oracular (8) dsctl.8.gz

Provided by: python3-lib389_3.1.1+dfsg1-1ubuntu1_all bug

NAME

       dsctl

SYNOPSIS

       dsctl            [-h]            [-v]            [-j]            [-l]           [instance]
       {restart,start,stop,status,remove,db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ldifs,tls,healthcheck,get-
       nsstate,ldifgen,dsrc,cockpit,dblib} ...

POSITIONAL ARGUMENTS

       dsctl restart
              Restart an instance of Directory Server, if it is running: else start it.

       dsctl start
              Start an instance of Directory Server, if it is not currently running

       dsctl stop
              Stop an instance of Directory Server, if it is currently running

       dsctl status
              Check running status of an instance of Directory Server

       dsctl remove
              Destroy an instance of Directory Server, and remove all data.

       dsctl db2index
              Initialise a reindex of the server database. The server must be stopped for this to
              proceed.

       dsctl db2bak
              Initialise a BDB backup of the database. The server must be  stopped  for  this  to
              proceed.

       dsctl db2ldif
              Initialise  an  LDIF  dump  of the database. The server must be stopped for this to
              proceed.

       dsctl dbverify
              Perform a db verification. You should only do this at direction of support

       dsctl bak2db
              Restore a BDB backup of the database. The  server  must  be  stopped  for  this  to
              proceed.

       dsctl ldif2db
              Restore  an  LDIF  dump  of  the  database.  The server must be stopped for this to
              proceed.

       dsctl backups
              List backup's found in the server's default backup directory

       dsctl ldifs
              List all the LDIF files located in the server's LDIF directory

       dsctl tls
              Manage TLS certificates

       dsctl healthcheck
              Run a healthcheck report on a local Directory Server instance. This is a  safe  and
              read-only  operation.   Do  not attempt to run this on a remote Directory Server as
              this tool needs access to local resources, otherwise the report may be inaccurate.

       dsctl get-nsstate
              Get the replication nsState in a human readable format

              Replica DN:           The DN of the replication configuration entry Replica Suffix:
              The  replicated  suffix  Replica  ID:            The  Replica  identifier  Gen Time
              The time the CSN generator was created Gen Time String:       The  time  string  of
              generator Gen as CSN:           The generation CSN Local Offset:         The offset
              due to the local clock being set back Local Offset String:  The offset  in  a  nice
              human  format  Remote Offset:        The offset due to clock difference with remote
              systems Remote Offset String:  The  offset  in  a  nice  human  format  Time  Skew:
              The  time  skew between this server and its replicas Time Skew String:     The time
              skew in a nice human format Seq  Num:               The  number  of  multiple  csns
              within  a  second  System  Time:           The  local  system time Diff in Seconds:
              The time difference in seconds from the CSN  generator  creation  to  now  Diff  in
              days/secs:     The  time  difference  broken  up  into  days  and  seconds  Endian:
              Little/Big Endian

       dsctl ldifgen
              LDIF generator to make sample LDIF files for testing

       dsctl dsrc
              Manage the .dsrc file

       dsctl cockpit
              Enable the Cockpit interface/UI

       dsctl dblib
              database library (i.e bdb/lmdb) migration

COMMAND 'dsctl restart'
       usage: dsctl [-v] [-j] [instance] restart [-h]

COMMAND 'dsctl start'
       usage: dsctl [-v] [-j] [instance] start [-h]

COMMAND 'dsctl stop'
       usage: dsctl [-v] [-j] [instance] stop [-h]

COMMAND 'dsctl status'
       usage: dsctl [-v] [-j] [instance] status [-h]

COMMAND 'dsctl remove'
       usage: dsctl [-v] [-j] [instance] remove [-h] [--do-it]

OPTIONS 'dsctl remove'
       --do-it
              By default we do a dry run. This actually initiates the removal of the instance.

COMMAND 'dsctl db2index'
       usage: dsctl [-v] [-j] [instance] db2index [-h] [--attr [ATTR ...]] [backend]

       backend
              The backend to reindex. IE userRoot

OPTIONS 'dsctl db2index'
       --attr [ATTR ...]
              The attribute's to reindex. IE --attr aci cn givenname

COMMAND 'dsctl db2bak'
       usage: dsctl [-v] [-j] [instance] db2bak [-h] [archive]

       archive
              The destination for the archive. This will be created during the db2bak process.

COMMAND 'dsctl db2ldif'
       usage: dsctl [-v] [-j] [instance] db2ldif [-h] [--replication] [--encrypted]
                                       backend [ldif]

       backend
              The backend to output as an LDIF. IE userRoot

       ldif   The path to the ldif output location.

OPTIONS 'dsctl db2ldif'
       --replication
              Export replication information,  suitable  for  importing  on  a  new  consumer  or
              backups.

       --encrypted
              Export encrypted attributes

COMMAND 'dsctl dbverify'
       usage: dsctl [-v] [-j] [instance] dbverify [-h] backend

       backend
              The backend to verify. IE userRoot

COMMAND 'dsctl bak2db'
       usage: dsctl [-v] [-j] [instance] bak2db [-h] archive

       archive
              The archive to restore. This will erase all current server databases.

