directoryserver(1M)
NAME
directoryserver - front end for the Directory Server (DS)
SYNOPSIS
/usr/sbin/directoryserver { setup [-f configuration_file]
| uninstall}
/usr/sbin/directoryserver {start-admin | stop-admin |
restart-admin | startconsole}
/usr/sbin/directoryserver [{-s | -server} server-instance ]
{start | stop | restart}
/usr/sbin/directoryserver { -s |-server } server-instance {
monitor | saveconfig | restoreconfig | db2index-task |
ldif2db-task | ldif2db | ldif2ldap | vlvindex | db2ldif
| db2ldif-task | db2bak | db2bak-task | bak2db |
bak2db-task | suffix2instance | account-status | account-
activate | account-inactivate } {...}
/usr/sbin/directoryserver nativetoascii | admin_ip | ldif |
pwdhash | idsktune | mmldif | keyupg {...}
/usr/sbin/directoryserver { magt | sagt } {...}
/usr/sbin/directoryserver help [subcommand]
DESCRIPTION
The directoryserver command is a comprehensive, front end to
the utility programs provided by the Solaris Directory
Server (DS).
Options for the directoryserver command itself must appear
before the subcommand. Arguments for a subcommand must
appear after the subcommand. Subcommands have specific argu-
ments. See SUBCOMMANDS.
SUBCOMMANDS
The following subcommands are supported:
account-inactivate args
Inactivates and locks an entry or group of entries.
The account-inactivate subcommand supports the follow-
ing arguments:
[-D rootdn]
Directory Server userDN with root permissions,
such as Directory Manager.
[-h host]
Host name of Directory Server. The default value
is the full hostname of the machine where Direc-
tory Server is installed.
-I DN Entry DN or role DN to activate.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting.
This is considered insecure. Use with extreme
caution.
[-p port]
Directory Server port. The default value is the
LDAP port of Directory Server specified at ins-
tallation time.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value - can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
account-activate args
Activates an entry or group of entries.
The account-activate subcommand supports the following
arguments
-D rootdn
Directory Server userDN with root permissions,
such as Directory Manager.
-h host
Host name of Directory Server. The default value
is the full hostname of the machine where Direc-
tory Server is installed.
-I DN Entry DN or role DN to activate.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting.
This is considered insecure. Use with extreme
caution.
-p port
Directory Server port. The default value is the
LDAP port of Directory Server specified at ins-
tallation time.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value -can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
account-status args
Provides account status information to establish
whether an entry or group of entries is inactivated or
not.
The account-status subcommand supports the following
arguments:
-D rootdn
-h host
Host name of Directory Server. The default
value is the full hostname of the machine where
Directory Server is installed.
-I DN Entry DN or role DN whose status is required.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting.
This is considered insecure. Use with extreme
caution.
-p port
Directory Server port. The default value is the
LDAP port of Directory Server specified at ins-
tallation time.
-w password
Password associated with the rootDN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value -can be used in place of the password.
The program prompts the user for a password to
be entered from the terminal.
admin_ip args
Change the IP address of the the administrative server
in the configuration.
The admin_ip subcommand supports the following argu-
ments:
dir_mgr_DN
Directory Manager's DN.
dir_mgr_password
Directory Manager's password.
old_ip
Old IP.
new_ip
New IP.
port_#
Port number.
bak2db backup_directory
Restore the database from the most recent archived
backup.
Specify backup_directory as the backup directory.
bak2db-task args
Restore the data to the database.
The bak2db-task subcommand supports the following
arguments:
[-a directory]
Directory where the backup files are stored. By
default it is under /var/ds5/slapd-serverID/bak
-D rootDN
User DN with root permissions, such as Directory
Manager. The default is the DN of the directory
manager which is read from the nsslapd-root
attribute under cn=config.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting.
This is considered insecure. Use with extreme
caution.
[-t database_type]
Database type. The only possible database type
is ldbm.
