DOKK / manpages / debian 10 / python3-lib389 / dsconf.8.en
dsconf(1) General Commands Manual dsconf(1)

dsconf

dsconf [-h] [-v] [-D BINDDN] [-w BINDPW] [-W] [-y PWDFILE] [-b BASEDN] [-Z] [-j] instance {backend,backup,chaining,config,directory_manager,healthcheck,plugin,pwpolicy,localpwp,replication,repl-agmt,repl-winsync-agmt,repl-tasks,sasl,schema} ...

The instance name OR the LDAP url to connect to, IE localhost,
ldap://mai.example.com:389

Sub-commands

Manage database suffixes and backends
Manage online backups
Manage database chaining/database links
Manage server configuration
Manage the directory manager account
Run a healthcheck report on your Directory Server instance. This is a safe, read only operation.
Manage plugins available on the server
Get and set the global password policy settings
Manage local (user/subtree) password policies
Configure replication for a suffix
Manage replication agreements
Manage Winsync Agreements
Manage replication tasks
Query and manipulate sasl mappings
Query and manipulate schema

usage: dsconf instance backend [-h]
{suffix,index,vlv-index,attr-encrypt,config,monitor,import,export,create,delete}
...

Sub-commands

Manage a backend suffix
Manage backend indexes
Manage VLV searches and indexes
Encrypted attribute options
Manage the global database configuration settings
Get the global database monitor information
Do an online import of the suffix
Do an online export of the suffix
Create a backend database
Delete a backend database

usage: dsconf instance backend suffix [-h]
{list,get,get-dn,get-sub-suffixes,set}
...

Sub-commands

List current active backends and suffixes
Get the suffix entry
get_dn
Get the sub-suffixes of this backend
Set configuration settings for a single backend

usage: dsconf instance backend suffix list [-h] [--suffix]
[--skip-subsuffixes]

Just display the suffix, and not the backend name

Skip over sub-suffixes

usage: dsconf instance backend suffix get [-h] [selector]

The backend to search for

usage: dsconf instance backend suffix get-dn [-h] [dn]

The backend dn to get

usage: dsconf instance backend suffix get-sub-suffixes [-h] [--suffix] be_name

The backend name or suffix to search for sub-suffixes

Just display the suffix, and not the backend name

usage: dsconf instance backend suffix set [-h] [--enable-readonly]
[--disable-readonly]
[--add-referral ADD_REFERRAL]
[--del-referral DEL_REFERRAL]
[--enable] [--disable]
[--cache-size CACHE_SIZE]
[--cache-memsize CACHE_MEMSIZE]
[--dncache-memsize DNCACHE_MEMSIZE]
be_name

The backend name or suffix to delete

Set backend database to be read-only

Disable read-only mode for backend database

Add a LDAP referral to the backend

Remove a LDAP referral to the backend

Enable the backend database

Disable the backend database

The maximum number of entries to keep in the entry cache

The maximum size in bytes that the entry cache can grow to

The maximum size in bytes that the DN cache can grow to

usage: dsconf instance backend index [-h]
{add,set,get,list,delete,reindex} ...

Sub-commands

Set configuration settings for a single backend
Edit an index entry
Get an index entry
Set configuration settings for a single backend
Set configuration settings for a single backend
Reindex the database (for a single index or all indexes

usage: dsconf instance backend index add [-h] [--index-type INDEX_TYPE]
[--matching-rule MATCHING_RULE]
[--reindex] [--attr ATTR]
be_name

The backend name or suffix to delete

An indexing type: eq, sub, pres, or approximate

Matching rule for the index

After adding new index, reindex the database

The index attribute's name

usage: dsconf instance backend index set [-h] --attr ATTR
[--add-type ADD_TYPE]
[--del-type DEL_TYPE]
[--add-mr ADD_MR] [--del-mr DEL_MR]
[--reindex]
be_name

The backend name or suffix to edit an index from

The index name to edit

An index type to add to the index: eq, sub, pres, or approx

An index type to remove from the index: eq, sub, pres, or approx

A matching-rule to add to the index

A matching-rule to remove from the index

After editing index, reindex the database

usage: dsconf instance backend index get [-h] --attr ATTR be_name

The backend name or suffix to get the index from

The index name to get

usage: dsconf instance backend index list [-h] [--just-names] be_name

The backend name or suffix to list indexes from

Return a list of just the attribute names for a backend

usage: dsconf instance backend index delete [-h] [--attr ATTR] be_name

The backend name or suffix to delete

The index attribute's name

usage: dsconf instance backend index reindex [-h] [--attr ATTR] be_name

The backend name or suffix to reindex

The index attribute's name to reindex. Skip this argument to reindex all
attributes

usage: dsconf instance backend vlv-index [-h]
{list,get,add-search,edit-search,del-search,add-index,del-index,reindex}
...

Sub-commands

List VLV search definition entries
Get a VLV search & index
Add a VLV search entry. The search entry is the parent entry of the VLV index entries, and it specifies the search params that are used to match entries for those indexes.
Edit a VLV search & index
Delete VLV search & index
Create a VLV index under a VLV search entry(parent entry). The VLV index just specifies the attributes to sort
Delete a VLV index under a VLV search entry(parent entry).
Index/reindex the VLV database index

usage: dsconf instance backend vlv-index list [-h] [--just-names] be_name

The backend name of the VLV index

List just the names of the VLV search entries

usage: dsconf instance backend vlv-index get [-h] [--name NAME] be_name

The backend name of the VLV index

Get the VLV search entry and its index entries

usage: dsconf instance backend vlv-index add-search [-h] --name NAME
--search-base SEARCH_BASE
--search-scope
SEARCH_SCOPE
--search-filter
SEARCH_FILTER
be_name

The backend name of the VLV index

Name of the VLV search entry

The VLV search base

The VLV search scope: 0 (base search), 1 (one-evel search), or 2 (subtree
ssearch)

The VLV search filter

usage: dsconf instance backend vlv-index edit-search [-h] --name NAME
[--search-base SEARCH_BASE]
[--search-scope SEARCH_SCOPE]
[--search-filter SEARCH_FILTER]
[--reindex]
be_name

The backend name of the VLV index

Name of the VLV index

The VLV search base

The VLV search scope: 0 (base search), 1 (one-evel search), or 2 (subtree
ssearch)

The VLV search filter

Reindex all the VLV database indexes

usage: dsconf instance backend vlv-index del-search [-h] --name NAME be_name

The backend name of the VLV index

Name of the VLV search index

usage: dsconf instance backend vlv-index add-index [-h] --parent-name
PARENT_NAME --index-name
INDEX_NAME [--sort SORT]
[--index]
be_name

The backend name of the VLV index

Name, or "cn" attribute value, of the parent VLV search entry

Name of the new VLV index

A space separated list of attributes to sort for this VLV index

Create the actual database index for this VLV index definition

usage: dsconf instance backend vlv-index del-index [-h] --parent-name
PARENT_NAME --index-name
INDEX_NAME
be_name

The backend name of the VLV index

Name, or "cn" attribute value, of the parent VLV search entry

Name of the VLV index to delete

usage: dsconf instance backend vlv-index reindex [-h]
[--index-name INDEX_NAME]
--parent-name PARENT_NAME
be_name

The backend name of the VLV index

Name of the VLV Index entry to reindex. If not set, all indexes are reindexed

Name, or "cn" attribute value, of the parent VLV search entry

usage: dsconf instance backend attr-encrypt [-h] [--list] [--just-names]
[--add-attr ADD_ATTR]
[--del-attr DEL_ATTR]
be_name

The backend name or suffix to to reindex

List all the encrypted attributes for this backend

List just the names of the encrypted attributes (used with --list)

Add an attribute to be encrypted

Remove an attribute from being encrypted

usage: dsconf instance backend config [-h] {get,set} ...

