UnboundID Synchronization Server Command-Line Tool Reference

Synchronization Server Documentation Index
Command-Line Tool Reference Home

dsframework

↓Description
↓Examples
↓Subcommands
↓Arguments

Description

Manage administrative server groups or the global administrative user accounts that are used to configure servers within server groups.

Server groups and global administrator accounts are useful for managing servers that need to exhibit similar configurations, such as a set of servers in a replication topology. This administrative domain information is stored in the 'cn=admin data' entry and is replicated among all servers instances in a replicated topology, thus allowing a global administrative account to manage all servers in a single group.

Global administrative accounts and server groups are created when setting up a replication topology. New servers are automatically added to the default 'all-servers' server group. Replicated servers are unregistered from their peers during uninstall operations. The dsframework tool allows you to further define and manage server groups and global user accounts to fit your administrative requirements.

Examples

List all server groups defined for the administrative domain in which this server participates:

dsframework list-servers --bindDN "cn=Directory Manager" \
     --bindPassword password

List all servers that are members of the default server group of which this server is a member:

dsframework list-members --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName all-servers

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Subcommands

↓add-to-group
↓create-admin-user
↓create-group
↓delete-admin-user
↓delete-group
↓get-admin-user-properties
↓get-server-properties
↓list-admin-user-properties
↓list-admin-users
↓list-groups
↓list-members
↓list-membership
↓list-server-properties
↓list-servers
↓modify-group
↓register-server
↓remove-from-group
↓set-admin-user-properties
↓set-server-properties
↓unregister-server

add-to-group

Add a server to a server group

add-to-group Examples

Add a currently defined server to a group:

dsframework add-to-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --memberName server1.example.com:389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

add-to-group Arguments

-m {memberName}
--memberName {memberName}

Description	The server to add. To see the list of currently defined servers use the 'list-servers' subcommand
Required	Yes
Multi-Valued	No

-g {groupName}
--groupName {groupName}

Description	The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required	Yes
Multi-Valued	No

create-admin-user

Create a new global administrator account

The user is created under the 'cn=administrators,cn=admin data' tree and can be referenced with the --userID argument when using the dsreplication and dsframework tools. Since the account is defined in the admin data backend, it is replicated to all servers in the "replication-servers" group. This account is created with privileges similar to a Root DN. The privileges can be displayed using the 'get-admin-user-properties' subcommand and modified using the 'set-admin-user-properties' subcommand

create-admin-user Examples

Create a new global administrator account specifying properties for the password and description:

dsframework create-admin-user --userID "Global Administrator" \
     --set password:password --set "description:External group manager"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

create-admin-user Arguments

--userID {userID}

Description	The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required	No
Multi-Valued	No

--set {PROP:VALUE}

Description	Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-admin-user-properties' subcommand
Required	No
Multi-Valued	Yes

create-group

Create a new server group

create-group Examples

Create a new server group with a description:

dsframework create-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --description "DMZ servers"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

create-group Arguments

-d {description}
--description {description}

Description	The server group description. If not specified, the description will be empty
Default Value
Required	No
Multi-Valued	No

-g {groupName}
--groupName {groupName}

Description	The new group's identifier
Required	Yes
Multi-Valued	No

delete-admin-user

Delete an existing global administrator account

delete-admin-user Examples

Delete an existing global administrator account:

dsframework delete-admin-user --userID "Global Administrator"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

delete-admin-user Arguments

--userID {userID}

Description	The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required	No
Multi-Valued	No

delete-group

Delete an existing server group

delete-group Examples

Delete an existing server group:

dsframework delete-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

delete-group Arguments

-g {groupName}
--groupName {groupName}

Description	The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required	Yes
Multi-Valued	No

get-admin-user-properties

View a global administrator account's properties

get-admin-user-properties Examples

List the properties of a global administrator account:

dsframework get-admin-user-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --userID "Global Administrator"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

get-admin-user-properties Arguments

--userID {userID}

Description	The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required	No
Multi-Valued	Yes

get-server-properties

View the properties of the reference to a server registered with this administrative domain

get-server-properties Examples

List the properties for a server reference:

dsframework get-server-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

get-server-properties Arguments

--serverID {serverID}

Description	The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required	No
Multi-Valued	Yes

list-admin-user-properties

Print a table of all properties of administrators, listing their syntax, default values, and other attributes

