| authrate |
Perform repeated authentications against an LDAP directory server, where each authentication consists of a search to find a user followed by a bind to verify the credentials for that user. |
| backup |
Back up one or more Directory Proxy Server backends |
| base64 |
Encode raw data using the base64 algorithm or decode base64-encoded data back to its raw representation |
| collect-support-data |
Collect and package system information useful in troubleshooting problems. The information is packaged as a zip archive that can be sent to a technical support representative |
| config-diff |
Compares Directory Proxy Server configurations and produces a dsconfig batch file needed to bring the source inline with the target |
| create-initial-proxy-config |
Create an initial Directory Proxy Server configuration |
| create-rc-script |
Create an RC script that may be used to start, stop, and restart the Directory Proxy Server on UNIX-based systems |
| create-systemd-script |
Create a systemd script that may be used to start and stop the Directory Proxy Server on Linux-based systems |
| deliver-one-time-password |
Generate and deliver a one-time password to a user through some out-of-band mechanism. That password can then be used to authenticate via the UNBOUNDID-DELIVERED-OTP SASL mechanism. |
| deliver-password-reset-token |
Generate and deliver a single-use token to a user through some out-of-band mechanism. The user can provide that token to the password modify extended request in lieu of the user's current password in order to select a new password. |
| dsconfig |
View and edit the Directory Proxy Server configuration |
| dsjavaproperties |
Configure the JVM options used to run the Directory Proxy Server and associated tools |
| dump-dns |
Obtain a listing of all of the DNs for all entries below a specified base DN in the Directory Proxy Server. |
| encrypt-file |
Encrypts or decrypts data using a key generated from a user-supplied passphrase, a key generated from an encryption settings definition, or a key shared among servers in the topology. The data to be processed can be read from a file or standard input, and the resulting data can be written to a file or standard output. This can be used to encrypt and subsequently decrypt arbitrary data, but it can also be used to decrypt encrypted backups, LDIF exports, and log files generated by the server |
| encryption-settings |
Manage the server encryption settings database |
| enter-lockdown-mode |
Request that the Directory Proxy Server enter lockdown mode, during which it only processes operations requested by users holding the lockdown-mode privilege |
| generate-totp-shared-secret |
Generate a shared secret that may be used to generate time-based one-time password (TOTP) authentication codes for use in authenticating with the UNBOUNDID-TOTP SASL mechanism, or in conjunction with the validate TOTP password extended operation. |
| global-index-size |
Estimates the size in memory of one or more global indexes from the actual number of keys, the configured number of keys and the average key size. The estimate could be slightly higher or lower than the actual size. An estimate can be provided for more than one index in one invocation by providing multiple sets of options |
| identify-references-to-missing-entries |
This tool may be used to identify entries containing one or more attributes which reference entries that do not exist. This may require the ability to perform unindexed searches and/or the ability to use the simple paged results control. |
| identify-unique-attribute-conflicts |
This tool may be used to identify unique attribute conflicts. That is, it may identify values of one or more attributes which are supposed to exist only in a single entry but are found in multiple entries. |
| indent-ldap-filter |
Parses a provided LDAP filter string and displays it a multi-line form that makes it easier to understand its hierarchy and embedded components. If possible, it may also be able to simplify the provided filter in certain ways (for example, by removing unnecessary levels of hierarchy, like an AND embedded in an AND). |
| ldap-debugger |
Intercept and decode LDAP communication. |
| ldap-diff |
Compare the contents of two LDAP servers |
| ldap-result-code |
Display and query LDAP result codes |
| ldapcompare |
Perform LDAP compare operations in the Directory Proxy Server |
| ldapdelete |
Deletes one or more entries from an LDAP directory server. The DNs of the entries to delete can be provided using named arguments, as trailing arguments, read from a file, or read from standard input. Alternately, entries to delete can be identified using a search base DN and filter. |
| ldapmodify |
Applies a set of add, delete, modify, and/or modify DN operations to a directory server. The changes to apply should be supplied in LDIF format, either via standard input or from a file specified with the 'ldifFile' argument. Change records must be separated by at least one blank line. |
| ldappasswordmodify |
Perform LDAP password modify operations in the Directory Proxy Server |
| ldapsearch |
Issues one or more searches to an LDAP directory server. |
| ldif-diff |
Compare the contents of two LDIF files, the output being an LDIF file needed to bring the source file in sync with the target |
| ldifmodify |
Apply a set of modify, add, and delete operations to data in an LDIF file |
| ldifsearch |
Perform search operations to data in an LDIF file |
| leave-lockdown-mode |
Request that the Directory Proxy Server leave lockdown mode and resume normal operation |
| list-backends |
List the backends and base DNs configured in the Directory Proxy Server |
| load-ldap-schema-file |
Loads the schema definitions contained in a specified LDIF file into the schema for a running server. This tool may only be used in conjunction with a server instance running on the local system |
| make-ldif |
Generate LDIF data based on a definition in a template file. See the server's config/MakeLDIF directory for example template files. In particular, the examples-of-all-tags.template file shows how to use all of the tags for generating values |
| manage-account |
Retrieve or update information about the current state of a user account. Processing will be performed using the password policy state extended operation, and you must have the password-reset privilege to use this extended operation. |
