NAME¶

SYNOPSIS¶

OPTIONS¶

instance

The instance name OR the LDAP url to connect to, IE localhost,
ldap://mai.example.com:389

OPTIONS 'dsconf backend'¶

OPTIONS 'dsconf backend suffix'¶

OPTIONS 'dsconf backend suffix list'¶

--suffix

Just display the suffix, and not the backend name

--skip-subsuffixes

Skip over sub-suffixes

OPTIONS 'dsconf backend suffix get'¶

selector

The backend to search for

OPTIONS 'dsconf backend suffix get-dn'¶

dn

The backend dn to get

OPTIONS 'dsconf backend suffix get-sub-suffixes'¶

be_name

The backend name or suffix to search for sub-suffixes

--suffix

Just display the suffix, and not the backend name

OPTIONS 'dsconf backend suffix set'¶

be_name

The backend name or suffix to delete

--enable-readonly

Set backend database to be read-only

--disable-readonly

Disable read-only mode for backend database

--add-referral ADD_REFERRAL

Add a LDAP referral to the backend

--del-referral DEL_REFERRAL

Remove a LDAP referral to the backend

--enable

Enable the backend database

--disable

Disable the backend database

--cache-size CACHE_SIZE

The maximum number of entries to keep in the entry cache

--cache-memsize CACHE_MEMSIZE

The maximum size in bytes that the entry cache can grow to

--dncache-memsize DNCACHE_MEMSIZE

The maximum size in bytes that the DN cache can grow to

OPTIONS 'dsconf backend index'¶

OPTIONS 'dsconf backend index add'¶

be_name

The backend name or suffix to delete

--index-type INDEX_TYPE

An indexing type: eq, sub, pres, or approximate

--matching-rule MATCHING_RULE

Matching rule for the index

--reindex

After adding new index, reindex the database

--attr ATTR

The index attribute's name

OPTIONS 'dsconf backend index set'¶

be_name

The backend name or suffix to edit an index from

--attr ATTR

The index name to edit

--add-type ADD_TYPE

An index type to add to the index: eq, sub, pres, or approx

--del-type DEL_TYPE

An index type to remove from the index: eq, sub, pres, or approx

--add-mr ADD_MR

A matching-rule to add to the index

--del-mr DEL_MR

A matching-rule to remove from the index

--reindex

After editing index, reindex the database

OPTIONS 'dsconf backend index get'¶

be_name

The backend name or suffix to get the index from

--attr ATTR

The index name to get

OPTIONS 'dsconf backend index list'¶

be_name

The backend name or suffix to list indexes from

--just-names

Return a list of just the attribute names for a backend

OPTIONS 'dsconf backend index delete'¶

be_name

The backend name or suffix to delete

--attr ATTR

The index attribute's name

OPTIONS 'dsconf backend index reindex'¶

be_name

The backend name or suffix to reindex

--attr ATTR

The index attribute's name to reindex. Skip this argument to reindex all
attributes

OPTIONS 'dsconf backend vlv-index'¶

OPTIONS 'dsconf backend vlv-index list'¶

be_name

The backend name of the VLV index

--just-names

List just the names of the VLV search entries

OPTIONS 'dsconf backend vlv-index get'¶

be_name

The backend name of the VLV index

--name NAME

Get the VLV search entry and its index entries

OPTIONS 'dsconf backend vlv-index add-search'¶

be_name

The backend name of the VLV index

--name NAME

Name of the VLV search entry

--search-base SEARCH_BASE

The VLV search base

--search-scope SEARCH_SCOPE

The VLV search scope: 0 (base search), 1 (one-evel search), or 2 (subtree
ssearch)

--search-filter SEARCH_FILTER

The VLV search filter

OPTIONS 'dsconf backend vlv-index edit-search'¶

be_name

The backend name of the VLV index

--name NAME

Name of the VLV index

--search-base SEARCH_BASE

The VLV search base

--search-scope SEARCH_SCOPE

The VLV search scope: 0 (base search), 1 (one-evel search), or 2 (subtree
ssearch)

--search-filter SEARCH_FILTER

The VLV search filter

--reindex

Reindex all the VLV database indexes

OPTIONS 'dsconf backend vlv-index del-search'¶

be_name

The backend name of the VLV index

--name NAME

Name of the VLV search index

OPTIONS 'dsconf backend vlv-index add-index'¶

be_name

The backend name of the VLV index

--parent-name PARENT_NAME

Name, or "cn" attribute value, of the parent VLV search entry

--index-name INDEX_NAME

Name of the new VLV index

--sort SORT

A space separated list of attributes to sort for this VLV index

--index

Create the actual database index for this VLV index definition

OPTIONS 'dsconf backend vlv-index del-index'¶

be_name

The backend name of the VLV index

--parent-name PARENT_NAME

Name, or "cn" attribute value, of the parent VLV search entry

--index-name INDEX_NAME

Name of the VLV index to delete

OPTIONS 'dsconf backend vlv-index reindex'¶

be_name

The backend name of the VLV index

--index-name INDEX_NAME

Name of the VLV Index entry to reindex. If not set, all indexes are reindexed

--parent-name PARENT_NAME

Name, or "cn" attribute value, of the parent VLV search entry

OPTIONS 'dsconf backend attr-encrypt'¶

be_name

The backend name or suffix to to reindex

--list

List all the encrypted attributes for this backend

--just-names

List just the names of the encrypted attributes (used with --list)

--add-attr ADD_ATTR

Add an attribute to be encrypted

--del-attr DEL_ATTR

Remove an attribute from being encrypted

OPTIONS 'dsconf backend config'¶

OPTIONS 'dsconf backend config get'¶

OPTIONS 'dsconf backend config set'¶

--lookthroughlimit LOOKTHROUGHLIMIT

specifies the maximum number of entries that the Directory Server will check
when examining candidate entries in response to a search request

--mode MODE

Specifies the permissions used for newly created index files

--idlistscanlimit IDLISTSCANLIMIT

Specifies the number of entry IDs that are searched during a search operation

--directory DIRECTORY

Specifies absolute path to database instance

--dbcachesize DBCACHESIZE

Specifies the database index cache size, in bytes.

--logdirectory LOGDIRECTORY

Specifies the path to the directory that contains the database transaction
logs

--durable_txn DURABLE_TXN

Sets whether database transaction log entries are immediately written to the
disk.

--txn-wait TXN_WAIT

Sets whether the server should should wait if there are no db locks available

--checkpoint-interval CHECKPOINT_INTERVAL

Sets the amount of time in seconds after which the Directory Server sends a
checkpoint entry to the database transaction log

--compactdb-interval COMPACTDB_INTERVAL

Sets the interval in seconds when the database is compacted

--txn-batch-val TXN_BATCH_VAL

Specifies how many transactions will be batched before being committed

--txn-batch-min TXN_BATCH_MIN

Controls when transactions should be flushed earliest, independently of the
batch count (only works when txn-batch-val is set)

--txn-batch-max TXN_BATCH_MAX

Controls when transactions should be flushed latest, independently of the
batch count (only works when txn-batch-val is set)

--logbufsize LOGBUFSIZE

Specifies the transaction log information buffer size

--locks LOCKS

Sets the maximum number of database locks

--import-cache_autosize IMPORT_CACHE_AUTOSIZE

Set to "on" or "off" to automatically set the size of the import cache to be
used during the the import process of LDIF files

--cache-autosize CACHE_AUTOSIZE

Sets the percentage of free memory that is used in total for the database and
entry cache. Set to "0" to disable this feature.

--cache-autosize-split CACHE_AUTOSIZE_SPLIT

Sets the percentage of RAM that is used for the database cache. The remaining
percentage is used for the entry cache

--import-cachesize IMPORT_CACHESIZE

Sets the size, in bytes, of the database cache used in the import process.

--exclude-from-export EXCLUDE_FROM_EXPORT

List of attributes to not include during database export operations

--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT

Specifies the maximum number of entries that the Directory Server will check
when examining candidate entries for a search which uses the simple paged
results control

--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT

Specifies the number of entry IDs that are searched, specifically, for a
search operation using the simple paged results control.

