Metrics Engine Documentation Index
Command-Line Tool Reference Home

dsframework

Description
Examples
Subcommands
Arguments

Description

Manage administrative server groups or the global administrative user accounts that are used to configure servers within server groups.

Server groups and global administrator accounts are useful for managing servers that need to exhibit similar configurations, such as a set of servers in a replication topology. This administrative domain information is stored in the 'cn=admin data' entry and is replicated among all servers instances in a replicated topology, thus allowing a global administrative account to manage all servers in a single group.

Global administrative accounts and server groups are created when setting up a replication topology. New servers are automatically added to the default 'all-servers' server group. Replicated servers are unregistered from their peers during uninstall operations. The dsframework tool allows you to further define and manage server groups and global user accounts to fit your administrative requirements.

Examples

List all server groups defined for the administrative domain in which this server participates: 
dsframework list-servers --bindDN "cn=Directory Manager" \
     --bindPassword password


List all servers that are members of the default server group of which this server is a member: 
dsframework list-members --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName all-servers

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Subcommands

add-to-group
create-admin-user
create-group
delete-admin-user
delete-group
get-admin-user-properties
get-server-properties
list-admin-user-properties
list-admin-users
list-groups
list-members
list-membership
list-server-properties
list-servers
modify-group
register-server
remove-from-group
set-admin-user-properties
set-server-properties
unregister-server

add-to-group

Add a server to a server group


add-to-group Examples

Add a currently defined server to a group: 
dsframework add-to-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --memberName server1.example.com:389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

add-to-group Arguments

-m {memberName}
--memberName {memberName}

Description The server to add. To see the list of currently defined servers use the 'list-servers' subcommand
Required Yes
Multi-Valued No

-g {groupName}
--groupName {groupName}

Description The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required Yes
Multi-Valued No

create-admin-user

Create a new global administrator account

The user is created under the 'cn=administrators,cn=admin data' tree and can be referenced with the --userID argument when using the dsreplication and dsframework tools. Since the account is defined in the admin data backend, it is replicated to all servers in the "replication-servers" group. This account is created with privileges similar to a Root DN. The privileges can be displayed using the 'get-admin-user-properties' subcommand and modified using the 'set-admin-user-properties' subcommand


create-admin-user Examples

Create a new global administrator account specifying properties for the password and description: 
dsframework create-admin-user --userID "Global Administrator" \
     --set password:password --set "description:External group manager"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

create-admin-user Arguments

--userID {userID}

Description The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required No
Multi-Valued No

--set {PROP:VALUE}

Description Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-admin-user-properties' subcommand
Required No
Multi-Valued Yes

create-group

Create a new server group


create-group Examples

Create a new server group with a description: 
dsframework create-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --description "DMZ servers"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

create-group Arguments

-d {description}
--description {description}

Description The server group description. If not specified, the description will be empty
Default Value
Required No
Multi-Valued No

-g {groupName}
--groupName {groupName}

Description The new group's identifier
Required Yes
Multi-Valued No

delete-admin-user

Delete an existing global administrator account


delete-admin-user Examples

Delete an existing global administrator account: 
dsframework delete-admin-user --userID "Global Administrator"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

delete-admin-user Arguments

--userID {userID}

Description The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required No
Multi-Valued No

delete-group

Delete an existing server group


delete-group Examples

Delete an existing server group: 
dsframework delete-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

delete-group Arguments

-g {groupName}
--groupName {groupName}

Description The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required Yes
Multi-Valued No

get-admin-user-properties

View a global administrator account's properties


get-admin-user-properties Examples

List the properties of a global administrator account: 
dsframework get-admin-user-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --userID "Global Administrator"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

get-admin-user-properties Arguments

--userID {userID}

Description The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required No
Multi-Valued Yes

get-server-properties

View the properties of the reference to a server registered with this administrative domain


get-server-properties Examples

List the properties for a server reference: 
dsframework get-server-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

get-server-properties Arguments

--serverID {serverID}

Description The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required No
Multi-Valued Yes

list-admin-user-properties

Print a table of all properties of administrators, listing their syntax, default values, and other attributes

Properties for global administrator account instances can be viewed using the 'get-admin-user-properties' subcommand


list-admin-user-properties Examples

View all properties for global administrators: 
dsframework list-admin-user-properties

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-admin-users

List current global administrator accounts


list-admin-users Examples

List all currently defined global administrator accounts: 
dsframework list-admin-users --bindDN "cn=Directory Manager" \
     --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-groups

List currently defined server groups


list-groups Examples

List currently defined groups: 
dsframework list-groups --bindDN "cn=Directory Manager" --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-members

List servers belonging to a server group


list-members Examples

List the servers belonging to a particular server group: 
dsframework list-members --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-members Arguments

-g {groupName}
--groupName {groupName}

Description The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required Yes
Multi-Valued No

list-membership

List server groups to which a server belongs


list-membership Examples

List the groups to which a server belongs: 
dsframework list-membership --bindDN "cn=Directory Manager" \
     --bindPassword password --memberName server1.example.com:389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-membership Arguments

-m {memberName}
--memberName {memberName}

Description The member's identifier. This is a required argument
Required Yes
Multi-Valued No

list-server-properties

Print a table of all properties of server references, listing their syntax, default values, and other attributes

