Provided by: python3-lib389_1.4.3.6-2_all
NAME
dsctl
SYNOPSIS
dsctl [-h] [-v] [-j] [-l] [instance] {restart,start,stop,status,remove,db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ldifs,tls,healthcheck,get- nsstate} ...
OPTIONS
instance The name of the instance to act upon Sub-commands dsctl restart Restart an instance of Directory Server, if it is running: else start it. dsctl start Start an instance of Directory Server, if it is not currently running dsctl stop Stop an instance of Directory Server, if it is currently running dsctl status Check running status of an instance of Directory Server dsctl remove Destroy an instance of Directory Server, and remove all data. dsctl db2index Initialise a reindex of the server database. The server must be stopped for this to proceed. dsctl db2bak Initialise a BDB backup of the database. The server must be stopped for this to proceed. dsctl db2ldif Initialise an LDIF dump of the database. The server must be stopped for this to proceed. dsctl dbverify Perform a db verification. You should only do this at direction of support dsctl bak2db Restore a BDB backup of the database. The server must be stopped for this to proceed. dsctl ldif2db Restore an LDIF dump of the database. The server must be stopped for this to proceed. dsctl backups List backup's found in the server's default backup directory dsctl ldifs List all the LDIF files located in the server's LDIF directory dsctl tls Manage TLS certificates dsctl healthcheck Run a healthcheck report on a local Directory Server instance. This is a safe and read-only operation. Do not attempt to run this on a remote Directory Server as this tool needs access to local resources, otherwise the report may be inaccurate. dsctl get-nsstate Get the replication nsState in a human readable format Replica DN: The DN of the replication configuration entry Replica SUffix: The replicated suffix Replica ID: The Replica identifier Gen Time The time the CSN generator was created Gen Time String: The time string of generator Gen as CSN: The generation CSN Local Offset: The offset due to the local clock being set back Local Offset String: The offset in a nice human format Remote Offset: The offset due to clock difference with remote systems Remote Offset String: The offset in a nice human format Time Skew: The time skew between this server and its replicas Time Skew String: The time skew in a nice human format Seq Num: The number of multiple csns within a second System Time: The local system time Diff in Seconds: The time difference in seconds from the CSN generator creation to now Diff in days/secs: The time difference broken up into days and seconds Endian: Little/Big Endian
OPTIONS 'dsctl restart'
usage: dsctl [instance] restart [-h]
OPTIONS 'dsctl start'
usage: dsctl [instance] start [-h]
OPTIONS 'dsctl stop'
usage: dsctl [instance] stop [-h]
OPTIONS 'dsctl status'
usage: dsctl [instance] status [-h]
OPTIONS 'dsctl remove'
usage: dsctl [instance] remove [-h] [--do-it] --do-it By default we do a dry run. This actually initiates the removal of the instance.
OPTIONS 'dsctl db2index'
usage: dsctl [instance] db2index [-h] backend backend The backend to reindex. IE userRoot
OPTIONS 'dsctl db2bak'
usage: dsctl [instance] db2bak [-h] [archive] archive The destination for the archive. This will be created during the db2bak process.
OPTIONS 'dsctl db2ldif'
usage: dsctl [instance] db2ldif [-h] [--replication] [--encrypted] backend [ldif] backend The backend to output as an LDIF. IE userRoot ldif The path to the ldif output location. --replication Export replication information, suitable for importing on a new consumer or backups. --encrypted Export encrypted attributes
OPTIONS 'dsctl dbverify'
usage: dsctl [instance] dbverify [-h] backend backend The backend to verify. IE userRoot
OPTIONS 'dsctl bak2db'
usage: dsctl [instance] bak2db [-h] archive archive The archive to restore. This will erase all current server databases.
