugin dsconf plugin entryuuid status Displays the plugin status dsconf plugin entryuuid fixup Run the fix-up task for EntryUUID plugin dsconf plugin entryuuid fixup-status Check the status of a fix-up task COMMAND 'dsconf plugin entryuuid show' usage: dsconf instance plugin entryuuid show [-h] COMMAND 'dsconf plugin entryuuid enable' usage: dsconf instance plugin entryuuid enable [-h] COMMAND 'dsconf plugin entryuuid disable' usage: dsconf instance plugin entryuuid disable [-h] COMMAND 'dsconf plugin entryuuid status' usage: dsconf instance plugin entryuuid status [-h] COMMAND 'dsconf plugin entryuuid fixup' usage: dsconf instance plugin entryuuid fixup [-h] [-f FILTER] [--wait] [--timeout TIMEOUT] DN DN Base DN that contains entries to fix up OPTIONS 'dsconf plugin entryuuid fixup' -f FILTER, --filter FILTER Filter for entries to fix up. If omitted, all entries under base DNwill have their EntryUUID attribute regenerated if not present. --wait Wait for the task to finish, this could take a long time --timeout TIMEOUT Sets the task timeout. Default is 0 (no timeout) COMMAND 'dsconf plugin entryuuid fixup-status' usage: dsconf instance plugin entryuuid fixup-status [-h] [--dn DN] [--show-log] [--watch] OPTIONS 'dsconf plugin entryuuid fixup-status' --dn DN The task entry's DN --show-log Display the task log --watch Watch the task's status and wait for it to finish COMMAND 'dsconf plugin list' usage: dsconf instance plugin list [-h] COMMAND 'dsconf plugin show' usage: dsconf instance plugin show [-h] [selector] selector The plugin to search for COMMAND 'dsconf plugin set' usage: dsconf instance plugin set [-h] [--type TYPE] [--enabled {on,off}] [--path PATH] [--initfunc INITFUNC] [--id ID] [--vendor VENDOR] [--version VERSION] [--description DESCRIPTION] [--depends-on-type DEPENDS_ON_TYPE] [--depends-on-named DEPENDS_ON_NAMED] [--precedence PRECEDENCE] [selector] selector The plugin to edit OPTIONS 'dsconf plugin set' --type TYPE The type of plugin. --enabled {on,off} Identifies whether or not the plugin is enabled. --path PATH The plugin library name (without the library suffix). --initfunc INITFUNC An initialization function of the plugin. --id ID The plugin ID. --vendor VENDOR The vendor of plugin. --version VERSION The version of plugin. --description DESCRIPTION The description of the plugin. --depends-on-type DEPENDS_ON_TYPE All plug-ins with a type value which matches one of the values in the following valid range will be started by the server prior to this plug-in. --depends-on-named DEPENDS_ON_NAMED The plug-in name matching one of the following values will be started by the server prior to this plug-in --precedence PRECEDENCE The priority it has in the execution order of plug-ins COMMAND 'dsconf pwpolicy' usage: dsconf instance pwpolicy [-h] {get,set,list-schemes} ... POSITIONAL ARGUMENTS 'dsconf pwpolicy' dsconf pwpolicy get Get the global password policy entry dsconf pwpolicy set Set an attribute in a global password policy dsconf pwpolicy list-schemes Get a list of the current password storage schemes COMMAND 'dsconf pwpolicy get' usage: dsconf instance pwpolicy get [-h] COMMAND 'dsconf pwpolicy set' usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME] [--pwdchange PWDCHANGE] [--pwdmustchange PWDMUSTCHANGE] [--pwdhistory PWDHISTORY] [--pwdhistorycount PWDHISTORYCOUNT] [--pwdadmin PWDADMIN] [--pwdadminskipupdates PWDADMINSKIPUPDATES] [--pwdtrack PWDTRACK] [--pwdwarning PWDWARNING] [--pwdexpire PWDEXPIRE] [--pwdmaxage PWDMAXAGE] [--pwdminage PWDMINAGE] [--pwdgracelimit PWDGRACELIMIT] [--pwdsendexpiring PWDSENDEXPIRING] [--pwdlockout PWDLOCKOUT] [--pwdunlock PWDUNLOCK] [--pwdlockoutduration PWDLOCKOUTDURATION] [--pwdmaxfailures PWDMAXFAILURES] [--pwdresetfailcount PWDRESETFAILCOUNT] [--pwdchecksyntax PWDCHECKSYNTAX] [--pwdminlen PWDMINLEN] [--pwdmindigits PWDMINDIGITS] [--pwdminalphas PWDMINALPHAS] [--pwdminuppers PWDMINUPPERS] [--pwdminlowers PWDMINLOWERS] [--pwdminspecials PWDMINSPECIALS] [--pwdmin8bits PWDMIN8BITS] [--pwdmaxrepeats PWDMAXREPEATS] [--pwdpalindrome PWDPALINDROME] [--pwdmaxseq PWDMAXSEQ] [--pwdmaxseqsets PWDMAXSEQSETS] [--pwdmaxclasschars PWDMAXCLASSCHARS] [--pwdmincatagories PWDMINCATAGORIES] [--pwdmintokenlen PWDMINTOKENLEN] [--pwdbadwords PWDBADWORDS] [--pwduserattrs PWDUSERATTRS] [--pwddictcheck PWDDICTCHECK] [--pwddictpath PWDDICTPATH] [--pwptprmaxuse PWPTPRMAXUSE] [--pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] [--pwdlocal PWDLOCAL] [--pwdisglobal PWDISGLOBAL] [--pwdallowhash PWDALLOWHASH] [--pwpinheritglobal PWPINHERITGLOBAL] OPTIONS 'dsconf pwpolicy set' --pwdscheme PWDSCHEME The password storage scheme --pwdchange PWDCHANGE Allow users to change their passwords --pwdmustchange PWDMUSTCHANGE Users must change their password after it was reset by an administrator --pwdhistory PWDHISTORY To enable password history set this to "on", otherwise "off" --pwdhistorycount PWDHISTORYCOUNT The number of passwords to keep in history --pwdadmin PWDADMIN The DN of an entry or a group of account that can bypass password policy constraints --pwdadminskipupdates PWDADMINSKIPUPDATES Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). --pwdtrack PWDTRACK Set to "on" to track the time the password was last changed --pwdwarning PWDWARNING Send an expiring warning if password expires within this time (in seconds) --pwdexpire PWDEXPIRE Set to "on" to enable password expiration --pwdmaxage PWDMAXAGE The password expiration time in seconds --pwdminage PWDMINAGE The number of seconds that must pass before a user can change their password --pwdgracelimit PWDGRACELIMIT The number of allowed logins after the password has expired --pwdsendexpiring PWDSENDEXPIRING Set to "on" to always send the expiring control regardless of the warning period --pwdlockout PWDLOCKOUT Set to "on" to enable account lockout --pwdunlock PWDUNLOCK Set to "on" to allow an account to become unlocked after the lockout duration --pwdlockoutduration PWDLOCKOUTDURATION The number of seconds an account stays locked out --pwdmaxfailures PWDMAXFAILURES The maximum number of allowed failed password attempts before the account gets locked --pwdresetfailcount PWDRESETFAILCOUNT The number of seconds to wait before reducing the failed login count on an account --pwdchecksyntax PWDCHECKSYNTAX Set to "on" to enable password syntax checking --pwdminlen PWDMINLEN The minimum number of characters required in a password --pwdmindigits PWDMINDIGITS The minimum number of digit/number characters in a password --pwdminalphas PWDMINALPHAS The minimum number of alpha characters required in a password --pwdminuppers PWDMINUPPERS The minimum number of uppercase characters required in a password --pwdminlowers PWDMINLOWERS The minimum number of lowercase characters required in a password --pwdminspecials PWDMINSPECIALS The minimum number of special characters required in a password --pwdmin8bits PWDMIN8BITS The minimum number of 8-bit characters required in a password --pwdmaxrepeats PWDMAXREPEATS The maximum number of times the same character can appear sequentially in the password --pwdpalindrome PWDPALINDROME Set to "on" to reject passwords that are palindromes --pwdmaxseq PWDMAXSEQ The maximum number of allowed monotonic character sequences in a password --pwdmaxseqsets PWDMAXSEQSETS The maximum number of allowed monotonic character sequences that can be duplicated in a password --pwdmaxclasschars PWDMAXCLASSCHARS The maximum number of sequential characters from the same character class that is allowed in a password --pwdmincatagories PWDMINCATAGORIES The minimum number of syntax category checks --pwdmintokenlen PWDMINTOKENLEN Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "--pwduserattrs" --pwdbadwords PWDBADWORDS A space-separated list of words that can not be in a password --pwduserattrs PWDUSERATTRS A space-separated list of attributes whose values can not appear in the password (See "--pwdmintokenlen") --pwddictcheck PWDDICTCHECK Set to "on" to enforce CrackLib dictionary checking --pwddictpath PWDDICTPATH Filesystem path to specific/custom CrackLib dictionary files --pwptprmaxuse PWPTPRMAXUSE Number of times a reset password can be used for authentication --pwptprdelayexpireat PWPTPRDELAYEXPIREAT Number of seconds after which a reset password expires --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM Number of seconds to wait before using a reset password to authenticated --pwdlocal PWDLOCAL Set to "on" to enable fine-grained (subtree/user-level) password policies --pwdisglobal PWDISGLOBAL Set to "on" to enable password policy state attributes to be replicated --pwdallowhash PWDALLOWHASH Set to "on" to allow adding prehashed passwords --pwpinheritglobal PWPINHERITGLOBAL Set to "on" to allow local policies to inherit the global policy COMMAND 'dsconf pwpolicy list-schemes' usage: dsconf instance pwpolicy list-schemes [-h] COMMAND 'dsconf localpwp' usage: dsconf instance localpwp [-h] {list,get,set,remove,adduser,addsubtree} ... POSITIONAL ARGUMENTS 'dsconf localpwp' dsconf localpwp list List all the local password policies dsconf localpwp get Get local password policy entry dsconf localpwp set Set an attribute in a local password policy dsconf localpwp remove Remove a local password policy dsconf localpwp adduser Add new user password policy dsconf localpwp addsubtree Add new subtree password policy COMMAND 'dsconf localpwp list' usage: dsconf instance localpwp list [-h] [DN] DN Suffix to search for local password policies COMMAND 'dsconf localpwp get' usage: dsconf instance localpwp get [-h] DN DN Get the local policy for this entry DN COMMAND 'dsconf localpwp set' usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME] [--pwdchange PWDCHANGE] [--pwdmustchange PWDMUSTCHANGE] [--pwdhistory PWDHISTORY] [--pwdhistorycount PWDHISTORYCOUNT] [--pwdadmin PWDADMIN] [--pwdadminskipupdates PWDADMINSKIPUPDATES] [--pwdtrack PWDTRACK] [--pwdwarning PWDWARNING] [--pwdexpire PWDEXPIRE] [--pwdmaxage PWDMAXAGE] [--pwdminage PWDMINAGE] [--pwdgracelimit PWDGRACELIMIT] [--pwdsendexpiring PWDSENDEXPIRING] [--pwdlockout PWDLOCKOUT] [--pwdunlock PWDUNLOCK] [--pwdlockoutduration PWDLOCKOUTDURATION] [--pwdmaxfailures PWDMAXFAILURES] [--pwdresetfailcount PWDRESETFAILCOUNT] [--pwdchecksyntax PWDCHECKSYNTAX] [--pwdminlen PWDMINLEN] [--pwdmindigits PWDMINDIGITS] [--pwdminalphas PWDMINALPHAS] [--pwdminuppers PWDMINUPPERS] [--pwdminlowers PWDMINLOWERS] [--pwdminspecials PWDMINSPECIALS] [--pwdmin8bits PWDMIN8BITS] [--pwdmaxrepeats PWDMAXREPEATS] [--pwdpalindrome PWDPALINDROME] [--pwdmaxseq PWDMAXSEQ] [--pwdmaxseqsets PWDMAXSEQSETS] [--pwdmaxclasschars PWDMAXCLASSCHARS] [--pwdmincatagories PWDMINCATAGORIES] [--pwdmintokenlen PWDMINTOKENLEN] [--pwdbadwords PWDBADWORDS] [--pwduserattrs PWDUSERATTRS] [--pwddictcheck PWDDICTCHECK] [--pwddictpath PWDDICTPATH] [--pwptprmaxuse PWPTPRMAXUSE] [--pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] DN