Request that the Directory Server leave lockdown mode and resume normal operation.
While in lockdown mode, the Directory Server rejects all requests from users that do not hold the lockdown-mode privilege.
Note that the Directory Server may place itself in lockdown mode under certain conditions (for example, if it detects a security problem like a malformed access control rule that may have otherwise resulted in exposure of sensitive data).
Request that the Directory Server leave lockdown mode and resume normal operation:
leave-lockdown-mode --hostname 127.0.0.1 --port 389 \
--bindDN "cn=Directory Manager" --bindPassword password \
--reason "Finished with configuration maintenance"
For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help
-V
--version
| Description | Display Directory Server version information |
-H
--help
| Description | Display general usage information |
--help-ldap
| Description | Display help for using LDAP options |
--help-sasl
| Description | Display help for using SASL options |
--help-debug
| Description | Display help for using debug options |
| Advanced | Yes |
-h {host}
--hostname {host}
| Description | Fully qualified host name or IP address of a Directory Server on the local host |
| Default Value | localhost |
| Required | No |
| Multi-Valued | No |
-p {port}
--port {port}
| Description | Directory Server port number |
| Lower Bound | 1 |
| Upper Bound | 65535 |
| Default Value | 389 |
| Required | No |
| Multi-Valued | No |
-D {bindDN}
--bindDN {bindDN}
| Description | DN used to bind to the server |
| Required | No |
| Multi-Valued | No |
-w {bindPassword}
--bindPassword {bindPassword}
| Description | Password used to bind to the server |
| Required | No |
| Multi-Valued | No |
-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}
| Description | Bind password file |
| Required | No |
| Multi-Valued | No |
-Z
--useSSL
| Description | Use SSL for secure communication with the server |
-q
--useStartTLS
| Description | Use StartTLS to secure communication with the server |
-X
--trustAll
| Description | Trust all server SSL certificates |
-K {keystorePath}
--keyStorePath {keystorePath}
| Description | Certificate keystore path |
| Required | No |
| Multi-Valued | No |
-W {keystorePassword}
--keyStorePassword {keystorePassword}
| Description | Certificate keystore PIN |
| Required | No |
| Multi-Valued | No |
-u {keystorePasswordFile}
--keyStorePasswordFile {keystorePasswordFile}
| Description | Certificate keystore PIN file |
| Required | No |
| Multi-Valued | No |
--keyStoreFormat {keyStoreFormat}
| Description | Certificate keystore format |
| Required | No |
| Multi-Valued | No |
-P {truststorePath}
--trustStorePath {truststorePath}
| Description | Certificate truststore path |
| Required | No |
| Multi-Valued | No |
-T {truststorePassword}
--trustStorePassword {truststorePassword}
| Description | Certificate truststore PIN |
| Required | No |
| Multi-Valued | No |
-U {path}
--trustStorePasswordFile {path}
| Description | Certificate truststore PIN file |
| Required | No |
| Multi-Valued | No |
--trustStoreFormat {trustStoreFormat}
| Description | Certificate truststore format |
| Required | No |
| Multi-Valued | No |
-N {nickname}
--certNickname {nickname}
| Description | Nickname of the certificate for SSL client authentication |
| Required | No |
| Multi-Valued | No |
-o {name=value}
--saslOption {name=value}
| Description | SASL bind options |
| Required | No |
| Multi-Valued | Yes |
--propertiesFilePath {propertiesFilePath}
| Description | Path to the file that contains default property values used for command-line arguments |
| Required | No |
| Multi-Valued | No |
--noPropertiesFile
| Description | Specify that no properties file will be used to get default command-line argument values |
--script-friendly
| Description | Use script-friendly mode |
-r {message}
--reason {message}
| Description | Specifies the reason you are taking this server out of lockdown mode |
| Required | No |
| Multi-Valued | No |