--rangelookthroughlimit RANGELOOKTHROUGHLIMIT

Specifies the maximum number of entries that the Directory Server will check
when examining candidate entries in response to a range search request.

--backend-opt-level BACKEND_OPT_LEVEL

WARNING this parameter can trigger experimental code to improve write
performance. Valid values are: 0, 1, 2, or 4

--deadlock-policy DEADLOCK_POLICY

Adjusts the backend database deadlock policy (Advanced setting)

OPTIONS 'dsconf backend monitor'¶

--suffix SUFFIX

Get just the suffix monitor entry

OPTIONS 'dsconf backend import'¶

be_name

The backend name or the root suffix where to import

ldifs

Specifies the filename of the input LDIF files.When multiple files are
imported, they are imported in the orderthey are specified on the command
line.

-c CHUNKS_SIZE, --chunks-size CHUNKS_SIZE

The number of chunks to have during the import operation.

-E, --encrypted

Decrypts encrypted data during export. This option is used onlyif database
encryption is enabled.

-g GEN_UNIQ_ID, --gen-uniq-id GEN_UNIQ_ID

Generate a unique id. Type none for no unique ID to be generatedand
deterministic for the generated unique ID to be name-based.By default, a time-
based unique ID is generated.When using the deterministic generation to have a
name-based unique ID,it is also possible to specify the namespace for the
server to use.namespaceId is a string of charactersin the format 00-xxxxxxxx-
xxxxxxxx-xxxxxxxx-xxxxxxxx.

-O, --only-core

Requests that only the core database is created without attribute indexes.

-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]

Specifies the suffixes or the subtrees to be included.

-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]

Specifies the suffixes to be excluded.

OPTIONS 'dsconf backend export'¶

be_names

The backend names or the root suffixes from where to export.

-l LDIF, --ldif LDIF

Gives the filename of the output LDIF file.If more than one are specified, use
a space as a separator

-C, --use-id2entry

Uses only the main database file.

-E, --encrypted

Decrypts encrypted data during export. This option is used only if database
encryption is enabled.

-m, --min-base64

Sets minimal base-64 encoding.

-N, --no-seq-num

Enables you to suppress printing the sequence number.

-r, --replication

Exports the information required to initialize a replica when the LDIF is
imported

-u, --no-dump-uniq-id

Requests that the unique ID is not exported.

-U, --not-folded

Requests that the output LDIF is not folded.

-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...], --include-suffixes INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]

Specifies the suffixes or the subtrees to be included.

-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...], --exclude-suffixes EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]

Specifies the suffixes to be excluded.

OPTIONS 'dsconf backend create'¶

--parent-suffix PARENT_SUFFIX

Sets the parent suffix only if this backend is a sub-suffix

--suffix SUFFIX

The database suffix DN, for example "dc=example,dc=com"

--be-name BE_NAME

The database backend name, for example "userroot"

--create-entries

Create sample entries in the database

OPTIONS 'dsconf backend delete'¶

be_name

The backend name or suffix to delete

OPTIONS 'dsconf backup'¶

OPTIONS 'dsconf backup create'¶

archive

The directory where the backup files will be stored.The /var/lib/dirsrv/slapd-
instance/bak directory is used by default.The backup file is named according
to the year-month-day-hour format.

-t DB_TYPE, --db-type DB_TYPE

Database type (default: ldbm database).

OPTIONS 'dsconf backup restore'¶

archive

The directory of the backup files.

-t DB_TYPE, --db-type DB_TYPE

Database type (default: ldbm database).

OPTIONS 'dsconf chaining'¶

OPTIONS 'dsconf chaining config-get'¶

--avail-controls AVAIL_CONTROLS

List available controls for chaining

--avail-comps AVAIL_COMPS

List available plugin components for chaining

OPTIONS 'dsconf chaining config-set'¶

--add-control ADD_CONTROL

Add a transmitted control OID

--del-control DEL_CONTROL

Delete a transmitted control OID

--add-comp ADD_COMP

Add a chaining component

--del-comp DEL_COMP

Delete a chaining component

OPTIONS 'dsconf chaining config-get-def'¶

OPTIONS 'dsconf chaining config-set-def'¶

--conn-bind-limit CONN_BIND_LIMIT

The maximum number of BIND connections the database link establishes with the
remote server.

--conn-op-limit CONN_OP_LIMIT

The maximum number of LDAP connections the database link establishes with the
remote server.

--abandon-check-interval ABANDON_CHECK_INTERVAL

The number of seconds that pass before the server checks for abandoned
operations.

--bind-limit BIND_LIMIT

The maximum number of concurrent bind operations per TCP connection.

--op-limit OP_LIMIT

The maximum number of concurrent operations allowed.

--proxied-auth PROXIED_AUTH

Set to "off" to disable proxied authorization, then binds for chained
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).

--conn-lifetime CONN_LIFETIME

Specifies connection lifetime in seconds. 0 keeps connection open forever.

--bind-timeout BIND_TIMEOUT

The amount of time in seconds before a bind attempt times out.

--return-ref RETURN_REF

Sets whether referrals are returned by scoped searches (on/off).

--check-aci CHECK_ACI

Set whether ACIs are evaluated on the database link as well as the remote data
server (on/off).

--bind-attempts BIND_ATTEMPTS

Sets the number of times the server tries to bind with the remote server.

--size-limit SIZE_LIMIT

Sets the maximum number of entries to return from a search operation.

--time-limit TIME_LIMIT

Sets the maximum number of seconds allowed for an operation.

--hop-limit HOP_LIMIT

Sets the maximum number of times a database is allowed to chain; that is, the
number of times a request can be forwarded from one database link to another.

--response-delay RESPONSE_DELAY

The maximum amount of time it can take a remote server to respond to an LDAP
operation request made by a database link before an error is suspected.

--test-response-delay TEST_RESPONSE_DELAY

Sets the duration of the test issued by the database link to check whether the
remote server is responding.

--use-starttls USE_STARTTLS

Specificies that the database links should StartTLS for its secure
connections.

OPTIONS 'dsconf chaining link-create'¶

CHAIN_NAME

The name of the database link

--conn-bind-limit CONN_BIND_LIMIT

The maximum number of BIND connections the database link establishes with the
remote server.

--conn-op-limit CONN_OP_LIMIT

The maximum number of LDAP connections the database link establishes with the
remote server.

--abandon-check-interval ABANDON_CHECK_INTERVAL

The number of seconds that pass before the server checks for abandoned
operations.

--bind-limit BIND_LIMIT

The maximum number of concurrent bind operations per TCP connection.

--op-limit OP_LIMIT

The maximum number of concurrent operations allowed.

--proxied-auth PROXIED_AUTH

Set to "off" to disable proxied authorization, then binds for chained
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).

--conn-lifetime CONN_LIFETIME

Specifies connection lifetime in seconds. 0 keeps connection open forever.

--bind-timeout BIND_TIMEOUT

The amount of time in seconds before a bind attempt times out.

--return-ref RETURN_REF

Sets whether referrals are returned by scoped searches (on/off).

--check-aci CHECK_ACI

Set whether ACIs are evaluated on the database link as well as the remote data
server (on/off).

--bind-attempts BIND_ATTEMPTS

Sets the number of times the server tries to bind with the remote server.

--size-limit SIZE_LIMIT

Sets the maximum number of entries to return from a search operation.

--time-limit TIME_LIMIT

Sets the maximum number of seconds allowed for an operation.

--hop-limit HOP_LIMIT

Sets the maximum number of times a database is allowed to chain; that is, the
number of times a request can be forwarded from one database link to another.

--response-delay RESPONSE_DELAY

The maximum amount of time it can take a remote server to respond to an LDAP
operation request made by a database link before an error is suspected.

--test-response-delay TEST_RESPONSE_DELAY

Sets the duration of the test issued by the database link to check whether the
remote server is responding.

--use-starttls USE_STARTTLS

Specificies that the database links should StartTLS for its secure
connections.

--suffix SUFFIX

The suffix managed by the database link.

--server-url SERVER_URL

Gives the LDAP/LDAPS URL of the remote server.

