Registers a YubiKey OTP device with the Directory Server for a specified user so that the device may be used to authenticate that user in conjunction with the UNBOUNDID-YUBIKEY-OTP SASL mechanism. Alternately, it may be used to deregister one or more YubiKey OTP devices for a user so that they may no longer be used to authenticate that user.
register-yubikey-otp-device --hostname server.example.com --port 389 \ --bindDN uid=admin,dc=example,dc=com --bindPassword adminPassword \ --authenticationID u:test.user --userPassword testUserPassword \ --otp abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqr
register-yubikey-otp-device --hostname server.example.com --port 389 \ --bindDN uid=admin,dc=example,dc=com --bindPassword adminPassword \ --deregister \ --authenticationID dn:uid=test.user,ou=People,dc=example,dc=com
-V
--version
Description | Display Directory Server version information |
-H
--help
Description | Display general usage information |
--help-ldap
Description | Display help for using LDAP options |
--help-sasl
Description | Display help for using SASL options |
--help-debug
Description | Display help for using debug options |
Advanced | Yes |
-h {host}
--hostname {host}
Description | The IP address or resolvable name to use to connect to the directory server. If this is not provided, then a default value of 'localhost' will be used. |
Default Value | localhost |
Required | Yes |
Multi-Valued | No |
-p {port}
--port {port}
Description | The port to use to connect to the directory server. If this is not provided, then a default value of 389 will be used. |
Default Value | 389 |
Required | Yes |
Multi-Valued | No |
-D {dn}
--bindDN {dn}
Description | The DN to use to bind to the directory server when performing simple authentication. |
Required | No |
Multi-Valued | No |
-w {password}
--bindPassword {password}
Description | The password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
Required | No |
Multi-Valued | No |
-j {path}
--bindPasswordFile {path}
Description | The path to the file containing the password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism. |
Required | No |
Multi-Valued | No |
--promptForBindPassword
Description | Indicates that the tool should interactively prompt the user for the bind password. |
-Z
--useSSL
Description | Use SSL when communicating with the directory server. |
-q
--useStartTLS
Description | Use StartTLS when communicating with the directory server. |
--defaultTrust
Description | Use the JVM's default trust store, the server's default trust store, the server's topology registry, and optionally an additional trust store specified using the --trustStorePath argument to non-interactively determine whether to trust any certificate chain presented during TLS negotiation. If the chain cannot be trusted based on any of those sources, then negotiation will fail without prompting about whether to trust it. |
-X
--trustAll
Description | Trust any certificate presented by the directory server. |
-K {path}
--keyStorePath {path}
Description | The path to the file to use as the key store for obtaining client certificates when communicating securely with the directory server. |
Required | No |
Multi-Valued | No |
-W {password}
--keyStorePassword {password}
Description | The password to use to access the key store contents. |
Required | No |
Multi-Valued | No |
-u {path}
--keyStorePasswordFile {path}
Description | The path to the file containing the password to use to access the key store contents. |
Required | No |
Multi-Valued | No |
--promptForKeyStorePassword
Description | Indicates that the tool should interactively prompt the user for the password to use to access the key store contents. |
--keyStoreFormat {format}
Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the key store file. |
Required | No |
Multi-Valued | No |
-P {path}
--trustStorePath {path}
Description | The path to the file to use as trust store when determining whether to trust a certificate presented by the directory server. |
Required | No |
Multi-Valued | No |
-T {password}
--trustStorePassword {password}
Description | The password to use to access the trust store contents. |
Required | No |
Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
Description | The path to the file containing the password to use to access the trust store contents. |
Required | No |
Multi-Valued | No |
--promptForTrustStorePassword
Description | Indicates that the tool should interactively prompt the user for the password to use to access the trust store contents. |
--trustStoreFormat {format}
Description | The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the trust store file. |
Required | No |
Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
Description | The nickname (alias) of the client certificate in the key store to present to the directory server for SSL client authentication. |
Required | No |
Multi-Valued | No |
--enableSSLDebugging
Description | Enable Java's low-level support for debugging SSL/TLS communication. This is equivalent to setting the 'javax.net.debug' property to 'all'. |
-o {name=value}
--saslOption {name=value}
Description | A name-value pair providing information to use when performing SASL authentication. |
Required | No |
Multi-Valued | Yes |
--useSASLExternal
Description | Use the SASL EXTERNAL mechanism to authenticate. |
--helpSASL
Description | Provide information about the supported SASL mechanisms, including the properties available for use with each. |
--deregister
Description | Indicates that the tool should deregister one or more YubiKey OTP devices for the target user rather than registering a new device. If the --otp argument is provided, then only the device used to generate that one-time password will be deregistered. If the --otp argument is not provided, then it will deregister all YubiKey OTP devices that have been registered for the target user. |
--otp {otp}
Description | A one-time password generated by the YubiKey OTP device to be registered or deregistered. |
Required | No |
Multi-Valued | No |
--authID {authID}
Description | An authentication ID that identifies the user for whom the device is to be registered or deregistered. If this is provided, then it should either be in the form 'dn:' followed by the DN of the target user's entry, or in the form 'u:' followed by the username for the target user. If this is not provided, then it will target the user as whom the tool is authenticated. |
Required | No |
Multi-Valued | No |
--userPassword {password}
Description | The static password for the user targeted by the --authID argument. |
Required | No |
Multi-Valued | No |
--userPasswordFile {path}
Description | The path to a file containing the static password for the user targeted by the --authID argument. |
Required | No |
Multi-Valued | No |
--promptForUserPassword
Description | Indicates that the tool should interactively prompt for the static password for the user targeted by the --authID argument. |
--interactive
Description | Launch the tool in interactive mode. |
--outputFile {path}
Description | Write all standard output and standard error messages to the specified file instead of to the console. |
Required | No |
Multi-Valued | No |
--appendToOutputFile
Description | Indicates that the tool should append to the file specified by the --outputFile argument if it already exists. If this argument is not provided and the output file already exists, it will be overwritten. |
--teeOutput
Description | Write all standard output and standard error messages to the console as well as to the specified output file. The --outputFile argument must also be provided. |
--propertiesFilePath {path}
Description | The path to a properties file used to specify default values for arguments not supplied on the command line. |
Required | No |
Multi-Valued | No |
--generatePropertiesFile {path}
Description | Write an empty properties file that may be used to specify default values for arguments. |
Required | No |
Multi-Valued | No |
--noPropertiesFile
Description | Do not obtain any argument values from a properties file. |
--suppressPropertiesFileComment
Description | Suppress output listing the arguments obtained from a properties file. |