Sub-commands

Get the global database configuration
Set the global database configuration

usage: dsconf instance backend config get [-h]

usage: dsconf instance backend config set [-h]
[--lookthroughlimit LOOKTHROUGHLIMIT]
[--mode MODE]
[--idlistscanlimit IDLISTSCANLIMIT]
[--directory DIRECTORY]
[--dbcachesize DBCACHESIZE]
[--logdirectory LOGDIRECTORY]
[--durable_txn DURABLE_TXN]
[--txn-wait TXN_WAIT]
[--checkpoint-interval CHECKPOINT_INTERVAL]
[--compactdb-interval COMPACTDB_INTERVAL]
[--txn-batch-val TXN_BATCH_VAL]
[--txn-batch-min TXN_BATCH_MIN]
[--txn-batch-max TXN_BATCH_MAX]
[--logbufsize LOGBUFSIZE]
[--locks LOCKS]
[--import-cache_autosize IMPORT_CACHE_AUTOSIZE]
[--cache-autosize CACHE_AUTOSIZE]
[--cache-autosize-split CACHE_AUTOSIZE_SPLIT]
[--import-cachesize IMPORT_CACHESIZE]
[--exclude-from-export EXCLUDE_FROM_EXPORT]
[--pagedlookthroughlimit PAGEDLOOKTHROUGHLIMIT]
[--pagedidlistscanlimit PAGEDIDLISTSCANLIMIT]
[--rangelookthroughlimit RANGELOOKTHROUGHLIMIT]
[--backend-opt-level BACKEND_OPT_LEVEL]
[--deadlock-policy DEADLOCK_POLICY]

specifies the maximum number of entries that the Directory Server will check
when examining candidate entries in response to a search request

Specifies the permissions used for newly created index files

Specifies the number of entry IDs that are searched during a search operation

Specifies absolute path to database instance

Specifies the database index cache size, in bytes.

Specifies the path to the directory that contains the database transaction
logs

Sets whether database transaction log entries are immediately written to the
disk.

Sets whether the server should should wait if there are no db locks available

Sets the amount of time in seconds after which the Directory Server sends a
checkpoint entry to the database transaction log

Sets the interval in seconds when the database is compacted

Specifies how many transactions will be batched before being committed

Controls when transactions should be flushed earliest, independently of the
batch count (only works when txn-batch-val is set)

Controls when transactions should be flushed latest, independently of the
batch count (only works when txn-batch-val is set)

Specifies the transaction log information buffer size

Sets the maximum number of database locks

Set to "on" or "off" to automatically set the size of the import cache to be
used during the the import process of LDIF files

Sets the percentage of free memory that is used in total for the database and
entry cache. Set to "0" to disable this feature.

Sets the percentage of RAM that is used for the database cache. The remaining
percentage is used for the entry cache

Sets the size, in bytes, of the database cache used in the import process.

List of attributes to not include during database export operations

Specifies the maximum number of entries that the Directory Server will check
when examining candidate entries for a search which uses the simple paged
results control

Specifies the number of entry IDs that are searched, specifically, for a
search operation using the simple paged results control.

Specifies the maximum number of entries that the Directory Server will check
when examining candidate entries in response to a range search request.

WARNING this parameter can trigger experimental code to improve write
performance. Valid values are: 0, 1, 2, or 4

Adjusts the backend database deadlock policy (Advanced setting)

usage: dsconf instance backend monitor [-h] [--suffix SUFFIX]

Get just the suffix monitor entry

usage: dsconf instance backend import [-h] [-c CHUNKS_SIZE] [-E]
[-g GEN_UNIQ_ID] [-O]
[-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
[-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
[be_name] [ldifs [ldifs ...]]

The backend name or the root suffix where to import

Specifies the filename of the input LDIF files.When multiple files are
imported, they are imported in the orderthey are specified on the command
line.

The number of chunks to have during the import operation.

Decrypts encrypted data during export. This option is used onlyif database
encryption is enabled.

Generate a unique id. Type none for no unique ID to be generatedand
deterministic for the generated unique ID to be name-based.By default, a time-
based unique ID is generated.When using the deterministic generation to have a
name-based unique ID,it is also possible to specify the namespace for the
server to use.namespaceId is a string of charactersin the format 00-xxxxxxxx-
xxxxxxxx-xxxxxxxx-xxxxxxxx.

Requests that only the core database is created without attribute indexes.

Specifies the suffixes or the subtrees to be included.

Specifies the suffixes to be excluded.

usage: dsconf instance backend export [-h] [-l LDIF] [-C] [-E] [-m] [-N] [-r]
[-u] [-U]
[-s INCLUDE_SUFFIXES [INCLUDE_SUFFIXES ...]]
[-x EXCLUDE_SUFFIXES [EXCLUDE_SUFFIXES ...]]
be_names [be_names ...]

The backend names or the root suffixes from where to export.

Gives the filename of the output LDIF file.If more than one are specified, use
a space as a separator

Uses only the main database file.

Decrypts encrypted data during export. This option is used only if database
encryption is enabled.

Sets minimal base-64 encoding.

Enables you to suppress printing the sequence number.

Exports the information required to initialize a replica when the LDIF is
imported

Requests that the unique ID is not exported.

Requests that the output LDIF is not folded.

Specifies the suffixes or the subtrees to be included.

Specifies the suffixes to be excluded.

usage: dsconf instance backend create [-h] [--parent-suffix PARENT_SUFFIX]
--suffix SUFFIX --be-name BE_NAME
[--create-entries]

Sets the parent suffix only if this backend is a sub-suffix

The database suffix DN, for example "dc=example,dc=com"

The database backend name, for example "userroot"

Create sample entries in the database

usage: dsconf instance backend delete [-h] be_name

The backend name or suffix to delete

usage: dsconf instance backup [-h] {create,restore} ...

Sub-commands

Creates a backup of the database
Restores a database from a backup

usage: dsconf instance backup create [-h] [-t DB_TYPE] [archive]

The directory where the backup files will be stored.The /var/lib/dirsrv/slapd-
instance/bak directory is used by default.The backup file is named according
to the year-month-day-hour format.

Database type (default: ldbm database).

usage: dsconf instance backup restore [-h] [-t DB_TYPE] archive

The directory of the backup files.

Database type (default: ldbm database).

usage: dsconf instance chaining [-h]
{config-get,config-set,config-get-def,config-set-def,link-create,link-get,link-set,link-delete,monitor,link-list}
...

Sub-commands

Get the chaining controls and server component lists
Set the chaining controls and server component lists
Get the default creation parameters for new database links
Set the default creation parameters for new database links
Create a database link to a remote server
get chaining database link
Edit a database link to a remote server
Delete a database link
Get the monitor information for a database chaining link
List database links

usage: dsconf instance chaining config-get [-h]
[--avail-controls AVAIL_CONTROLS]
[--avail-comps AVAIL_COMPS]

List available controls for chaining

List available plugin components for chaining

usage: dsconf instance chaining config-set [-h] [--add-control ADD_CONTROL]
[--del-control DEL_CONTROL]
[--add-comp ADD_COMP]
[--del-comp DEL_COMP]

Add a transmitted control OID

Delete a transmitted control OID

Add a chaining component

Delete a chaining component

usage: dsconf instance chaining config-get-def [-h]

usage: dsconf instance chaining config-set-def [-h]
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]

The maximum number of BIND connections the database link establishes with the
remote server.

The maximum number of LDAP connections the database link establishes with the
remote server.

The number of seconds that pass before the server checks for abandoned
operations.

The maximum number of concurrent bind operations per TCP connection.

The maximum number of concurrent operations allowed.

Set to "off" to disable proxied authorization, then binds for chained
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).

Specifies connection lifetime in seconds. 0 keeps connection open forever.

The amount of time in seconds before a bind attempt times out.

Sets whether referrals are returned by scoped searches (on/off).

Set whether ACIs are evaluated on the database link as well as the remote data
server (on/off).

Sets the number of times the server tries to bind with the remote server.

Sets the maximum number of entries to return from a search operation.

Sets the maximum number of seconds allowed for an operation.

Sets the maximum number of times a database is allowed to chain; that is, the
number of times a request can be forwarded from one database link to another.

The maximum amount of time it can take a remote server to respond to an LDAP
operation request made by a database link before an error is suspected.

Sets the duration of the test issued by the database link to check whether the
remote server is responding.

Specificies that the database links should StartTLS for its secure
connections.

usage: dsconf instance chaining link-create [-h]
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
--suffix SUFFIX --server-url
SERVER_URL --bind-mech BIND_MECH
--bind-dn BIND_DN --bind-pw
BIND_PW
CHAIN_NAME

The name of the database link

The maximum number of BIND connections the database link establishes with the
remote server.

The maximum number of LDAP connections the database link establishes with the
remote server.

The number of seconds that pass before the server checks for abandoned
operations.

The maximum number of concurrent bind operations per TCP connection.

