Tool for managing the topology registry.
The topology registry is a branch of the configuration DIT (cn=Topology,cn=config). It stores all metadata about server instances, including their instance and listener certificates, secret keys, server groups and administrative user accounts. In addition, it also stores information about the replication topology (replication server ID and replication domain ID) when replication is enabled among servers in a Directory topology. Last but not least, it stores the license key required to install the server. Changes to the topology registry on one server are automatically mirrored to other servers in the topology. The dsconfig tool, configuration API or the management console may be used to make changes to the topology registry. This tool allows some additional capability such as exporting the contents of the registry as a JSON file.
manage-topology export --hostname localhost --port 1636 \ --bindDN "cn=Directory Manager" --bindPassword password \ --exportFilePath topology.json
manage-topology export --topologyFilePath old-topology.json \ --bindDN "cn=Directory Manager" --bindPassword password \ --exportFilePath new-topology.json
manage-topology add-server --retryTimeoutSeconds 120 --hostname localhost \ --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \ --useSSL --remoteServerHostname localhost --remoteServerPort 2636 \ --remoteServerBindDN "cn=Directory Manager" \ --remoteServerBindPassword password \ --remoteServerConnectionSecurity useSsl --adminUID admin \ --adminPassword password
manage-topology add-server --topologyFilePath topology.json \ --bindDN "cn=Directory Manager" --bindPassword password --useSSL \ --remoteServerHostname localhost --remoteServerPort 2636 \ --remoteServerBindDN "cn=Directory Manager" \ --remoteServerBindPassword password \ --remoteServerConnectionSecurity useSsl --adminUID admin \ --adminPassword password
manage-topology remove-server --retryTimeoutSeconds 120 --hostname localhost \ --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \ --useSSL
Add this Directory Server server instance to an existing topology of servers. If the server is a already a member of the topology of which the remote server is a member, then this operation is a no-op
Add one of the provided server instances to an existing topology of servers of which the other server is already a member. This command is idempotent, which means that it has no effect when re-run if the servers are already members of the same topology. If the server being added is a member of a different multi-server topology, then it must first be removed from its existing topology before it can be added to the remote server's topology
manage-topology add-server --retryTimeoutSeconds 120 --hostname localhost \ --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \ --useSSL --remoteServerHostname localhost --remoteServerPort 2636 \ --remoteServerBindDN "cn=Directory Manager" \ --remoteServerBindPassword password \ --remoteServerConnectionSecurity useSsl --adminUID admin \ --adminPassword password
manage-topology add-server --topologyFilePath topology.json \ --bindDN "cn=Directory Manager" --bindPassword password --useSSL \ --remoteServerHostname localhost --remoteServerPort 2636 \ --remoteServerBindDN "cn=Directory Manager" \ --remoteServerBindPassword password \ --remoteServerConnectionSecurity useSsl --adminUID admin \ --adminPassword password
--remoteServerHostname {host}
Description | Hostname or IP address of a remote server that is already a member of the topology |
Required | Yes |
Multi-Valued | No |
--remoteServerPort {port}
Description | Remote server port number |
Default Value | 389 |
Required | No |
Multi-Valued | No |
--remoteServerBindDN {bindDN}
Description | DN used to bind to the remote server. The DN must represent an account that can be used to manage the configuration of the remote server, specifically its topology registry |
Default Value | cn=Directory Manager |
Required | No |
Multi-Valued | No |
--remoteServerBindPassword {bindPassword}
Description | Password used to bind to the server |
Required | No |
Multi-Valued | No |
--remoteServerSaslOption {name=value}
Description | SASL bind options |
Required | No |
Multi-Valued | Yes |
--remoteServerConnectionSecurity {connectionSecurityOption}
Description | Security option used to connect to the remote server with admin topology data: noSecurity, useSSL, useStartTLS. Connections to remote peer servers will use the preferredSecurity option specified in the admin topology data |
Default Value | noSecurity |
Required | No |
Multi-Valued | No |
--remoteServerBindPasswordFile {bindPasswordFile}
Description | Bind password file |
Required | No |
Multi-Valued | No |
--adminUID {adminUID}
Description | User ID of the topology-wide administrator used to bind to the server |
Default Value | admin |
Required | No |
Multi-Valued | No |
--adminPassword {adminPassword}
Description | The topology-wide administrator password |
Required | No |
Multi-Valued | No |