Properties for global administrator account instances can be viewed using the 'get-admin-user-properties' subcommand

list-admin-user-properties Examples

View all properties for global administrators:

dsframework list-admin-user-properties

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-admin-users

List current global administrator accounts

list-admin-users Examples

List all currently defined global administrator accounts:

dsframework list-admin-users --bindDN "cn=Directory Manager" \
     --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-groups

List currently defined server groups

list-groups Examples

List currently defined groups:

dsframework list-groups --bindDN "cn=Directory Manager" --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-members

List servers belonging to a server group

list-members Examples

List the servers belonging to a particular server group:

dsframework list-members --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-members Arguments

-g {groupName}
--groupName {groupName}

Description	The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required	Yes
Multi-Valued	No

list-membership

List server groups to which a server belongs

list-membership Examples

List the groups to which a server belongs:

dsframework list-membership --bindDN "cn=Directory Manager" \
     --bindPassword password --memberName server1.example.com:389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-membership Arguments

-m {memberName}
--memberName {memberName}

Description	The member's identifier. This is a required argument
Required	Yes
Multi-Valued	No

list-server-properties

Print a table of all properties of server references, listing their syntax, default values, and other attributes

Properties for registered server instances can be viewed using the 'get-server-properties' subcommand

list-server-properties Examples

Print server properties:

dsframework list-server-properties --bindDN "cn=Directory Manager" \
     --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

list-servers

List servers registered with this administrative domain

list-servers Examples

List servers registered with this administrative domain:

dsframework list-servers --bindDN "cn=Directory Manager" \
     --bindPassword password

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

modify-group

Modify a server group's properties or change its name

modify-group Examples

Rename an existing server group and change its description:

dsframework modify-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --newGroupName internal --description "Servers within the firewall"

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

modify-group Arguments

-d {description}
--description {description}

Description	If specified, the new description
Default Value
Required	No
Multi-Valued	No

-n {groupName}
--newGroupName {groupName}

Description	If specified, the new server group's identifier
Default Value
Required	No
Multi-Valued	No

-g {groupName}
--groupName {groupName}

Description	The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required	Yes
Multi-Valued	No

register-server

Create a new reference to a server, registering it for this administrative domain

This tool creates an entry in the administrative data that refers to an existing server. Properties that reflect the server's configuration should be supplied during registration. Registered servers are available for inclusion in server groups

register-server Examples

dsframework register-server --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389 \
     --set ldapport:5389 --set ldapEnabled:true \
     --set hostname:server1.example.com

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

register-server Arguments

--serverID {serverID}

Description	The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required	No
Multi-Valued	No

--set {PROP:VALUE}

Description	Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-server-properties' subcommand
Required	No
Multi-Valued	Yes

remove-from-group

Remove a server from a server group

remove-from-group Examples

Remove a current server member from a server group:

dsframework remove-from-group --bindDN "cn=Directory Manager" \
     --bindPassword password --groupName external-servers \
     --memberName server1.example.com:389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

remove-from-group Arguments

-m {memberName}
--memberName {memberName}

Description	The server to remove. To see the list of servers belonging to a particular group use the 'list-members' subcommand
Required	Yes
Multi-Valued	No

-g {groupName}
--groupName {groupName}

Description	The group's identifier. This is a required argument. To see the list of current groups use the 'list-groups' subcommand
Required	Yes
Multi-Valued	No

set-admin-user-properties

Modify a global administrator account's properties

set-admin-user-properties Examples

Set the password for a global administrator account:

dsframework set-admin-user-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --userID "Global Administrator" \
     --set password:password