The maximum number of concurrent operations allowed.

Set to "off" to disable proxied authorization, then binds for chained
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).

Specifies connection lifetime in seconds. 0 keeps connection open forever.

The amount of time in seconds before a bind attempt times out.

Sets whether referrals are returned by scoped searches (on/off).

Set whether ACIs are evaluated on the database link as well as the remote data
server (on/off).

Sets the number of times the server tries to bind with the remote server.

Sets the maximum number of entries to return from a search operation.

Sets the maximum number of seconds allowed for an operation.

Sets the maximum number of times a database is allowed to chain; that is, the
number of times a request can be forwarded from one database link to another.

The maximum amount of time it can take a remote server to respond to an LDAP
operation request made by a database link before an error is suspected.

Sets the duration of the test issued by the database link to check whether the
remote server is responding.

Specificies that the database links should StartTLS for its secure
connections.

The suffix managed by the database link.

Gives the LDAP/LDAPS URL of the remote server.

Sets the authentication method to use to authenticate to the remote server:
<leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI

DN of the administrative entry used to communicate with the remote server

Password for the administrative user.

usage: dsconf instance chaining link-get [-h] CHAIN_NAME

The chaining link name to search for

usage: dsconf instance chaining link-set [-h]
[--conn-bind-limit CONN_BIND_LIMIT]
[--conn-op-limit CONN_OP_LIMIT]
[--abandon-check-interval ABANDON_CHECK_INTERVAL]
[--bind-limit BIND_LIMIT]
[--op-limit OP_LIMIT]
[--proxied-auth PROXIED_AUTH]
[--conn-lifetime CONN_LIFETIME]
[--bind-timeout BIND_TIMEOUT]
[--return-ref RETURN_REF]
[--check-aci CHECK_ACI]
[--bind-attempts BIND_ATTEMPTS]
[--size-limit SIZE_LIMIT]
[--time-limit TIME_LIMIT]
[--hop-limit HOP_LIMIT]
[--response-delay RESPONSE_DELAY]
[--test-response-delay TEST_RESPONSE_DELAY]
[--use-starttls USE_STARTTLS]
[--suffix SUFFIX]
[--server-url SERVER_URL]
[--bind-mech BIND_MECH]
[--bind-dn BIND_DN]
[--bind-pw BIND_PW]
CHAIN_NAME

The name of the database link

The maximum number of BIND connections the database link establishes with the
remote server.

The maximum number of LDAP connections the database link establishes with the
remote server.

The number of seconds that pass before the server checks for abandoned
operations.

The maximum number of concurrent bind operations per TCP connection.

The maximum number of concurrent operations allowed.

Set to "off" to disable proxied authorization, then binds for chained
operations are executed as the user set in the nsMultiplexorBindDn attribute
(on/off).

Specifies connection lifetime in seconds. 0 keeps connection open forever.

The amount of time in seconds before a bind attempt times out.

Sets whether referrals are returned by scoped searches (on/off).

Set whether ACIs are evaluated on the database link as well as the remote data
server (on/off).

Sets the number of times the server tries to bind with the remote server.

Sets the maximum number of entries to return from a search operation.

Sets the maximum number of seconds allowed for an operation.

Sets the maximum number of times a database is allowed to chain; that is, the
number of times a request can be forwarded from one database link to another.

The maximum amount of time it can take a remote server to respond to an LDAP
operation request made by a database link before an error is suspected.

Sets the duration of the test issued by the database link to check whether the
remote server is responding.

Specificies that the database links should StartTLS for its secure
connections.

The suffix managed by the database link.

Gives the LDAP/LDAPS URL of the remote server.

Sets the authentication method to use to authenticate to the remote server:
<leave empty for LDAP/LDAPS>, EXTERNAL, DIGEST-MD5, or GSSAPI

DN of the administrative entry used to communicate with the remote server

Password for the administrative user.

usage: dsconf instance chaining link-delete [-h] CHAIN_NAME

The name of the database link

usage: dsconf instance chaining monitor [-h] CHAIN_NAME

The name of the database link

usage: dsconf instance chaining link-list [-h]

usage: dsconf instance config [-h] {get,add,replace,delete} ...

Sub-commands

get
Add attribute value to configuration
Replace attribute value in configuration
Delete attribute value in configuration

usage: dsconf instance config get [-h] [attrs [attrs ...]]

Configuration attribute(s) to get

usage: dsconf instance config add [-h] [attr [attr ...]]

Configuration attribute to add

usage: dsconf instance config replace [-h] [attr [attr ...]]

Configuration attribute to replace

usage: dsconf instance config delete [-h] [attr [attr ...]]

Configuration attribute to delete

usage: dsconf instance directory_manager [-h] {password_change} ...

Sub-commands

Change the directory manager password

usage: dsconf instance directory_manager password_change [-h]

usage: dsconf instance healthcheck [-h]

usage: dsconf instance plugin [-h]
{memberof,automember,referint,rootdn,usn,accountpolicy,attruniq,dna,linkedattr,managedentries,passthroughauth,retrochangelog,whoami,list,get,edit}
...

Sub-commands

Manage and configure MemberOf plugin
Manage and configure automember plugin
Manage and configure Referential Integrity plugin
Manage and configure RootDN Access Control plugin
Manage and configure USN plugin
Manage and configure Account Policy plugin
Manage and configure Attribute Uniqueness plugin
Manage and configure DNA plugin
Manage and configure Linked Attributes plugin
Manage and configure Managed Entries plugin
Manage and configure Pass-Through Authentication plugin
Manage and configure Retro Changelog plugin
Manage and configure whoami plugin
List current configured (enabled and disabled) plugins
Get the plugin data
Edit the plugin

usage: dsconf instance plugin memberof [-h]
{show,enable,disable,status,edit,config-entry,fixup}
...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status
Edit the plugin
Manage the config entry
Run the fix-up task for memberOf plugin

usage: dsconf instance plugin memberof show [-h]

usage: dsconf instance plugin memberof enable [-h]

usage: dsconf instance plugin memberof disable [-h]

usage: dsconf instance plugin memberof status [-h]

usage: dsconf instance plugin memberof edit [-h] [--attr ATTR [ATTR ...]]
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE]
[--exclude EXCLUDE]
[--autoaddoc AUTOADDOC]
[--config-entry CONFIG_ENTRY]

The value to set as memberOfAttr

The value to set as memberOfGroupAttr

The value to set as memberOfAllBackends

The value to set as memberOfSkipNested

The value to set as memberOfEntryScope

The value to set as memberOfEntryScopeExcludeSubtree

The value to set as memberOfAutoAddOC

The value to set as nsslapd-pluginConfigArea

usage: dsconf instance plugin memberof config-entry [-h]
{add,edit,show,delete} ...

Sub-commands

Add the config entry
Edit the config entry
Display the config entry
Delete the config entry

usage: dsconf instance plugin memberof config-entry add [-h]
[--attr ATTR [ATTR ...]]
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE]
[--exclude EXCLUDE]
[--autoaddoc AUTOADDOC]
DN

The config entry full DN

The value to set as memberOfAttr

The value to set as memberOfGroupAttr

The value to set as memberOfAllBackends

The value to set as memberOfSkipNested

The value to set as memberOfEntryScope

The value to set as memberOfEntryScopeExcludeSubtree

The value to set as memberOfAutoAddOC

usage: dsconf instance plugin memberof config-entry edit [-h]
[--attr ATTR [ATTR ...]]
[--groupattr GROUPATTR [GROUPATTR ...]]
[--allbackends {on,off}]
[--skipnested {on,off}]
[--scope SCOPE]
[--exclude EXCLUDE]
[--autoaddoc AUTOADDOC]
DN

The config entry full DN

The value to set as memberOfAttr

The value to set as memberOfGroupAttr

The value to set as memberOfAllBackends

The value to set as memberOfSkipNested

The value to set as memberOfEntryScope

The value to set as memberOfEntryScopeExcludeSubtree

The value to set as memberOfAutoAddOC

usage: dsconf instance plugin memberof config-entry show [-h] DN

The config entry full DN

usage: dsconf instance plugin memberof config-entry delete [-h] DN

The config entry full DN

usage: dsconf instance plugin memberof fixup [-h] [-f FILTER] DN

base DN that contains entries to fix up

Filter for entries to fix up. If omitted, all entries with objectclass
inetuser/inetadmin/nsmemberof under the specified base will have their
memberOf attribute regenerated.

usage: dsconf instance plugin automember [-h]
{show,enable,disable,status,create,list,edit,remove}
...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status
Create automember definition.
List automember definition.
Edit automember definition.
Remove automember definition.

usage: dsconf instance plugin automember show [-h]

usage: dsconf instance plugin automember enable [-h]

usage: dsconf instance plugin automember disable [-h]

usage: dsconf instance plugin automember status [-h]

usage: dsconf instance plugin automember create [-h] [--groupattr GROUPATTR]
--defaultgroup DEFAULTGROUP
--scope SCOPE
[--filter FILTER]
name

Set cn for group entry.