| manage-certificates |
Provides a number of subcommands that can be used to manage a set of certificates and private keys in a JKS or PKCS #12 keystore. |
| manage-extension |
Install or update Ping Identity Directory Proxy Server extension bundles |
| manage-tasks |
Access information about pending, running, and completed tasks scheduled in the Directory Proxy Server |
| manage-topology |
Tool for managing the topology registry |
| modrate |
Perform repeated modifications against an LDAP directory server. |
| move-subtree |
Move all entries in a specified subtree from one server to another. |
| parallel-update |
Perform add, delete, modify, and modify DN operations concurrently using multiple threads |
| prepare-external-server |
Prepare Directory Proxy Server and a directory server for communication |
| profile-viewer |
View information in data files captured by the Directory Proxy Server profiler |
| register-yubikey-otp-device |
Registers a YubiKey OTP device with the Directory Server for a specified user so that the device may be used to authenticate that user in conjunction with the UNBOUNDID-YUBIKEY-OTP SASL mechanism. Alternately, it may be used to deregister one or more YubiKey OTP devices for a user so that they may no longer be used to authenticate that user. |
| reload-http-connection-handler-certificates |
Reload HTTPS Connection Handler certificates |
| reload-index |
Reload the contents of the global index |
| remove-backup |
Safely remove a backup and optionally all of its dependent backups from the specified Directory Proxy Server backend |
| remove-defunct-server |
Remove a server from this server's topology |
| restore |
Restore a backup of a Directory Proxy Server backend |
| revert-update |
Revert this server package's most recent update |
| review-license |
Review and/or indicate your acceptance of the license agreement defined in /legal/LICENSE.txt |
| rotate-log |
Triggers the rotation of one or more log files |
| sanitize-log |
Sanitize the contents of a server log file in order to remove potentially sensitive information while still attempting to retain enough information to make it useful for diagnosing problems or understanding load patterns. The sanitization process operates on fields that consist of name-value pairs. The field name will always be preserved, but field values may be tokenized or redacted if they may include sensitive information. Supported log file types include the file-based access, error, sync, and resync logs, as well as the operation timing access log and the detailed HTTP operation log. The audit log can be sanitized using the scramble-ldif tool |
| schedule-exec-task |
Schedules an exec task to run a specified command in the server. In order to run an exec task, a number of conditions must be satisfied: the server's global configuration must have been updated to include 'com.unboundid.directory.server.tasks.ExecTask' in the set of allowed-task values, the requester must have the 'exec-task' privilege, and the command to execute must be listed in the 'exec-command-whitelist.txt' file in the server's config directory. The absolute path (on the server system) of the command to execute must be specified as the first unnamed trailing argument to this program, and the arguments to provide to that command (if any) should be specified as the remaining trailing arguments. The server root will be used as the command's working directory, so any arguments that represent relative paths will be interpreted as relative to that directory |
| search-and-mod-rate |
Perform repeated searches against an LDAP directory server and modify each entry returned. |
| search-logs |
Like the command-line tool 'grep', this tool searches across log files to extract lines matching the provided pattern(s). The benefits of using this tool over grep are its ability to handle multi-line log messages, extract log messages within a given time range, and the inclusion of rotated log files |
| searchrate |
Perform repeated searches against an LDAP directory server. |
| server-state |
View information about the current state of the Directory Proxy Server process |
| set-delegated-admin-aci |
Request that the Directory Proxy Server assign appropriate ACI for configured delegated administrators of the Delegated Admin API |
| setup |
Perform the initial setup for a server instance |
| start-server |
Start the Directory Proxy Server |
| status |
Display basic server information |
| stop-server |
Stop or restart the server |
| subtree-accessibility |
List or update the set of subtree accessibility restrictions defined in the Directory Proxy Server. |
| sum-file-sizes |
Calculate the sum of the sizes for a set of files |
| summarize-access-log |
Examine one or more access log files from Ping Identity, UnboundID, or Nokia/Alcatel-Lucent 8661 server products to display a number of metrics about operations processed within the server. |
| transform-ldif |
Apply one or more changes to entries or change records read from an LDIF file, writing the updating records to a new file. This tool can apply a variety of transformations, including scrambling attribute values, redacting attribute values, excluding attributes or entries, replacing existing attributes, adding new attributes, renaming attributes, and moving entries from one subtree to another. |
| uninstall |
Uninstall the Directory Proxy Server. |
| update |
Use this server package to update a deployed server so its version matches the version of this package |
| validate-acis |
This tool may be used to validate a set of access control definitions contained in an LDAP server (including Sun/Oracle DSEE instances) or an LDIF file to determine whether they are acceptable for use in the Ping Identity Directory Proxy Server. Note that output generated by this tool will be LDIF, but each entry in the output will have exactly one ACI, so entries which have more than one ACI will appear multiple times in the output with different ACI values |
| validate-file-signature |
For best results, file signatures should be validated by the same instance used to generate the file. However, it may be possible to validate signatures generated on other instances in a replicated topology |
| validate-ldif |
Validate the contents of an LDIF file against the server schema. |