|Use this option
Information about arguments and subcommands
A list of subcommands
More information about a subcommand
dsconfig list-log-publishers --help
|Perform repeated authentications against an LDAP directory server, where each authentication consists of a search to find a user followed by a bind to verify the credentials for that user.
|Run full or incremental backups on one or more Data Sync Server backends. This tool also supports the use of a properties file to pass predefined command-line arguments. See Saving Options in a File for more information.
|Encode raw data using the base64 algorithm or decode base64-encoded data back to its raw representation.
|Collect and package system information useful in troubleshooting problems. The information is packaged as a zip archive that can be sent to a technical support representative.
|Compare Data Sync Server configurations and produce a dsconfig batch file needed to bring the source inline with the target.
|Create a Run Control (RC) script to start, stop, and restart the Ping Identity Data Sync Server on UNIX-based systems.
|Create an initial Data Sync Server configuration.
|Create a systemd script to start and stop the Ping Identity Data Sync Server on Linux-based systems.
|Generate and deliver a one-time password to a user through some out-of-band mechanism. That password can then be used to authenticate via the UNBOUNDID-DELIVERED-OTP SASL mechanism.
|Generate and deliver a single-use token to a user through some out-of-band mechanism. The user can provide that token to the password modify extended request in lieu of the user's current password in order to select a new password.
|View and edit the Data Sync Server configuration.
|Configure the JVM arguments used to run the PingDataSync Server and associated tools. Before launching the command, edit the properties file located in config/java.properties to specify the desired JVM options and JAVA_HOME environment variable.
|Obtain a listing of all of the DNs for all entries below a specified base DN in the Data Sync Server.
|Encrypt or decrypt data using a key generated from a user-supplied passphrase, a key generated from an encryption settings definition, or a key shared among servers in the topology. The data to be processed can be read from a file or standard input, and the resulting data can be written to a file or standard output. You can use this command to encrypt and subsequently decrypt arbitrary data, or to decrypt encrypted backups, LDIF exports, and log files generated by the server.
|Manage the server encryption settings database.
|Request that the Data Sync Server enter lockdown mode, during
which it only processes operations requested by users holding
Requests that the server export entries from a specified backend in LDIF form, including clear-text representations of any passwords encoded with a reversible storage scheme. This tool can only be used over a secure connection and when authenticated as a user with the permit-export-reversible-passwords privilege. The output is encrypted using a key generated from either a user-supplied passphrase or an encryption settings definition.
|Generate a shared secret that you can use to generate time-based one-time password (TOTP) authentication codes for use in authenticating with the UNBOUNDID-TOTP SASL mechanism or with the validate TOTP password extended operation.
|Parse a provided LDAP filter string and display it a multiline form that makes it easier to understand its hierarchy and embedded components. If possible, it might also simplify the provided filter in certain ways (for example, by removing unnecessary levels of hierarchy, like an AND embedded in an AND).
|Intercept and decode LDAP communication.
|Compare the contents of two LDAP servers.
|Display and query LDAP result codes.
|Perform compare operations in the PingDataSync Server. Compare operations can be used to efficiently determine whether a specified entry has a given value.
|Delete one or more entries from an LDAP directory server. You can provide the DNs of the entries to delete using named arguments, as trailing arguments, from a file, or from standard input. Alternatively, you can identify entries to delete using a search base DN and filter.
|Apply a set of add, delete, modify, and/or modify DN operations to a directory server. Supply the changes to apply in LDIF format, either from standard input or from a file specified with the 'ldifFile' argument. Change records must be separated by at least one blank line.
|Update the password for a user in an LDAP directory server using the password modify extended operation (as defined in RFC 3062), a standard LDAP modify operation, or an Active Directory-specific modification.
|Process one or more searches in an LDAP directory server.
|Compare the contents of two files containing LDIF entries. The output will be an LDIF file containing the add, delete, and modify change records needed to convert the data in the source LDIF file into the data in the target LDIF file.
|Apply a set of changes (including add, delete, modify, and modify DN operations) to a set of entries contained in an LDIF file. The changes will be read from a second file (containing change records rather than entries), and the updated entries will be written to a third LDIF file. Unlike ldapmodify, the ldifmodify cannot read the changes to apply from standard input.
|Search one or more LDIF files to identify entries matching a given set of criteria.
|Request that the Data Sync Server leave lockdown mode and resume normal operation.
|List the backends and base DNs configured in Ping Identity Data Sync Server.
|Generate LDIF data based on a definition in a template file. For example template files, see the server's config/MakeLDIF directory. In particular, the examples-of-all-tags.template file shows how to use all of the tags for generating values.
|Retrieve or update information about the current state of a
user account. Processing is performed using the password policy
state extended operation, and you must have the
password-reset privilege to use this
|Manage certificates and private keys in a JKS or PKCS #12 key store.