[-v] Verbose mode.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value - can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
db2bak-task args
Back up the contents of the database. It creates an
entry in the directory that launches this dynamic
task. An entry is generated based upon the values pro-
vided for each option.
The db2bak-task subcommand supports the following
arguments:
[-a directory]
Directory where the backup files are stored. By
default it is under /var/ds5/slapd-serverID/bak.
The backup file is named according to the year-
month-day-hour format (YYYY_MM_DD_hhmmss).
-D rootDN
User DN with root permissions, such as Directory
Manager. The default is the DN of the directory
manager which is read from the nsslapd-root
attribute under cn=config.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting.
This is considered insecure. Use with extreme
caution.
-t database_type
Database type. The only possible database type
is ldbm.
[-v] Verbose mode.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value - can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
db2bak [backup_directory]
Create a backup of the current database contents. The
server must be stopped to run this subcommand.
The default is /var/ds5/slapd-serverID/bak. The backup
file is named according to the year-month-day-hour
format (YYYY_MM_DD_hhmmss).
db2index-text args
Create and generate the new set of indexes to be main-
tained following the modification of indexing entries
in the cn=config configuration file.
The db2index-text subcommand supports the following
arguments:
-D rootdn
User DN with root permissions, such as Directory
Manager.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting. This is
considered insecure. Use with extreme caution.
-n backend_instance
Instance to be indexed.
[-t attributeName]
Name of the attribute to be indexed. If omitted,
all indexes defined for that instance are gen-
erated.
[-v] Verbose mode.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value - can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
db2ldif-task args
Exports the contents of the database to LDIF. It
creates an entry in the directory that launches this
dynamic task. The entry is generated based upon the
values you provide for each option. To run this sub-
command the server must be running and either -n
backend_instance or -s include suffix is required.
The db2ldif-task subcommand supports the following
arguments:
[-a outputfile]
File name of the output LDIF file.
-C Only the main db file is used.
-D rootDN
User DN with root permissions, such as Directory
Manager.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting. This is
considered insecure.Use with extreme caution.
[-M] Output LDIF is stored in multiple files.
[-m] Minimal base 64 encoding.
{-n backend_instance}*
Instance to be exported.
[-N] Minimal base 64 encoding.
[-o] Output LDIF to be stored in one file by default
with each instance stored in instance_file name.
[-r] Export replica.
[-s]includesuffix}*
Suffix(es) to be included or to specify the
subtrees to be included if -n has been used.
[-u] Request that the unique ID is not exported.
[-U] Request that the output LDIF is not folded.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value - can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
{-x excludesuffix}*
Suffixes to be excluded.
[-1] Delete, for reasons of backward compatibility
the first line of the LDIF file that gives the
version of the LDIF standard.
db2ldif args
Export the contents of the database to LDIF. You must
specify either the -n or the -s option or both.
The db2ldif subcommand supports the following options:
[-a outputfile]
File name of the output LDIF file.
[-C] Only use the main db file.
[-m ] Minimal base64 encoding.
[-M ] Use of several files for storing the output LDIF
with each instance stored in instance_file name
(where file name is the file name specified for
-a option).
{-n baclemd_instance}*
Instance to be exported.
[-N] Specify that the entry IDs are not to be
included in the LDIF output. The entry IDs are
necessary only if the db2ldif output is to be
used as input to db2index-text.
[-r] Export replica.
{-s includesuffix}*
Suffixes to be included or to specify the sub-
trees to be included if -n has been used.
[{-x excludesuffix}]*
Suffixes to be excluded.
[-u] Request that the unique id is not exported.
[-U ] Request that the output LDIF is not folded.
[-1 ] Delete, for reasons of backward compatibility,
the first line of the LDIF file which gives the
version of the LDIF standard.
help [subcommand]
Display directoryserver usage message or subcommand
specific usage message.
idsktune args
Provide an easy and reliable way of checking the patch
levels and kernel parameter settings for your system.