Set member attribute in group entry.

Set default group to add member to.

Set automember scope.

Set automember filter.

usage: dsconf instance plugin automember list [-h] [--name NAME]

Set cn for group entry. If not specified show all automember definitions.

usage: dsconf instance plugin automember edit [-h] [--groupattr GROUPATTR]
[--defaultgroup DEFAULTGROUP]
[--scope SCOPE]
[--filter FILTER]
name

Set cn for group entry.

Set member attribute in group entry.

Set default group to add member to.

Set automember scope.

Set automember filter.

usage: dsconf instance plugin automember remove [-h] name

Set cn for group entry.

usage: dsconf instance plugin referint [-h]
{show,enable,disable,status,delay,attrs,scope,exclude,container}
...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status
get or set update delay
get or manage membership attributes
get or manage referint scope
get or manage referint exclude scope
get or manage referint container scope

usage: dsconf instance plugin referint show [-h]

usage: dsconf instance plugin referint enable [-h]

usage: dsconf instance plugin referint disable [-h]

usage: dsconf instance plugin referint status [-h]

usage: dsconf instance plugin referint delay [-h] [value]

The value to set as update delay

usage: dsconf instance plugin referint attrs [-h] {add,del} ...

Sub-commands

add membership attribute
remove membership attribute

usage: dsconf instance plugin referint attrs add [-h] value

membership attribute to add

usage: dsconf instance plugin referint attrs del [-h] value

membership attribute to remove

usage: dsconf instance plugin referint scope [-h] {add,del,delall} ...

Sub-commands

add entry scope value
remove entry scope value
remove all entry scope values

usage: dsconf instance plugin referint scope add [-h] value

The value to add in referint entry scope

usage: dsconf instance plugin referint scope del [-h] value

The value to remove from entry scope

usage: dsconf instance plugin referint scope delall [-h]

usage: dsconf instance plugin referint exclude [-h] {add,del,delall} ...

Sub-commands

add exclude scope value
remove exclude scope value
remove all exclude scope values

usage: dsconf instance plugin referint exclude add [-h] value

The value to add in exclude scope

usage: dsconf instance plugin referint exclude del [-h] value

The value to remove from exclude scope

usage: dsconf instance plugin referint exclude delall [-h]

usage: dsconf instance plugin referint container [-h] {add,del,delall} ...

Sub-commands

add container scope value
remove container scope value
remove all container scope values

usage: dsconf instance plugin referint container add [-h] value

The value to add in container scope

usage: dsconf instance plugin referint container del [-h] value

The value to remove from container scope

usage: dsconf instance plugin referint container delall [-h]

usage: dsconf instance plugin rootdn [-h]
{show,enable,disable,status,time,ip,host,day}
...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status
get or set rootdn open and close times
get or set ip access policy
get or set host access policy
get or set days access policy

usage: dsconf instance plugin rootdn show [-h]

usage: dsconf instance plugin rootdn enable [-h]

usage: dsconf instance plugin rootdn disable [-h]

usage: dsconf instance plugin rootdn status [-h]

usage: dsconf instance plugin rootdn time [-h] {open,close,clear} ...

Sub-commands

set open time value
set close time value
reset time-based access policy

usage: dsconf instance plugin rootdn time open [-h] value

Value to set as open time

usage: dsconf instance plugin rootdn time close [-h] value

Value to set as close time

usage: dsconf instance plugin rootdn time clear [-h]

usage: dsconf instance plugin rootdn ip [-h] {allow,deny,clear} ...

Sub-commands

allow IP addr or IP addr range
deny IP addr or IP addr range
reset IP-based access policy

usage: dsconf instance plugin rootdn ip allow [-h] value

IP addr or IP addr range

usage: dsconf instance plugin rootdn ip deny [-h] value

IP addr or IP addr range

usage: dsconf instance plugin rootdn ip clear [-h]

usage: dsconf instance plugin rootdn host [-h] {allow,deny,clear} ...

Sub-commands

allow host address
deny host address
reset host-based access policy

usage: dsconf instance plugin rootdn host allow [-h] value

host address

usage: dsconf instance plugin rootdn host deny [-h] value

host address

usage: dsconf instance plugin rootdn host clear [-h]

usage: dsconf instance plugin rootdn day [-h] {allow,deny,clear} ...

Sub-commands

allow day of the week
deny day of the week
reset day-based access policy

usage: dsconf instance plugin rootdn day allow [-h] value

day of the week

usage: dsconf instance plugin rootdn day deny [-h] value

day of the week

usage: dsconf instance plugin rootdn day clear [-h]

usage: dsconf instance plugin usn [-h]
{show,enable,disable,status,global,cleanup}
...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status
get or manage global usn mode
run the USN tombstone cleanup task

usage: dsconf instance plugin usn show [-h]

usage: dsconf instance plugin usn enable [-h]

usage: dsconf instance plugin usn disable [-h]

usage: dsconf instance plugin usn status [-h]

usage: dsconf instance plugin usn global [-h] {on,off} ...

Sub-commands

enable usn global mode
disable usn global mode

usage: dsconf instance plugin usn global on [-h]

usage: dsconf instance plugin usn global off [-h]

usage: dsconf instance plugin usn cleanup [-h] (-s SUFFIX | -n BACKEND)
[-m MAXUSN]

suffix where USN tombstone entries are cleaned up

backend instance in which USN tombstone entries are cleaned up (alternative to
suffix)

USN tombstone entries are deleted up to the entry with maxusn

usage: dsconf instance plugin accountpolicy [-h]
{show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin accountpolicy show [-h]

usage: dsconf instance plugin accountpolicy enable [-h]

usage: dsconf instance plugin accountpolicy disable [-h]

usage: dsconf instance plugin accountpolicy status [-h]

usage: dsconf instance plugin attruniq [-h] {show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin attruniq show [-h]

usage: dsconf instance plugin attruniq enable [-h]

usage: dsconf instance plugin attruniq disable [-h]

usage: dsconf instance plugin attruniq status [-h]

usage: dsconf instance plugin dna [-h] {show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin dna show [-h]

usage: dsconf instance plugin dna enable [-h]

usage: dsconf instance plugin dna disable [-h]

usage: dsconf instance plugin dna status [-h]

usage: dsconf instance plugin linkedattr [-h] {show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin linkedattr show [-h]

usage: dsconf instance plugin linkedattr enable [-h]

usage: dsconf instance plugin linkedattr disable [-h]

usage: dsconf instance plugin linkedattr status [-h]

usage: dsconf instance plugin managedentries [-h]
{show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin managedentries show [-h]

usage: dsconf instance plugin managedentries enable [-h]

usage: dsconf instance plugin managedentries disable [-h]

usage: dsconf instance plugin managedentries status [-h]

usage: dsconf instance plugin passthroughauth [-h]
{show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin passthroughauth show [-h]

usage: dsconf instance plugin passthroughauth enable [-h]

usage: dsconf instance plugin passthroughauth disable [-h]

usage: dsconf instance plugin passthroughauth status [-h]

usage: dsconf instance plugin retrochangelog [-h]
{show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin retrochangelog show [-h]

usage: dsconf instance plugin retrochangelog enable [-h]

usage: dsconf instance plugin retrochangelog disable [-h]

usage: dsconf instance plugin retrochangelog status [-h]

usage: dsconf instance plugin whoami [-h] {show,enable,disable,status} ...