--bind-mech BIND_MECH

Sets the authentication method to use to authenticate to the remote server:
<leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI

--bind-dn BIND_DN

DN of the administrative entry used to communicate with the remote server

--bind-pw BIND_PW

Password for the administrative user.

OPTIONS 'dsconf chaining link-get'¶

CHAIN_NAME

The chaining link name to search for

OPTIONS 'dsconf chaining link-set'¶

CHAIN_NAME

The name of the database link

--conn-bind-limit CONN_BIND_LIMIT

The maximum number of BIND connections the database link establishes with the
remote server.

--conn-op-limit CONN_OP_LIMIT

The maximum number of LDAP connections the database link establishes with the
remote server.

--abandon-check-interval ABANDON_CHECK_INTERVAL

The number of seconds that pass before the server checks for abandoned
operations.

--bind-limit BIND_LIMIT

The maximum number of concurrent bind operations per TCP connection.

--op-limit OP_LIMIT

The maximum number of concurrent operations allowed.

--proxied-auth PROXIED_AUTH

Set to "off" to disable proxied authorization, then binds for chained
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).

--conn-lifetime CONN_LIFETIME

Specifies connection lifetime in seconds. 0 keeps connection open forever.

--bind-timeout BIND_TIMEOUT

The amount of time in seconds before a bind attempt times out.

--return-ref RETURN_REF

Sets whether referrals are returned by scoped searches (on/off).

--check-aci CHECK_ACI

Set whether ACIs are evaluated on the database link as well as the remote data
server (on/off).

--bind-attempts BIND_ATTEMPTS

Sets the number of times the server tries to bind with the remote server.

--size-limit SIZE_LIMIT

Sets the maximum number of entries to return from a search operation.

--time-limit TIME_LIMIT

Sets the maximum number of seconds allowed for an operation.

--hop-limit HOP_LIMIT

Sets the maximum number of times a database is allowed to chain; that is, the
number of times a request can be forwarded from one database link to another.

--response-delay RESPONSE_DELAY

The maximum amount of time it can take a remote server to respond to an LDAP
operation request made by a database link before an error is suspected.

--test-response-delay TEST_RESPONSE_DELAY

Sets the duration of the test issued by the database link to check whether the
remote server is responding.

--use-starttls USE_STARTTLS

Specificies that the database links should StartTLS for its secure
connections.

--suffix SUFFIX

The suffix managed by the database link.

--server-url SERVER_URL

Gives the LDAP/LDAPS URL of the remote server.

--bind-mech BIND_MECH

Sets the authentication method to use to authenticate to the remote server:
<leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI

--bind-dn BIND_DN

DN of the administrative entry used to communicate with the remote server

--bind-pw BIND_PW

Password for the administrative user.

OPTIONS 'dsconf chaining link-delete'¶

CHAIN_NAME

The name of the database link

OPTIONS 'dsconf chaining monitor'¶

CHAIN_NAME

The name of the database link

OPTIONS 'dsconf chaining link-list'¶

OPTIONS 'dsconf config'¶

OPTIONS 'dsconf config get'¶

attrs

Configuration attribute(s) to get

OPTIONS 'dsconf config add'¶

attr

Configuration attribute to add

OPTIONS 'dsconf config replace'¶

attr

Configuration attribute to replace

OPTIONS 'dsconf config delete'¶

attr

Configuration attribute to delete

OPTIONS 'dsconf directory_manager'¶

OPTIONS 'dsconf directory_manager password_change'¶

OPTIONS 'dsconf healthcheck'¶

OPTIONS 'dsconf plugin'¶

OPTIONS 'dsconf plugin memberof'¶

OPTIONS 'dsconf plugin memberof show'¶

OPTIONS 'dsconf plugin memberof enable'¶

OPTIONS 'dsconf plugin memberof disable'¶

OPTIONS 'dsconf plugin memberof status'¶

OPTIONS 'dsconf plugin memberof edit'¶

--attr ATTR [ATTR ...]

The value to set as memberOfAttr

--groupattr GROUPATTR [GROUPATTR ...]

The value to set as memberOfGroupAttr

--allbackends {on,off}

The value to set as memberOfAllBackends

--skipnested {on,off}

The value to set as memberOfSkipNested

--scope SCOPE

The value to set as memberOfEntryScope

--exclude EXCLUDE

The value to set as memberOfEntryScopeExcludeSubtree

--autoaddoc AUTOADDOC

The value to set as memberOfAutoAddOC

--config-entry CONFIG_ENTRY

The value to set as nsslapd-pluginConfigArea

OPTIONS 'dsconf plugin memberof config-entry'¶

OPTIONS 'dsconf plugin memberof config-entry add'¶

DN

The config entry full DN

--attr ATTR [ATTR ...]

The value to set as memberOfAttr

--groupattr GROUPATTR [GROUPATTR ...]

The value to set as memberOfGroupAttr

--allbackends {on,off}

The value to set as memberOfAllBackends

--skipnested {on,off}

The value to set as memberOfSkipNested

--scope SCOPE

The value to set as memberOfEntryScope

--exclude EXCLUDE

The value to set as memberOfEntryScopeExcludeSubtree

--autoaddoc AUTOADDOC

The value to set as memberOfAutoAddOC

OPTIONS 'dsconf plugin memberof config-entry edit'¶

DN

The config entry full DN

--attr ATTR [ATTR ...]

The value to set as memberOfAttr

--groupattr GROUPATTR [GROUPATTR ...]

The value to set as memberOfGroupAttr

--allbackends {on,off}

The value to set as memberOfAllBackends

--skipnested {on,off}

The value to set as memberOfSkipNested

--scope SCOPE

The value to set as memberOfEntryScope

--exclude EXCLUDE

The value to set as memberOfEntryScopeExcludeSubtree

--autoaddoc AUTOADDOC

The value to set as memberOfAutoAddOC

OPTIONS 'dsconf plugin memberof config-entry show'¶

DN

The config entry full DN

OPTIONS 'dsconf plugin memberof config-entry delete'¶

DN

The config entry full DN

OPTIONS 'dsconf plugin memberof fixup'¶

DN

base DN that contains entries to fix up

-f FILTER, --filter FILTER

Filter for entries to fix up. If omitted, all entries with objectclass
inetuser/inetadmin/nsmemberof under the specified base will have their
memberOf attribute regenerated.

OPTIONS 'dsconf plugin automember'¶

OPTIONS 'dsconf plugin automember show'¶

OPTIONS 'dsconf plugin automember enable'¶

OPTIONS 'dsconf plugin automember disable'¶

OPTIONS 'dsconf plugin automember status'¶

OPTIONS 'dsconf plugin automember create'¶

name

Set cn for group entry.

--groupattr GROUPATTR

Set member attribute in group entry.

--defaultgroup DEFAULTGROUP

Set default group to add member to.

--scope SCOPE

Set automember scope.

--filter FILTER

Set automember filter.

OPTIONS 'dsconf plugin automember list'¶

--name NAME

Set cn for group entry. If not specified show all automember definitions.

OPTIONS 'dsconf plugin automember edit'¶

name

Set cn for group entry.

--groupattr GROUPATTR

Set member attribute in group entry.

--defaultgroup DEFAULTGROUP

Set default group to add member to.

--scope SCOPE

Set automember scope.

--filter FILTER

Set automember filter.

OPTIONS 'dsconf plugin automember remove'¶

name

Set cn for group entry.

