Using exec tasks - PingDirectory

Using exec tasks - PingDirectory - 9.3

PingDirectory 9.3

bundle

pingdirectory-93

ft:publication_title

PingDirectory 9.3

Product_Version_ce

PingDirectory 9.3 (Latest)

category

Product

pd-93

pingdirectory

ContentType_ce

Exec tasks allow administrators and external users to execute a specified command on the server once or as recurring tasks.

The server restricts the kinds of commands that can be executed, and the access level of users who can execute them.

These safeguards and requirements include:

The absolute path to the command to execute must be listed in the <server-root>/config/exec-command-whitelist.txt file.
The global configuration must be updated to allow the exec task. The server does not permit it by default. The following command enables this.
```
$ bin/dsconfig set-global-configuration-prop \
  --add allowed-task:com.unboundid.directory.server.tasks.ExecTask
```
The user scheduling the task must have the exec-task privilege. The server does not grant permission to run this task to any user by default, including root users.

The following configuration changes grant the exec-task privilege to a single root user, all root users, or a single non-root user:

To grant the exec-task privilege to a single root user, run the following.

$ bin/dsconfig set-root-dn-user-prop --user-name "<username>" \
  --add privilege:exec-task

To grant the exec-task privilege to all root users, run the following.
```
$ bin/dsconfig set-root-dn-prop \
  --add default-root-privilege-name:exec-task
```
To grant the exec-task privilege to a single non-root user, run the following.
```
dn: <userdn>
changetype: modify
add: ds-privilege-name
ds-privilege-name: exec-task
```
Use the schedule-exec-task tool to create an exec task from the command line.
The following command schedules an exec task to run the verify-index tool to check the integrity of the cn index in the backend that hosts "dc=example,dc=com", assuming that the server is installed in /ds.
```
$ bin/schedule-exec-task --hostname directory.example.com \
  --port 389 \
  --bindDN uid=admin,dc=example,dc=com \
  --promptForBindPassword \
  --waitForCompletion \
  --logCommandOutput \
  /ds/bin/verify-index --baseDN dc=example,dc=com --index cn
```