PingDirectory

Managing the server without shell access to the underlying system

Even if PingDirectory server administrators are not granted shell access to the underlying system, it is still possible to manage the server.

Most administrative functions can be performed remotely over secure LDAP or HTTP connections.

The web-based administration console provides support for managing the server configuration and schema. It also provides access to a variety of status information, including monitor entries, active alarms, and administrative alerts.

If you extract the PingDirectory software onto your local system, then you will also have access to a variety of command-line tools that can interact with the server remotely. Some of the most useful tools include:

status

Retrieve a variety of status information from the server.

dsconfig

Manage the server configuration.

dsreplication

Manage and monitor replication.

collect-support-data

Collect a wide variety of information that is useful for troubleshooting problems and understanding the server configuration and status. The resulting support data archive can be securely streamed back to the client system.

backup

Back up the contents of one or more server backends. The backup files will be written onto the server filesystem.

restore

Restore a backup stored on the server filesystem.

export-ldif

Export the contents of a specified backend to LDIF. The LDIF file will be written onto the server filesystem.

import-ldif

Import LDIF data stored on the server filesystem into a specified backend.

config-diff

Compares server configurations, whether of two different servers or different versions of the configuration from the same instance, to identify differences.

ldapsearch

Search for information stored in the server.

ldapmodify

Update information stored in the server, including creating new entries or updating or removing existing entries.

ldappasswordmodify

Reset user passwords.

manage-account

Manage password policy state for users.

ldap-diff

Compare the data between multiple servers to identify differences.

audit-data-security

Examine and report on various security-related aspects of data stored in the server.

schedule-exec-task

Schedule an administrative task that can be used to execute a specified command on the server system. This task is not enabled by default, and it provides several safeguards to ensure that it cannot be invoked by unauthorized users and that authorized users are not allowed to invoke unauthorized commands.

You might also need to access files on the server filesystem, especially for things like backups, LDIF exports, and log files. There are options for this that do not require shell access:

  • Consider using a secure shared filesystem that is accessible from other trusted systems. Even if you don’t want to place the server root itself on a shared filesystem, you could write backups, LDIF exports, and rotated log files to it so that they are more readily available.

  • Use the file servlet that is provided as part of the PingDirectory server installation. If you go to https://server-address:server-https-port/instance-root/ and authenticate as a user with the file-servlet-access privilege, which is included in the default set of root privileges, you can see a listing of all files and directories in the server instance root and you can download any files of interest to your desktop.