OPTIONS 'dsconf plugin referint'¶

OPTIONS 'dsconf plugin referint show'¶

OPTIONS 'dsconf plugin referint enable'¶

OPTIONS 'dsconf plugin referint disable'¶

OPTIONS 'dsconf plugin referint status'¶

OPTIONS 'dsconf plugin referint delay'¶

value

The value to set as update delay

OPTIONS 'dsconf plugin referint attrs'¶

OPTIONS 'dsconf plugin referint attrs add'¶

value

membership attribute to add

OPTIONS 'dsconf plugin referint attrs del'¶

value

membership attribute to remove

OPTIONS 'dsconf plugin referint scope'¶

OPTIONS 'dsconf plugin referint scope add'¶

value

The value to add in referint entry scope

OPTIONS 'dsconf plugin referint scope del'¶

value

The value to remove from entry scope

OPTIONS 'dsconf plugin referint scope delall'¶

OPTIONS 'dsconf plugin referint exclude'¶

OPTIONS 'dsconf plugin referint exclude add'¶

value

The value to add in exclude scope

OPTIONS 'dsconf plugin referint exclude del'¶

value

The value to remove from exclude scope

OPTIONS 'dsconf plugin referint exclude delall'¶

OPTIONS 'dsconf plugin referint container'¶

OPTIONS 'dsconf plugin referint container add'¶

value

The value to add in container scope

OPTIONS 'dsconf plugin referint container del'¶

value

The value to remove from container scope

OPTIONS 'dsconf plugin referint container delall'¶

OPTIONS 'dsconf plugin rootdn'¶

OPTIONS 'dsconf plugin rootdn show'¶

OPTIONS 'dsconf plugin rootdn enable'¶

OPTIONS 'dsconf plugin rootdn disable'¶

OPTIONS 'dsconf plugin rootdn status'¶

OPTIONS 'dsconf plugin rootdn time'¶

OPTIONS 'dsconf plugin rootdn time open'¶

value

Value to set as open time

OPTIONS 'dsconf plugin rootdn time close'¶

value

Value to set as close time

OPTIONS 'dsconf plugin rootdn time clear'¶

OPTIONS 'dsconf plugin rootdn ip'¶

OPTIONS 'dsconf plugin rootdn ip allow'¶

value

IP addr or IP addr range

OPTIONS 'dsconf plugin rootdn ip deny'¶

value

IP addr or IP addr range

OPTIONS 'dsconf plugin rootdn ip clear'¶

OPTIONS 'dsconf plugin rootdn host'¶

OPTIONS 'dsconf plugin rootdn host allow'¶

value

host address

OPTIONS 'dsconf plugin rootdn host deny'¶

value

host address

OPTIONS 'dsconf plugin rootdn host clear'¶

OPTIONS 'dsconf plugin rootdn day'¶

OPTIONS 'dsconf plugin rootdn day allow'¶

value

day of the week

OPTIONS 'dsconf plugin rootdn day deny'¶

value

day of the week

OPTIONS 'dsconf plugin rootdn day clear'¶

OPTIONS 'dsconf plugin usn'¶

OPTIONS 'dsconf plugin usn show'¶

OPTIONS 'dsconf plugin usn enable'¶

OPTIONS 'dsconf plugin usn disable'¶

OPTIONS 'dsconf plugin usn status'¶

OPTIONS 'dsconf plugin usn global'¶

OPTIONS 'dsconf plugin usn global on'¶

OPTIONS 'dsconf plugin usn global off'¶

OPTIONS 'dsconf plugin usn cleanup'¶

-s SUFFIX, --suffix SUFFIX

suffix where USN tombstone entries are cleaned up

-n BACKEND, --backend BACKEND

backend instance in which USN tombstone entries are cleaned up (alternative to
suffix)

-m MAXUSN, --maxusn MAXUSN

USN tombstone entries are deleted up to the entry with maxusn

OPTIONS 'dsconf plugin accountpolicy'¶

OPTIONS 'dsconf plugin accountpolicy show'¶

OPTIONS 'dsconf plugin accountpolicy enable'¶

OPTIONS 'dsconf plugin accountpolicy disable'¶

OPTIONS 'dsconf plugin accountpolicy status'¶

OPTIONS 'dsconf plugin attruniq'¶

OPTIONS 'dsconf plugin attruniq show'¶

OPTIONS 'dsconf plugin attruniq enable'¶

OPTIONS 'dsconf plugin attruniq disable'¶

OPTIONS 'dsconf plugin attruniq status'¶

OPTIONS 'dsconf plugin dna'¶

OPTIONS 'dsconf plugin dna show'¶

OPTIONS 'dsconf plugin dna enable'¶

OPTIONS 'dsconf plugin dna disable'¶

OPTIONS 'dsconf plugin dna status'¶

OPTIONS 'dsconf plugin linkedattr'¶

OPTIONS 'dsconf plugin linkedattr show'¶

OPTIONS 'dsconf plugin linkedattr enable'¶

OPTIONS 'dsconf plugin linkedattr disable'¶

OPTIONS 'dsconf plugin linkedattr status'¶

OPTIONS 'dsconf plugin managedentries'¶

OPTIONS 'dsconf plugin managedentries show'¶

OPTIONS 'dsconf plugin managedentries enable'¶

OPTIONS 'dsconf plugin managedentries disable'¶

OPTIONS 'dsconf plugin managedentries status'¶

OPTIONS 'dsconf plugin passthroughauth'¶

OPTIONS 'dsconf plugin passthroughauth show'¶

OPTIONS 'dsconf plugin passthroughauth enable'¶

OPTIONS 'dsconf plugin passthroughauth disable'¶

OPTIONS 'dsconf plugin passthroughauth status'¶

OPTIONS 'dsconf plugin retrochangelog'¶

OPTIONS 'dsconf plugin retrochangelog show'¶

OPTIONS 'dsconf plugin retrochangelog enable'¶

OPTIONS 'dsconf plugin retrochangelog disable'¶

OPTIONS 'dsconf plugin retrochangelog status'¶

OPTIONS 'dsconf plugin whoami'¶

OPTIONS 'dsconf plugin whoami show'¶

OPTIONS 'dsconf plugin whoami enable'¶

OPTIONS 'dsconf plugin whoami disable'¶

OPTIONS 'dsconf plugin whoami status'¶

OPTIONS 'dsconf plugin list'¶

OPTIONS 'dsconf plugin get'¶

selector

The plugin to search for

OPTIONS 'dsconf plugin edit'¶

selector

The plugin to edit

--type TYPE

The type of plugin.

--enabled {on,off}

Identifies whether or not the plugin is enabled.

--path PATH

The plugin library name (without the library suffix).

--initfunc INITFUNC

An initialization function of the plugin.

--id ID

The plugin ID.

--vendor VENDOR

The vendor of plugin.

--version VERSION

The version of plugin.

--description DESCRIPTION

The description of the plugin.

--depends-on-type DEPENDS_ON_TYPE

All plug-ins with a type value which matches one of the values in the
following valid range will be started by the server prior to this plug-in.

--depends-on-named DEPENDS_ON_NAMED

The plug-in name matching one of the following values will be started by the
server prior to this plug-in

OPTIONS 'dsconf pwpolicy'¶

OPTIONS 'dsconf pwpolicy get'¶

OPTIONS 'dsconf pwpolicy set'¶

--pwdscheme PWDSCHEME

The password storage scheme

--pwdchange PWDCHANGE

Allow users to change their passwords

--pwdmustchange PWDMUSTCHANGE

User must change their passwrod after it is reset by an Administrator

--pwdhistory PWDHISTORY

To enable password history set this to "on", otherwise "off"

--pwdhistorycount PWDHISTORYCOUNT

The number of password to keep in history

--pwdadmin PWDADMIN

The DN of an entry or a group of account that can bypass password policy
constraints

--pwdtrack PWDTRACK

Set to "on" to track the time the password was last changed

--pwdwarning PWDWARNING

Send an expiring warning if password expires within this time (in seconds)

