The dsconfig tool is the text-based management tool used to configure the underlying server configuration.
The dsconfig
tool has three operational modes: interactive mode,
non-interactive mode, and batch mode.
The dsconfig tool offers an offline mode using the --offline option, in which the server does not have to be running to interact with the configuration. In most cases, you should keep the server running when you access the configuration for the server to give the user feedback about the validity of the configuration.
To view the options for the dsconfig tool, change to the PingDirectory/bin directory, and enter ./dsconfig --help. Example output is shown below.
./dsconfig --help
View and edit the Directory Server configuration.
This utility offers three primary modes of operation, the interactive mode, the non-interactive mode
and batch mode. The interactive mode supports viewing and editing the configuration via an intuitive,
menu driven environment. Running dsconfig in interactive command-line mode provides a user-friendly,
menu-driven interface for accessing and configuring the server. To start dsconfig in interactive
command-line mode, simply invoke the dsconfig shell script or batch file without any arguments.
The dsconfig non-interactive command-line mode provides a simple way to make arbitrary changes to the
Ping Identity Directory Server by invoking it on the command-line. If you want to use administrative
scripts to automate the configuration process, then run the dsconfig command in non-interactive mode.
The dsconfig tool provides a batching mechanism that reads multiple dsconfig invocations from a file
and executes them sequentially. The batch file provides advantages over standard scripting in that it
minimizes LDAP connections and JVM invocations that normally occur with each dsconfig call. You can
view the logs/config-audit.log file to review the configuration changes made to the Ping Identity
Directory Server and use them in the batch file.
Subcommands
See the Usage section for instructions on viewing the list of supported subcommands.
Usage: dsconfig {options}
where {options} include:
--applyChangeTo [server-group|server-group-force|single-server]
Controls whether changes apply to a single server or all servers in the configuration server group
--offline
Interact with the local configuration while the server is offline. Not for use while the server
is running
-r, --reason {reason}
A string describing the reason for the configuration change
--help-classifications
Display subcommands relating to connection and operation classification
--help-core-server
Display subcommands relating to core
--help-database
Display subcommands relating to backends, indexing, and caching
--help-logging
Display subcommands relating to logging, monitoring, and notifications
--help-replication
Display subcommands relating to replication
--help-security
Display subcommands relating to security and authorization
--help-topology
Display subcommands relating to topology
--help-user-management
Display subcommands relating to authentication and password management
--help-web
Display subcommands relating to web services and applications
--help-subcommands
Display all subcommands
Configuration Options
--advanced
Allow the configuration of advanced components and properties
LDAP Connection Options
-Z, --useSSL
Use SSL for secure communication with the server
-q, --useStartTLS
Use StartTLS to secure communication with the server
--useNoSecurity
Use no security when communicating with the server
-h, --hostname {host} [Default: localhost]
Directory Server hostname or IP address
-p, --port {port} [Default: 389]
Directory Server port number
-D, --bindDN {bindDN} [Default: cn=Directory Manager]
DN used to bind to the server
-w, --bindPassword {bindPassword}
Password used to bind to the server
-j, --bindPasswordFile {bindPasswordFile}
Bind password file
-o, --saslOption {name=value}
SASL bind options (can be specified multiple times)
-X, --trustAll
Trust all server SSL certificates
-P, --trustStorePath {truststorePath} [Default: /Users/rowannabobo/Desktop/PingDirectory_9.2/config/truststore]
Certificate truststore path
-T, --trustStorePassword {truststorePassword}
Certificate truststore PIN
-U, --trustStorePasswordFile {path}
Certificate truststore PIN file
--trustStoreFormat {trustStoreFormat}
Certificate truststore format
-K, --keyStorePath {keystorePath}
Certificate keystore path
-W, --keyStorePassword {keystorePassword}
Certificate keystore PIN
-u, --keyStorePasswordFile {keystorePasswordFile}
Certificate keystore PIN file
--keyStoreFormat {keyStoreFormat}
Certificate keystore format
-N, --certNickname {nickname}
Nickname of the certificate for SSL client authentication
Utility Input/Output Options
-v, --verbose
Use verbose mode
-Q, --quiet
Use quiet mode
-n, --no-prompt
Use non-interactive mode. If data in the command is missing, you will not be prompted and the
tool will fail
-F, --batch-file {batchFilePath}
Path to a file containing a sequence of dsconfig commands to run
--batch-continue-on-error
Force the execution of all commands in the batch file on the server even if prevalidation fails.
Execution will also continue even if one of the commands fails.
Please note that commands affecting multiple servers can still fail to execute unless the
--applyChangeTo argument is provided with the value server-group-force. Only applies if the batch
file argument is also supplied.
--dry-run
Validate configuration changes but do not apply them. This option can only be used along with the
-F/--batch-file option
--propertiesFilePath {propertiesFilePath}
Path to the file that contains default property values used for command-line arguments
--noPropertiesFile
Specify that no properties file will be used to get default command-line argument values
--script-friendly
Use script-friendly mode
General Options
-V, --version
Display Directory Server version information
-?, -H, --help
Display general usage information
--help-ldap
Display help for using LDAP options
--help-sasl
Display help for using SASL options
--help-debug
Display help for using debug options
Examples
Start dsconfig in interactive mode:
dsconfig
Use non-interactive mode to change the amount memory used for caching database contents and to specify
common parent DNs that should be compacted in the underlying database:
dsconfig --no-prompt --bindDN uid=admin,dc=example,dc=com \
--bindPassword password set-backend-prop --backend-name userRoot \
--set db-cache-percent:40 \
--add compact-common-parent-dn:ou=accts,dc=example,dc=com \
--add compact-common-parent-dn:ou=subs,dc=example,dc=com
Use batch mode to read and execute a series of commands in a batch file:
dsconfig --bindDN uid=admin,dc=example,dc=com --bindPassword password \
--no-prompt --batch-file /path/to/config-batch.txt
List information about all available configuration properties for all objects, including inherited properties:
dsconfig list-properties --offline --inherited
For examples and help with LDAP options see --help-ldap. For help with SASL authentication, see --help-sasl