Data Sync Server Documentation Index
Command-Line Tool Reference Home

config-diff

Description
Examples
Arguments

Description

Compares Data Sync Server configurations and produces a dsconfig batch file needed to bring the source inline with the target.

Its uses include comparing multiple servers for configuration differences, producing a batch file to reconfigure a server from scratch from the out-of-the-box configuration, and comparing a local server against an expected configuration.

Both the source and the target configurations can be retrieved over LDAP, accessed from the local server's file system, extracted from a specific file, or retrieved from every server in a configuration server group. Also, with the exception of accessing a configuration from a specific file, the source and/or target configurations can be compared as they existed at any point in the past, including the baseline, pre-installation configuration.

Some configuration differences (those that will always differ between instances, like instance-name) are excluded by default to reduce the amount of spurious output, but these can be included by specifying the --includeExpectedDifferences command. Further differences can be excluded with the --exclude option.

This tool attempts to generate a batch file that can be applied to the source server without any errors. However, there are some edge case configurations that the tool is not sophisticated enough to handle. For example, it cannot handle two peer configuration objects that would require swapping values for a property (e.g. evaluation-order-index) that must be unique within the server. It will still generate a dsconfig batch file that includes these changes, but they might be rejected by the server. In these rare cases, the batch file can be hand edited so that it can be applied to a running server or it can be applied with the server shut down using 'dsconfig --offline'.

Examples

Running this command without any arguments is equivalent to "--sourceLocal --sourceTag postSetup --targetLocal", which compares the current configuration of the local server to the post-setup configuration:
config-diff


Compare the current configurations of server1 and server2. The changes necessary to bring server1's configuration in-line with server2 are written to the console. The same credentials are used for connecting to both servers:
config-diff --sourceHost server1 --sourceBindDN "cn=Directory Manager" \
     --sourceBindPassword password --targetHost server2


Compare the current configuration of the local server to the post-setup configuration and write the output to the configuration-steps.dsconfig file. This provides a script that can be used to configure a newly installed server identically to the local server:
config-diff --sourceLocal --sourceTag postSetup --targetLocal \
     --exclude differs-after-install --outputFile configuration-steps.dsconfig


Determine the configuration steps necessary to undo all configuration changes that were made to the local server in the last two weeks:
config-diff --sourceLocal --targetLocal --targetDate -2w


Audit the configuration of all servers in the configuration server group against an expected configuration. The baseline, pre-installation configuration is retrieved and the dsconfig batch file, standard-config.dsconfig, is applied to it (in-memory) to establish the expected configuration. The configuration of each server in the configuration server group of server1 is then compared to this authoritative configuration, and the steps necessary to return each server to this configuration are written out to the non-compliance-config-changes/ directory. Configuration settings that differ by the Location of the server or ones that are set by the installer are ignored:
config-diff --sourceConfigGroup --targetHost server1 \
     --targetBindDN "cn=Directory Manager" --targetBindPassword password \
     --targetBaseline --targetPreDiffBatchFile standard-config.dsconfig \
     --exclude differs-by-location --exclude differs-after-install \
     --outputDir non-compliance-config-changes/

Arguments

-V
--version

Description Display Data Sync Server version information

-H
--help

Description Display general usage information

--help-debug

Description Display help for using debug options
Advanced Yes

-h {host}
--sourceHost {host}

Description Data Sync Server host name or IP address of the source server whose contents will be used as the source of the computed diff. The output dsconfig batch file could be applied to this server to synchronize its configuration with the target
Required No
Multi-Valued No

-p {port}
--sourcePort {port}

Description Data Sync Server LDAP port number of the server whose contents will be used as the source of the computed diff
Default Value 389
Required No
Multi-Valued No

--sourceUseSSL

Description Use SSL for secure communication with the source server

--sourceUseStartTLS

Description Use StartTLS to secure communication with the source server

-D {bindDN}
--sourceBindDN {bindDN}

Description DN used to bind to the source Data Sync Server
Default Value cn=Directory Manager
Required No
Multi-Valued No

-w {bindPassword}
--sourceBindPassword {bindPassword}

Description Password used to bind to the source Data Sync Server
Required No
Multi-Valued No

--sourceBindPasswordFile {bindPasswordFile}

Description File containing the password used to bind to the source server
Required No
Multi-Valued No

--sourceSASLOption {name=value}

Description A SASL option (in the form 'name=value') to use when attempting to authenticate to the source server
Required No
Multi-Valued Yes

--sourceLocal

Description Use the local server configuration as the source of the comparison instead of retrieving the configuration over LDAP

--sourceFile my-config.ldif

Description Use the specified configuration file (i.e. a previous copy of config/config.ldif) as the source of the comparison instead of retrieving the configuration over LDAP
Required No
Multi-Valued No

--sourceConfigGroup

Description Use each server in the target server's configuration-server-group as the source of the configuration comparison. This requires the --targetHostName option to identify the target configuration and assumes that the target credentials can be used to authenticate to all servers in the group

--sourceBaseline

Description Use the baseline configuration of the server (i.e. the out-of-the-box, pre-installation configuration) as the source of the comparison

--sourceDate [2013-08-10T12:30 or -2d]

Description Use the source configuration as it existed on the specified date. Dates must be in ISO 8601 format (e.g. 2008-05-30T02:35:22-0600, 2005-03-31T10:35, or 2002-08-10) or as an offset from the current time (e.g. -2d means two days ago) using 'y' to represent years, 'M' to represent months, 'w' to represent weeks, 'd' to represent days 'h' to represent hours', 'm' to represent minutes, and 's' to represent seconds
Required No
Multi-Valued No