--pwdexpire PWDEXPIRE

Set to "on" to enable password expiration

--pwdmaxage PWDMAXAGE

The password expiration time in seconds

--pwdminage PWDMINAGE

The number of seconds that must pass before a user can change their password

--pwdgracelimit PWDGRACELIMIT

The number of allowed logins after the password has expired

--pwdsendexpiring PWDSENDEXPIRING

Set to "on" to always send the expiring control regardless of the warning
period

--pwdlockout PWDLOCKOUT

Set to "on" to enable account lockout

--pwdunlock PWDUNLOCK

Set to "on" to allow an account to become unlocked after the lockout duration

--pwdlockoutduration PWDLOCKOUTDURATION

The number of seconds an account stays locked out

--pwdmaxfailures PWDMAXFAILURES

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

--pwdresetfailcount PWDRESETFAILCOUNT

The number of secondsto wait before reducingthe failed login count on an
account

--pwdchecksyntax PWDCHECKSYNTAX

Set to "on" to Enable password syntax checking

--pwdminlen PWDMINLEN

The minimum number of characters required in a password

--pwdmindigits PWDMINDIGITS

The minimum number of digit/number characters in a password

--pwdminalphas PWDMINALPHAS

The minimum number of alpha characters required in a password

--pwdminuppers PWDMINUPPERS

The minimum number of uppercase characters required in a password

--pwdminlowers PWDMINLOWERS

The minimum number of lowercase characters required in a password

--pwdminspecials PWDMINSPECIALS

The minimum number of special characters required in a password

--pwdmin8bits PWDMIN8BITS

The minimum number of 8-bit characters required in a password

--pwdmaxrepeats PWDMAXREPEATS

The maximum number of times the same character can appear sequentially in the
password

--pwdpalindrome PWDPALINDROME

Set to "on" to reject passwords that are palindromes

--pwdmaxseq PWDMAXSEQ

The maximum number of allowed monotonic character sequences in a password

--pwdmaxseqsets PWDMAXSEQSETS

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

--pwdmaxclasschars PWDMAXCLASSCHARS

The maximum number of sequential characters from the same character class that
is allowed in a password

--pwdmincatagories PWDMINCATAGORIES

The minimum number of syntax catagory checks

--pwdmintokenlen PWDMINTOKENLEN

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

--pwdbadwords PWDBADWORDS

A space-separated list of words that can not be in a password

--pwduserattrs PWDUSERATTRS

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

--pwddictcheck PWDDICTCHECK

Set to "on" to enfore CrackLib dictionary checking

--pwddictpath PWDDICTPATH

Filesystem path to specific/custom CrackLib dictionary files

--pwdlocal PWDLOCAL

Set to "on" to enable fine-grained (subtree/user-level) password policies

--pwdisglobal PWDISGLOBAL

Set to "on" to enable password policy state attributesto be replicated

--pwdallowhash PWDALLOWHASH

Set to "on" to allow adding prehashed passwords

OPTIONS 'dsconf localpwp'¶

OPTIONS 'dsconf localpwp list'¶

DN

Suffix to search for local password policies

OPTIONS 'dsconf localpwp get'¶

DN

Get the local policy for this entry DN

OPTIONS 'dsconf localpwp set'¶

DN

Set the local policy for this entry DN

--pwdscheme PWDSCHEME

The password storage scheme

--pwdchange PWDCHANGE

Allow users to change their passwords

--pwdmustchange PWDMUSTCHANGE

User must change their passwrod after it is reset by an Administrator

--pwdhistory PWDHISTORY

To enable password history set this to "on", otherwise "off"

--pwdhistorycount PWDHISTORYCOUNT

The number of password to keep in history

--pwdadmin PWDADMIN

The DN of an entry or a group of account that can bypass password policy
constraints

--pwdtrack PWDTRACK

Set to "on" to track the time the password was last changed

--pwdwarning PWDWARNING

Send an expiring warning if password expires within this time (in seconds)

--pwdexpire PWDEXPIRE

Set to "on" to enable password expiration

--pwdmaxage PWDMAXAGE

The password expiration time in seconds

--pwdminage PWDMINAGE

The number of seconds that must pass before a user can change their password

--pwdgracelimit PWDGRACELIMIT

The number of allowed logins after the password has expired

--pwdsendexpiring PWDSENDEXPIRING

Set to "on" to always send the expiring control regardless of the warning
period

--pwdlockout PWDLOCKOUT

Set to "on" to enable account lockout

--pwdunlock PWDUNLOCK

Set to "on" to allow an account to become unlocked after the lockout duration

--pwdlockoutduration PWDLOCKOUTDURATION

The number of seconds an account stays locked out

--pwdmaxfailures PWDMAXFAILURES

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

--pwdresetfailcount PWDRESETFAILCOUNT

The number of secondsto wait before reducingthe failed login count on an
account

--pwdchecksyntax PWDCHECKSYNTAX

Set to "on" to Enable password syntax checking

--pwdminlen PWDMINLEN

The minimum number of characters required in a password

--pwdmindigits PWDMINDIGITS

The minimum number of digit/number characters in a password

--pwdminalphas PWDMINALPHAS

The minimum number of alpha characters required in a password

--pwdminuppers PWDMINUPPERS

The minimum number of uppercase characters required in a password

--pwdminlowers PWDMINLOWERS

The minimum number of lowercase characters required in a password

--pwdminspecials PWDMINSPECIALS

The minimum number of special characters required in a password

--pwdmin8bits PWDMIN8BITS

The minimum number of 8-bit characters required in a password

--pwdmaxrepeats PWDMAXREPEATS

The maximum number of times the same character can appear sequentially in the
password

--pwdpalindrome PWDPALINDROME

Set to "on" to reject passwords that are palindromes

--pwdmaxseq PWDMAXSEQ

The maximum number of allowed monotonic character sequences in a password

--pwdmaxseqsets PWDMAXSEQSETS

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

--pwdmaxclasschars PWDMAXCLASSCHARS

The maximum number of sequential characters from the same character class that
is allowed in a password

--pwdmincatagories PWDMINCATAGORIES

The minimum number of syntax catagory checks

--pwdmintokenlen PWDMINTOKENLEN

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

--pwdbadwords PWDBADWORDS

A space-separated list of words that can not be in a password

--pwduserattrs PWDUSERATTRS

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

--pwddictcheck PWDDICTCHECK

Set to "on" to enfore CrackLib dictionary checking

--pwddictpath PWDDICTPATH

Filesystem path to specific/custom CrackLib dictionary files

OPTIONS 'dsconf localpwp remove'¶

DN

Remove local policy for this entry DN

OPTIONS 'dsconf localpwp adduser'¶

DN

Add/replace the local password policy for this entry DN

--pwdscheme PWDSCHEME

The password storage scheme

--pwdchange PWDCHANGE

Allow users to change their passwords

--pwdmustchange PWDMUSTCHANGE

User must change their passwrod after it is reset by an Administrator

--pwdhistory PWDHISTORY

To enable password history set this to "on", otherwise "off"

--pwdhistorycount PWDHISTORYCOUNT

The number of password to keep in history

--pwdadmin PWDADMIN

The DN of an entry or a group of account that can bypass password policy
constraints

--pwdtrack PWDTRACK

Set to "on" to track the time the password was last changed

--pwdwarning PWDWARNING

Send an expiring warning if password expires within this time (in seconds)

--pwdexpire PWDEXPIRE

Set to "on" to enable password expiration

--pwdmaxage PWDMAXAGE

The password expiration time in seconds

--pwdminage PWDMINAGE

The number of seconds that must pass before a user can change their password

--pwdgracelimit PWDGRACELIMIT

The number of allowed logins after the password has expired

--pwdsendexpiring PWDSENDEXPIRING

Set to "on" to always send the expiring control regardless of the warning
period

--pwdlockout PWDLOCKOUT

Set to "on" to enable account lockout

--pwdunlock PWDUNLOCK

Set to "on" to allow an account to become unlocked after the lockout duration

--pwdlockoutduration PWDLOCKOUTDURATION

The number of seconds an account stays locked out

--pwdmaxfailures PWDMAXFAILURES

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

--pwdresetfailcount PWDRESETFAILCOUNT

The number of secondsto wait before reducingthe failed login count on an
account

--pwdchecksyntax PWDCHECKSYNTAX

Set to "on" to Enable password syntax checking

--pwdminlen PWDMINLEN

The minimum number of characters required in a password

--pwdmindigits PWDMINDIGITS

The minimum number of digit/number characters in a password

--pwdminalphas PWDMINALPHAS

The minimum number of alpha characters required in a password

--pwdminuppers PWDMINUPPERS

The minimum number of uppercase characters required in a password

--pwdminlowers PWDMINLOWERS

The minimum number of lowercase characters required in a password

--pwdminspecials PWDMINSPECIALS

The minimum number of special characters required in a password

--pwdmin8bits PWDMIN8BITS

The minimum number of 8-bit characters required in a password

--pwdmaxrepeats PWDMAXREPEATS

The maximum number of times the same character can appear sequentially in the
password