DN Set the local policy for this entry DN OPTIONS 'dsconf localpwp set' --pwdscheme PWDSCHEME The password storage scheme --pwdchange PWDCHANGE Allow users to change their passwords --pwdmustchange PWDMUSTCHANGE Users must change their password after it was reset by an administrator --pwdhistory PWDHISTORY To enable password history set this to "on", otherwise "off" --pwdhistorycount PWDHISTORYCOUNT The number of passwords to keep in history --pwdadmin PWDADMIN The DN of an entry or a group of account that can bypass password policy constraints --pwdadminskipupdates PWDADMINSKIPUPDATES Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). --pwdtrack PWDTRACK Set to "on" to track the time the password was last changed --pwdwarning PWDWARNING Send an expiring warning if password expires within this time (in seconds) --pwdexpire PWDEXPIRE Set to "on" to enable password expiration --pwdmaxage PWDMAXAGE The password expiration time in seconds --pwdminage PWDMINAGE The number of seconds that must pass before a user can change their password --pwdgracelimit PWDGRACELIMIT The number of allowed logins after the password has expired --pwdsendexpiring PWDSENDEXPIRING Set to "on" to always send the expiring control regardless of the warning period --pwdlockout PWDLOCKOUT Set to "on" to enable account lockout --pwdunlock PWDUNLOCK Set to "on" to allow an account to become unlocked after the lockout duration --pwdlockoutduration PWDLOCKOUTDURATION The number of seconds an account stays locked out --pwdmaxfailures PWDMAXFAILURES The maximum number of allowed failed password attempts before the account gets locked --pwdresetfailcount PWDRESETFAILCOUNT The number of seconds to wait before reducing the failed login count on an account --pwdchecksyntax PWDCHECKSYNTAX Set to "on" to enable password syntax checking --pwdminlen PWDMINLEN The minimum number of characters required in a password --pwdmindigits PWDMINDIGITS The minimum number of digit/number characters in a password --pwdminalphas PWDMINALPHAS The minimum number of alpha characters required in a password --pwdminuppers PWDMINUPPERS The minimum number of uppercase characters required in a password --pwdminlowers PWDMINLOWERS The minimum number of lowercase characters required in a password --pwdminspecials PWDMINSPECIALS The minimum number of special characters required in a password --pwdmin8bits PWDMIN8BITS The minimum number of 8-bit characters required in a password --pwdmaxrepeats PWDMAXREPEATS The maximum number of times the same character can appear sequentially in the password --pwdpalindrome PWDPALINDROME Set to "on" to reject passwords that are palindromes --pwdmaxseq PWDMAXSEQ The maximum number of allowed monotonic character sequences in a password --pwdmaxseqsets PWDMAXSEQSETS The maximum number of allowed monotonic character sequences that can be duplicated in a password --pwdmaxclasschars PWDMAXCLASSCHARS The maximum number of sequential characters from the same character class that is allowed in a password --pwdmincatagories PWDMINCATAGORIES The minimum number of syntax category checks --pwdmintokenlen PWDMINTOKENLEN Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "--pwduserattrs" --pwdbadwords PWDBADWORDS A space-separated list of words that can not be in a password --pwduserattrs PWDUSERATTRS A space-separated list of attributes whose values can not appear in the password (See "--pwdmintokenlen") --pwddictcheck PWDDICTCHECK Set to "on" to enforce CrackLib dictionary checking --pwddictpath PWDDICTPATH Filesystem path to specific/custom CrackLib dictionary files --pwptprmaxuse PWPTPRMAXUSE Number of times a reset password can be used for authentication --pwptprdelayexpireat PWPTPRDELAYEXPIREAT Number of seconds after which a reset password expires --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM Number of seconds to wait before using a reset password to authenticated COMMAND 'dsconf localpwp remove' usage: dsconf instance localpwp remove [-h] DN DN Remove local policy for this entry DN COMMAND 'dsconf localpwp adduser' usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME] [--pwdchange PWDCHANGE] [--pwdmustchange PWDMUSTCHANGE] [--pwdhistory PWDHISTORY] [--pwdhistorycount PWDHISTORYCOUNT] [--pwdadmin PWDADMIN] [--pwdadminskipupdates PWDADMINSKIPUPDATES] [--pwdtrack PWDTRACK] [--pwdwarning PWDWARNING] [--pwdexpire PWDEXPIRE] [--pwdmaxage PWDMAXAGE] [--pwdminage PWDMINAGE] [--pwdgracelimit PWDGRACELIMIT] [--pwdsendexpiring PWDSENDEXPIRING] [--pwdlockout PWDLOCKOUT] [--pwdunlock PWDUNLOCK] [--pwdlockoutduration PWDLOCKOUTDURATION] [--pwdmaxfailures PWDMAXFAILURES] [--pwdresetfailcount PWDRESETFAILCOUNT] [--pwdchecksyntax PWDCHECKSYNTAX] [--pwdminlen PWDMINLEN] [--pwdmindigits PWDMINDIGITS] [--pwdminalphas PWDMINALPHAS] [--pwdminuppers PWDMINUPPERS] [--pwdminlowers PWDMINLOWERS] [--pwdminspecials PWDMINSPECIALS] [--pwdmin8bits PWDMIN8BITS] [--pwdmaxrepeats PWDMAXREPEATS] [--pwdpalindrome PWDPALINDROME] [--pwdmaxseq PWDMAXSEQ] [--pwdmaxseqsets PWDMAXSEQSETS] [--pwdmaxclasschars PWDMAXCLASSCHARS] [--pwdmincatagories PWDMINCATAGORIES] [--pwdmintokenlen PWDMINTOKENLEN] [--pwdbadwords PWDBADWORDS] [--pwduserattrs PWDUSERATTRS] [--pwddictcheck PWDDICTCHECK] [--pwddictpath PWDDICTPATH] [--pwptprmaxuse PWPTPRMAXUSE] [--pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] DN DN Add/replace the local password policy for this entry DN OPTIONS 'dsconf localpwp adduser' --pwdscheme PWDSCHEME The password storage scheme --pwdchange PWDCHANGE Allow users to change their passwords --pwdmustchange PWDMUSTCHANGE Users must change their password after it was reset by an administrator --pwdhistory PWDHISTORY To enable password history set this to "on", otherwise "off" --pwdhistorycount PWDHISTORYCOUNT The number of passwords to keep in history --pwdadmin PWDADMIN The DN of an entry or a group of account that can bypass password policy constraints --pwdadminskipupdates PWDADMINSKIPUPDATES Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). --pwdtrack PWDTRACK Set to "on" to track the time the password was last changed --pwdwarning PWDWARNING Send an expiring warning if password expires within this time (in seconds) --pwdexpire PWDEXPIRE Set to "on" to enable password expiration --pwdmaxage PWDMAXAGE The password expiration time in seconds --pwdminage PWDMINAGE The number of seconds that must pass before a user can change their password --pwdgracelimit PWDGRACELIMIT The number of allowed logins after the password has expired --pwdsendexpiring PWDSENDEXPIRING Set to "on" to always send the expiring control regardless of the warning period --pwdlockout PWDLOCKOUT Set to "on" to enable account lockout --pwdunlock PWDUNLOCK Set to "on" to allow an account to become unlocked after the lockout duration --pwdlockoutduration PWDLOCKOUTDURATION The number of seconds an account stays locked out --pwdmaxfailures PWDMAXFAILURES The maximum number of allowed failed password attempts before the account gets locked --pwdresetfailcount PWDRESETFAILCOUNT The number of seconds to wait before reducing the failed login count on an account --pwdchecksyntax PWDCHECKSYNTAX Set to "on" to enable password syntax checking --pwdminlen PWDMINLEN The minimum number of characters required in a password --pwdmindigits PWDMINDIGITS The minimum number of digit/number characters in a password --pwdminalphas PWDMINALPHAS The minimum number of alpha characters required in a password --pwdminuppers PWDMINUPPERS The minimum number of uppercase characters required in a password --pwdminlowers PWDMINLOWERS The minimum number of lowercase characters required in a password --pwdminspecials PWDMINSPECIALS The minimum number of special characters required in a password --pwdmin8bits PWDMIN8BITS The minimum number of 8-bit characters required in a password --pwdmaxrepeats PWDMAXREPEATS The maximum number of times the same character can appear sequentially in the password --pwdpalindrome PWDPALINDROME Set to "on" to reject passwords that are palindromes --pwdmaxseq PWDMAXSEQ The maximum number of allowed monotonic character sequences in a password --pwdmaxseqsets PWDMAXSEQSETS The maximum number of allowed monotonic character sequences that can be duplicated in a password --pwdmaxclasschars PWDMAXCLASSCHARS The maximum number of sequential characters from the same character class that is allowed in a password --pwdmincatagories PWDMINCATAGORIES The minimum number of syntax category checks --pwdmintokenlen PWDMINTOKENLEN Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "--pwduserattrs" --pwdbadwords PWDBADWORDS A space-separated list of words that can not be in a password --pwduserattrs PWDUSERATTRS A space-separated list of attributes whose values can not appear in the password (See "--pwdmintokenlen") --pwddictcheck PWDDICTCHECK Set to "on" to enforce CrackLib dictionary checking --pwddictpath PWDDICTPATH Filesystem path to specific/custom CrackLib dictionary files --pwptprmaxuse PWPTPRMAXUSE Number of times a reset password can be used for authentication --pwptprdelayexpireat PWPTPRDELAYEXPIREAT Number of seconds after which a reset password expires --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM Number of seconds to wait before using a reset password to authenticated COMMAND 'dsconf localpwp addsubtree' usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME] [--pwdchange PWDCHANGE] [--pwdmustchange PWDMUSTCHANGE] [--pwdhistory PWDHISTORY] [--pwdhistorycount PWDHISTORYCOUNT] [--pwdadmin PWDADMIN] [--pwdadminskipupdates PWDADMINSKIPUPDATES] [--pwdtrack PWDTRACK] [--pwdwarning PWDWARNING] [--pwdexpire PWDEXPIRE] [--pwdmaxage PWDMAXAGE] [--pwdminage PWDMINAGE] [--pwdgracelimit PWDGRACELIMIT] [--pwdsendexpiring PWDSENDEXPIRING] [--pwdlockout PWDLOCKOUT] [--pwdunlock PWDUNLOCK] [--pwdlockoutduration PWDLOCKOUTDURATION] [--pwdmaxfailures PWDMAXFAILURES] [--pwdresetfailcount PWDRESETFAILCOUNT] [--pwdchecksyntax PWDCHECKSYNTAX] [--pwdminlen PWDMINLEN] [--pwdmindigits PWDMINDIGITS] [--pwdminalphas PWDMINALPHAS] [--pwdminuppers PWDMINUPPERS] [--pwdminlowers PWDMINLOWERS] [--pwdminspecials PWDMINSPECIALS] [--pwdmin8bits PWDMIN8BITS] [--pwdmaxrepeats PWDMAXREPEATS] [--pwdpalindrome PWDPALINDROME] [--pwdmaxseq PWDMAXSEQ] [--pwdmaxseqsets PWDMAXSEQSETS] [--pwdmaxclasschars PWDMAXCLASSCHARS] [--pwdmincatagories PWDMINCATAGORIES] [--pwdmintokenlen PWDMINTOKENLEN] [--pwdbadwords PWDBADWORDS] [--pwduserattrs PWDUSERATTRS] [--pwddictcheck PWDDICTCHECK] [--pwddictpath PWDDICTPATH] [--pwptprmaxuse PWPTPRMAXUSE] [--pwptprdelayexpireat PWPTPRDELAYEXPIREAT] [--pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM] DN DN Add/replace the subtree policy for this entry DN OPTIONS 'dsconf localpwp addsubtree' --pwdscheme PWDSCHEME The password storage scheme --pwdchange PWDCHANGE Allow users to change their passwords --pwdmustchange PWDMUSTCHANGE Users must change their password