You must install the Directory Server before you can
run idsktune. It gathers information about the operat-
ing system, kernel, and TCP stack to make tuning
recommendations.
The idsktune subcommand supports the following argu-
ments:
[-c] Client-specific tuning: the output only includes
tuning recommendations for running a directory
client application.
[-D] Debug mode: the output includes the commands it
runs internally, preceded by DEBUG heading.
[-i installdir]
The install directory.
[-q] Quiet mode. Output only includes tuning recom-
mendations. OS version statements are omitted.
[-v] Version. Gives the build date identifying the
version of the toll.
keyupg args
Upgrade the key from Lite to normal (only one way).
The keyupg subcommand supports the following argu-
ments:
-kkey The key to be upgraded.
-f key_file_path
The key file path.
ldif2db-task args
Import data to the directory. It create an entry in
the directory that launches this dynamic task. The
entry is generated based upon the values you provide
for each option. The server must be running when you
run this subcommand.
The ldif2sb-task subcommand supports the following
arguments:
[-c] Request that only the core db is created
without attribute indexes.
-D rootDN
User DN with root permissions, such as Directory
Manager.
[-g string]
Generation of a unique ID. Enter none for no
unique ID to be generated and deterministic for
the generated unique ID to be name-based. Gen-
erates a time based unique ID by default.
If you use the deterministic generation to have
a name-based unique ID, you can also specify the
namespace you want the server to use as follows:
-g deterministic namespace_id
where namespace_id is a string of characters in
the following format
00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx
Use this option if you want to import the same
LDIF file into two different directory servers,
and you want the contents of both directories to
have the same set of unique IDs. If unique IDs
already exist in the LDIF file you are import-
ing, then the existing IDs are imported to the
server regardless of the options you have speci-
fied.
[-G namespace_id ]
Generate a namespace ID as a name-based unique
ID. This is the same as specifying -g deter-
ministic.
{-i filename}*
File name of the input LDIF files. When you
import multiple files, they are imported in the
order in which you specify them on the command
line.
-j file
Password associated with the user DN. This
option allows the password to be stored in clear
text in the named file for scripting. This is
considered insecure. Use with extreme caution.
-n backend_instance
Instance to be imported.
[-O] Request that only the core db is created
without attribute indexes.
{-s includesuffix }*
Suffixes to be included. This argument can also
be used to specify the subtrees to be included
with -n.
-w password
Password associated with the user DN. Supplying
the password on the command line is visible
using the /bin/ps command. This is considered
insecure. Use with extreme caution.
The value - can be used in place the password.
The program prompts the user for a password to
be entered from the terminal.
[{-x excludesuffix }*]
[-v] Verbose mode.
ldif args
Format LDIF files, and create base 64 encoded attri-
bute values. With Base 64 Encoding you can represent
binary data, such as a JPEG image, in LDIF by using
base 64 encoding. You identify base 64 encoded data by
using the :: symbol. The ldifsubcommand takes any
input and formats it with the correct line continua-
tion and appropriate attribute information. The
subcommand also senses whether the input requires base
64 encoding.
The ldif subcommand supports the following arguments
[-b] Interpret the entire input as a single binary
value. If -b is not present, each line is con-
sidered to be a separate input value.
[attrtype]
If -b is specified, the output is attrtype::
<base 64 encoded value.
ldif2db args
Import the data to the directory. To run this subcom-
mand the server must be stopped. Note that ldif2db
supports LDIF version 1 specifications. You can load
an attribute using the URL specifier notation, for
example: jpegphoto:file:///tmp/myphoto.jpg
[-c] Merge chunk size.
[-g string]
Generation of a unique ID. Type none for no
unique ID to be generated and deterministic for
the generated unique ID to be name-based. By
default a time based unique ID is generated.