--pwdpalindrome PWDPALINDROME

Set to "on" to reject passwords that are palindromes

--pwdmaxseq PWDMAXSEQ

The maximum number of allowed monotonic character sequences in a password

--pwdmaxseqsets PWDMAXSEQSETS

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

--pwdmaxclasschars PWDMAXCLASSCHARS

The maximum number of sequential characters from the same character class that
is allowed in a password

--pwdmincatagories PWDMINCATAGORIES

The minimum number of syntax catagory checks

--pwdmintokenlen PWDMINTOKENLEN

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

--pwdbadwords PWDBADWORDS

A space-separated list of words that can not be in a password

--pwduserattrs PWDUSERATTRS

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

--pwddictcheck PWDDICTCHECK

Set to "on" to enfore CrackLib dictionary checking

--pwddictpath PWDDICTPATH

Filesystem path to specific/custom CrackLib dictionary files

OPTIONS 'dsconf localpwp addsubtree'¶

DN

Add/replace the subtree policy for this entry DN

--pwdscheme PWDSCHEME

The password storage scheme

--pwdchange PWDCHANGE

Allow users to change their passwords

--pwdmustchange PWDMUSTCHANGE

User must change their passwrod after it is reset by an Administrator

--pwdhistory PWDHISTORY

To enable password history set this to "on", otherwise "off"

--pwdhistorycount PWDHISTORYCOUNT

The number of password to keep in history

--pwdadmin PWDADMIN

The DN of an entry or a group of account that can bypass password policy
constraints

--pwdtrack PWDTRACK

Set to "on" to track the time the password was last changed

--pwdwarning PWDWARNING

Send an expiring warning if password expires within this time (in seconds)

--pwdexpire PWDEXPIRE

Set to "on" to enable password expiration

--pwdmaxage PWDMAXAGE

The password expiration time in seconds

--pwdminage PWDMINAGE

The number of seconds that must pass before a user can change their password

--pwdgracelimit PWDGRACELIMIT

The number of allowed logins after the password has expired

--pwdsendexpiring PWDSENDEXPIRING

Set to "on" to always send the expiring control regardless of the warning
period

--pwdlockout PWDLOCKOUT

Set to "on" to enable account lockout

--pwdunlock PWDUNLOCK

Set to "on" to allow an account to become unlocked after the lockout duration

--pwdlockoutduration PWDLOCKOUTDURATION

The number of seconds an account stays locked out

--pwdmaxfailures PWDMAXFAILURES

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

--pwdresetfailcount PWDRESETFAILCOUNT

The number of secondsto wait before reducingthe failed login count on an
account

--pwdchecksyntax PWDCHECKSYNTAX

Set to "on" to Enable password syntax checking

--pwdminlen PWDMINLEN

The minimum number of characters required in a password

--pwdmindigits PWDMINDIGITS

The minimum number of digit/number characters in a password

--pwdminalphas PWDMINALPHAS

The minimum number of alpha characters required in a password

--pwdminuppers PWDMINUPPERS

The minimum number of uppercase characters required in a password

--pwdminlowers PWDMINLOWERS

The minimum number of lowercase characters required in a password

--pwdminspecials PWDMINSPECIALS

The minimum number of special characters required in a password

--pwdmin8bits PWDMIN8BITS

The minimum number of 8-bit characters required in a password

--pwdmaxrepeats PWDMAXREPEATS

The maximum number of times the same character can appear sequentially in the
password

--pwdpalindrome PWDPALINDROME

Set to "on" to reject passwords that are palindromes

--pwdmaxseq PWDMAXSEQ

The maximum number of allowed monotonic character sequences in a password

--pwdmaxseqsets PWDMAXSEQSETS

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

--pwdmaxclasschars PWDMAXCLASSCHARS

The maximum number of sequential characters from the same character class that
is allowed in a password

--pwdmincatagories PWDMINCATAGORIES

The minimum number of syntax catagory checks

--pwdmintokenlen PWDMINTOKENLEN

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

--pwdbadwords PWDBADWORDS

A space-separated list of words that can not be in a password

--pwduserattrs PWDUSERATTRS

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

--pwddictcheck PWDDICTCHECK

Set to "on" to enfore CrackLib dictionary checking

--pwddictpath PWDDICTPATH

Filesystem path to specific/custom CrackLib dictionary files

OPTIONS 'dsconf replication'¶

OPTIONS 'dsconf replication enable'¶

--suffix SUFFIX

The DN of the suffix to be enabled for replication

--role ROLE

The Replication role: "master", "hub", or "consumer"

--replica-id REPLICA_ID

The replication identifier for a "master". Values range from 1 - 65534

--bind-group-dn BIND_GROUP_DN

A group entry DN containing members that are "bind/supplier" DNs

--bind-dn BIND_DN

The Bind or Supplier DN that can make replication updates

--bind-passwd BIND_PASSWD

Password for replication manager(--bind-dn). This will create the manager
entry if a value is set

OPTIONS 'dsconf replication disable'¶

--suffix SUFFIX

The DN of the suffix to have replication disabled

OPTIONS 'dsconf replication list'¶

OPTIONS 'dsconf replication promote'¶

--suffix SUFFIX

The DN of the replication suffix to promote

--newrole NEWROLE

Promote this replica to a "hub" or "master"

--replica-id REPLICA_ID

The replication identifier for a "master". Values range from 1 - 65534

--bind-group-dn BIND_GROUP_DN

A group entry DN containing members that are "bind/supplier" DNs

--bind-dn BIND_DN

The Bind or Supplier DN that can make replication updates

OPTIONS 'dsconf replication create-manager'¶

--name NAME

The NAME of the new replication manager entry. For example, if the NAME is
"replication manager" then the new manager entry's DN would be "cn=replication
manager,cn=config".

--passwd PASSWD

Password for replication manager. If not provided, you will be prompted for
the password

--suffix SUFFIX

The DN of the replication suffix whose replication configuration you want to
add this new manager to (OPTIONAL)

OPTIONS 'dsconf replication delete-manager'¶

--name NAME

The NAME of the replication manager entry under cn=config: "cn=NAME,cn=config"

--suffix SUFFIX

The DN of the replication suffix whose replication configuration you want to
remove this manager from (OPTIONAL)

OPTIONS 'dsconf replication demote'¶

--suffix SUFFIX

Promte this replica to a "hub" or "consumer"

--newrole NEWROLE

The Replication role: "hub", or "consumer"

OPTIONS 'dsconf replication get'¶

--suffix SUFFIX

Get the replication configuration for this suffix DN

OPTIONS 'dsconf replication create-changelog'¶

OPTIONS 'dsconf replication delete-changelog'¶

OPTIONS 'dsconf replication set-changelog'¶

--cl-dir CL_DIR

The replication changelog location on the filesystem

--max-entries MAX_ENTRIES

The maximum number of entries to get in the replication changelog

--max-age MAX_AGE

The maximum age of a replication changelog entry

--compact-interval COMPACT_INTERVAL

The replication changelog compaction interval

--trim-interval TRIM_INTERVAL

The interval to check if the replication changelog can be trimmed

OPTIONS 'dsconf replication get-changelog'¶

OPTIONS 'dsconf replication set'¶

--suffix SUFFIX

The DN of the replication suffix

--replica-id REPLICA_ID

The Replication Identifier number

--replica-role REPLICA_ROLE

The Replication role: master, hub, or consumer

--repl-add-bind-dn REPL_ADD_BIND_DN

Add a bind (supplier) DN

--repl-del-bind-dn REPL_DEL_BIND_DN

Remove a bind (supplier) DN

--repl-add-ref REPL_ADD_REF

Add a replication referral (for consumers only)

--repl-del-ref REPL_DEL_REF

Remove a replication referral (for conusmers only)