OPTIONS 'dsctl ldif2db'
usage: dsctl [instance] ldif2db [-h] [--encrypted] backend ldif backend The backend to restore from an LDIF. IE userRoot ldif The path to the ldif to import --encrypted Import encrypted attributes
OPTIONS 'dsctl backups'
usage: dsctl [instance] backups [-h] [--delete DELETE] --delete DELETE Delete backup directory
OPTIONS 'dsctl ldifs'
usage: dsctl [instance] ldifs [-h] [--delete DELETE] --delete DELETE Delete LDIF file
OPTIONS 'dsctl tls'
usage: dsctl [instance] tls [-h] {list-ca,list-client-ca,show-server-cert,show-cert,generate- server-cert-csr,import-client-ca,import-ca,import-server-cert,import-server-key- cert,remove-cert} ... Sub-commands dsctl tls list-ca list server certificate authorities including intermediates dsctl tls list-client-ca list client certificate authorities including intermediates dsctl tls show-server-cert Show the active server certificate that clients will see and verify dsctl tls show-cert Show a certificate's details referenced by it's nickname. This is analogous to certutil -L -d <path> -n <nickname> dsctl tls generate-server-cert-csr Generate a Server-Cert certificate signing request - the csr is then submitted to a CA for verification, and when signed you import with import-ca and import-server- cert dsctl tls import-client-ca Import a CA trusted to issue user (client) certificates. This is part of how client certificate authentication functions. dsctl tls import-ca Import a CA or intermediate CA for signing this servers certificates (aka Server- Cert). You should import all the CA's in the chain as required. dsctl tls import-server-cert Import a new Server-Cert after the csr has been signed from a CA. dsctl tls import-server-key-cert Import a new key and Server-Cert after having been signed from a CA. This is used if you have an external csr tool or a service like lets encrypt that generates PEM keys externally. dsctl tls remove-cert Delete a certificate from this database. This will remove it from acting as a CA, a client CA or the Server-Cert role.
OPTIONS 'dsctl tls list-ca'
usage: dsctl [instance] tls list-ca [-h]
OPTIONS 'dsctl tls list-client-ca'
usage: dsctl [instance] tls list-client-ca [-h]
OPTIONS 'dsctl tls show-server-cert'
usage: dsctl [instance] tls show-server-cert [-h]
OPTIONS 'dsctl tls show-cert'
usage: dsctl [instance] tls show-cert [-h] nickname nickname The nickname (friendly name) of the certificate to display
OPTIONS 'dsctl tls generate-server-cert-csr'
usage: dsctl [instance] tls generate-server-cert-csr [-h] [--subject SUBJECT] [alt_names [alt_names ...]] alt_names Certificate requests subject alternative names. These are auto-detected if not provided --subject SUBJECT, -s SUBJECT Certificate Subject field to use
OPTIONS 'dsctl tls import-client-ca'
usage: dsctl [instance] tls import-client-ca [-h] cert_path nickname cert_path The path to the x509 cert to import as a client trust root nickname The name of the certificate once imported
OPTIONS 'dsctl tls import-ca'
usage: dsctl [instance] tls import-ca [-h] cert_path nickname cert_path The path to the x509 cert to import as a server CA nickname The name of the certificate once imported
OPTIONS 'dsctl tls import-server-cert'
usage: dsctl [instance] tls import-server-cert [-h] cert_path cert_path The path to the x509 cert to import as Server-Cert
OPTIONS 'dsctl tls import-server-key-cert'
usage: dsctl [instance] tls import-server-key-cert [-h] cert_path key_path cert_path The path to the x509 cert to import as Server-Cert key_path The path to the x509 key to import associated to Server-Cert
OPTIONS 'dsctl tls remove-cert'
usage: dsctl [instance] tls remove-cert [-h] nickname nickname The name of the certificate to delete
OPTIONS 'dsctl healthcheck'
usage: dsctl [instance] healthcheck [-h]
OPTIONS 'dsctl get-nsstate'
usage: dsctl [instance] get-nsstate [-h] [--suffix SUFFIX] [--flip FLIP] --suffix SUFFIX The DN of the replication suffix to read the state from --flip FLIP Flip between Little/Big Endian, this might be required for certain architectures -v, --verbose Display verbose operation tracing during command execution -j, --json Return result in JSON object -l, --list List available Directory Server instances
AUTHORS
lib389 was written by Red Hat Inc. <389-devel@lists.fedoraproject.org>.
DISTRIBUTION
The latest version of lib389 may be downloaded from ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html⟩ Manual dsctl(8)