Directory Server Documentation Index
Command-Line Tool Reference Home

manage-topology

Description
Examples
Subcommands
Arguments

Description

Tool for managing the topology registry.

The topology registry is a branch of the configuration DIT (cn=Topology,cn=config). It stores all metadata about server instances, including their instance and listener certificates, secret keys, server groups and administrative user accounts. In addition, it also stores information about the replication topology (replication server ID and replication domain ID) when replication is enabled among servers in a Directory topology. Last but not least, it stores the license key required to install the server. Changes to the topology registry on one server are automatically mirrored to other servers in the topology. The dsconfig tool, configuration API or the management console may be used to make changes to the topology registry. This tool allows some additional capability such as exporting the contents of the registry as a JSON file.

Examples

Exports the properties of server instances in the topology registry in JSON format to the specified file. The topology registry is read from the server specified by the hostname and port options:
manage-topology export --hostname localhost --port 1636 \
     --bindDN "cn=Directory Manager" --bindPassword password \
     --exportFilePath topology.json


Exports the properties of server instances in the topology registry in JSON format to the specified file. The topology registry is read from one of the servers in the file specified by the topologyFilePath option:
manage-topology export --topologyFilePath old-topology.json \
     --bindDN "cn=Directory Manager" --bindPassword password \
     --exportFilePath new-topology.json


Add this Directory Server server instance to an existing topology of servers of which the remote server is already a member. If the server is a already a member of the topology of which the remote server is a member, then this operation is a no-op:
manage-topology add-server --retryTimeoutSeconds 120 --hostname localhost \
     --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \
     --useSSL --remoteServerHostname localhost --remoteServerPort 2636 \
     --remoteServerBindDN "cn=Directory Manager" \
     --remoteServerBindPassword password \
     --remoteServerConnectionSecurity useSsl --adminUID admin \
     --adminPassword password


Add the remote Directory Server server instance to an existing topology of servers defined in the topology.json file:
manage-topology add-server --topologyFilePath topology.json \
     --bindDN "cn=Directory Manager" --bindPassword password --useSSL \
     --remoteServerHostname localhost --remoteServerPort 2636 \
     --remoteServerBindDN "cn=Directory Manager" \
     --remoteServerBindPassword password \
     --remoteServerConnectionSecurity useSsl --adminUID admin \
     --adminPassword password


Remove this Directory Server server instance from its current topology:
manage-topology remove-server --retryTimeoutSeconds 120 --hostname localhost \
     --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \
     --useSSL

Subcommands

add-server
export
remove-server

add-server

Add this Directory Server server instance to an existing topology of servers. If the server is a already a member of the topology of which the remote server is a member, then this operation is a no-op

Add one of the provided server instances to an existing topology of servers of which the other server is already a member. This command is idempotent, which means that it has no effect when re-run if the servers are already members of the same topology. If the server being added is a member of a different multi-server topology, then it must first be removed from its existing topology before it can be added to the remote server's topology


add-server Examples

Add this Directory Server server instance to an existing topology of servers of which the remote server is already a member. If the server is a already a member of the topology of which the remote server is a member, then this operation is a no-op:
manage-topology add-server --retryTimeoutSeconds 120 --hostname localhost \
     --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \
     --useSSL --remoteServerHostname localhost --remoteServerPort 2636 \
     --remoteServerBindDN "cn=Directory Manager" \
     --remoteServerBindPassword password \
     --remoteServerConnectionSecurity useSsl --adminUID admin \
     --adminPassword password


Add the remote Directory Server server instance to an existing topology of servers defined in the topology.json file:
manage-topology add-server --topologyFilePath topology.json \
     --bindDN "cn=Directory Manager" --bindPassword password --useSSL \
     --remoteServerHostname localhost --remoteServerPort 2636 \
     --remoteServerBindDN "cn=Directory Manager" \
     --remoteServerBindPassword password \
     --remoteServerConnectionSecurity useSsl --adminUID admin \
     --adminPassword password

add-server Arguments

--remoteServerHostname {host}

Description Hostname or IP address of a remote server that is already a member of the topology
Required Yes
Multi-Valued No

--remoteServerPort {port}

Description Remote server port number
Default Value 389
Required No
Multi-Valued No

--remoteServerBindDN {bindDN}

Description DN used to bind to the remote server. The DN must represent an account that can be used to manage the configuration of the remote server, specifically its topology registry
Default Value cn=Directory Manager
Required No
Multi-Valued No

--remoteServerBindPassword {bindPassword}

Description Password used to bind to the server
Required No
Multi-Valued No

--remoteServerSaslOption {name=value}

Description SASL bind options
Required No
Multi-Valued Yes

--remoteServerConnectionSecurity {connectionSecurityOption}

Description Security option used to connect to the remote server with admin topology data: noSecurity, useSSL, useStartTLS. Connections to remote peer servers will use the preferredSecurity option specified in the admin topology data
Default Value noSecurity
Required No
Multi-Valued No