Exports the properties of server instances in the topology registry in JSON format to the specified file. The exported file may then be used as input to topology-related tools to specify a collection of servers that already exist in the topology
manage-topology export --hostname localhost --port 1636 \ --bindDN "cn=Directory Manager" --bindPassword password \ --exportFilePath topology.json
manage-topology export --topologyFilePath old-topology.json \ --bindDN "cn=Directory Manager" --bindPassword password \ --exportFilePath new-topology.json
--exportFilePath {exportFilePath}
Description | The file to which the topology registry should be exported |
Required | Yes |
Multi-Valued | No |
Remove the provided Directory Server server instance from its current topology. The server instance must be online for the command to work
If the server instance is defunct or offline, then the remove-defunct-server tool must be used to remove it. If the server is a single-instance topology, i.e. it is not a member of any topology, then this command is a no-op
manage-topology remove-server --retryTimeoutSeconds 120 --hostname localhost \ --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \ --useSSL
-V
--version
Description | Display Directory Server version information |
-H
--help
Description | Display general usage information |
--help-debug
Description | Display help for using debug options |
Advanced | Yes |
-Z
--useSSL
Description | Use SSL for secure communication with the server |
-q
--useStartTLS
Description | Use StartTLS to secure communication with the server |
--useNoSecurity
Description | Use no security when communicating with the server |
--topologyFilePath {topologyFilePath}
Description | The topology hosts file containing the list of hosts that are already in the topology. This can make deployment automation more fault-tolerant since it is not necessary for a specific server instance to be available. Instead, the command will succeed as long as a single instance in the topology is online. This option may be used in lieu of or in addition to the hostname/port options and will take precedence if specified with those options. A connection is attempted to be established to each host in the hosts file in sequential order. The first successful connection is used to perform the action, and the remaining hosts are ignored. The LDAP connection options specified on the command-line will be used for each server in the hosts file. The hosts file must be in JSON format and may be obtained by running the manage-topology export command on an online topology host using the hostname/port options |
Required | No |
Multi-Valued | No |
-h {host}
--hostname {host}
Description | Fully qualified host name or IP address of the local Directory Server |
Default Value | localhost |
Required | No |
Multi-Valued | No |
-p {port}
--port {port}
Description | Directory Server port number |
Default Value | 389 |
Required | No |
Multi-Valued | No |
-D {bindDN}
--bindDN {bindDN}
Description | DN used to bind to the server |
Default Value | cn=Directory Manager |
Required | Yes |
Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
Description | Password used to bind to the server |
Required | No |
Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
Description | Bind password file |
Required | No |
Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
Description | SASL bind options |
Required | No |
Multi-Valued | Yes |
-X
--trustAll
Description | Trust all server SSL certificates |
-P {truststorePath}
--trustStorePath {truststorePath}
Description | Certificate truststore path |
Default Value | /home/centos/workspace/Core-Release/build/package/PingDirectory/config/truststore |
Required | No |
Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
Description | Certificate truststore PIN |
Required | No |
Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
Description | Certificate truststore PIN file |
Required | No |
Multi-Valued | No |
--propertiesFilePath {propertiesFilePath}
Description | Path to the file that contains default property values used for command-line arguments |
Required | No |
Multi-Valued | No |
--noPropertiesFile
Description | Specify that no properties file will be used to get default command-line argument values |
--script-friendly
Description | Use script-friendly mode |
--ignoreWarnings
Description | Tool should continue should warnings occur when used non-interactively. This option should be used with caution |
--retryTimeoutSeconds {retryTimeoutSeconds}
Description | If the command fails, then it will continue to be retried up to this timeout specified in seconds. The command will not be aborted if the timeout has expired mid-execution, so it will be executed at least once. A value of zero (which is the default if this argument is not provided) indicates that the command does not have a timeout and so will not be retried upon initial failure. Note that this option is especially helpful in automated deployments where internal retries may significantly improve the chance of the command succeeding |
Lower Bound | 0 |
Upper Bound | 86400 |
Default Value | 0 |
Required | No |
Multi-Valued | No |
--help-subcommands
Description | Display all subcommands |