--sourceTag postSetup

Description Use the source configuration with the given tag. Currently, "postSetup" is the only supported tag
Required No
Multi-Valued No

--sourcePreDiffBatchFile pre-diff-changes.dsconfig

Description A dsconfig batch file containing a list of dsconfig commands that should be applied to the source configuration in-memory before performing the diff
Required No
Multi-Valued No

--targetHost {host}

Description Data Sync Server host name or IP address of the target server whose contents will be used as the target of the computed diff. The output dsconfig batch file could be applied to the source server to synchronize it's configuration with this server
Required No
Multi-Valued No

--targetPort {port}

Description Data Sync Server LDAP port number of the server whose contents will be used as the target of the computed diff
Default Value 389
Required No
Multi-Valued No

--targetUseSSL

Description Use SSL for secure communication with the target server

--targetUseStartTLS

Description Use StartTLS to secure communication with the target server

--targetBindDN {bindDN}

Description DN used to bind to the target Data Sync Server. Defaults to the source bind DN if not specified
Default Value cn=Directory Manager
Required No
Multi-Valued No

--targetBindPassword {bindPassword}

Description Password used to bind to the target Data Sync Server. Defaults to the source password if not specified
Required No
Multi-Valued No

--targetBindPasswordFile {bindPasswordFile}

Description File containing the password used to bind to the target server. Defaults to the source password file if not specified
Required No
Multi-Valued No

--targetSASLOption {name=value}

Description A SASL option (in the form 'name=value') to use when attempting to authenticate to the target server
Required No
Multi-Valued Yes

--targetLocal

Description Use the local server configuration as the target of the comparison instead of retrieving the configuration over LDAP

--targetFile my-config.ldif

Description Use the specified configuration file (i.e. a previous copy of config/config.ldif) as the target of the comparison instead of retrieving the configuration over LDAP
Required No
Multi-Valued No

--targetConfigGroup

Description Use each server in the source server's configuration-server-group as the target of the configuration comparison. This requires the --sourceHostName option to identify the source configuration and assumes that source credentials can be used to authenticate to all servers in the group

--targetBaseline

Description Use the baseline configuration of the server (i.e. the out-of-the-box, pre-installation configuration) as the target of the comparison

--targetDate [2013-08-13T12:30 or -2d]

Description Use the target configuration as it existed on the specified date. Dates must be in ISO 8601 format (e.g. 2008-05-30T02:35:22-0600, 2005-03-31T10:35, or 2002-08-10) or as an offset from the current time (e.g. -2d means two days ago) using 'y' to represent years, 'M' to represent months, 'w' to represent weeks, 'd' to represent days 'h' to represent hours', 'm' to represent minutes, and 's' to represent seconds
Required No
Multi-Valued No

--targetTag postSetup

Description Use the target configuration with the given tag. Currently, "postSetup" is the only supported tag
Required No
Multi-Valued No

--targetPreDiffBatchFile pre-diff-changes.dsconfig

Description A dsconfig batch file containing a list of dsconfig commands that should be applied in-memory to the target configuration before performing the diff
Required No
Multi-Valued No

--outputFile config-differences.dsconfig

Description Output file where the configuration differences should be written
Required No
Multi-Valued No

--outputDir config-differences/

Description Output directory where the configuration differences should be written
Required No
Multi-Valued No

--rest

Description Instead of dsconfig commands, shows how to make the necessary changes through the Configuration API

--prettyPrint

Description Lists dsconfig commands with line wrapping enabled for readability. This format is parsed the exact same way by 'dsconfig' as the output without this argument

--includeExpectedDifferences

Description Include configuration differences which are expected (such as the instance-name setting) in the output

--exclude [differs-by-location, differs-after-install, differs-in-topology-registry]

Description This option allows certain types of configuration differences to be excluded from the output. Allowed values are differs-by-location, which will ignore configuration settings that could differ for servers in different configured Locations, differs-after-install, which will ignore configuration settings that can be changed by the installer, and differs-in-topology-registry, which will ignore configuration settings in the topology registry. Note that some differences are excluded by default. These can be included in the output using the --includeExpectedDifferences option. Also, note that "--sourceTag postSetup" and "--targetTag postSetup" should be preferred over differs-after-install
Required No
Multi-Valued Yes

--includeAllWarnings

Description Include all warnings in the output. This includes ones that are expected such as warnings about creating configuration objects that are marked as edit-only since they are managed by tools other than dsconfig

-X
--trustAll

Description Trust all server SSL certificates

-K {keystorePath}
--keyStorePath {keystorePath}

Description Certificate keystore path
Required No
Multi-Valued No

-W {keystorePassword}
--keyStorePassword {keystorePassword}

Description Certificate keystore PIN
Required No
Multi-Valued No

-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}

Description Certificate keystore PIN file
Required No
Multi-Valued No

--keyStoreFormat {keyStoreFormat}

Description Certificate keystore format
Required No
Multi-Valued No

-N {nickname}
--certNickname {nickname}

Description Nickname of the certificate for SSL client authentication
Required No
Multi-Valued No

-P {truststorePath}
--trustStorePath {truststorePath}

Description Certificate truststore path
Required No
Multi-Valued No

-T {truststorePassword}
--trustStorePassword {truststorePassword}

Description Certificate truststore PIN
Required No
Multi-Valued No

-U {path}
--trustStorePasswordFile {path}

Description Certificate truststore PIN file
Required No
Multi-Valued No

--trustStoreFormat {trustStoreFormat}

Description Certificate truststore format
Required No
Multi-Valued No