Properties for registered server instances can be viewed using the 'get-server-properties' subcommand


list-server-properties Examples

Print server properties: 
dsframework list-server-properties --bindDN "cn=Directory Manager" \
     --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-servers

List servers registered with this administrative domain


list-servers Examples

List servers registered with this administrative domain: 
dsframework list-servers --bindDN "cn=Directory Manager" \
     --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

modify-group

Modify a server group's properties or change its name


modify-group Examples

Rename an existing server group and change its description: 
dsframework modify-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --newGroupName internal --description "Servers within the firewall"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

modify-group Arguments

-d {description}
--description {description}

Description If specified, the new description
Default Value
Required No
Multi-Valued No

-n {groupName}
--newGroupName {groupName}

Description If specified, the new server group's identifier
Default Value
Required No
Multi-Valued No

-g {groupName}
--groupName {groupName}

Description The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required Yes
Multi-Valued No

register-server

Create a new reference to a server, registering it for this administrative domain

This tool creates an entry in the administrative data that refers to an existing server. Properties that reflect the server's configuration should be supplied during registration. Registered servers are available for inclusion in server groups


register-server Examples

Register a server with the administration framework specifying the host and port of the server being registered: 
dsframework register-server --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389 \
     --set ldapport:5389 --set ldapEnabled:true \
     --set hostname:server1.example.com

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

register-server Arguments

--serverID {serverID}

Description The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required No
Multi-Valued No

--set {PROP:VALUE}

Description Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-server-properties' subcommand
Required No
Multi-Valued Yes

remove-from-group

Remove a server from a server group


remove-from-group Examples

Remove a current server member from a server group: 
dsframework remove-from-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --memberName server1.example.com:389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

remove-from-group Arguments

-m {memberName}
--memberName {memberName}

Description The server to remove. To see the list of servers belonging to a particular group use the 'list-members' subcommand
Required Yes
Multi-Valued No

-g {groupName}
--groupName {groupName}

Description The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required Yes
Multi-Valued No

set-admin-user-properties

Modify a global administrator account's properties


set-admin-user-properties Examples

Set the password for a global administrator account: 
dsframework set-admin-user-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --userID "Global Administrator" \
     --set password:password


Update the privileges for a global administrator account to add the 'config-write' and remove the 'update-schema' privileges. Note the '-' prefix indicates removal: 
dsframework set-admin-user-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --userID "Global Administrator" \
     --set privilege:config-write --set privilege:-update-schema

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

set-admin-user-properties Arguments

--userID {userID}

Description The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required No
Multi-Valued No

--set {PROP:VALUE}

Description Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-admin-user-properties' subcommand
Required No
Multi-Valued Yes

set-server-properties

Modify the properties of the reference to a server registered with this administrative domain


set-server-properties Examples

Set properties for a server reference: 
dsframework set-server-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389 \
     --set location:datacenter --set ldapsport:5636

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

set-server-properties Arguments

--serverID {serverID}

Description The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required Yes
Multi-Valued No

--set {PROP:VALUE}

Description Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-server-properties' subcommand
Required No
Multi-Valued Yes

unregister-server

Remove an existing reference to a server, unregistering it from this administrative domain


unregister-server Examples

Unregister a server instance from this administrative domain: 
dsframework unregister-server --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

unregister-server Arguments

--serverID {serverID}

Description The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required No
Multi-Valued No

Arguments

-V
--version

Description Display Metrics Engine version information

-H
--help

Description Display general usage information

--help-ldap

Description Display help for using LDAP options

--help-sasl

Description Display help for using SASL options

--help-debug

Description Display help for using debug options
Advanced Yes

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

--useNoSecurity

Description Use no security when communicating with the server

-h {host}
--hostname {host}

Description Metrics Engine hostname or IP address
Default Value localhost
Required No
Multi-Valued No

-p {port}
--port {port}

Description Metrics Engine port number
Default Value 389
Required No
Multi-Valued No

-D {bindDN}
--bindDN {bindDN}

Description DN used to bind to the server
Default Value cn=Directory Manager
Required No
Multi-Valued No

-w {bindPassword}
--bindPassword {bindPassword}

Description Password used to bind to the server
Required No
Multi-Valued No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description Bind password file
Required No
Multi-Valued No

-o {name=value}
--saslOption {name=value}

Description SASL bind options
Required No
Multi-Valued Yes

-X
--trustAll

Description Trust all server SSL certificates

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description Certificate trust store path
Required No
Multi-Valued No

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description Certificate key store path
Required No
Multi-Valued No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description Certificate key store PIN
Required No
Multi-Valued No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description Certificate key store PIN file
Required No
Multi-Valued No

-N {nickname}
--certNickname {nickname}

Description Nickname of the certificate for SSL client authentication
Required No
Multi-Valued No

-v
--verbose

Description Use verbose mode

--propertiesFilePath {propertiesFilePath}

Description Path to the file that contains default property values used for command-line arguments
Required No
Multi-Valued No

--noPropertiesFile

Description Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description Use script-friendly mode

--help-server-group

Description Display subcommands relating to server-group

--help-admin-user

Description Display subcommands relating to admin-user

--help-server

Description Display subcommands relating to server

--help-subcommands

Description Display all subcommands