Sub-commands

display plugin configuration
enable plugin
disable plugin
display plugin status

usage: dsconf instance plugin whoami show [-h]

usage: dsconf instance plugin whoami enable [-h]

usage: dsconf instance plugin whoami disable [-h]

usage: dsconf instance plugin whoami status [-h]

usage: dsconf instance plugin list [-h]

usage: dsconf instance plugin get [-h] [selector]

The plugin to search for

usage: dsconf instance plugin edit [-h] [--type TYPE] [--enabled {on,off}]
[--path PATH] [--initfunc INITFUNC]
[--id ID] [--vendor VENDOR]
[--version VERSION]
[--description DESCRIPTION]
[--depends-on-type DEPENDS_ON_TYPE]
[--depends-on-named DEPENDS_ON_NAMED]
[selector]

The plugin to edit

The type of plugin.

Identifies whether or not the plugin is enabled.

The plugin library name (without the library suffix).

An initialization function of the plugin.

The plugin ID.

The vendor of plugin.

The version of plugin.

The description of the plugin.

All plug-ins with a type value which matches one of the values in the
following valid range will be started by the server prior to this plug-in.

The plug-in name matching one of the following values will be started by the
server prior to this plug-in

usage: dsconf instance pwpolicy [-h] {get,set} ...

Sub-commands

Get the global password policy entry
Set an attribute in a global password policy

usage: dsconf instance pwpolicy get [-h]

usage: dsconf instance pwpolicy set [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
[--pwdlocal PWDLOCAL]
[--pwdisglobal PWDISGLOBAL]
[--pwdallowhash PWDALLOWHASH]

The password storage scheme

Allow users to change their passwords

User must change their passwrod after it is reset by an Administrator

To enable password history set this to "on", otherwise "off"

The number of password to keep in history

The DN of an entry or a group of account that can bypass password policy
constraints

Set to "on" to track the time the password was last changed

Send an expiring warning if password expires within this time (in seconds)

Set to "on" to enable password expiration

The password expiration time in seconds

The number of seconds that must pass before a user can change their password

The number of allowed logins after the password has expired

Set to "on" to always send the expiring control regardless of the warning
period

Set to "on" to enable account lockout

Set to "on" to allow an account to become unlocked after the lockout duration

The number of seconds an account stays locked out

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

The number of secondsto wait before reducingthe failed login count on an
account

Set to "on" to Enable password syntax checking

The minimum number of characters required in a password

The minimum number of digit/number characters in a password

The minimum number of alpha characters required in a password

The minimum number of uppercase characters required in a password

The minimum number of lowercase characters required in a password

The minimum number of special characters required in a password

The minimum number of 8-bit characters required in a password

The maximum number of times the same character can appear sequentially in the
password

Set to "on" to reject passwords that are palindromes

The maximum number of allowed monotonic character sequences in a password

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

The maximum number of sequential characters from the same character class that
is allowed in a password

The minimum number of syntax catagory checks

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

A space-separated list of words that can not be in a password

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

Set to "on" to enfore CrackLib dictionary checking

Filesystem path to specific/custom CrackLib dictionary files

Set to "on" to enable fine-grained (subtree/user-level) password policies

Set to "on" to enable password policy state attributesto be replicated

Set to "on" to allow adding prehashed passwords

usage: dsconf instance localpwp [-h]
{list,get,set,remove,adduser,addsubtree} ...

Sub-commands

List all the local password policies
Get local password policy entry
Set an attribute in a local password policy
Remove a local password policy
Add new user password policy
Add new subtree password policy

usage: dsconf instance localpwp list [-h] DN

Suffix to search for local password policies

usage: dsconf instance localpwp get [-h] DN

Get the local policy for this entry DN

usage: dsconf instance localpwp set [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
DN

Set the local policy for this entry DN

The password storage scheme

Allow users to change their passwords

User must change their passwrod after it is reset by an Administrator

To enable password history set this to "on", otherwise "off"

The number of password to keep in history

The DN of an entry or a group of account that can bypass password policy
constraints

Set to "on" to track the time the password was last changed

Send an expiring warning if password expires within this time (in seconds)

Set to "on" to enable password expiration

The password expiration time in seconds

The number of seconds that must pass before a user can change their password

The number of allowed logins after the password has expired

Set to "on" to always send the expiring control regardless of the warning
period

Set to "on" to enable account lockout

Set to "on" to allow an account to become unlocked after the lockout duration

The number of seconds an account stays locked out

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

The number of secondsto wait before reducingthe failed login count on an
account

Set to "on" to Enable password syntax checking

The minimum number of characters required in a password

The minimum number of digit/number characters in a password

The minimum number of alpha characters required in a password

The minimum number of uppercase characters required in a password

The minimum number of lowercase characters required in a password

The minimum number of special characters required in a password

The minimum number of 8-bit characters required in a password

The maximum number of times the same character can appear sequentially in the
password

Set to "on" to reject passwords that are palindromes

The maximum number of allowed monotonic character sequences in a password

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

The maximum number of sequential characters from the same character class that
is allowed in a password

The minimum number of syntax catagory checks

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

A space-separated list of words that can not be in a password

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

Set to "on" to enfore CrackLib dictionary checking

Filesystem path to specific/custom CrackLib dictionary files

usage: dsconf instance localpwp remove [-h] DN

Remove local policy for this entry DN

usage: dsconf instance localpwp adduser [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
DN

Add/replace the local password policy for this entry DN

The password storage scheme

Allow users to change their passwords

User must change their passwrod after it is reset by an Administrator

To enable password history set this to "on", otherwise "off"

The number of password to keep in history

The DN of an entry or a group of account that can bypass password policy
constraints

Set to "on" to track the time the password was last changed

Send an expiring warning if password expires within this time (in seconds)

Set to "on" to enable password expiration

The password expiration time in seconds

The number of seconds that must pass before a user can change their password

The number of allowed logins after the password has expired

Set to "on" to always send the expiring control regardless of the warning
period

Set to "on" to enable account lockout

Set to "on" to allow an account to become unlocked after the lockout duration

The number of seconds an account stays locked out

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

The number of secondsto wait before reducingthe failed login count on an
account

Set to "on" to Enable password syntax checking

The minimum number of characters required in a password

The minimum number of digit/number characters in a password

The minimum number of alpha characters required in a password

The minimum number of uppercase characters required in a password

The minimum number of lowercase characters required in a password

The minimum number of special characters required in a password

The minimum number of 8-bit characters required in a password

The maximum number of times the same character can appear sequentially in the
password

Set to "on" to reject passwords that are palindromes

The maximum number of allowed monotonic character sequences in a password

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

The maximum number of sequential characters from the same character class that
is allowed in a password

The minimum number of syntax catagory checks

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

A space-separated list of words that can not be in a password

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

Set to "on" to enfore CrackLib dictionary checking

Filesystem path to specific/custom CrackLib dictionary files

usage: dsconf instance localpwp addsubtree [-h] [--pwdscheme PWDSCHEME]
[--pwdchange PWDCHANGE]
[--pwdmustchange PWDMUSTCHANGE]
[--pwdhistory PWDHISTORY]
[--pwdhistorycount PWDHISTORYCOUNT]
[--pwdadmin PWDADMIN]
[--pwdtrack PWDTRACK]
[--pwdwarning PWDWARNING]
[--pwdexpire PWDEXPIRE]
[--pwdmaxage PWDMAXAGE]
[--pwdminage PWDMINAGE]
[--pwdgracelimit PWDGRACELIMIT]
[--pwdsendexpiring PWDSENDEXPIRING]
[--pwdlockout PWDLOCKOUT]
[--pwdunlock PWDUNLOCK]
[--pwdlockoutduration PWDLOCKOUTDURATION]
[--pwdmaxfailures PWDMAXFAILURES]
[--pwdresetfailcount PWDRESETFAILCOUNT]
[--pwdchecksyntax PWDCHECKSYNTAX]
[--pwdminlen PWDMINLEN]
[--pwdmindigits PWDMINDIGITS]
[--pwdminalphas PWDMINALPHAS]
[--pwdminuppers PWDMINUPPERS]
[--pwdminlowers PWDMINLOWERS]
[--pwdminspecials PWDMINSPECIALS]
[--pwdmin8bits PWDMIN8BITS]
[--pwdmaxrepeats PWDMAXREPEATS]
[--pwdpalindrome PWDPALINDROME]
[--pwdmaxseq PWDMAXSEQ]
[--pwdmaxseqsets PWDMAXSEQSETS]
[--pwdmaxclasschars PWDMAXCLASSCHARS]
[--pwdmincatagories PWDMINCATAGORIES]
[--pwdmintokenlen PWDMINTOKENLEN]
[--pwdbadwords PWDBADWORDS]
[--pwduserattrs PWDUSERATTRS]
[--pwddictcheck PWDDICTCHECK]
[--pwddictpath PWDDICTPATH]
DN