after it was reset by an administrator --pwdhistory PWDHISTORY To enable password history set this to "on", otherwise "off" --pwdhistorycount PWDHISTORYCOUNT The number of passwords to keep in history --pwdadmin PWDADMIN The DN of an entry or a group of account that can bypass password policy constraints --pwdadminskipupdates PWDADMINSKIPUPDATES Set to "on" if the Password Admin's password update should not trigger updates to the password state attributes (passwordExpirationtime, passwordHistory, etc). --pwdtrack PWDTRACK Set to "on" to track the time the password was last changed --pwdwarning PWDWARNING Send an expiring warning if password expires within this time (in seconds) --pwdexpire PWDEXPIRE Set to "on" to enable password expiration --pwdmaxage PWDMAXAGE The password expiration time in seconds --pwdminage PWDMINAGE The number of seconds that must pass before a user can change their password --pwdgracelimit PWDGRACELIMIT The number of allowed logins after the password has expired --pwdsendexpiring PWDSENDEXPIRING Set to "on" to always send the expiring control regardless of the warning period --pwdlockout PWDLOCKOUT Set to "on" to enable account lockout --pwdunlock PWDUNLOCK Set to "on" to allow an account to become unlocked after the lockout duration --pwdlockoutduration PWDLOCKOUTDURATION The number of seconds an account stays locked out --pwdmaxfailures PWDMAXFAILURES The maximum number of allowed failed password attempts before the account gets locked --pwdresetfailcount PWDRESETFAILCOUNT The number of seconds to wait before reducing the failed login count on an account --pwdchecksyntax PWDCHECKSYNTAX Set to "on" to enable password syntax checking --pwdminlen PWDMINLEN The minimum number of characters required in a password --pwdmindigits PWDMINDIGITS The minimum number of digit/number characters in a password --pwdminalphas PWDMINALPHAS The minimum number of alpha characters required in a password --pwdminuppers PWDMINUPPERS The minimum number of uppercase characters required in a password --pwdminlowers PWDMINLOWERS The minimum number of lowercase characters required in a password --pwdminspecials PWDMINSPECIALS The minimum number of special characters required in a password --pwdmin8bits PWDMIN8BITS The minimum number of 8-bit characters required in a password --pwdmaxrepeats PWDMAXREPEATS The maximum number of times the same character can appear sequentially in the password --pwdpalindrome PWDPALINDROME Set to "on" to reject passwords that are palindromes --pwdmaxseq PWDMAXSEQ The maximum number of allowed monotonic character sequences in a password --pwdmaxseqsets PWDMAXSEQSETS The maximum number of allowed monotonic character sequences that can be duplicated in a password --pwdmaxclasschars PWDMAXCLASSCHARS The maximum number of sequential characters from the same character class that is allowed in a password --pwdmincatagories PWDMINCATAGORIES The minimum number of syntax category checks --pwdmintokenlen PWDMINTOKENLEN Sets the smallest attribute value length that is used for trivial/user words checking. This also impacts "--pwduserattrs" --pwdbadwords PWDBADWORDS A space-separated list of words that can not be in a password --pwduserattrs PWDUSERATTRS A space-separated list of attributes whose values can not appear in the password (See "--pwdmintokenlen") --pwddictcheck PWDDICTCHECK Set to "on" to enforce CrackLib dictionary checking --pwddictpath PWDDICTPATH Filesystem path to specific/custom CrackLib dictionary files --pwptprmaxuse PWPTPRMAXUSE Number of times a reset password can be used for authentication --pwptprdelayexpireat PWPTPRDELAYEXPIREAT Number of seconds after which a reset password expires --pwptprdelayvalidfrom PWPTPRDELAYVALIDFROM Number of seconds to wait before using a reset password to authenticated COMMAND 'dsconf replication' usage: dsconf instance replication [-h] {enable,disable,get-ruv,list,status,winsync-status,promote,create-manager,delete-manager,demote,get,set-changelog,get-changelog,export-changelog,import-changelog,set,monitor} ... POSITIONAL ARGUMENTS 'dsconf replication' dsconf replication enable Enable replication for a suffix dsconf replication disable Disable replication for a suffix dsconf replication get-ruv Display the database RUV entry for a suffix dsconf replication list Lists all the replicated suffixes dsconf replication status Display the current status of all the replication agreements dsconf replication winsync-status Display the current status of all the replication agreements dsconf replication promote Promote a replica to a hub or supplier dsconf replication create-manager Create a replication manager entry dsconf replication delete-manager Delete a replication manager entry dsconf replication demote Demote replica to a hub or consumer dsconf replication get Display the replication configuration dsconf replication set-changelog Set replication changelog attributes dsconf replication get-changelog Display replication changelog attributes dsconf replication export-changelog Export the Directory Server replication changelog to an LDIF file dsconf replication import-changelog Restore/import Directory Server replication change log from an LDIF file. This is typically used when managing changelog encryption dsconf replication set Set an attribute in the replication configuration dsconf replication monitor Display the full replication topology report COMMAND 'dsconf replication enable' usage: dsconf instance replication enable [-h] --suffix SUFFIX --role ROLE [--replica-id REPLICA_ID] [--bind-group-dn BIND_GROUP_DN] [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] OPTIONS 'dsconf replication enable' --suffix SUFFIX Sets the DN of the suffix to be enabled for replication --role ROLE Sets the replication role: "supplier", "hub", or "consumer" --replica-id REPLICA_ID Sets the replication identifier for a "supplier". Values range from 1 - 65534 --bind-group-dn BIND_GROUP_DN Sets a group entry DN containing members that are "bind/supplier" DNs --bind-dn BIND_DN Sets the bind or supplier DN that can make replication updates --bind-passwd BIND_PASSWD Sets the password for replication manager (--bind-dn). This will create the manager entry if a value is set --bind-passwd-file BIND_PASSWD_FILE File containing the password --bind-passwd-prompt Prompt for password COMMAND 'dsconf replication disable' usage: dsconf instance replication disable [-h] --suffix SUFFIX OPTIONS 'dsconf replication disable' --suffix SUFFIX Sets the DN of the suffix to have replication disabled COMMAND 'dsconf replication get-ruv' usage: dsconf instance replication get-ruv [-h] --suffix SUFFIX OPTIONS 'dsconf replication get-ruv' --suffix SUFFIX Sets the DN of the replicated suffix COMMAND 'dsconf replication list' usage: dsconf instance replication list [-h] COMMAND 'dsconf replication status' usage: dsconf instance replication status [-h] --suffix SUFFIX [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] OPTIONS 'dsconf replication status' --suffix SUFFIX Sets the DN of the replication suffix --bind-dn BIND_DN Sets the DN to use to authenticate to the consumer. If not set, current instance's root DN will be used. It will be used for all agreements --bind-passwd BIND_PASSWD Sets the password for the bind DN. It will be used for all agreements --bind-passwd-file BIND_PASSWD_FILE File containing the password. It will be used for all agreements --bind-passwd-prompt Prompt for passwords for each agreement's instance separately COMMAND 'dsconf replication winsync-status' usage: dsconf instance replication winsync-status [-h] --suffix SUFFIX [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] OPTIONS 'dsconf replication winsync-status' --suffix SUFFIX Sets the DN of the replication suffix --bind-dn BIND_DN Sets the DN to use to authenticate to the consumer. Currectly not used --bind-passwd BIND_PASSWD Sets the password of the bind DN. Currectly not used --bind-passwd-file BIND_PASSWD_FILE File containing the password. Currectly not used --bind-passwd-prompt Prompt for password. Currectly not used COMMAND 'dsconf replication promote' usage: dsconf instance replication promote [-h] --suffix SUFFIX --newrole NEWROLE [--replica-id REPLICA_ID] [--bind-group-dn BIND_GROUP_DN] [--bind-dn BIND_DN] OPTIONS 'dsconf replication promote' --suffix SUFFIX Sets the DN of the replication suffix to promote --newrole NEWROLE Sets the new replica role to "hub" or "supplier" --replica-id REPLICA_ID Sets the replication identifier for a "supplier". Values range from 1 - 65534 --bind-group-dn BIND_GROUP_DN Sets a group entry DN containing members that are "bind/supplier" DNs --bind-dn BIND_DN Sets the bind or supplier DN that can make replication updates COMMAND 'dsconf replication create-manager' usage: dsconf instance replication create-manager [-h] [--name NAME] [--passwd PASSWD] [--passwd-file PASSWD_FILE] [--bind-passwd-file BIND_PASSWD_FILE] [--suffix SUFFIX] OPTIONS 'dsconf replication create-manager' --name NAME Sets the name of the new replication manager entry.For example, if the name is "replication manager" then the new manager entry's DN would be "cn=replication manager,cn=config". --passwd PASSWD Sets the password for replication manager. If not provided, you will be prompted for the password --passwd-file PASSWD_FILE File containing the password for back compatibility --bind-passwd-file BIND_PASSWD_FILE File containing the password --suffix SUFFIX The DN of the replication suffix whose replication configuration you want to add this new manager to (OPTIONAL) COMMAND 'dsconf replication delete-manager' usage: dsconf instance replication delete-manager [-h] [--name NAME] [--suffix SUFFIX] OPTIONS 'dsconf replication delete-manager' --name NAME Sets the name of the replication manager entry under cn=config: "cn=NAME,cn=config" --suffix SUFFIX Sets the DN of the replication suffix whose replication configuration you want to remove this manager from (OPTIONAL) COMMAND 'dsconf replication demote' usage: dsconf instance replication demote [-h] --suffix SUFFIX --newrole NEWROLE OPTIONS 'dsconf replication demote' --suffix SUFFIX Sets the DN of the replication suffix --newrole NEWROLE Sets the new replication role to "hub", or "consumer" COMMAND 'dsconf replication get' usage: dsconf instance replication get [-h] --suffix SUFFIX OPTIONS 'dsconf replication get' --suffix SUFFIX Sets the suffix DN for the replication configuration to display COMMAND 'dsconf replication set-changelog' usage: dsconf instance replication set-changelog [-h] --suffix SUFFIX [--max-entries MAX_ENTRIES] [--max-age MAX_AGE] [--trim-interval TRIM_INTERVAL] [--encrypt] [--disable-encrypt] OPTIONS 'dsconf replication set-changelog' --suffix SUFFIX Sets the suffix that uses the changelog --max-entries MAX_ENTRIES Sets the maximum number of entries to get in the replication changelog --max-age MAX_AGE Set the