Most administrative functions can be performed remotely over secure LDAP or HTTP connections.

The web-based administration console provides support for managing the server configuration and schema. It also provides access to a variety of status information, including monitor entries, active alarms, and administrative alerts.

If you extract the PingDirectory software onto your local system, then you will also have access to a variety of command-line tools that can interact with the server remotely. Some of the most useful tools include:

status
Retrieve a variety of status information from the server.
dsconfig
Manage the server configuration.
dsreplication
Manage and monitor replication.
collect-support-data
Collect a wide variety of information that is useful for troubleshooting problems and understanding the server configuration and status. The resulting support data archive can be securely streamed back to the client system.
backup
Back up the contents of one or more server backends. The backup files will be written onto the server filesystem.
restore
Restore a backup stored on the server filesystem.
export-ldif
Export the contents of a specified backend to LDIF. The LDIF file will be written onto the server filesystem.
import-ldif
Import LDIF data stored on the server filesystem into a specified backend.
config-diff
Compares server configurations, whether of two different servers or different versions of the configuration from the same instance, to identify differences.
ldapsearch
Search for information stored in the server.
ldapmodify
Update information stored in the server, including creating new entries or updating or removing existing entries.
ldappasswordmodify
Reset user passwords.
manage-account
Manage password policy state for users.
ldap-diff
Compare the data between multiple servers to identify differences.
audit-data-security
Examine and report on various security-related aspects of data stored in the server.
schedule-exec-task
Schedule an administrative task that can be used to execute a specified command on the server system. This task is not enabled by default, and it provides a number of safeguards to ensure that it cannot be invoked by unauthorized users and that authorized users are not allowed to invoke unauthorized commands.

You might also need to access files on the server filesystem, especially for things like backups, LDIF exports, and log files. There are options for this that do not require shell access:

  • Consider using a secure shared filesystem that is accessible from other trusted systems. Even if you don’t want to place the server root itself on a shared filesystem, you could write backups, LDIF exports, and rotated log files to it so that they are more readily available.
  • Use the file servlet that is provided as part of the PingDirectory server installation. If you go to https://server-address:server-https-port/instance-root/ and authenticate as a user with the file-servlet-access privilege, which is included in the default set of root privileges, you can see a listing of all files and directories in the server instance root and you can download any files of interest to your desktop.