Add/replace the subtree policy for this entry DN

The password storage scheme

Allow users to change their passwords

User must change their passwrod after it is reset by an Administrator

To enable password history set this to "on", otherwise "off"

The number of password to keep in history

The DN of an entry or a group of account that can bypass password policy
constraints

Set to "on" to track the time the password was last changed

Send an expiring warning if password expires within this time (in seconds)

Set to "on" to enable password expiration

The password expiration time in seconds

The number of seconds that must pass before a user can change their password

The number of allowed logins after the password has expired

Set to "on" to always send the expiring control regardless of the warning
period

Set to "on" to enable account lockout

Set to "on" to allow an account to become unlocked after the lockout duration

The number of seconds an account stays locked out

The maximum number of allowed failed password attempts beforet the acocunt
gets locked

The number of secondsto wait before reducingthe failed login count on an
account

Set to "on" to Enable password syntax checking

The minimum number of characters required in a password

The minimum number of digit/number characters in a password

The minimum number of alpha characters required in a password

The minimum number of uppercase characters required in a password

The minimum number of lowercase characters required in a password

The minimum number of special characters required in a password

The minimum number of 8-bit characters required in a password

The maximum number of times the same character can appear sequentially in the
password

Set to "on" to reject passwords that are palindromes

The maximum number of allowed monotonic character sequences in a password

The maximum number of allowed monotonic character sequences that can be
duplicated in a password

The maximum number of sequential characters from the same character class that
is allowed in a password

The minimum number of syntax catagory checks

Sets the smallest attribute value length that is used for trivial/user words
checking. This also impacts "--pwduserattrs"

A space-separated list of words that can not be in a password

A space-separated list of attributes whose values can not appear in the
password (See "--pwdmintokenlen")

Set to "on" to enfore CrackLib dictionary checking

Filesystem path to specific/custom CrackLib dictionary files

usage: dsconf instance replication [-h]
{enable,disable,list,promote,create-manager,delete-manager,demote,get,create-changelog,delete-changelog,set-changelog,get-changelog,set}
...

Sub-commands

Enable replication for a suffix
Disable replication for a suffix
List all the replicated suffixes
Promte replica to a Hub or Master
Create a replication manager entry
Delete a replication manager entry
Demote replica to a Hub or Consumer
Get replication configuration
Create the replication changelog
Delete the replication changelog. This will invalidate any existing replication agreements
Set replication changelog attributes.
Display replication changelog attributes.
Set an attribute in the replication configuration

usage: dsconf instance replication enable [-h] --suffix SUFFIX --role ROLE
[--replica-id REPLICA_ID]
[--bind-group-dn BIND_GROUP_DN]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]

The DN of the suffix to be enabled for replication

The Replication role: "master", "hub", or "consumer"

The replication identifier for a "master". Values range from 1 - 65534

A group entry DN containing members that are "bind/supplier" DNs

The Bind or Supplier DN that can make replication updates

Password for replication manager(--bind-dn). This will create the manager
entry if a value is set

usage: dsconf instance replication disable [-h] --suffix SUFFIX

The DN of the suffix to have replication disabled

usage: dsconf instance replication list [-h]

usage: dsconf instance replication promote [-h] --suffix SUFFIX --newrole
NEWROLE [--replica-id REPLICA_ID]
[--bind-group-dn BIND_GROUP_DN]
[--bind-dn BIND_DN]

The DN of the replication suffix to promote

Promote this replica to a "hub" or "master"

The replication identifier for a "master". Values range from 1 - 65534

A group entry DN containing members that are "bind/supplier" DNs

The Bind or Supplier DN that can make replication updates

usage: dsconf instance replication create-manager [-h] [--name NAME]
[--passwd PASSWD]
[--suffix SUFFIX]

The NAME of the new replication manager entry. For example, if the NAME is
"replication manager" then the new manager entry's DN would be "cn=replication
manager,cn=config".

Password for replication manager. If not provided, you will be prompted for
the password

The DN of the replication suffix whose replication configuration you want to
add this new manager to (OPTIONAL)

usage: dsconf instance replication delete-manager [-h] [--name NAME]
[--suffix SUFFIX]

The NAME of the replication manager entry under cn=config: "cn=NAME,cn=config"

The DN of the replication suffix whose replication configuration you want to
remove this manager from (OPTIONAL)

usage: dsconf instance replication demote [-h] --suffix SUFFIX --newrole
NEWROLE

Promte this replica to a "hub" or "consumer"

The Replication role: "hub", or "consumer"

usage: dsconf instance replication get [-h] --suffix SUFFIX

Get the replication configuration for this suffix DN

usage: dsconf instance replication create-changelog [-h]

usage: dsconf instance replication delete-changelog [-h]

usage: dsconf instance replication set-changelog [-h] [--cl-dir CL_DIR]
[--max-entries MAX_ENTRIES]
[--max-age MAX_AGE]
[--compact-interval COMPACT_INTERVAL]
[--trim-interval TRIM_INTERVAL]

The replication changelog location on the filesystem

The maximum number of entries to get in the replication changelog

The maximum age of a replication changelog entry

The replication changelog compaction interval

The interval to check if the replication changelog can be trimmed

usage: dsconf instance replication get-changelog [-h]

usage: dsconf instance replication set [-h] --suffix SUFFIX
[--replica-id REPLICA_ID]
[--replica-role REPLICA_ROLE]
[--repl-add-bind-dn REPL_ADD_BIND_DN]
[--repl-del-bind-dn REPL_DEL_BIND_DN]
[--repl-add-ref REPL_ADD_REF]
[--repl-del-ref REPL_DEL_REF]
[--repl-purge-delay REPL_PURGE_DELAY]
[--repl-tombstone-purge-interval REPL_TOMBSTONE_PURGE_INTERVAL]
[--repl-fast-tombstone-purging REPL_FAST_TOMBSTONE_PURGING]
[--repl-bind-group REPL_BIND_GROUP]
[--repl-bind-group-interval REPL_BIND_GROUP_INTERVAL]
[--repl-protocol-timeout REPL_PROTOCOL_TIMEOUT]
[--repl-backoff-max REPL_BACKOFF_MAX]
[--repl-backoff-min REPL_BACKOFF_MIN]
[--repl-release-timeout REPL_RELEASE_TIMEOUT]

The DN of the replication suffix

The Replication Identifier number

The Replication role: master, hub, or consumer

Add a bind (supplier) DN

Remove a bind (supplier) DN

Add a replication referral (for consumers only)

Remove a replication referral (for conusmers only)

The replication purge delay

The interval in seconds to check for tombstones that can be purged

Set to "on" to improve tombstone purging performance

A group entry DN containing members that are "bind/supplier" DNs

An interval in seconds to check if the bind group has been updated

A timeout in seconds on how long to wait before stopping replication when the
server is under load

The maximum time in seconds a replication agreement should stay in a backoff
state while waiting to acquire the consumer. Default is 300 seconds

The starting time in seconds a replication agreement should stay in a backoff
state while waiting to acquire the consumer. Default is 3 seconds

A timeout in seconds a replication master should send updates before it yields
its replication session

usage: dsconf instance repl-agmt [-h]
{list,enable,disable,init,init-status,poke,status,delete,create,set,get}
...

Sub-commands

List all the replication agreements
Enable replication agreement
Disable replication agreement
Initialize replication agreement
Check the agreement initialization status
Trigger replication to send updates now
Get the current status of the replication agreement
Delete replication agreement
Initialize replication agreement
Set an attribute in the replication agreement
Get replication configuration

usage: dsconf instance repl-agmt list [-h] --suffix SUFFIX [--entry ENTRY]

The DN of the suffix to look up replication agreements

Return the entire entry for each agreement

usage: dsconf instance repl-agmt enable [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-agmt disable [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-agmt init [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-agmt init-status [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-agmt poke [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-agmt status [-h] --suffix SUFFIX
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

Set the DN to bind to the consumer

The password for the bind DN

usage: dsconf instance repl-agmt delete [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-agmt create [-h] --suffix SUFFIX --host HOST
--port PORT --conn-protocol
CONN_PROTOCOL [--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
--bind-method BIND_METHOD
[--frac-list FRAC_LIST]
[--frac-list-total FRAC_LIST_TOTAL]
[--strip-list STRIP_LIST]
[--schedule SCHEDULE]
[--conn-timeout CONN_TIMEOUT]
[--protocol-timeout PROTOCOL_TIMEOUT]
[--wait-async-results WAIT_ASYNC_RESULTS]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flow-control-window FLOW_CONTROL_WINDOW]
[--flow-control-pause FLOW_CONTROL_PAUSE]
[--init]
AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

The hostname of the remote replica

The port number of the remote replica

The replication connection protocol: LDAP, LDAPS, or StartTLS

The Bind DN the agreement uses to authenticate to the replica

The credentials for the Bind DN

The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI"

List of attributes to NOT replicate to the consumer during incremental updates

List of attributes to NOT replicate during a total initialization

A list of attributes that are removed from updates only if the event would
otherwise be empty. Typically this is set to "modifiersname" and
"modifytimestmap"

Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday -
Saturday).