--remoteServerBindPasswordFile {bindPasswordFile}

Description Bind password file
Required No
Multi-Valued No

--adminUID {adminUID}

Description User ID of the topology-wide administrator used to bind to the server
Default Value admin
Required No
Multi-Valued No

--adminPassword {adminPassword}

Description The topology-wide administrator password
Required No
Multi-Valued No

export

Exports the properties of server instances in the topology registry in JSON format to the specified file. The exported file may then be used as input to topology-related tools to specify a collection of servers that already exist in the topology


export Examples

Exports the properties of server instances in the topology registry in JSON format to the specified file. The topology registry is read from the server specified by the hostname and port options:
manage-topology export --hostname localhost --port 1636 \
     --bindDN "cn=Directory Manager" --bindPassword password \
     --exportFilePath topology.json


Exports the properties of server instances in the topology registry in JSON format to the specified file. The topology registry is read from one of the servers in the file specified by the topologyFilePath option:
manage-topology export --topologyFilePath old-topology.json \
     --bindDN "cn=Directory Manager" --bindPassword password \
     --exportFilePath new-topology.json

export Arguments

--exportFilePath {exportFilePath}

Description The file to which the topology registry should be exported
Required Yes
Multi-Valued No

remove-server

Remove the provided Directory Server server instance from its current topology. The server instance must be online for the command to work

If the server instance is defunct or offline, then the remove-defunct-server tool must be used to remove it. If the server is a single-instance topology, i.e. it is not a member of any topology, then this command is a no-op


remove-server Examples

Remove this Directory Server server instance from its current topology:
manage-topology remove-server --retryTimeoutSeconds 120 --hostname localhost \
     --port 1636 --bindDN "cn=Directory Manager" --bindPassword password \
     --useSSL

Arguments

-V
--version

Description Display Directory Server version information

-H
--help

Description Display general usage information

--help-debug

Description Display help for using debug options
Advanced Yes

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

--useNoSecurity

Description Use no security when communicating with the server

--topologyFilePath {topologyFilePath}

Description The topology hosts file containing the list of hosts that are already in the topology. This can make deployment automation more fault-tolerant since it is not necessary for a specific server instance to be available. Instead, the command will succeed as long as a single instance in the topology is online. This option may be used in lieu of or in addition to the hostname/port options and will take precedence if specified with those options. A connection is attempted to be established to each host in the hosts file in sequential order. The first successful connection is used to perform the action, and the remaining hosts are ignored. The LDAP connection options specified on the command-line will be used for each server in the hosts file. The hosts file must be in JSON format and may be obtained by running the manage-topology export command on an online topology host using the hostname/port options
Required No
Multi-Valued No

-h {host}
--hostname {host}

Description Fully qualified host name or IP address of the local Directory Server
Default Value localhost
Required No
Multi-Valued No

-p {port}
--port {port}

Description Directory Server port number
Default Value 389
Required No
Multi-Valued No

-D {bindDN}
--bindDN {bindDN}

Description DN used to bind to the server
Default Value cn=Directory Manager
Required Yes
Multi-Valued No

-w {bindPassword}
--bindPassword {bindPassword}

Description Password used to bind to the server
Required No
Multi-Valued No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description Bind password file
Required No
Multi-Valued No

-o {name=value}
--saslOption {name=value}

Description SASL bind options
Required No
Multi-Valued Yes

-X
--trustAll

Description Trust all server SSL certificates

-P {truststorePath}
--trustStorePath {truststorePath}

Description Certificate truststore path
Default Value /home/centos/workspace/Core-Release/build/package/PingDirectory/config/truststore
Required No
Multi-Valued No

-T {truststorePassword}
--trustStorePassword {truststorePassword}

Description Certificate truststore PIN
Required No
Multi-Valued No

-U {path}
--trustStorePasswordFile {path}

Description Certificate truststore PIN file
Required No
Multi-Valued No

--propertiesFilePath {propertiesFilePath}

Description Path to the file that contains default property values used for command-line arguments
Required No
Multi-Valued No

--noPropertiesFile

Description Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description Use script-friendly mode

--ignoreWarnings

Description Tool should continue should warnings occur when used non-interactively. This option should be used with caution

--retryTimeoutSeconds {retryTimeoutSeconds}

Description If the command fails, then it will continue to be retried up to this timeout specified in seconds. The command will not be aborted if the timeout has expired mid-execution, so it will be executed at least once. A value of zero (which is the default if this argument is not provided) indicates that the command does not have a timeout and so will not be retried upon initial failure. Note that this option is especially helpful in automated deployments where internal retries may significantly improve the chance of the command succeeding
Lower Bound 0
Upper Bound 86400
Default Value 0
Required No
Multi-Valued No

--help-subcommands

Description Display all subcommands