Update the privileges for a global administrator account to add the 'config-write' and remove the 'update-schema' privileges. Note the '-' prefix indicates removal:

dsframework set-admin-user-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --userID "Global Administrator" \
     --set privilege:config-write --set privilege:-update-schema

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

set-admin-user-properties Arguments

--userID {userID}

Description	The administrator's unique identifier. To see a list of current user IDs use the 'list-admin-users' subcommand
Required	No
Multi-Valued	No

--set {PROP:VALUE}

Description	Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-admin-user-properties' subcommand
Required	No
Multi-Valued	Yes

set-server-properties

Modify the properties of the reference to a server registered with this administrative domain

set-server-properties Examples

Set properties for a server reference:

dsframework set-server-properties --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389 \
     --set location:datacenter --set ldapsport:5636

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

set-server-properties Arguments

--serverID {serverID}

Description	The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required	Yes
Multi-Valued	No

--set {PROP:VALUE}

Description	Assign a value to a property, where PROP is the name of the property and VAL is the single value to be assigned. The list of properties can be viewed using the 'list-server-properties' subcommand
Required	No
Multi-Valued	Yes

unregister-server

Remove an existing reference to a server, unregistering it from this administrative domain

unregister-server Examples

Unregister a server instance from this administrative domain:

dsframework unregister-server --bindDN "cn=Directory Manager" \
     --bindPassword password --serverID server1.example.com:5389

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

unregister-server Arguments

--serverID {serverID}

Description	The registered server's unique identifier. The list of registered server IDs can be obtained using the 'list-servers' subcommand
Required	No
Multi-Valued	No

Arguments

-V
--version

Description

Display Synchronization Server version information

-H
--help

Description

Display general usage information

--help-ldap

Description

Display help for using LDAP options

--help-sasl

Description

Display help for using SASL options

--help-debug

Description	Display help for using debug options
Advanced	Yes

-Z
--useSSL

Description

Use SSL for secure communication with the server

-q
--useStartTLS

Description

Use StartTLS to secure communication with the server

--useNoSecurity

Description

Use no security when communicating with the server

-h {host}
--hostname {host}

Description	Synchronization Server hostname or IP address
Default Value	localhost
Required	No
Multi-Valued	No

-p {port}
--port {port}

Description	Synchronization Server port number
Default Value	389
Required	No
Multi-Valued	No

-D {bindDN}
--bindDN {bindDN}

Description	DN used to bind to the server
Default Value	cn=Directory Manager
Required	No
Multi-Valued	No

-w {bindPassword}
--bindPassword {bindPassword}

Description	Password used to bind to the server
Required	No
Multi-Valued	No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description	Bind password file
Required	No
Multi-Valued	No

-o {name=value}
--saslOption {name=value}

Description	SASL bind options
Required	No
Multi-Valued	Yes

-X
--trustAll

Description

Trust all server SSL certificates

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description	Certificate trust store path
Required	No
Multi-Valued	No

-T {trustStorePassword}
--trustStorePassword {trustStorePassword}

Description	Certificate trust store PIN
Required	No
Multi-Valued	No

-U {path}
--trustStorePasswordFile {path}

Description	Certificate trust store PIN file
Required	No
Multi-Valued	No

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description	Certificate key store path
Required	No
Multi-Valued	No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description	Certificate key store PIN
Required	No
Multi-Valued	No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description	Certificate key store PIN file
Required	No
Multi-Valued	No

-N {nickname}
--certNickname {nickname}

Description	Nickname of the certificate for SSL client authentication
Required	No
Multi-Valued	No

-v
--verbose

Description

Use verbose mode

--propertiesFilePath {propertiesFilePath}

Description	Path to the file that contains default property values used for command-line arguments
Required	No
Multi-Valued	No

--noPropertiesFile

Description

Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description

Use script-friendly mode

--help-server

Description

Display subcommands relating to server

--help-admin-user

Description

Display subcommands relating to admin-user

--help-server-group

Description

Display subcommands relating to server-group

--help-subcommands

Description

Display all subcommands