maximum age of a replication changelog entry --trim-interval TRIM_INTERVAL Sets the interval to check if the replication changelog can be trimmed --encrypt Sets the replication changelog to use encryption. You must export and import the changelog after setting this. --disable-encrypt Sets the replication changelog to not use encryption. You must export and import the changelog after setting this. COMMAND 'dsconf replication get-changelog' usage: dsconf instance replication get-changelog [-h] --suffix SUFFIX OPTIONS 'dsconf replication get-changelog' --suffix SUFFIX Sets the suffix that uses the changelog COMMAND 'dsconf replication export-changelog' usage: dsconf instance replication export-changelog [-h] {to-ldif,default} ... POSITIONAL ARGUMENTS 'dsconf replication export-changelog' dsconf replication export-changelog to-ldif Sets the LDIF file name. This is typically used for setting up changelog encryption dsconf replication export-changelog default Export the replication changelog to the server's default LDIF directory COMMAND 'dsconf replication export-changelog to-ldif' usage: dsconf instance replication export-changelog to-ldif [-h] [-c] [-d] [-l] [-i CHANGELOG_LDIF] -o OUTPUT_FILE -r REPLICA_ROOT OPTIONS 'dsconf replication export-changelog to-ldif' -c, --csn-only Enables to export and interpret CSN only. This option can be used with or without -i option. The LDIF file that is generated can not be imported and is only used for debugging purposes. -d, --decode Decodes the base64 values in each changelog entry. The LDIF file that is generated can not be imported and is only used for debugging purposes. -l, --preserve-ldif-done Preserves generated LDIF "files.done" files in changelog directory. -i CHANGELOG_LDIF, --changelog-ldif CHANGELOG_LDIF Decodes changes in an LDIF file. Use this option if you already have a changelog LDIF file, but the changes in that file are encoded. -o OUTPUT_FILE, --output-file OUTPUT_FILE Sets the path name for the final result -r REPLICA_ROOT, --replica-root REPLICA_ROOT Specifies the replica root whose changelog you want to export COMMAND 'dsconf replication export-changelog default' usage: dsconf instance replication export-changelog default [-h] -r REPLICA_ROOT OPTIONS 'dsconf replication export-changelog default' -r REPLICA_ROOT, --replica-root REPLICA_ROOT Specifies the replica root whose changelog you want to export COMMAND 'dsconf replication import-changelog' usage: dsconf instance replication import-changelog [-h] {from-ldif,default} ... POSITIONAL ARGUMENTS 'dsconf replication import-changelog' dsconf replication import-changelog from-ldif Restore/import a specific single LDIF file dsconf replication import-changelog default Import the default changelog LDIF file created by the server COMMAND 'dsconf replication import-changelog from-ldif' usage: dsconf instance replication import-changelog from-ldif [-h] -r REPLICA_ROOT LDIF_PATH LDIF_PATH The path of the changelog LDIF file OPTIONS 'dsconf replication import-changelog from-ldif' -r REPLICA_ROOT, --replica-root REPLICA_ROOT Specifies the replica root whose changelog you want to import COMMAND 'dsconf replication import-changelog default' usage: dsconf instance replication import-changelog default [-h] -r REPLICA_ROOT OPTIONS 'dsconf replication import-changelog default' -r REPLICA_ROOT, --replica-root REPLICA_ROOT Specifies the replica root whose changelog you want to import COMMAND 'dsconf replication set' usage: dsconf instance replication set [-h] --suffix SUFFIX [--repl-add-bind-dn REPL_ADD_BIND_DN] [--repl-del-bind-dn REPL_DEL_BIND_DN] [--repl-add-ref REPL_ADD_REF] [--repl-del-ref REPL_DEL_REF] [--repl-purge-delay REPL_PURGE_DELAY] [--repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL] [--repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING] [--repl-bind-group REPL_BIND_GROUP] [--repl-bind-group-interval REPL_BIND_GROUP_INTERVAL] [--repl-protocol-timeout REPL_PROTOCOL_TIMEOUT] [--repl-backoff-max REPL_BACKOFF_MAX] [--repl-backoff-min REPL_BACKOFF_MIN] [--repl-release-timeout REPL_RELEASE_TIMEOUT] [--repl-keepalive-update-interval REPL_KEEPALIVE_UPDATE_INTERVAL] OPTIONS 'dsconf replication set' --suffix SUFFIX Sets the DN of the replication suffix --repl-add-bind-dn REPL_ADD_BIND_DN Adds a bind (supplier) DN --repl-del-bind-dn REPL_DEL_BIND_DN Removes a bind (supplier) DN --repl-add-ref REPL_ADD_REF Adds a replication referral (for consumers only) --repl-del-ref REPL_DEL_REF Removes a replication referral (for conusmers only) --repl-purge-delay REPL_PURGE_DELAY Sets the replication purge delay --repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL Sets the interval in seconds to check for tombstones that can be purged --repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING Enables or disables improving the tombstone purging performance --repl-bind-group REPL_BIND_GROUP Sets a group entry DN containing members that are "bind/supplier" DNs --repl-bind-group-interval REPL_BIND_GROUP_INTERVAL Sets an interval in seconds to check if the bind group has been updated --repl-protocol-timeout REPL_PROTOCOL_TIMEOUT Sets a timeout in seconds on how long to wait before stopping replication when the server is under load --repl-backoff-max REPL_BACKOFF_MAX The maximum time in seconds a replication agreement should stay in a backoff state while waiting to acquire the consumer. Default is 300 seconds --repl-backoff-min REPL_BACKOFF_MIN The starting time in seconds a replication agreement should stay in a backoff state while waiting to acquire the consumer. Default is 3 seconds --repl-release-timeout REPL_RELEASE_TIMEOUT A timeout in seconds a replication supplier should send updates before it yields its replication session --repl-keepalive-update-interval REPL_KEEPALIVE_UPDATE_INTERVAL Interval in seconds for how often the server will apply an internal update to keep the RUV from getting stale. The default is 1 hour (3600 seconds) COMMAND 'dsconf replication monitor' usage: dsconf instance replication monitor [-h] [-c [CONNECTIONS ...]] [-a [ALIASES ...]] OPTIONS 'dsconf replication monitor' -c [CONNECTIONS ...], --connections [CONNECTIONS ...] Sets the connection values for monitoring other not connected topologies. The format: 'host:port:binddn:bindpwd'. You can use regex for host and port. You can set bindpwd to * and it will be requested at the runtime or you can include the path to the password file in square brackets - [~/pwd.txt] -a [ALIASES ...], --aliases [ALIASES ...] Enables displaying an alias instead of host:port, if an alias is assigned to a host:port combination. The format: alias=host:port COMMAND 'dsconf repl-agmt' usage: dsconf instance repl-agmt [-h] {list,enable,disable,init,init-status,poke,status,delete,create,set,get} ... POSITIONAL ARGUMENTS 'dsconf repl-agmt' dsconf repl-agmt list List all replication agreements dsconf repl-agmt enable Enable replication agreement dsconf repl-agmt disable Disable replication agreement dsconf repl-agmt init Initialize replication agreement dsconf repl-agmt init-status Check the agreement initialization status dsconf repl-agmt poke Trigger replication to send updates now dsconf repl-agmt status Displays the current status of the replication agreement dsconf repl-agmt delete Delete replication agreement dsconf repl-agmt create Initialize replication agreement dsconf repl-agmt set Set an attribute in the replication agreement dsconf repl-agmt get Get replication configuration COMMAND 'dsconf repl-agmt list' usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry ENTRY] OPTIONS 'dsconf repl-agmt list' --suffix SUFFIX Sets the DN of the suffix to look up replication agreements for --entry ENTRY Returns the entire entry for each agreement COMMAND 'dsconf repl-agmt enable' usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt enable' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-agmt disable' usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt disable' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-agmt init' usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt init' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-agmt init-status' usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt init-status' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-agmt poke' usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt poke' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-agmt status' usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt status' --suffix SUFFIX Sets the DN of the replication suffix --bind-dn BIND_DN Sets the DN to use to authenticate to the consumer. If not set, current instance's root DN will be used. It will be used for all agreements --bind-passwd BIND_PASSWD Sets the password for the bind DN. It will be used for all agreements --bind-passwd-file BIND_PASSWD_FILE File containing the password. It will be used for all agreements --bind-passwd-prompt Prompt for passwords for each agreement's instance separately COMMAND 'dsconf repl-agmt delete' usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt delete' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-agmt create' usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host HOST --port PORT --conn-protocol CONN_PROTOCOL [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] --bind-method BIND_METHOD [--frac-list FRAC_LIST] [--frac-list-total FRAC_LIST_TOTAL] [--strip-list STRIP_LIST] [--schedule SCHEDULE] [--conn-timeout CONN_TIMEOUT] [--protocol-timeout PROTOCOL_TIMEOUT] [--wait-async-results WAIT_ASYNC_RESULTS] [--busy-wait-time BUSY_WAIT_TIME] [--session-pause-time SESSION_PAUSE_TIME] [--flow-control-window FLOW_CONTROL_WINDOW] [--flow-control-pause FLOW_CONTROL_PAUSE] [--bootstrap-bind-dn BOOTSTRAP_BIND_DN] [--bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD] [--bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE] [--bootstrap-bind-passwd-prompt] [--bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL] [--bootstrap-bind-method BOOTSTRAP_BIND_METHOD] [--init] AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt create' --suffix SUFFIX Sets the DN of the replication suffix --host HOST Sets the hostname of the remote replica --port PORT Sets the port number of the remote replica --conn-protocol CONN_PROTOCOL Sets the replication connection protocol: LDAP, LDAPS, or StartTLS --bind-dn BIND_DN Sets the bind DN the agreement uses to authenticate to the replica --bind-passwd BIND_PASSWD Sets the credentials for the bind DN --bind-passwd-file BIND_PASSWD_FILE File containing the password --bind-passwd-prompt Prompt for password --bind-method BIND_METHOD Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI" --frac-list FRAC_LIST Sets the list of attributes to NOT replicate to the consumer during incremental updates --frac-list-total FRAC_LIST_TOTAL Sets the list of attributes to NOT replicate during a total