The timeout used for replicaton connections

A timeout in seconds on how long to wait before stopping replication when the
server is under load

The amount of time in milliseconds the server waits if the consumer is not
ready before resending data

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

The amount of time in seconds a supplier should wait between update sessions.

Sets the maximum number of entries and updates sent by a supplier, which are
not acknowledged by the consumer.

The time in milliseconds to pause after reaching the number of entries and
updates set in "--flow-control-window"

Initialize the agreement after creating it.

usage: dsconf instance repl-agmt set [-h] --suffix SUFFIX [--host HOST]
[--port PORT]
[--conn-protocol CONN_PROTOCOL]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--bind-method BIND_METHOD]
[--frac-list FRAC_LIST]
[--frac-list-total FRAC_LIST_TOTAL]
[--strip-list STRIP_LIST]
[--schedule SCHEDULE]
[--conn-timeout CONN_TIMEOUT]
[--protocol-timeout PROTOCOL_TIMEOUT]
[--wait-async-results WAIT_ASYNC_RESULTS]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--flow-control-window FLOW_CONTROL_WINDOW]
[--flow-control-pause FLOW_CONTROL_PAUSE]
AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

The hostname of the remote replica

The port number of the remote replica

The replication connection protocol: LDAP, LDAPS, or StartTLS

The Bind DN the agreement uses to authenticate to the replica

The credentials for the Bind DN

The bind method: "SIMPLE", "SSLCLIENTAUTH", "SASL/DIGEST", or "SASL/GSSAPI"

List of attributes to NOT replicate to the consumer during incremental updates

List of attributes to NOT replicate during a total initialization

A list of attributes that are removed from updates only if the event would
otherwise be empty. Typically this is set to "modifiersname" and
"modifytimestmap"

Sets the replication update schedule: 'HHMM-HHMM DDDDDDD' D = 0-6 (Sunday -
Saturday).

The timeout used for replicaton connections

A timeout in seconds on how long to wait before stopping replication when the
server is under load

The amount of time in milliseconds the server waits if the consumer is not
ready before resending data

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

The amount of time in seconds a supplier should wait between update sessions.

Sets the maximum number of entries and updates sent by a supplier, which are
not acknowledged by the consumer.

The time in milliseconds to pause after reaching the number of entries and
updates set in "--flow-control-window"

usage: dsconf instance repl-agmt get [-h] --suffix SUFFIX AGMT_NAME

Get the replication configuration for this suffix DN

The DN of the replication suffix

usage: dsconf instance repl-winsync-agmt [-h]
{list,enable,disable,init,init-status,poke,status,delete,create,set,get}
...

Sub-commands

List all the replication winsync agreements
Enable replication winsync agreement
Disable replication winsync agreement
Initialize replication winsync agreement
Check the agreement initialization status
Trigger replication to send updates now
Get the current status of the replication agreement
Delete replication winsync agreement
Initialize replication winsync agreement
Set an attribute in the replication winsync agreement
Get replication configuration

usage: dsconf instance repl-winsync-agmt list [-h] --suffix SUFFIX

The DN of the suffix to look up replication winsync agreements

usage: dsconf instance repl-winsync-agmt enable [-h] --suffix SUFFIX AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

usage: dsconf instance repl-winsync-agmt disable [-h] --suffix SUFFIX
AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

usage: dsconf instance repl-winsync-agmt init [-h] --suffix SUFFIX AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

usage: dsconf instance repl-winsync-agmt init-status [-h] --suffix SUFFIX
AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-winsync-agmt poke [-h] --suffix SUFFIX AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

usage: dsconf instance repl-winsync-agmt status [-h] --suffix SUFFIX AGMT_NAME

The name of the replication agreement

The DN of the replication suffix

usage: dsconf instance repl-winsync-agmt delete [-h] --suffix SUFFIX AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

usage: dsconf instance repl-winsync-agmt create [-h] --suffix SUFFIX --host
HOST --port PORT
--conn-protocol CONN_PROTOCOL
--bind-dn BIND_DN
--bind-passwd BIND_PASSWD
[--frac-list FRAC_LIST]
[--schedule SCHEDULE]
--win-subtree WIN_SUBTREE
--ds-subtree DS_SUBTREE
--win-domain WIN_DOMAIN
[--sync-users SYNC_USERS]
[--sync-groups SYNC_GROUPS]
[--sync-interval SYNC_INTERVAL]
[--one-way-sync ONE_WAY_SYNC]
[--move-action MOVE_ACTION]
[--win-filter WIN_FILTER]
[--ds-filter DS_FILTER]
[--subtree-pair SUBTREE_PAIR]
[--conn-timeout CONN_TIMEOUT]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
[--init]
AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

The hostname of the AD server

The port number of the AD server

The replication winsync connection protocol: LDAP, LDAPS, or StartTLS

The Bind DN the agreement uses to authenticate to the AD Server

The credentials for the Bind DN

List of attributes to NOT replicate to the consumer during incremental updates

Sets the replication update schedule

The suffix of the AD Server

The Directory Server suffix

The AD Domain

Synchronize Users between AD and DS

Synchronize Groups between AD and DS

The interval that DS checks AD for changes in entries

Sets which direction to perform synchronization: "toWindows", "fromWindows",
"both"

Sets instructions on how to handle moved or deleted entries: "none", "unsync",
or "delete"

Custom filter for finding users in AD Server

Custom filter for finding AD users in DS Server

Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>

The timeout used for replicaton connections

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

The amount of time in seconds a supplier should wait between update sessions.

Initialize the agreement after creating it.

usage: dsconf instance repl-winsync-agmt set [-h] [--suffix SUFFIX]
[--host HOST] [--port PORT]
[--conn-protocol CONN_PROTOCOL]
[--bind-dn BIND_DN]
[--bind-passwd BIND_PASSWD]
[--frac-list FRAC_LIST]
[--schedule SCHEDULE]
[--win-subtree WIN_SUBTREE]
[--ds-subtree DS_SUBTREE]
[--win-domain WIN_DOMAIN]
[--sync-users SYNC_USERS]
[--sync-groups SYNC_GROUPS]
[--sync-interval SYNC_INTERVAL]
[--one-way-sync ONE_WAY_SYNC]
[--move-action MOVE_ACTION]
[--win-filter WIN_FILTER]
[--ds-filter DS_FILTER]
[--subtree-pair SUBTREE_PAIR]
[--conn-timeout CONN_TIMEOUT]
[--busy-wait-time BUSY_WAIT_TIME]
[--session-pause-time SESSION_PAUSE_TIME]
AGMT_NAME

The name of the replication winsync agreement

The DN of the replication winsync suffix

The hostname of the AD server

The port number of the AD server

The replication winsync connection protocol: LDAP, LDAPS, or StartTLS

The Bind DN the agreement uses to authenticate to the AD Server

The credentials for the Bind DN

List of attributes to NOT replicate to the consumer during incremental updates

Sets the replication update schedule

The suffix of the AD Server

The Directory Server suffix

The AD Domain

Synchronize Users between AD and DS

Synchronize Groups between AD and DS

The interval that DS checks AD for changes in entries

Sets which direction to perform synchronization: "toWindows", "fromWindows",
"both"

Sets instructions on how to handle moved or deleted entries: "none", "unsync",
or "delete"

Custom filter for finding users in AD Server

Custom filter for finding AD users in DS Server

Set the subtree pair: <DS_SUBTREE>:<WINDOWS_SUBTREE>

The timeout used for replicaton connections

The amount of time in seconds a supplier should wait after a consumer sends
back a busy response before making another attempt to acquire access.