|Install or update Ping Identity Data Sync Server extension bundles.
|Generate, compare, install, and replace server profiles.
|Access information about pending, running, and completed tasks scheduled in the Data Sync Server.
|Tool to manage the topology registry.
|Perform repeated modifications against an LDAP directory server.
|Move all entries in a specified subtree from one server to another.
|Perform add, delete, modify, and modify DN operations concurrently using multiple threads.
|Prepare a Data Sync Server and an external server for communication.
|View information in data files captured by the Data Sync Server profiler.
|Control real-time synchronization including starting and stopping synchronization globally or for individual Sync Pipes; and setting the start point for real-time synchronization so that changes made before a specified time are ignored.
|Register a YubiKey OTP device with the Directory Server for a specified user so that the device can be used to authenticate that user in conjunction with the UNBOUNDID-YUBIKEY-OTP SASL mechanism. Alternately, it can be used to deregister one or more YubiKey OTP devices for a user so that they can no longer be used to authenticate that user.
|Reload HTTPS Connection Handler certificates.
|Safely remove a backup and optionally all of its dependent backups from the specified Data Sync Server backend.
|Remove a server from this server's topology.
|Replace the listener certificate for this Ping Identity Data Sync Server server instance.
|Restore a backup of a Data Sync Server backend.
|A resync operation can be used to resynchronize a Sync Destination with the contents of the Sync Pipe's corresponding Sync Source.
|Revert this server package's most recent update.
|Review and/or indicate your acceptance of the license agreement defined in legal/LICENSE.txt.
|Trigger the rotation of one or more log files.
|Sanitize the contents of a server log file to remove potentially sensitive information while still attempting to retain enough information to make it useful for diagnosing problems or understanding load patterns. The sanitization process operates on fields that consist of name-value pairs. The field name is always preserved, but field values might be tokenized or redacted if they might include sensitive information. Supported log file types include the file-based access, error, sync, and resync logs, as well as the operation timing access log and the detailed HTTP operation log. Sanitize the audit log using the scramble-ldif tool.
|Schedule an exec task to run a specified command in the
server. To run an exec task, a number of conditions must be
satisfied: the server's global configuration must have been
updated to include
'com.unboundid.directory.server.tasks.ExecTask' in the set of
allowed-task values, the requester must have the
exec-task privilege, and the command to
execute must be listed in the
exec-command-whitelist.txt file in the
server's config directory. The absolute
path (on the server system) of the command to execute must be
specified as the first unnamed trailing argument to this
program, and the arguments to provide to that command (if any)
should be specified as the remaining trailing arguments. The
server root is used as the command's working directory, so any
arguments that represent relative paths are interpreted as
relative to that directory.
|Perform repeated searches against an LDAP directory server and modify each entry returned.
|Search across log files to extract lines matching the provided patterns, like the grep command-line tool. The benefits of using this tool over grep are its ability to handle multiline log messages, extract log messages within a given time range, and the inclusion of rotated log files.
|Perform repeated searches against an LDAP directory server.
|View information about the current state of the Data Sync Server process.
|Perform the initial setup for a server instance.
|Start the Data Sync Server.
|Display basic server information.
|Stop or restart the server.
|List or update the set of subtree accessibility restrictions defined in the Data Sync Server.
|Calculate the sum of the sizes for a set of files.
|Apply one or more changes to entries or change records read from an LDIF file, writing the updating records to a new file. This tool can apply a variety of transformations, including scrambling attribute values, redacting attribute values, excluding attributes or entries, replacing existing attributes, adding new attributes, renaming attributes, and moving entries from one subtree to another.
|Translates the contents of an LDIF file from the format for a Sync Source to the format of the Sync Destination using the filtering and mapping criteria defined for Sync Classes in the specified Sync Pipe.
|Uninstall Ping Identity Data Sync Server.
|Update the PingDataSync Server to a newer version by downloading and unzipping the new server install package on the same host as the server you wish to update. Then, use the update tool from the new server package to update the older version of the server. Before upgrading a server, you should ensure that it is capable of starting without severe or fatal errors. During the update process, the server is stopped if running, then the update is performed, and a check is made to determine if the newly updated server starts without major errors. If it cannot start cleanly, the update will be backed out and the server returned to its prior state. See the revert-update tool for information on reverting an update.
|Validate file signatures. For best results, file signatures should be validated by the same instance used to generate the file. However, it might be possible to validate signatures generated on other instances in a replicated topology.
|Validate an LDAP schema read from one or more LDIF files.
|Validate the contents of an LDIF file against the server schema.
|Launch a window to watch an LDAP entry for changes. If the entry changes, the background of modified attributes will temporarily be red. Attributes can be modified as well. This tool is primarily intended to demonstrate replication or synchronization functionality.