initialization --strip-list STRIP_LIST Sets a list of attributes that are removed from updates only if the event would otherwise be empty. Typically this is set to "modifiersname" and "modifytimestmap" --schedule SCHEDULE Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday - Saturday). --conn-timeout CONN_TIMEOUT Sets the timeout used for replication connections --protocol-timeout PROTOCOL_TIMEOUT Sets a timeout in seconds on how long to wait before stopping replication when the server is under load --wait-async-results WAIT_ASYNC_RESULTS Sets the amount of time in milliseconds the server waits if the consumer is not ready before resending data --busy-wait-time BUSY_WAIT_TIME Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. --session-pause-time SESSION_PAUSE_TIME Sets the amount of time in seconds a supplier should wait between update sessions. --flow-control-window FLOW_CONTROL_WINDOW Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by the consumer. --flow-control-pause FLOW_CONTROL_PAUSE Sets the time in milliseconds to pause after reaching the number of entries and updates set in "--flow-control-window" --bootstrap-bind-dn BOOTSTRAP_BIND_DN Sets an optional bind DN the agreement can use to bootstrap initialization when bind groups are being used --bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD Sets the bootstrap credentials for the bind DN --bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE File containing the password --bootstrap-bind-passwd-prompt File containing the password --bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL Sets the replication bootstrap connection protocol: LDAP, LDAPS, or StartTLS --bootstrap-bind-method BOOTSTRAP_BIND_METHOD Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH" --init Initializes the agreement after creating it COMMAND 'dsconf repl-agmt set' usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST] [--port PORT] [--conn-protocol CONN_PROTOCOL] [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] [--bind-method BIND_METHOD] [--frac-list FRAC_LIST] [--frac-list-total FRAC_LIST_TOTAL] [--strip-list STRIP_LIST] [--schedule SCHEDULE] [--conn-timeout CONN_TIMEOUT] [--protocol-timeout PROTOCOL_TIMEOUT] [--wait-async-results WAIT_ASYNC_RESULTS] [--busy-wait-time BUSY_WAIT_TIME] [--session-pause-time SESSION_PAUSE_TIME] [--flow-control-window FLOW_CONTROL_WINDOW] [--flow-control-pause FLOW_CONTROL_PAUSE] [--bootstrap-bind-dn BOOTSTRAP_BIND_DN] [--bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD] [--bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE] [--bootstrap-bind-passwd-prompt] [--bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL] [--bootstrap-bind-method BOOTSTRAP_BIND_METHOD] AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-agmt set' --suffix SUFFIX Sets the DN of the replication suffix --host HOST Sets the hostname of the remote replica --port PORT Sets the port number of the remote replica --conn-protocol CONN_PROTOCOL Sets the replication connection protocol: LDAP, LDAPS, or StartTLS --bind-dn BIND_DN Sets the Bind DN the agreement uses to authenticate to the replica --bind-passwd BIND_PASSWD Sets the credentials for the bind DN --bind-passwd-file BIND_PASSWD_FILE File containing the password --bind-passwd-prompt Prompt for password --bind-method BIND_METHOD Sets the bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI" --frac-list FRAC_LIST Sets a list of attributes to NOT replicate to the consumer during incremental updates --frac-list-total FRAC_LIST_TOTAL Sets a list of attributes to NOT replicate during a total initialization --strip-list STRIP_LIST Sets a list of attributes that are removed from updates only if the event would otherwise be empty. Typically this is set to "modifiersname" and "modifytimestmap" --schedule SCHEDULE Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday - Saturday). --conn-timeout CONN_TIMEOUT Sets the timeout used for replication connections --protocol-timeout PROTOCOL_TIMEOUT Sets a timeout in seconds on how long to wait before stopping replication when the server is under load --wait-async-results WAIT_ASYNC_RESULTS Sets the amount of time in milliseconds the server waits if the consumer is not ready before resending data --busy-wait-time BUSY_WAIT_TIME Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access. --session-pause-time SESSION_PAUSE_TIME Sets the amount of time in seconds a supplier should wait between update sessions. --flow-control-window FLOW_CONTROL_WINDOW Sets the maximum number of entries and updates sent by a supplier, which are not acknowledged by the consumer. --flow-control-pause FLOW_CONTROL_PAUSE Sets the time in milliseconds to pause after reaching the number of entries and updates set in "--flow-control-window" --bootstrap-bind-dn BOOTSTRAP_BIND_DN Sets an optional bind DN the agreement can use to bootstrap initialization when bind groups are being used --bootstrap-bind-passwd BOOTSTRAP_BIND_PASSWD sets the bootstrap credentials for the bind DN --bootstrap-bind-passwd-file BOOTSTRAP_BIND_PASSWD_FILE File containing the password --bootstrap-bind-passwd-prompt Prompt for password --bootstrap-conn-protocol BOOTSTRAP_CONN_PROTOCOL Sets the replication bootstrap connection protocol: LDAP, LDAPS, or StartTLS --bootstrap-bind-method BOOTSTRAP_BIND_METHOD Sets the bind method: "SIMPLE", or "SSLCLIENTAUTH" COMMAND 'dsconf repl-agmt get' usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The suffix DN for which to display the replication configuration OPTIONS 'dsconf repl-agmt get' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-winsync-agmt' usage: dsconf instance repl-winsync-agmt [-h] {list,enable,disable,init,init-status,poke,status,delete,create,set,get} ... POSITIONAL ARGUMENTS 'dsconf repl-winsync-agmt' dsconf repl-winsync-agmt list List all the replication winsync agreements dsconf repl-winsync-agmt enable Enable replication winsync agreement dsconf repl-winsync-agmt disable Disable replication winsync agreement dsconf repl-winsync-agmt init Initialize replication winsync agreement dsconf repl-winsync-agmt init-status Check the agreement initialization status dsconf repl-winsync-agmt poke Trigger replication to send updates now dsconf repl-winsync-agmt status Display the current status of the replication agreement dsconf repl-winsync-agmt delete Delete replication winsync agreement dsconf repl-winsync-agmt create Initialize replication winsync agreement dsconf repl-winsync-agmt set Set an attribute in the replication winsync agreement dsconf repl-winsync-agmt get Display replication configuration COMMAND 'dsconf repl-winsync-agmt list' usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX OPTIONS 'dsconf repl-winsync-agmt list' --suffix SUFFIX Sets the DN of the suffix to look up replication winsync agreements COMMAND 'dsconf repl-winsync-agmt enable' usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt enable' --suffix SUFFIX Sets the DN of the replication winsync suffix COMMAND 'dsconf repl-winsync-agmt disable' usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt disable' --suffix SUFFIX Sets the DN of the replication winsync suffix COMMAND 'dsconf repl-winsync-agmt init' usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt init' --suffix SUFFIX Sets the DN of the replication winsync suffix COMMAND 'dsconf repl-winsync-agmt init-status' usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-winsync-agmt init-status' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-winsync-agmt poke' usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt poke' --suffix SUFFIX Sets the DN of the replication winsync suffix COMMAND 'dsconf repl-winsync-agmt status' usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication agreement OPTIONS 'dsconf repl-winsync-agmt status' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-winsync-agmt delete' usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt delete' --suffix SUFFIX Sets the DN of the replication winsync suffix COMMAND 'dsconf repl-winsync-agmt create' usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX --host HOST --port PORT --conn-protocol CONN_PROTOCOL --bind-dn BIND_DN [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] [--frac-list FRAC_LIST] [--schedule SCHEDULE] --win-subtree WIN_SUBTREE --ds-subtree DS_SUBTREE --win-domain WIN_DOMAIN [--sync-users SYNC_USERS] [--sync-groups SYNC_GROUPS] [--sync-interval SYNC_INTERVAL] [--one-way-sync ONE_WAY_SYNC] [--move-action MOVE_ACTION] [--win-filter WIN_FILTER] [--ds-filter DS_FILTER] [--subtree-pair SUBTREE_PAIR] [--conn-timeout CONN_TIMEOUT] [--busy-wait-time BUSY_WAIT_TIME] [--session-pause-time SESSION_PAUSE_TIME] [--flatten-tree] [--init] AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt create' --suffix SUFFIX Sets the DN of the replication winsync suffix --host HOST Sets the hostname of the AD server --port PORT Sets the port number of the AD server --conn-protocol CONN_PROTOCOL Sets the replication winsync connection protocol: LDAP, LDAPS, or StartTLS --bind-dn BIND_DN Sets the bind DN the agreement uses to authenticate to the AD Server --bind-passwd BIND_PASSWD Sets the credentials for the Bind DN --bind-passwd-file BIND_PASSWD_FILE File containing the password --bind-passwd-prompt Prompt for password --frac-list FRAC_LIST Sets a list of attributes to NOT replicate to the consumer during incremental updates --schedule SCHEDULE Sets the replication update schedule --win-subtree WIN_SUBTREE Sets the suffix of the AD Server --ds-subtree DS_SUBTREE Sets the Directory Server suffix --win-domain WIN_DOMAIN Sets the AD Domain --sync-users SYNC_USERS Synchronizes users between AD and DS --sync-groups SYNC_GROUPS Synchronizes groups between AD and DS --sync-interval SYNC_INTERVAL Sets the interval that DS checks AD for changes in entries --one-way-sync ONE_WAY_SYNC Sets which direction to perform synchronization: "toWindows", or "fromWindows". By default sync occurs in both directions. --move-action MOVE_ACTION Sets instructions on how to handle moved or deleted entries: "none", "unsync", or "delete" --win-filter WIN_FILTER Sets a custom filter for finding users in AD Server --ds-filter DS_FILTER Sets a custom filter for finding AD users in DS --subtree-pair SUBTREE_PAIR Sets the subtree pair: : --conn-timeout CONN_TIMEOUT Sets the timeout used for replicaton connections --busy-wait-time BUSY_WAIT_TIME Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access --session-pause-time SESSION_PAUSE_TIME Sets the amount of time in seconds a supplier should wait between update sessions --flatten-tree By default, the tree structure of AD is preserved into 389. This MAY cause replication to fail in some cases, as you may need to create missing OU's to recreate the same treestructure. This setting when enabled, removes the tree structure of AD and flattens all entries into the ds-subtree. This