--repl-purge-delay REPL_PURGE_DELAY

The replication purge delay

--repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL

The interval in seconds to check for tombstones that can be purged

--repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING

Set to "on" to improve tombstone purging performance

--repl-bind-group REPL_BIND_GROUP

A group entry DN containing members that are "bind/supplier" DNs

--repl-bind-group-interval REPL_BIND_GROUP_INTERVAL

An interval in seconds to check if the bind group has been updated

--repl-protocol-timeout REPL_PROTOCOL_TIMEOUT

A timeout in seconds on how long to wait before stopping replication when the
server is under load

--repl-backoff-max REPL_BACKOFF_MAX

The maximum time in seconds a replication agreement should stay in a backoff
state while waiting to acquire the consumer. Default is 300 seconds

--repl-backoff-min REPL_BACKOFF_MIN

The starting time in seconds a replication agreement should stay in a backoff
state while waiting to acquire the consumer. Default is 3 seconds

--repl-release-timeout REPL_RELEASE_TIMEOUT

A timeout in seconds a replication master should send updates before it yields
its replication session

OPTIONS 'dsconf repl-agmt'¶

OPTIONS 'dsconf repl-agmt list'¶

--suffix SUFFIX

The DN of the suffix to look up replication agreements

--entry ENTRY

Return the entire entry for each agreement

OPTIONS 'dsconf repl-agmt enable'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-agmt disable'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-agmt init'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-agmt init-status'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-agmt poke'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-agmt status'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

--bind-dn BIND_DN

Set the DN to bind to the consumer

--bind-passwd BIND_PASSWD

The password for the bind DN

OPTIONS 'dsconf repl-agmt delete'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-agmt create'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

--host HOST

The hostname of the remote replica

--port PORT

The port number of the remote replica

--conn-protocol CONN_PROTOCOL

The replication connection protocol: LDAP, LDAPS, or StartTLS

--bind-dn BIND_DN

The Bind DN the agreement uses to authenticate to the replica

--bind-passwd BIND_PASSWD

The credentials for the Bind DN

--bind-method BIND_METHOD

The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI"

--frac-list FRAC_LIST

List of attributes to NOT replicate to the consumer during incremental updates

--frac-list-total FRAC_LIST_TOTAL

List of attributes to NOT replicate during a total initialization

--strip-list STRIP_LIST

A list of attributes that are removed from updates only if the event would
otherwise be empty. Typically this is set to "modifiersname" and
"modifytimestmap"

--schedule SCHEDULE

Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday -
Saturday).

--conn-timeout CONN_TIMEOUT

The timeout used for replicaton connections

--protocol-timeout PROTOCOL_TIMEOUT

A timeout in seconds on how long to wait before stopping replication when the
server is under load

--wait-async-results WAIT_ASYNC_RESULTS

The amount of time in milliseconds the server waits if the consumer is not
ready before resending data

--busy-wait-time BUSY_WAIT_TIME

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

--session-pause-time SESSION_PAUSE_TIME

The amount of time in seconds a supplier should wait between update sessions.

--flow-control-window FLOW_CONTROL_WINDOW

Sets the maximum number of entries and updates sent by a supplier, which are
not acknowledged by the consumer.

--flow-control-pause FLOW_CONTROL_PAUSE

The time in milliseconds to pause after reaching the number of entries and
updates set in "--flow-control-window"

--init

Initialize the agreement after creating it.

OPTIONS 'dsconf repl-agmt set'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

--host HOST

The hostname of the remote replica

--port PORT

The port number of the remote replica

--conn-protocol CONN_PROTOCOL

The replication connection protocol: LDAP, LDAPS, or StartTLS

--bind-dn BIND_DN

The Bind DN the agreement uses to authenticate to the replica

--bind-passwd BIND_PASSWD

The credentials for the Bind DN

--bind-method BIND_METHOD

The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI"

--frac-list FRAC_LIST

List of attributes to NOT replicate to the consumer during incremental updates

--frac-list-total FRAC_LIST_TOTAL

List of attributes to NOT replicate during a total initialization

--strip-list STRIP_LIST

A list of attributes that are removed from updates only if the event would
otherwise be empty. Typically this is set to "modifiersname" and
"modifytimestmap"

--schedule SCHEDULE

Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday -
Saturday).

--conn-timeout CONN_TIMEOUT

The timeout used for replicaton connections

--protocol-timeout PROTOCOL_TIMEOUT

A timeout in seconds on how long to wait before stopping replication when the
server is under load

--wait-async-results WAIT_ASYNC_RESULTS

The amount of time in milliseconds the server waits if the consumer is not
ready before resending data

--busy-wait-time BUSY_WAIT_TIME

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

--session-pause-time SESSION_PAUSE_TIME

The amount of time in seconds a supplier should wait between update sessions.

--flow-control-window FLOW_CONTROL_WINDOW

Sets the maximum number of entries and updates sent by a supplier, which are
not acknowledged by the consumer.

--flow-control-pause FLOW_CONTROL_PAUSE

The time in milliseconds to pause after reaching the number of entries and
updates set in "--flow-control-window"

OPTIONS 'dsconf repl-agmt get'¶

AGMT_NAME

Get the replication configuration for this suffix DN

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-winsync-agmt'¶

OPTIONS 'dsconf repl-winsync-agmt list'¶

--suffix SUFFIX

The DN of the suffix to look up replication winsync agreements

OPTIONS 'dsconf repl-winsync-agmt enable'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

OPTIONS 'dsconf repl-winsync-agmt disable'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

OPTIONS 'dsconf repl-winsync-agmt init'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

OPTIONS 'dsconf repl-winsync-agmt init-status'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-winsync-agmt poke'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

OPTIONS 'dsconf repl-winsync-agmt status'¶

AGMT_NAME

The name of the replication agreement

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-winsync-agmt delete'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

OPTIONS 'dsconf repl-winsync-agmt create'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

--host HOST

The hostname of the AD server

--port PORT

The port number of the AD server

--conn-protocol CONN_PROTOCOL

The replication winsync connection protocol: LDAP, LDAPS, or StartTLS

--bind-dn BIND_DN

The Bind DN the agreement uses to authenticate to the AD Server

--bind-passwd BIND_PASSWD

The credentials for the Bind DN

--frac-list FRAC_LIST

List of attributes to NOT replicate to the consumer during incremental updates

--schedule SCHEDULE

Sets the replication update schedule

--win-subtree WIN_SUBTREE

The suffix of the AD Server

--ds-subtree DS_SUBTREE

The Directory Server suffix

--win-domain WIN_DOMAIN

The AD Domain

--sync-users SYNC_USERS

Synchronize Users between AD and DS

--sync-groups SYNC_GROUPS

Synchronize Groups between AD and DS

--sync-interval SYNC_INTERVAL

The interval that DS checks AD for changes in entries

--one-way-sync ONE_WAY_SYNC

Sets which direction to perform synchronization: "toWindows", "fromWindows",
"both"

--move-action MOVE_ACTION

Sets instructions on how to handle moved or deleted entries: "none", "unsync",
or "delete"

--win-filter WIN_FILTER

Custom filter for finding users in AD Server

--ds-filter DS_FILTER

Custom filter for finding AD users in DS Server

--subtree-pair SUBTREE_PAIR

Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>

--conn-timeout CONN_TIMEOUT

The timeout used for replicaton connections

--busy-wait-time BUSY_WAIT_TIME

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

--session-pause-time SESSION_PAUSE_TIME

The amount of time in seconds a supplier should wait between update sessions.

--init

Initialize the agreement after creating it.

