generate-totp-shared-secret

Description Examples Arguments

Description

Generate a shared secret that may be used to generate time-based one-time password (TOTP) authentication codes for use in authenticating with the UNBOUNDID-TOTP SASL mechanism, or in conjunction with the validate TOTP password extended operation.

Examples

Generate a TOTP secret for the user with username 'john.doe' and a password entered at an interactive prompt.

generate-totp-shared-secret --hostname ds.example.com --port 389 \
     --authID u:john.doe --promptForUserPassword

Revoke all TOTP shared secrets for the user with username 'john.doe' whose password is contained in file 'password.txt'.

generate-totp-shared-secret --hostname ds.example.com --port 389 \
     --authID u:john.doe --userPasswordFile password.txt --revokeAll
For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-V
--version

Description Display Directory Server version information

-H
--help

Description Display general usage information

--help-ldap

Description Display help for using LDAP options

--help-sasl

Description Display help for using SASL options

--help-debug

Description Display help for using debug options
Advanced Yes

-h {host}
--hostname {host}

Description The IP address or resolvable name to use to connect to the directory server. If this is not provided, then a default value of 'localhost' will be used.
Default Value localhost
Required Yes
Multi-Valued No

-p {port}
--port {port}

Description The port to use to connect to the directory server. If this is not provided, then a default value of 389 will be used.
Default Value 389
Required Yes
Multi-Valued No

-D {dn}
--bindDN {dn}

Description The DN to use to bind to the directory server when performing simple authentication.
Required No
Multi-Valued No

-w {password}
--bindPassword {password}

Description The password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism.
Required No
Multi-Valued No

-j {path}
--bindPasswordFile {path}

Description The path to the file containing the password to use to bind to the directory server when performing simple authentication or a password-based SASL mechanism.
Required No
Multi-Valued No

--promptForBindPassword

Description Indicates that the tool should interactively prompt the user for the bind password.

-Z
--useSSL

Description Use SSL when communicating with the directory server.

-q
--useStartTLS

Description Use StartTLS when communicating with the directory server.

--defaultTrust

Description Use the JVM's default trust store, the server's default trust store, the server's topology registry, and optionally an additional trust store specified using the --trustStorePath argument to non-interactively determine whether to trust any certificate chain presented during TLS negotiation. If the chain cannot be trusted based on any of those sources, then negotiation will fail without prompting about whether to trust it.

-X
--trustAll

Description Trust any certificate presented by the directory server.

-K {path}
--keyStorePath {path}

Description The path to the file to use as the key store for obtaining client certificates when communicating securely with the directory server.
Required No
Multi-Valued No

-W {password}
--keyStorePassword {password}

Description The password to use to access the key store contents.
Required No
Multi-Valued No

-u {path}
--keyStorePasswordFile {path}

Description The path to the file containing the password to use to access the key store contents.
Required No
Multi-Valued No

--promptForKeyStorePassword

Description Indicates that the tool should interactively prompt the user for the password to use to access the key store contents.

--keyStoreFormat {format}

Description The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the key store file.
Required No
Multi-Valued No

-P {path}
--trustStorePath {path}

Description The path to the file to use as trust store when determining whether to trust a certificate presented by the directory server.
Required No
Multi-Valued No

-T {password}
--trustStorePassword {password}

Description The password to use to access the trust store contents.
Required No
Multi-Valued No

-U {path}
--trustStorePasswordFile {path}

Description The path to the file containing the password to use to access the trust store contents.
Required No
Multi-Valued No

--promptForTrustStorePassword

Description Indicates that the tool should interactively prompt the user for the password to use to access the trust store contents.

--trustStoreFormat {format}

Description The format (e.g., JKS, PKCS12, PKCS11, BCFKS, etc.) for the trust store file.
Required No
Multi-Valued No

--verifyCertificateHostnames

Description Indicates that the tool should verify that the hostname or IP addressed used to establish connections ot the LDAP server matches an address for which the server's TLS certificate was issued.

-N {nickname}
--certNickname {nickname}

Description The nickname (alias) of the client certificate in the key store to present to the directory server for SSL client authentication.
Required No
Multi-Valued No

--enableSSLDebugging

Description Enable Java's low-level support for debugging SSL/TLS communication. This is equivalent to setting the 'javax.net.debug' property to 'all'.

-o {name=value}
--saslOption {name=value}

Description A name-value pair providing information to use when performing SASL authentication.
Required No
Multi-Valued Yes

--useSASLExternal

Description Use the SASL EXTERNAL mechanism to authenticate.

--helpSASL

Description Provide information about the supported SASL mechanisms, including the properties available for use with each.

--authID {authID}

Description An authentication ID that identifies the user for whom the TOTP shared secret should be generated. This must be provided, and it should either be in the form 'dn:' followed by the DN of the target user's entry, or in the form 'u:' followed by the username for the target user.
Required Yes
Multi-Valued No

--userPassword {password}

Description The static password for the user targeted by the --authID argument.
Required No
Multi-Valued No

--userPasswordFile {path}

Description The path to a file containing the static password for the user targeted by the --authID argument.
Required No
Multi-Valued No

--promptForUserPassword

Description Indicates that the tool should interactively prompt for the static password for the user targeted by the --authID argument.

--revoke {totpSharedSecret}

Description Indicates that the server should revoke the provided TOTP shared secret rather than generating a new secret for the specified user.
Required No
Multi-Valued No

--revokeAll

Description Indicates that the server should revoke all existing TOTP shared secrets for the specified user rather than generating a new secret.

--interactive

Description Launch the tool in interactive mode.

--outputFile {path}

Description Write all standard output and standard error messages to the specified file instead of to the console.
Required No
Multi-Valued No

--appendToOutputFile

Description Indicates that the tool should append to the file specified by the --outputFile argument if it already exists. If this argument is not provided and the output file already exists, it will be overwritten.

--teeOutput

Description Write all standard output and standard error messages to the console as well as to the specified output file. The --outputFile argument must also be provided.

--propertiesFilePath {path}

Description The path to a properties file used to specify default values for arguments not supplied on the command line.
Required No
Multi-Valued No

--generatePropertiesFile {path}

Description Write an empty properties file that may be used to specify default values for arguments.
Required No
Multi-Valued No

--noPropertiesFile

Description Do not obtain any argument values from a properties file.

--suppressPropertiesFileComment

Description Suppress output listing the arguments obtained from a properties file.