does NOT affect or change the tree structure of the AD directory. --init Initializes the agreement after creating it COMMAND 'dsconf repl-winsync-agmt set' usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX] [--host HOST] [--port PORT] [--conn-protocol CONN_PROTOCOL] [--bind-dn BIND_DN] [--bind-passwd BIND_PASSWD] [--bind-passwd-file BIND_PASSWD_FILE] [--bind-passwd-prompt] [--frac-list FRAC_LIST] [--schedule SCHEDULE] [--win-subtree WIN_SUBTREE] [--ds-subtree DS_SUBTREE] [--win-domain WIN_DOMAIN] [--sync-users SYNC_USERS] [--sync-groups SYNC_GROUPS] [--sync-interval SYNC_INTERVAL] [--one-way-sync ONE_WAY_SYNC] [--move-action MOVE_ACTION] [--win-filter WIN_FILTER] [--ds-filter DS_FILTER] [--subtree-pair SUBTREE_PAIR] [--conn-timeout CONN_TIMEOUT] [--busy-wait-time BUSY_WAIT_TIME] [--session-pause-time SESSION_PAUSE_TIME] AGMT_NAME AGMT_NAME The name of the replication winsync agreement OPTIONS 'dsconf repl-winsync-agmt set' --suffix SUFFIX Sets the DN of the replication winsync suffix --host HOST Sets the hostname of the AD server --port PORT Sets the port number of the AD server --conn-protocol CONN_PROTOCOL Sets the replication winsync connection protocol: LDAP, LDAPS, or StartTLS --bind-dn BIND_DN Sets the bind DN the agreement uses to authenticate to the AD Server --bind-passwd BIND_PASSWD Sets the credentials for the Bind DN --bind-passwd-file BIND_PASSWD_FILE File containing the password --bind-passwd-prompt Prompt for password --frac-list FRAC_LIST Sets a list of attributes to NOT replicate to the consumer during incremental updates --schedule SCHEDULE Sets the replication update schedule --win-subtree WIN_SUBTREE Sets the suffix of the AD Server --ds-subtree DS_SUBTREE Sets the Directory Server suffix --win-domain WIN_DOMAIN Sets the AD Domain --sync-users SYNC_USERS Synchronizes users between AD and DS --sync-groups SYNC_GROUPS Synchronizes groups between AD and DS --sync-interval SYNC_INTERVAL Sets the interval that DS checks AD for changes in entries --one-way-sync ONE_WAY_SYNC Sets which direction to perform synchronization: "toWindows", or "fromWindows". By default sync occurs in both directions. --move-action MOVE_ACTION Sets instructions on how to handle moved or deleted entries: "none", "unsync", or "delete" --win-filter WIN_FILTER Sets a custom filter for finding users in AD Server --ds-filter DS_FILTER Sets a custom filter for finding AD users in DS --subtree-pair SUBTREE_PAIR Sets the subtree pair: : --conn-timeout CONN_TIMEOUT Sets the timeout used for replicaton connections --busy-wait-time BUSY_WAIT_TIME Sets the amount of time in seconds a supplier should wait after a consumer sends back a busy response before making another attempt to acquire access --session-pause-time SESSION_PAUSE_TIME Sets the amount of time in seconds a supplier should wait between update sessions COMMAND 'dsconf repl-winsync-agmt get' usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX AGMT_NAME AGMT_NAME The suffix DN for the replication configuration to display OPTIONS 'dsconf repl-winsync-agmt get' --suffix SUFFIX Sets the DN of the replication suffix COMMAND 'dsconf repl-tasks' usage: dsconf instance repl-tasks [-h] {cleanallruv,list-cleanruv-tasks,abort-cleanallruv,list-abortruv-tasks} ... POSITIONAL ARGUMENTS 'dsconf repl-tasks' dsconf repl-tasks cleanallruv Cleanup old/removed replica IDs dsconf repl-tasks list-cleanruv-tasks List all the running CleanAllRUV tasks dsconf repl-tasks abort-cleanallruv Abort cleanallruv tasks dsconf repl-tasks list-abortruv-tasks List all the running CleanAllRUV abort tasks COMMAND 'dsconf repl-tasks cleanallruv' usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX --replica-id REPLICA_ID [--force-cleaning] OPTIONS 'dsconf repl-tasks cleanallruv' --suffix SUFFIX Sets the Directory Server suffix --replica-id REPLICA_ID Sets the replica ID to remove/clean --force-cleaning Ignores errors and make a best attempt to clean all replicas COMMAND 'dsconf repl-tasks list-cleanruv-tasks' usage: dsconf instance repl-tasks list-cleanruv-tasks [-h] [--suffix SUFFIX] OPTIONS 'dsconf repl-tasks list-cleanruv-tasks' --suffix SUFFIX Lists only tasks for the specified suffix COMMAND 'dsconf repl-tasks abort-cleanallruv' usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUFFIX --replica-id REPLICA_ID [--certify] OPTIONS 'dsconf repl-tasks abort-cleanallruv' --suffix SUFFIX Sets the Directory Server suffix --replica-id REPLICA_ID Sets the replica ID of the cleaning task to abort --certify Enforces that the abort task completed on all replicas COMMAND 'dsconf repl-tasks list-abortruv-tasks' usage: dsconf instance repl-tasks list-abortruv-tasks [-h] [--suffix SUFFIX] OPTIONS 'dsconf repl-tasks list-abortruv-tasks' --suffix SUFFIX Lists only tasks for the specified suffix COMMAND 'dsconf sasl' usage: dsconf instance sasl [-h] {list,get-mechs,get-available-mechs,get,create,delete} ... POSITIONAL ARGUMENTS 'dsconf sasl' dsconf sasl list Display available SASL mappings dsconf sasl get-mechs Display the SASL mechanisms that the server will accept dsconf sasl get-available-mechs Display the SASL mechanisms that are available to the server dsconf sasl get Displays SASL mappings dsconf sasl create Create a SASL mapping dsconf sasl delete Deletes the SASL object COMMAND 'dsconf sasl list' usage: dsconf instance sasl list [-h] [--details] OPTIONS 'dsconf sasl list' --details Displays each SASL mapping in detail COMMAND 'dsconf sasl get-mechs' usage: dsconf instance sasl get-mechs [-h] COMMAND 'dsconf sasl get-available-mechs' usage: dsconf instance sasl get-available-mechs [-h] COMMAND 'dsconf sasl get' usage: dsconf instance sasl get [-h] [selector] selector The SASL mapping name to display COMMAND 'dsconf sasl create' usage: dsconf instance sasl create [-h] [--cn [CN]] [--nsSaslMapRegexString [NSSASLMAPREGEXSTRING]] [--nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]] [--nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]] [--nsSaslMapPriority [NSSASLMAPPRIORITY]] OPTIONS 'dsconf sasl create' --cn [CN] Value of cn --nsSaslMapRegexString [NSSASLMAPREGEXSTRING] Value of nsSaslMapRegexString --nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE] Value of nsSaslMapBaseDNTemplate --nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE] Value of nsSaslMapFilterTemplate --nsSaslMapPriority [NSSASLMAPPRIORITY] Value of nsSaslMapPriority COMMAND 'dsconf sasl delete' usage: dsconf instance sasl delete [-h] map_name map_name The SASL mapping name ("cn" value) COMMAND 'dsconf security' usage: dsconf instance security [-h] {set,get,enable,disable,disable_plain_port,certificate,ca-certificate,rsa,ciphers,csr,key,export-cert} ... POSITIONAL ARGUMENTS 'dsconf security' dsconf security set Set general security options dsconf security get Display general security options dsconf security enable Enable security dsconf security disable Disable security dsconf security disable_plain_port Disables the plain text LDAP port, allowing only LDAPS to function dsconf security certificate Manage TLS certificates dsconf security ca-certificate Manage TLS certificate authorities dsconf security rsa Query and update RSA security options dsconf security ciphers Manage secure ciphers dsconf security csr Manage certificate signing requests dsconf security key Manage keys in NSS DB dsconf security export-cert Export a certificate to PEM or DER/Binary format. PEM format is the default COMMAND 'dsconf security set' usage: dsconf instance security set [-h] [--security SECURITY] [--listen-host LISTEN_HOST] [--secure-port SECURE_PORT] [--tls-client-auth TLS_CLIENT_AUTH] [--tls-client-renegotiation TLS_CLIENT_RENEGOTIATION] [--require-secure-authentication REQUIRE_SECURE_AUTHENTICATION] [--check-hostname CHECK_HOSTNAME] [--verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP] [--session-timeout SESSION_TIMEOUT] [--tls-protocol-min TLS_PROTOCOL_MIN] [--tls-protocol-max TLS_PROTOCOL_MAX] [--allow-insecure-ciphers ALLOW_INSECURE_CIPHERS] [--allow-weak-dh-param ALLOW_WEAK_DH_PARAM] [--cipher-pref CIPHER_PREF] Use this command for setting security related options located in cn=config and cn=encryption,cn=config. To enable/disable security you can use enable and disable commands instead. OPTIONS 'dsconf security set' --security SECURITY Enables or disables security (nsslapd-security) --listen-host LISTEN_HOST Sets the host or IP address to listen on for LDAPS (nsslapd-securelistenhost) --secure-port SECURE_PORT Sets the port for LDAPS to listen on (nsslapd-securePort) --tls-client-auth TLS_CLIENT_AUTH Configures client authentication requirement (nsSSLClientAuth) --tls-client-renegotiation TLS_CLIENT_RENEGOTIATION Allows client TLS renegotiation (nsTLSAllowClientRenegotiation) --require-secure-authentication REQUIRE_SECURE_AUTHENTICATION Configures whether binds over LDAPS, StartTLS, or SASL are required (nsslapd- require-secure-binds) --check-hostname CHECK_HOSTNAME Checks the subject of remote certificate against the hostname (nsslapd-ssl- check-hostname) --verify-cert-chain-on-startup VERIFY_CERT_CHAIN_ON_STARTUP Validates the server certificate during startup (nsslapd-validate-cert) --session-timeout SESSION_TIMEOUT Sets the secure session timeout (nsSSLSessionTimeout) --tls-protocol-min TLS_PROTOCOL_MIN Sets the minimal allowed secure protocol version (sslVersionMin) --tls-protocol-max TLS_PROTOCOL_MAX Sets the maximal allowed secure protocol version (sslVersionMax) --allow-insecure-ciphers ALLOW_INSECURE_CIPHERS Allows weak ciphers for legacy use (allowWeakCipher) --allow-weak-dh-param ALLOW_WEAK_DH_PARAM Allows short DH params for legacy use (allowWeakDHParam) --cipher-pref CIPHER_PREF Directly sets the nsSSL3Ciphers attribute. It is a comma-separated list of cipher names (prefixed with + or -), optionally including +all or -all. The attribute may optionally be prefixed by keyword "default". Please refer to documentation of the attribute for a more detailed description. (nsSSL3Ciphers) COMMAND 'dsconf security get' usage: dsconf instance security get [-h] COMMAND 'dsconf security enable' usage: dsconf instance security enable [-h] [--cert-name CERT_NAME] If missing, create security database, then turn on security functionality. Please note this is usually not enough for TLS connections to work - proper setup of CA and server certificate is necessary. OPTIONS 'dsconf security enable' --cert-name CERT_NAME Sets the name of the certificate the server should use COMMAND 'dsconf security disable' usage: dsconf instance security disable [-h] Turn off security functionality. The rest of the configuration will be left untouched. COMMAND 'dsconf security disable_plain_port' usage: dsconf instance security disable_plain_port [-h] COMMAND 'dsconf security certificate' usage: dsconf instance security certificate [-h] {add,set-trust-flags,del,get,list} ... POSITIONAL ARGUMENTS 'dsconf security