Managing the server without shell access to the underlying system
Even if PingDirectory server administrators are not granted shell access to the underlying system, it is still possible to manage the server.
Most administrative functions can be performed remotely over secure LDAP or HTTP connections.
The web-based administration console provides support for managing the server configuration and schema. It also provides access to a variety of status information, including monitor entries, active alarms, and administrative alerts.
If you extract the PingDirectory software onto your local system, then you will also have access to a variety of command-line tools that can interact with the server remotely. Some of the most useful tools include:
status
-
Retrieve a variety of status information from the server.
dsconfig
-
Manage the server configuration.
dsreplication
-
Manage and monitor replication.
collect-support-data
-
Collect a wide variety of information that is useful for troubleshooting problems and understanding the server configuration and status. The resulting support data archive can be securely streamed back to the client system.
backup
-
Back up the contents of one or more server backends. The backup files will be written onto the server filesystem.
restore
-
Restore a backup stored on the server filesystem.
export-ldif
-
Export the contents of a specified backend to LDIF. The LDIF file will be written onto the server filesystem.
import-ldif
-
Import LDIF data stored on the server filesystem into a specified backend.
config-diff
-
Compares server configurations, whether of two different servers or different versions of the configuration from the same instance, to identify differences.
ldapsearch
-
Search for information stored in the server.
ldapmodify
-
Update information stored in the server, including creating new entries or updating or removing existing entries.
ldappasswordmodify
-
Reset user passwords.
manage-account
-
Manage password policy state for users.
ldap-diff
-
Compare the data between multiple servers to identify differences.
audit-data-security
-
Examine and report on various security-related aspects of data stored in the server.
schedule-exec-task
-
Schedule an administrative task that can be used to execute a specified command on the server system. This task is not enabled by default, and it provides several safeguards to ensure that it cannot be invoked by unauthorized users and that authorized users are not allowed to invoke unauthorized commands.
You might also need to access files on the server filesystem, especially for things like backups, LDIF exports, and log files. There are options for this that do not require shell access:
-
Consider using a secure shared filesystem that is accessible from other trusted systems. Even if you don’t want to place the server root itself on a shared filesystem, you could write backups, LDIF exports, and rotated log files to it so that they are more readily available.
-
Use the file servlet that is provided as part of the PingDirectory server installation. If you go to https://server-address:server-https-port/instance-root/ and authenticate as a user with the
file-servlet-access
privilege, which is included in the default set of root privileges, you can see a listing of all files and directories in the server instance root and you can download any files of interest to your desktop.
-