OPTIONS 'dsconf repl-winsync-agmt set'¶

AGMT_NAME

The name of the replication winsync agreement

--suffix SUFFIX

The DN of the replication winsync suffix

--host HOST

The hostname of the AD server

--port PORT

The port number of the AD server

--conn-protocol CONN_PROTOCOL

The replication winsync connection protocol: LDAP, LDAPS, or StartTLS

--bind-dn BIND_DN

The Bind DN the agreement uses to authenticate to the AD Server

--bind-passwd BIND_PASSWD

The credentials for the Bind DN

--frac-list FRAC_LIST

List of attributes to NOT replicate to the consumer during incremental updates

--schedule SCHEDULE

Sets the replication update schedule

--win-subtree WIN_SUBTREE

The suffix of the AD Server

--ds-subtree DS_SUBTREE

The Directory Server suffix

--win-domain WIN_DOMAIN

The AD Domain

--sync-users SYNC_USERS

Synchronize Users between AD and DS

--sync-groups SYNC_GROUPS

Synchronize Groups between AD and DS

--sync-interval SYNC_INTERVAL

The interval that DS checks AD for changes in entries

--one-way-sync ONE_WAY_SYNC

Sets which direction to perform synchronization: "toWindows", "fromWindows",
"both"

--move-action MOVE_ACTION

Sets instructions on how to handle moved or deleted entries: "none", "unsync",
or "delete"

--win-filter WIN_FILTER

Custom filter for finding users in AD Server

--ds-filter DS_FILTER

Custom filter for finding AD users in DS Server

--subtree-pair SUBTREE_PAIR

Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>

--conn-timeout CONN_TIMEOUT

The timeout used for replicaton connections

--busy-wait-time BUSY_WAIT_TIME

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

--session-pause-time SESSION_PAUSE_TIME

The amount of time in seconds a supplier should wait between update sessions.

OPTIONS 'dsconf repl-winsync-agmt get'¶

AGMT_NAME

Get the replication configuration for this suffix DN

--suffix SUFFIX

The DN of the replication suffix

OPTIONS 'dsconf repl-tasks'¶

OPTIONS 'dsconf repl-tasks cleanallruv'¶

--suffix SUFFIX

The Directory Server suffix

--replica-id REPLICA_ID

The replica ID to remove/clean

--force-cleaning

Ignore errors and do a best attempt to clean all the replicas

OPTIONS 'dsconf repl-tasks list-cleanallruv'¶

OPTIONS 'dsconf repl-tasks abort-cleanallruv'¶

--suffix SUFFIX

The Directory Server suffix

--replica-id REPLICA_ID

The replica ID of the cleaning task to abort

--certify

Enforce that the abort task completed on all replicas

OPTIONS 'dsconf sasl'¶

OPTIONS 'dsconf sasl list'¶

OPTIONS 'dsconf sasl get'¶

selector

SASL mapping name to get

OPTIONS 'dsconf sasl create'¶

--cn [CN]

Value of cn

--nsSaslMapRegexString [NSSASLMAPREGEXSTRING]

Value of nsSaslMapRegexString

--nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]

Value of nsSaslMapBaseDNTemplate

--nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]

Value of nsSaslMapFilterTemplate

--nsSaslMapPriority [NSSASLMAPPRIORITY]

Value of nsSaslMapPriority

OPTIONS 'dsconf sasl delete'¶

map_name

The SASL Mapping name ("cn" value)

OPTIONS 'dsconf schema'¶

OPTIONS 'dsconf schema list'¶

OPTIONS 'dsconf schema attributetypes'¶

OPTIONS 'dsconf schema attributetypes get_syntaxes'¶

OPTIONS 'dsconf schema attributetypes list'¶

OPTIONS 'dsconf schema attributetypes query'¶

name

Attribute type to query

OPTIONS 'dsconf schema attributetypes add'¶

name

NAME of the object

--oid OID

OID assigned to the object

--desc DESC

Description text(DESC) of the object

--x-origin X_ORIGIN

Provides information about where the attribute type is defined

--aliases ALIASES [ALIASES ...]

Additional NAMEs of the object.

--single-value

True if the matching rule must have only one valueOnly one of the flags this
or --multi-value should be specified

--multi-value

True if the matching rule may have multiple values (default)Only one of the
flags this or --single-value should be specified

--no-user-mod

True if the attribute is not modifiable by a client applicationOnly one of the
flags this or --user-mod should be specified

--user-mod

True if the attribute is modifiable by a client application (default)Only one
of the flags this or --no-user-mode should be specified

--equality EQUALITY

NAME or OID of the matching rule used for checkingwhether attribute values are
equal

--substr SUBSTR

NAME or OID of the matching rule used for checkingwhether an attribute value
contains another value

--ordering ORDERING

NAME or OID of the matching rule used for checkingwhether attribute values are
lesser - equal than

--usage USAGE

The flag indicates how the attribute type is to be used. Choose from the list:
userApplications (default), directoryOperation, distributedOperation,
dSAOperation

--sup SUP [SUP ...]

The list of NAMEs or OIDs of attribute typesthis attribute type is derived
from

--syntax SYNTAX

OID of the LDAP syntax assigned to the attribute

OPTIONS 'dsconf schema attributetypes edit'¶

name

NAME of the object

--oid OID

OID assigned to the object

--desc DESC

Description text(DESC) of the object

--x-origin X_ORIGIN

Provides information about where the attribute type is defined

--aliases ALIASES [ALIASES ...]

Additional NAMEs of the object.

--single-value

True if the matching rule must have only one valueOnly one of the flags this
or --multi-value should be specified

--multi-value

True if the matching rule may have multiple values (default)Only one of the
flags this or --single-value should be specified

--no-user-mod

True if the attribute is not modifiable by a client applicationOnly one of the
flags this or --user-mod should be specified

--user-mod

True if the attribute is modifiable by a client application (default)Only one
of the flags this or --no-user-mode should be specified

--equality EQUALITY

NAME or OID of the matching rule used for checkingwhether attribute values are
equal

--substr SUBSTR

NAME or OID of the matching rule used for checkingwhether an attribute value
contains another value

--ordering ORDERING

NAME or OID of the matching rule used for checkingwhether attribute values are
lesser - equal than

--usage USAGE

The flag indicates how the attribute type is to be used. Choose from the list:
userApplications (default), directoryOperation, distributedOperation,
dSAOperation

--sup SUP [SUP ...]

The list of NAMEs or OIDs of attribute typesthis attribute type is derived
from

--syntax SYNTAX

OID of the LDAP syntax assigned to the attribute

OPTIONS 'dsconf schema attributetypes remove'¶

name

NAME of the object

OPTIONS 'dsconf schema objectclasses'¶

OPTIONS 'dsconf schema objectclasses list'¶

OPTIONS 'dsconf schema objectclasses query'¶

name

ObjectClass to query

OPTIONS 'dsconf schema objectclasses add'¶

name

NAME of the object

--oid OID

OID assigned to the object

--desc DESC

Description text(DESC) of the object

--x-origin X_ORIGIN

Provides information about where the attribute type is defined

--must MUST [MUST ...]

NAMEs or OIDs of all attributes an entry of the object must have

--may MAY [MAY ...]

NAMEs or OIDs of additional attributes an entry of the object may have

--kind KIND

Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY

--sup SUP [SUP ...]

NAMEs or OIDs of object classes this object is derived from

OPTIONS 'dsconf schema objectclasses edit'¶

name

NAME of the object

--oid OID

OID assigned to the object

--desc DESC

Description text(DESC) of the object

--x-origin X_ORIGIN

Provides information about where the attribute type is defined

--must MUST [MUST ...]

NAMEs or OIDs of all attributes an entry of the object must have

--may MAY [MAY ...]

NAMEs or OIDs of additional attributes an entry of the object may have

--kind KIND

Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY

--sup SUP [SUP ...]

NAMEs or OIDs of object classes this object is derived from

OPTIONS 'dsconf schema objectclasses remove'¶

name

NAME of the object

OPTIONS 'dsconf schema matchingrules'¶

OPTIONS 'dsconf schema matchingrules list'¶

OPTIONS 'dsconf schema matchingrules query'¶

name

Matching rule to query

OPTIONS 'dsconf schema reload'¶

-d SCHEMADIR, --schemadir SCHEMADIR

directory where schema files are located

--wait

Wait for the reload task to complete

-v, --verbose

Display verbose operation tracing during command execution

-D BINDDN, --binddn BINDDN

The account to bind as for executing operations

-w BINDPW, --bindpw BINDPW

Password for binddn

-W, --prompt

Prompt for password for the bind DN

-y PWDFILE, --pwdfile PWDFILE

Specifies a file containing the password for the binddn

-b BASEDN, --basedn BASEDN

Basedn (root naming context) of the instance to manage

-Z, --starttls

Connect with StartTLS

-j, --json

Return result in JSON object

AUTHORS¶

DISTRIBUTION¶