certificate' dsconf security certificate add Add a server certificate dsconf security certificate set-trust-flags Set the Trust flags dsconf security certificate del Delete a certificate dsconf security certificate get Display a server certificate's information dsconf security certificate list List the server certificates COMMAND 'dsconf security certificate add' usage: dsconf instance security certificate add [-h] --file FILE --name NAME [--primary-cert] Add a server certificate to the NSS database OPTIONS 'dsconf security certificate add' --file FILE Sets the file name of the certificate --name NAME Sets the name/nickname of the certificate --primary-cert Sets this certificate as the server's certificate COMMAND 'dsconf security certificate set-trust-flags' usage: dsconf instance security certificate set-trust-flags [-h] --flags FLAGS name Change the trust flags of a server certificate name The name/nickname of the certificate OPTIONS 'dsconf security certificate set-trust-flags' --flags FLAGS Sets the trust flags for the server certificate COMMAND 'dsconf security certificate del' usage: dsconf instance security certificate del [-h] name Delete a certificate from the NSS database name The name/nickname of the certificate COMMAND 'dsconf security certificate get' usage: dsconf instance security certificate get [-h] name Displays detailed information about a certificate, such as trust attributes, expiration dates, Subject and Issuer DNs name Set the name/nickname of the certificate COMMAND 'dsconf security certificate list' usage: dsconf instance security certificate list [-h] Lists the server certificates in the NSS database COMMAND 'dsconf security ca-certificate' usage: dsconf instance security ca-certificate [-h] {add,set-trust-flags,del,get,list} ... POSITIONAL ARGUMENTS 'dsconf security ca-certificate' dsconf security ca-certificate add Add a Certificate Authority dsconf security ca-certificate set-trust-flags Set the Trust flags dsconf security ca-certificate del Delete a certificate dsconf security ca-certificate get Displays a Certificate Authority's information dsconf security ca-certificate list List the Certificate Authorities COMMAND 'dsconf security ca-certificate add' usage: dsconf instance security ca-certificate add [-h] --file FILE --name NAME [NAME ...] Add a Certificate Authority to the NSS database OPTIONS 'dsconf security ca-certificate add' --file FILE Sets the file name of the CA certificate --name NAME [NAME ...] Sets the name/nickname of the CA certificate, if adding a PEM bundle then specify multiple names one for each certificate, otherwise a number increment will be added to the previous name. COMMAND 'dsconf security ca-certificate set-trust-flags' usage: dsconf instance security ca-certificate set-trust-flags [-h] --flags FLAGS name Change the trust attributes of a CA certificate. Certificate Authorities typically use "CT,," name The name/nickname of the CA certificate OPTIONS 'dsconf security ca-certificate set-trust-flags' --flags FLAGS Sets the trust flags for the CA certificate COMMAND 'dsconf security ca-certificate del' usage: dsconf instance security ca-certificate del [-h] name Delete a CA certificate from the NSS database name The name/nickname of the CA certificate COMMAND 'dsconf security ca-certificate get' usage: dsconf instance security ca-certificate get [-h] name Get detailed information about a CA certificate, like trust attributes, expiration dates, Subject and Issuer DN name The name/nickname of the CA certificate COMMAND 'dsconf security ca-certificate list' usage: dsconf instance security ca-certificate list [-h] List the CA certificates in the NSS database COMMAND 'dsconf security rsa' usage: dsconf instance security rsa [-h] {set,get,enable,disable} ... POSITIONAL ARGUMENTS 'dsconf security rsa' dsconf security rsa set Set RSA security options dsconf security rsa get Get RSA security options dsconf security rsa enable Enable RSA dsconf security rsa disable Disable RSA COMMAND 'dsconf security rsa set' usage: dsconf instance security rsa set [-h] [--tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES] [--nss-cert-name NSS_CERT_NAME] [--nss-token NSS_TOKEN] Use this command for setting RSA (private key) related options located in cn=RSA,cn=encryption,cn=config. To enable/disable RSA you can use enable and disable commands instead. OPTIONS 'dsconf security rsa set' --tls-allow-rsa-certificates TLS_ALLOW_RSA_CERTIFICATES Activates the use of RSA certificates (nsSSLActivation) --nss-cert-name NSS_CERT_NAME Sets the server certificate name in NSS DB (nsSSLPersonalitySSL) --nss-token NSS_TOKEN Sets the security token name (module of NSS DB) (nsSSLToken) COMMAND 'dsconf security rsa get' usage: dsconf instance security rsa get [-h] COMMAND 'dsconf security rsa enable' usage: dsconf instance security rsa enable [-h] COMMAND 'dsconf security rsa disable' usage: dsconf instance security rsa disable [-h] COMMAND 'dsconf security ciphers' usage: dsconf instance security ciphers [-h] {enable,disable,get,set,list} ... POSITIONAL ARGUMENTS 'dsconf security ciphers' dsconf security ciphers enable Enable ciphers dsconf security ciphers disable Disable ciphers dsconf security ciphers get Get ciphers attribute dsconf security ciphers set Set ciphers attribute dsconf security ciphers list List ciphers COMMAND 'dsconf security ciphers enable' usage: dsconf instance security ciphers enable [-h] cipher [cipher ...] Use this command to enable specific ciphers. cipher COMMAND 'dsconf security ciphers disable' usage: dsconf instance security ciphers disable [-h] cipher [cipher ...] Use this command to disable specific ciphers. cipher COMMAND 'dsconf security ciphers get' usage: dsconf instance security ciphers get [-h] Use this command to get contents of nsSSL3Ciphers attribute. COMMAND 'dsconf security ciphers set' usage: dsconf instance security ciphers set [-h] cipher-string Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names (prefixed with + or -), optionally including +all or -all. The attribute may optionally be set to keyword default. Please refer to documentation of the attribute for a more detailed description. cipher-string COMMAND 'dsconf security ciphers list' usage: dsconf instance security ciphers list [-h] [--enabled | --supported | --disabled] List secure ciphers. Without arguments, list ciphers as configured in nsSSL3Ciphers attribute. OPTIONS 'dsconf security ciphers list' --enabled Lists only enabled ciphers --supported Lists only supported ciphers --disabled Lists only supported ciphers but without enabled ciphers COMMAND 'dsconf security csr' usage: dsconf instance security csr [-h] {list,get,req,del} ... POSITIONAL ARGUMENTS 'dsconf security csr' dsconf security csr list List CSRs dsconf security csr get Display CSR content dsconf security csr req Generate a Certificate Signing Request dsconf security csr del Delete a CSR file COMMAND 'dsconf security csr list' usage: dsconf instance security csr list [-h] [--path PATH] List all CSR files in instance configuration directiory OPTIONS 'dsconf security csr list' --path PATH, -p PATH Directory contanining CSR file COMMAND 'dsconf security csr get' usage: dsconf instance security csr get [-h] name Displays the contents of a CSR, which can be used for submittal to CA name Name of the CSR file to display COMMAND 'dsconf security csr req' usage: dsconf instance security csr req [-h] --subject SUBJECT --name NAME [alt_names ...] Generate a CSR that can be submitted to a CA for verification alt_names CSR alternative names. These are auto-detected if not provided OPTIONS 'dsconf security csr req' --subject SUBJECT, -s SUBJECT Subject field --name NAME, -n NAME Name COMMAND 'dsconf security csr del' usage: dsconf instance security csr del [-h] name Delete a CSR file name Name of the CSR file to delete COMMAND 'dsconf security key' usage: dsconf instance security key [-h] {list,del} ... POSITIONAL ARGUMENTS 'dsconf security key' dsconf security key list List all keys in NSS DB dsconf security key del Delete a key from NSS DB COMMAND 'dsconf security key list' usage: dsconf instance security key list [-h] [--orphan] OPTIONS 'dsconf security key list' --orphan List orphan keys (An orphan key is a private key in the NSS DB for which there is NO cert with the corresponding public key). An orphan key is created during CSR generation, when the associated certificate is imported into the NSS DB, its orphan state will be removed. COMMAND 'dsconf security key del' usage: dsconf instance security key del [-h] key_id Remove a key from the NSS DB. Make sure the key is not in use before you delete key_id This is the key ID displayed when listing keys COMMAND 'dsconf security export-cert' usage: dsconf instance security export-cert [-h] [--binary-format] [--output-file OUTPUT_FILE] nickname nickname The name of the certificate to export OPTIONS 'dsconf security export-cert' --binary-format Export certificate in DER/binary format --output-file OUTPUT_FILE The name for the exported certificate. Default name is the certificate nickname with an extension of ".pem" or ".crt" COMMAND 'dsconf schema' usage: dsconf instance schema [-h] {list,attributetypes,objectclasses,matchingrules,reload,validate-syntax,import-openldap-file} ... POSITIONAL ARGUMENTS 'dsconf schema' dsconf schema list List all schema objects on this system dsconf schema attributetypes Work with attribute types on this system dsconf schema objectclasses Work with objectClasses on this system dsconf schema matchingrules Work with matching rules on this system dsconf schema reload Dynamically reload schema while server is running dsconf schema validate-syntax Run a task to check that all attributes in an entry have the correct syntax dsconf schema import-openldap-file Import an openldap formatted dynamic schema ldifs. These will contain values like olcAttributeTypes and olcObjectClasses. COMMAND 'dsconf schema list' usage: dsconf instance schema list [-h] COMMAND 'dsconf schema attributetypes' usage: dsconf instance schema attributetypes [-h] {get_syntaxes,list,query,add,replace,remove} ... POSITIONAL ARGUMENTS 'dsconf schema attributetypes' dsconf schema attributetypes get_syntaxes List all available attribute type syntaxes dsconf schema attributetypes list List available attribute types on this system dsconf schema attributetypes query Query an attribute to determine object classes that may or must take it dsconf schema attributetypes add Add an attribute type to this system dsconf schema attributetypes replace Replace an attribute type on this system dsconf schema attributetypes remove Remove an attribute type on this system COMMAND 'dsconf schema attributetypes get_syntaxes' usage: dsconf instance schema attributetypes get_syntaxes [-h] COMMAND 'dsconf schema attributetypes list' usage: dsconf instance schema attributetypes list [-h] COMMAND 'dsconf schema