The Version 6 CLI: Help!

In The Version 6 CLI: Getting Started, I showed you the main command line Directory Server Enterprise Edition tools for creating and managing server instances. You saw that for Directory Server you have dsadm and dsconf. For Directory Proxy Server, dpadm and dpconf. You saw how to create a Directory Server instance on the command line, and how to import sample data into your new server.

The command line tools for both Directory Server and Directory Proxy Server are powerful, giving you the capability to configure almost every feature the servers offer. The trade off is that each command has a number of subcommands, and each server has many configuration properties. This entry shows you how to find online help as you use the commands.

Using --help and help-properties

Each command line tool has a --help option and help-properties subcommand.

When you use the --help option without a subcommand, you get the list of subcommands available. The subcommands are listed one per line, with a description on the same line. As a result, the output is wider than 80 columns for some commands. But having everything for a subcommand on one line makes grepping through the output easier.

$ dsadm --help | grep cert
add-cert                 Adds a certificate to the certificate database
add-selfsign-cert        Creates and adds a selfsign certificate to the certificate database
export-cert              Exports a certificate and its keys from the database
import-cert              Adds a new certificate and its keys to the cert database
import-selfsign-cert     Adds a new selfsign certificate and its keys to the cert database
list-certs               Lists all certificates in the database
remove-cert              Removes a certificate from the database
renew-cert               Renews a certificate
renew-selfsign-cert      Renews a selfsign certificate
request-cert             Generates a certificate request
show-cert                Displays a certificate

All the global options for the command, options you can use with every subcommand, are listed when you use the --help option without a subcommand.

When you use the --help option with a subcommand, you get the usage for the subcommand. Generally subcommands do not come with so many options that you need to grep through the help.

$ dsadm remove-cert --help

Usage: dsadm remove-cert [ -i ] [ -W CERT_PW_FILE ] INSTANCE_PATH CERT_ALIAS

Removes a certificate from the database

The accepted values for OPTIONS are:

-W CERT_PW_FILE, --cert-pwd-file CERT_PW_FILE
                Reads certificate database pwd from CERT_PW_FILE (Default: prompt for pwd)
-i, --no-inter
                Does not prompt for password

For global options, use dsadm --help.

INSTANCE_PATH  Path of the Directory Server instance
CERT_ALIAS     Alias of the certificate

For more information, see dsadm(1M).

The help-properties subcommand is useful when you want to change a specific property of the server instance. By default, the help-properties subcommand displays information about one property on each line, so the output is wider than 80 columns, but good for grepping.

The dsconf help-properties command prefixes each line of output with the following labels.

  • ETA: encrypted attribute properties
  • IDX: index properties
  • LOG: log properties
  • PLG: server plug-in properties
  • RAG: replication agreement properties
  • RPR: replication priority rule properties
  • SER: server-wide properties
  • SUF: suffix-specific properties

You can use the labels to find, for example, the list of all index properties.

$ dsconf help-properties | grep \^IDX
IDX  all-ids-threshold ...

In Directory Server 6.0, the dsconf command replaces direct modification of the configuration entries under cn=config. Yet, the dsconf help-properties command lets you see how many dsconf properties map to attributes under cn=config.

$ dsconf help-properties --attr-map | grep nsslapd-cachememsize
SUF  entry-cache-size                   rw  nsslapd-cachememsize

The dpconf --help command works in the same way as its counterpart, dsconf --help, but for Directory Proxy Server. You can also use --help with dpconf subcommands.

The dpconf help-properties command is very similar, but the categories are not three letter abbreviations. Instead, the Directory Proxy Server properties are more human-readable, provided that you understand the functionality. Each category corresponds to a Directory Proxy Server configuration feature.

  • access-log
  • attached-ldap-data-source
  • connection-handler
  • custom-search-size-limit
  • error-log
  • jdbc-attr
  • jdbc-data-source
  • jdbc-data-source-pool
  • jdbc-data-view
  • jdbc-object-class
  • jdbc-table
  • join-data-view
  • ldap-data-source
  • ldap-data-source-pool
  • ldap-data-view
  • ldap-listener
  • ldaps-listener
  • ldif-data-view
  • request-filtering-policy
  • resource-limits-policy
  • search-data-hiding-rule
  • server
  • user-mapping
  • virtual-aci
  • virtual-transformation

Descriptions of properties themselves are similar to those for dsconf.

Online Manual Pages

Directory Server Enterprise Edition 6.0 comes with a fair number of reference manual pages for the commands and their properties. On UNIX and Linux systems, you find the man pages under install-path/dsee6/man. Windows systems are generally lacking a man command, so the man pages are not installed on that platform. You can nevertheless find all the pages online in the Reference Manual. To look up pages quickly, search for the man page name with using your favorite Internet search engine.

On Solaris systems, setting your MANPATH environment variable to include install-path/dsee6/man is sufficient for the man command to find the man pages. install-path is /opt/SUNWDSEE on Solaris systems if you installed using native packages, /opt/sun on Red Hat systems.

export MANPATH=$MANPATH:install-path/dsee6/man

On Red Hat systems, you also have to use the MANSECT environment variable to search all the Directory Server Enterprise Edition sections.

$ export MANSECT=$MANSECT:1:1m:4:5dsconf:5dpconf:5dssd:5dsat:5dsoc

With the environment variables set, you find the command in section 1m, the dsconf properties in section 5dsconf, and the dpconf properties in section 5dpconf.

Moving away from cn=config

As mentioned above, the dsconf command replaces direct modification of the configuration entries under cn=config. You can use the --attr-map option to list many property to attribute mappings.

For 6.0, you still find the attributes documented in the Reference Manual. Many properties are listed for example in the dse.ldif(4) man page.


Post a Comment:
  • HTML Syntax: NOT allowed

Mark Craig writes about Directory Services products and technologies. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.


« July 2016