The amount of time in seconds a supplier should wait between update sessions.

usage: dsconf instance repl-winsync-agmt get [-h] --suffix SUFFIX AGMT_NAME

Get the replication configuration for this suffix DN

The DN of the replication suffix

usage: dsconf instance repl-tasks [-h]
{cleanallruv,list-cleanallruv,abort-cleanallruv}
...

Sub-commands

Cleanup old/removed replica IDs
List all the running CleanAllRUV Tasks
Abort cleanallruv tasks

usage: dsconf instance repl-tasks cleanallruv [-h] --suffix SUFFIX
--replica-id REPLICA_ID
[--force-cleaning]

The Directory Server suffix

The replica ID to remove/clean

Ignore errors and do a best attempt to clean all the replicas

usage: dsconf instance repl-tasks list-cleanallruv [-h]

usage: dsconf instance repl-tasks abort-cleanallruv [-h] --suffix SUFFIX
--replica-id REPLICA_ID
[--certify]

The Directory Server suffix

The replica ID of the cleaning task to abort

Enforce that the abort task completed on all replicas

usage: dsconf instance sasl [-h] {list,get,create,delete} ...

Sub-commands

List avaliable SASL mappings
get
create
deletes the object

usage: dsconf instance sasl list [-h]

usage: dsconf instance sasl get [-h] [selector]

SASL mapping name to get

usage: dsconf instance sasl create [-h] [--cn [CN]]
[--nsSaslMapRegexString [NSSASLMAPREGEXSTRING]]
[--nsSaslMapBaseDNTemplate [NSSASLMAPBASEDNTEMPLATE]]
[--nsSaslMapFilterTemplate [NSSASLMAPFILTERTEMPLATE]]
[--nsSaslMapPriority [NSSASLMAPPRIORITY]]

Value of cn

Value of nsSaslMapRegexString

Value of nsSaslMapBaseDNTemplate

Value of nsSaslMapFilterTemplate

Value of nsSaslMapPriority

usage: dsconf instance sasl delete [-h] map_name

The SASL Mapping name ("cn" value)

usage: dsconf instance schema [-h]
{list,attributetypes,objectclasses,matchingrules,reload}
...

Sub-commands

List all schema objects on this system
Work with attribute types on this system
Work with objectClasses on this system
Work with matching rules on this system
Dynamically reload schema while server is running

usage: dsconf instance schema list [-h]

usage: dsconf instance schema attributetypes [-h]
{get_syntaxes,list,query,add,edit,remove}
...

Sub-commands

List all available attribute type syntaxes
List available attribute types on this system
Query an attribute to determine object classes that may or must take it
Add an attribute type to this system
Edit an attribute type on this system
Remove an attribute type on this system

usage: dsconf instance schema attributetypes get_syntaxes [-h]

usage: dsconf instance schema attributetypes list [-h]

usage: dsconf instance schema attributetypes query [-h] [name]

Attribute type to query

usage: dsconf instance schema attributetypes add [-h] [--oid OID]
[--desc DESC]
[--x-origin X_ORIGIN]
[--aliases ALIASES [ALIASES ...]]
[--single-value]
[--multi-value]
[--no-user-mod] [--user-mod]
[--equality EQUALITY]
[--substr SUBSTR]
[--ordering ORDERING]
[--usage USAGE]
[--sup SUP [SUP ...]]
--syntax SYNTAX
name

NAME of the object

OID assigned to the object

Description text(DESC) of the object

Provides information about where the attribute type is defined

Additional NAMEs of the object.

True if the matching rule must have only one valueOnly one of the flags this
or --multi-value should be specified

True if the matching rule may have multiple values (default)Only one of the
flags this or --single-value should be specified

True if the attribute is not modifiable by a client applicationOnly one of the
flags this or --user-mod should be specified

True if the attribute is modifiable by a client application (default)Only one
of the flags this or --no-user-mode should be specified

NAME or OID of the matching rule used for checkingwhether attribute values are
equal

NAME or OID of the matching rule used for checkingwhether an attribute value
contains another value

NAME or OID of the matching rule used for checkingwhether attribute values are
lesser - equal than

The flag indicates how the attribute type is to be used. Choose from the list:
userApplications (default), directoryOperation, distributedOperation,
dSAOperation

The list of NAMEs or OIDs of attribute typesthis attribute type is derived
from

OID of the LDAP syntax assigned to the attribute

usage: dsconf instance schema attributetypes edit [-h] [--oid OID]
[--desc DESC]
[--x-origin X_ORIGIN]
[--aliases ALIASES [ALIASES ...]]
[--single-value]
[--multi-value]
[--no-user-mod] [--user-mod]
[--equality EQUALITY]
[--substr SUBSTR]
[--ordering ORDERING]
[--usage USAGE]
[--sup SUP [SUP ...]]
[--syntax SYNTAX]
name

NAME of the object

OID assigned to the object

Description text(DESC) of the object

Provides information about where the attribute type is defined

Additional NAMEs of the object.

True if the matching rule must have only one valueOnly one of the flags this
or --multi-value should be specified

True if the matching rule may have multiple values (default)Only one of the
flags this or --single-value should be specified

True if the attribute is not modifiable by a client applicationOnly one of the
flags this or --user-mod should be specified

True if the attribute is modifiable by a client application (default)Only one
of the flags this or --no-user-mode should be specified

NAME or OID of the matching rule used for checkingwhether attribute values are
equal

NAME or OID of the matching rule used for checkingwhether an attribute value
contains another value

NAME or OID of the matching rule used for checkingwhether attribute values are
lesser - equal than

The flag indicates how the attribute type is to be used. Choose from the list:
userApplications (default), directoryOperation, distributedOperation,
dSAOperation

The list of NAMEs or OIDs of attribute typesthis attribute type is derived
from

OID of the LDAP syntax assigned to the attribute

usage: dsconf instance schema attributetypes remove [-h] name

NAME of the object

usage: dsconf instance schema objectclasses [-h]
{list,query,add,edit,remove} ...

Sub-commands

List available objectClasses on this system
Query an objectClass
Add an objectClass to this system
Edit an objectClass on this system
Remove an objectClass on this system

usage: dsconf instance schema objectclasses list [-h]

usage: dsconf instance schema objectclasses query [-h] [name]

ObjectClass to query

usage: dsconf instance schema objectclasses add [-h] [--oid OID] [--desc DESC]
[--x-origin X_ORIGIN]
[--must MUST [MUST ...]]
[--may MAY [MAY ...]]
[--kind KIND]
[--sup SUP [SUP ...]]
name

NAME of the object

OID assigned to the object

Description text(DESC) of the object

Provides information about where the attribute type is defined

NAMEs or OIDs of all attributes an entry of the object must have

NAMEs or OIDs of additional attributes an entry of the object may have

Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY

NAMEs or OIDs of object classes this object is derived from

usage: dsconf instance schema objectclasses edit [-h] [--oid OID]
[--desc DESC]
[--x-origin X_ORIGIN]
[--must MUST [MUST ...]]
[--may MAY [MAY ...]]
[--kind KIND]
[--sup SUP [SUP ...]]
name

NAME of the object

OID assigned to the object

Description text(DESC) of the object

Provides information about where the attribute type is defined

NAMEs or OIDs of all attributes an entry of the object must have

NAMEs or OIDs of additional attributes an entry of the object may have

Kind of an object. STRUCTURAL (default), ABSTRACT, AUXILIARY

NAMEs or OIDs of object classes this object is derived from

usage: dsconf instance schema objectclasses remove [-h] name

NAME of the object

usage: dsconf instance schema matchingrules [-h] {list,query} ...

Sub-commands

List available matching rules on this system
Query a matching rule

usage: dsconf instance schema matchingrules list [-h]

usage: dsconf instance schema matchingrules query [-h] [name]

Matching rule to query

usage: dsconf instance schema reload [-h] [-d SCHEMADIR] [--wait]

directory where schema files are located

Wait for the reload task to complete

Display verbose operation tracing during command execution

The account to bind as for executing operations

Password for binddn

Prompt for password for the bind DN

Specifies a file containing the password for the binddn

Basedn (root naming context) of the instance to manage

Connect with StartTLS

Return result in JSON object

lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.

The latest version of lib389 may be downloaded from http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html

Manual