attributetypes query' usage: dsconf instance schema attributetypes query [-h] [name] name Attribute type to query COMMAND 'dsconf schema attributetypes add' usage: dsconf instance schema attributetypes add [-h] [--oid OID] [--desc DESC] [--x-origin X_ORIGIN] [--aliases ALIASES [ALIASES ...]] [--single-value] [--multi-value] [--no-user-mod] [--user-mod] [--equality EQUALITY] [--substr SUBSTR] [--ordering ORDERING] [--usage USAGE] [--sup SUP] --syntax SYNTAX name name NAME of the object OPTIONS 'dsconf schema attributetypes add' --oid OID OID assigned to the object --desc DESC Description text(DESC) of the object --x-origin X_ORIGIN Provides information about where the attribute type is defined --aliases ALIASES [ALIASES ...] Additional NAMEs of the object. --single-value True if the matching rule must have only one valueOnly one of the flags this or --multi-value should be specified --multi-value True if the matching rule may have multiple values (default)Only one of the flags this or --single-value should be specified --no-user-mod True if the attribute is not modifiable by a client applicationOnly one of the flags this or --user-mod should be specified --user-mod True if the attribute is modifiable by a client application (default)Only one of the flags this or --no-user-mode should be specified --equality EQUALITY NAME or OID of the matching rule used for checkingwhether attribute values are equal --substr SUBSTR NAME or OID of the matching rule used for checkingwhether an attribute value contains another value --ordering ORDERING NAME or OID of the matching rule used for checkingwhether attribute values are lesser - equal than --usage USAGE The flag indicates how the attribute type is to be used. Choose from the list: userApplications (default), directoryOperation, distributedOperation, dSAOperation --sup SUP The NAME or OID of attribute type this attribute type is derived from --syntax SYNTAX OID of the LDAP syntax assigned to the attribute COMMAND 'dsconf schema attributetypes replace' usage: dsconf instance schema attributetypes replace [-h] [--oid OID] [--desc DESC] [--x-origin X_ORIGIN] [--aliases ALIASES [ALIASES ...]] [--single-value] [--multi-value] [--no-user-mod] [--user-mod] [--equality EQUALITY] [--substr SUBSTR] [--ordering ORDERING] [--usage USAGE] [--sup SUP] [--syntax SYNTAX] name name NAME of the object OPTIONS 'dsconf schema attributetypes replace' --oid OID OID assigned to the object --desc DESC Description text(DESC) of the object --x-origin X_ORIGIN Provides information about where the attribute type is defined --aliases ALIASES [ALIASES ...] Additional NAMEs of the object. --single-value True if the matching rule must have only one valueOnly one of the flags this or --multi-value should be specified --multi-value True if the matching rule may have multiple values (default)Only one of the flags this or --single-value should be specified --no-user-mod True if the attribute is not modifiable by a client applicationOnly one of the flags this or --user-mod should be specified --user-mod True if the attribute is modifiable by a client application (default)Only one of the flags this or --no-user-mode should be specified --equality EQUALITY NAME or OID of the matching rule used for checkingwhether attribute values are equal --substr SUBSTR NAME or OID of the matching rule used for checkingwhether an attribute value contains another value --ordering ORDERING NAME or OID of the matching rule used for checkingwhether attribute values are lesser - equal than --usage USAGE The flag indicates how the attribute type is to be used. Choose from the list: userApplications (default), directoryOperation, distributedOperation, dSAOperation --sup SUP The NAME or OID of attribute type this attribute type is derived from --syntax SYNTAX OID of the LDAP syntax assigned to the attribute COMMAND 'dsconf schema attributetypes remove' usage: dsconf instance schema attributetypes remove [-h] name name NAME of the object COMMAND 'dsconf schema objectclasses' usage: dsconf instance schema objectclasses [-h] {list,query,add,replace,remove} ... POSITIONAL ARGUMENTS 'dsconf schema objectclasses' dsconf schema objectclasses list List available objectClasses on this system dsconf schema objectclasses query Query an objectClass dsconf schema objectclasses add Add an objectClass to this system dsconf schema objectclasses replace Replace an objectClass on this system dsconf schema objectclasses remove Remove an objectClass on this system COMMAND 'dsconf schema objectclasses list' usage: dsconf instance schema objectclasses list [-h] COMMAND 'dsconf schema objectclasses query' usage: dsconf instance schema objectclasses query [-h] [name] name ObjectClass to query COMMAND 'dsconf schema objectclasses add' usage: dsconf instance schema objectclasses add [-h] [--oid OID] [--desc DESC] [--x-origin X_ORIGIN] [--must MUST [MUST ...]] [--may MAY [MAY ...]] [--kind KIND] [--sup SUP [SUP ...]] name name NAME of the object OPTIONS 'dsconf schema objectclasses add' --oid OID OID assigned to the object --desc DESC Description text(DESC) of the object --x-origin X_ORIGIN Provides information about where the attribute type is defined --must MUST [MUST ...] NAMEs or OIDs of all attributes an entry of the object must have --may MAY [MAY ...] NAMEs or OIDs of additional attributes an entry of the object may have --kind KIND Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY --sup SUP [SUP ...] NAME or OIDs of object classes this object is derived from COMMAND 'dsconf schema objectclasses replace' usage: dsconf instance schema objectclasses replace [-h] [--oid OID] [--desc DESC] [--x-origin X_ORIGIN] [--must MUST [MUST ...]] [--may MAY [MAY ...]] [--kind KIND] [--sup SUP [SUP ...]] name name NAME of the object OPTIONS 'dsconf schema objectclasses replace' --oid OID OID assigned to the object --desc DESC Description text(DESC) of the object --x-origin X_ORIGIN Provides information about where the attribute type is defined --must MUST [MUST ...] NAMEs or OIDs of all attributes an entry of the object must have --may MAY [MAY ...] NAMEs or OIDs of additional attributes an entry of the object may have --kind KIND Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY --sup SUP [SUP ...] NAME or OIDs of object classes this object is derived from COMMAND 'dsconf schema objectclasses remove' usage: dsconf instance schema objectclasses remove [-h] name name NAME of the object COMMAND 'dsconf schema matchingrules' usage: dsconf instance schema matchingrules [-h] {list,query} ... POSITIONAL ARGUMENTS 'dsconf schema matchingrules' dsconf schema matchingrules list List available matching rules on this system dsconf schema matchingrules query Query a matching rule COMMAND 'dsconf schema matchingrules list' usage: dsconf instance schema matchingrules list [-h] COMMAND 'dsconf schema matchingrules query' usage: dsconf instance schema matchingrules query [-h] [name] name Matching rule to query COMMAND 'dsconf schema reload' usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait] [--timeout TIMEOUT] OPTIONS 'dsconf schema reload' -d SCHEMADIR, --schemadir SCHEMADIR directory where schema files are located --wait Wait for the reload task to complete --timeout TIMEOUT Set a timeout to wait for the reload task. Default is 120 seconds COMMAND 'dsconf schema validate-syntax' usage: dsconf instance schema validate-syntax [-h] [-f FILTER] [--timeout TIMEOUT] DN DN Base DN that contains entries to validate OPTIONS 'dsconf schema validate-syntax' -f FILTER, --filter FILTER Filter for entries to validate. If omitted, all entries with filter "(objectclass=*)" are validated --timeout TIMEOUT Set a timeout to wait for the validation task. Default is 120 seconds COMMAND 'dsconf schema import-openldap-file' usage: dsconf instance schema import-openldap-file [-h] [--confirm] schema_file schema_file Path to the openldap dynamic schema ldif to import OPTIONS 'dsconf schema import-openldap-file' --confirm Confirm that you want to apply these schema migration actions to the 389-ds instance. By default no actions are taken. COMMAND 'dsconf repl-conflict' usage: dsconf instance repl-conflict [-h] {list,compare,delete,swap,convert,list-glue,delete-glue,convert-glue} ... POSITIONAL ARGUMENTS 'dsconf repl-conflict' dsconf repl-conflict list List conflict entries dsconf repl-conflict compare Compare the conflict entry with its valid counterpart dsconf repl-conflict delete Delete a conflict entry dsconf repl-conflict swap Replace the valid entry with the conflict entry dsconf repl-conflict convert Convert the conflict entry to a valid entry, while keeping the original valid entry counterpart. This requires that the converted conflict entry have a new RDN value. For example: "cn=my_new_rdn_value". dsconf repl-conflict list-glue List replication glue entries dsconf repl-conflict delete-glue Delete the glue entry and its child entries dsconf repl-conflict convert-glue Convert the glue entry into a regular entry COMMAND 'dsconf repl-conflict list' usage: dsconf instance repl-conflict list [-h] suffix suffix Sets the backend name, or suffix, to look for conflict entries COMMAND 'dsconf repl-conflict compare' usage: dsconf instance repl-conflict compare [-h] DN DN The DN of the conflict entry COMMAND 'dsconf repl-conflict delete' usage: dsconf instance repl-conflict delete [-h] DN DN The DN of the conflict entry COMMAND 'dsconf repl-conflict swap' usage: dsconf instance repl-conflict swap [-h] DN DN The DN of the conflict entry COMMAND 'dsconf repl-conflict convert' usage: dsconf instance repl-conflict convert [-h] --new-rdn NEW_RDN DN DN The DN of the conflict entry OPTIONS 'dsconf repl-conflict convert' --new-rdn NEW_RDN Sets the new RDN for the converted conflict entry. For example: "cn=my_new_rdn_value" COMMAND 'dsconf repl-conflict list-glue' usage: dsconf instance repl-conflict list-glue [-h] suffix suffix The backend name, or suffix, to look for glue entries COMMAND 'dsconf repl-conflict delete-glue' usage: dsconf instance repl-conflict delete-glue [-h] DN DN The DN of the glue entry COMMAND 'dsconf repl-conflict convert-glue' usage: dsconf instance repl-conflict convert-glue [-h] DN DN The DN of the glue entry OPTIONS -v, --verbose Display verbose operation tracing during command execution -D BINDDN, --binddn BINDDN The account to bind as for executing operations -w BINDPW, --bindpw BINDPW Password for the bind DN -W, --prompt Prompt for password of the bind DN -y PWDFILE, --pwdfile PWDFILE Specifies a file containing the password of the bind DN -b BASEDN, --basedn BASEDN Base DN (root naming context) of the instance to manage -Z, --starttls Connect with StartTLS -j, --json Return result in JSON object AUTHOR Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org> DISTRIBUTION The latest version of lib389 may be downloaded from lib389 3.0.1 2024-04-08 DSCONF(1)