If you use the deterministic generation to have
a name-based unique ID, you can also specify the
namespace you want the server to use as follows:
-g deterministic namespace_id
where namespace_id is a string of characters in
the following format:
00-xxxxxxxx-xxxxxxxx-xxxxxxxx-xxxxxxxx
Use this option if you want to import the same
LDIF file into two different directory servers,
and you want the contents of both directories to
have the same set of unique IDs. If unique IDs
already exist in the LDIF file you are import-
ing, then the existing IDs are imported to the
server regardless of the options you have speci-
fied.
[-G naemspace_id]
Generate a namespace ID as a name-based unique
ID. This is the same as specifying the -g deter-
ministic option.
{- filename}*
File name of the input LDIF file(s). When you
import multiple files, they are imported in the
order in which you specify them on the command
line.
-n backend_instance
Instance to be imported.
[-O] Request that only the core db is created without
attribute indexes.
{-s includesuffix}*
Suffixes to be included or to specify the sub-
trees to be included if -n has been used.
[{-x excludesuffix}*]
Suffixes to be excluded
ldif2ldap rootDN password filename
Perform an import operation over LDAP to the Direc-
tory Server. To run this subcommand the server must be
running.
The ldif2ldap subcommand supports the following argu-
ments:
rootdn
User DN with root permissions, such as Directory
Manager.
password
Password associated with the user DN.
filename
File name of the file to be imported. When you
import multiple files, they are imported in the
order in which you specify them on the command
line.
magt CONFIG INIT
Start SNMP master agent. The Config and INIT files are
in /usr/iplanet/ds5/plugins/snmp/magt. For more infor-
mation, see the iPlanet Directory Server 5.1
Administrator's Guide.
The magt subcommand supports the following options:
CONFIG
The CONFIG file defines the community and the
manager that master agent works with. Specify
the manager value as a valid system name or an
IP address.
INIT The INIT file is a nonvolatile file that con-
tains information from the MIB-II system group,
including system location and contact informa-
tion. If INIT doesn't already exist, starting
the master agent for the first time creates it.
An invalid manager name in the CONFIG file
causes the master agent start-up to fail.
monitor
Retrieves performance monitoring information using the
ldapsearch command-line utility.
mmldif args
Combine multiple LDIF files into a single authorita-
tive set of entries. Typically each LDIF file is from
a master server cooperating in a multi master replica-
tion agreement.[e.g. masters that refuse to sync up
for whatever reason]. Optionally, it can generate LDIF
change files that could be applied to original to
bring it up to date with authoritative. At least two
input files must be specified.
The mmldif subcommand supports the following argu-
ments:
[-c inputfile ...]
Write a change file (.delta) for each input
file. Specify inputfile as the input LDIF files.
[-D] Print debugging information.
[-o out.ldif]
Write authoritative data to this file.
nativetoascii args
Convert one language encoding to another. For example,
convert a native language to UTF-8 format.
The nativetoascii subcommand supports the following
options:
-d Encodings Directory
Path to the directory which contains the conv
directory
[-i input_filename -o output_filename]
The input file name and output file name.
-l List supported encodings
-r Replace existing files.
-s suffix
Suffix to be mapped to the backend.
-s SourceEncoding
Source Encoding of input stream.
-t TargetEncoding
Target Encoding of output stream.
-v Verbose output.
pwdhash args
Print the encrypted form of a password using one of
the server's encryption algorithms. If a user cannot
log in, you can use this script to compare the user's
password to the password stored in the directory.
The pwdhash subcommand supports the following argu-
ments:
-c comparepwd | -s scheme
The available schemes are SSHA, SHA, CRYPT and
CLEARE. It generates the encrypted passwords
according to scheme's algorithm. The -c speci-
fies the encrypted password to be compared with.
The result of comparison is either OK or doesn't
match.
-D instance-dir
The instance directory.
[-H] The passwords are hex-encoded.
password ...
The clear passwords to generate encrypted form
from or to be compared with.
restart
Restarts the directory server.
When the -s option is not specified, restarts all
instances of servers. When the -s option is specified,
restarts the server specified by -s.
restart-admin
Restarts the administration server.
restoreconfig
Restores the most recently saved Administration Server
configuration information to the NetscapeRoot parti-
tion under /var/ds5/slapd-serverID/confbak.
sagt -c CONFIG
Start proxy SNMP agent. For more information, see the
iPlanet Directory Server 5.1 Administrator's Guide.
The sagt subcommand supports the following options:
-c configfile
The CONFIG file includes the port that the SNMP
daemon listens to. It also needs to include the
MIB trees and traps that the proxy SNMP agent
forwards. Edit the CONFIG file located in
/usr/iplanet/ds5/plugins/snmp/sagt.
saveconfig
Saves the administration server configuration infor-
mation to the /var/ds5/slapd-serverID/confbak direc-
tory.
setup [-f configuration_file]
Configures an instance of the directory server or
administration server. Creates a basic configuration
for the directory server and the administrative server
that is used to manage the directory.
The setup subcommand has two modes of operation. You
can invoke it with a curses-based interaction to
gather input. Alternatively, you can provide input in
a configuration file using the -f option.
The setup subcommand supports the following option:
-f configuration_file
Specifies the configuration file for silent installa-
tion.
start Starts the directory server. When the -s option is not
specified, starts servers of all instances. When the
-s option is specified, starts the server instance
specified by -s.
start-admin
Starts the directory server.
When the -s option is not specified, restarts all
instances of servers. When the -s option is specified,
restarts the server specified by -s.
startconsole
Starts the directory console..
stop Stops the directory server.
When the -s option is not specified, restarts all
instances of servers. When the -s option is specified,
restarts the server specified by -s.
stop-admin
Stop the administration server.
suffix2instance {-s suffix}
Map a suffix to a backend name.
Specify -s suffix as the suffix to be mapped to the
backend.
uninstall
Uninstalls the directory server and the administration
server.
This subcommand stops servers of all instances and
removes all the changes created by setup.
vlvindex args
Create virtual list view (VLV) indexes, known in the
Directory Server Console as Browsing Indexes. The
server must be stopped beforehand.
The vlvindex subcommand supports the following argu-
ments:
-d debug_level
Specify the debug level to use during index
creation. Debug levels are defined in nsslapd-
errorlog-level (error Log Level). See the
iPlanet Directory Server 5.1 Configuration, Com-
mand, and File Reference.
-n backend_instance
Name of the database containing the entries to
index.
-s suffix
Name of the suffix containing the entries to
index.
-T VLVTag
Name of the database containing the entries to
index.
OPTIONS
Options for the directoryserver command itself must appear
before the subcommand argument.
The following options are supported:
-s server-instance
-server server-instance
The server instance name. Specify the directory server
instance to process the command against. For some of
the listed subcommands the server instance is optional
and for other sub commands it is a required option.
EXAMPLES
Example 1: Starting All Instances of the Directory Servers
The following command starts all the instances of the direc-
tory servers:
example% directoryserver start
Example 2: Starting the Instances of myhost of the Directory
Server
The following command starts the instances myhost of the
directory server.
example% directoryserver -s myhost start
Example 3: Running the Monitor Tool and Outputting the
Current Status
The following command runs the monitor tool and output the
current status of the ephesus directory instance.
example% directoryserver -s ephesus monitor
Example 4: Running the idsktune Tool and Outputting Perfor-
mance Tuning Information
The following command runs the idsktune tool and outputs
performance tuning information:
example% directoryserver idsktune
EXIT STATUS
The following exit values are returned:
0 Successful completion.
non-zero
An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | IPLTdsr, IPLTdsu |
|_____________________________|_____________________________|
SEE ALSO
iPlanet Directory Server 5.1 Administrator's Guide
iPlanet Directory Server 5.1 Configuration, Command, and
File Reference
Man(1) output converted with
man2html