COMMAND 'dsctl ldif2db'
       usage: dsctl [-v] [-j] [instance] ldif2db [-h] [--encrypted] backend ldif

       backend
              The backend to restore from an LDIF. IE userRoot

       ldif   The path to the ldif to import

OPTIONS 'dsctl ldif2db'
       --encrypted
              Import encrypted attributes

COMMAND 'dsctl backups'
       usage: dsctl [-v] [-j] [instance] backups [-h] [--delete DELETE]

OPTIONS 'dsctl backups'
       --delete DELETE
              Delete backup directory

COMMAND 'dsctl ldifs'
       usage: dsctl [-v] [-j] [instance] ldifs [-h] [--delete DELETE]

OPTIONS 'dsctl ldifs'
       --delete DELETE
              Delete LDIF file

COMMAND 'dsctl tls'
       usage: dsctl [-v] [-j] [instance] tls [-h]
                                   {list-ca,list-client-ca,show-server-cert,show-cert,generate-server-cert-csr,import-client-ca,import-ca,import-server-cert,import-server-key-cert,remove-cert,export-cert}
                                   ...

POSITIONAL ARGUMENTS 'dsctl tls'
       dsctl tls list-ca
              list server certificate authorities including intermediates

       dsctl tls list-client-ca
              list client certificate authorities including intermediates

       dsctl tls show-server-cert
              Show the active server certificate that clients will see and verify

       dsctl tls show-cert
              Show a certificate's details referenced by it's  nickname.  This  is  analogous  to
              certutil -L -d <path> -n <nickname>

       dsctl tls generate-server-cert-csr
              Generate a Server-Cert certificate signing request - the csr is then submitted to a
              CA  for  verification,  and   when   signed   you   import   with   import-ca   and
              import-server-cert

       dsctl tls import-client-ca
              Import a CA trusted to issue user (client) certificates. This is part of how client
              certificate authentication functions.

       dsctl tls import-ca
              Import a  CA  or  intermediate  CA  for  signing  this  servers  certificates  (aka
              Server-Cert). You should import all the CA's in the chain as required.  PEM bundles
              are accepted

       dsctl tls import-server-cert
              Import a new Server-Cert after the csr has been signed from a CA.

       dsctl tls import-server-key-cert
              Import a new key and Server-Cert after having been signed from a CA. This  is  used
              if  you have an external csr tool or a service like lets encrypt that generates PEM
              keys externally.

       dsctl tls remove-cert
              Delete a certificate from this database. This will remove it from acting as a CA, a
              client CA or the Server-Cert role.

       dsctl tls export-cert
              Export a certificate to PEM or DER/Binary format.  PEM format is the default

COMMAND 'dsctl tls list-ca'
       usage: dsctl [-v] [-j] [instance] tls list-ca [-h]

COMMAND 'dsctl tls list-client-ca'
       usage: dsctl [-v] [-j] [instance] tls list-client-ca [-h]

COMMAND 'dsctl tls show-server-cert'
       usage: dsctl [-v] [-j] [instance] tls show-server-cert [-h]

COMMAND 'dsctl tls show-cert'
       usage: dsctl [-v] [-j] [instance] tls show-cert [-h] nickname

       nickname
              The nickname (friendly name) of the certificate to display

COMMAND 'dsctl tls generate-server-cert-csr'
       usage: dsctl [-v] [-j] [instance] tls generate-server-cert-csr
              [-h] [--subject SUBJECT] [alt_names ...]

       alt_names
              Certificate  requests  subject  alternative  names.  These are auto-detected if not
              provided

OPTIONS 'dsctl tls generate-server-cert-csr'
       --subject SUBJECT, -s SUBJECT
              Certificate Subject field to use

COMMAND 'dsctl tls import-client-ca'
       usage: dsctl [-v] [-j] [instance] tls import-client-ca [-h] cert_path nickname

       cert_path
              The path to the x509 cert to import as a client trust root

       nickname
              The name of the certificate once imported

COMMAND 'dsctl tls import-ca'
       usage: dsctl [-v] [-j] [instance] tls import-ca [-h]
                                                       cert_path nickname
                                                       [nickname ...]

       cert_path
              The path to the x509 cert to import as a server CA

       nickname
              The name of the certificate once imported

COMMAND 'dsctl tls import-server-cert'
       usage: dsctl [-v] [-j] [instance] tls import-server-cert [-h] cert_path

       cert_path
              The path to the x509 cert to import as Server-Cert

COMMAND 'dsctl tls import-server-key-cert'
       usage: dsctl [-v] [-j] [instance] tls import-server-key-cert
              [-h] cert_path key_path

       cert_path
              The path to the x509 cert to import as Server-Cert

       key_path
              The path to the x509 key to import associated to Server-Cert

COMMAND 'dsctl tls remove-cert'
       usage: dsctl [-v] [-j] [instance] tls remove-cert [-h] nickname

       nickname
              The name of the certificate to delete

COMMAND 'dsctl tls export-cert'
       usage: dsctl [-v] [-j] [instance] tls export-cert [-h] [--binary-format]
                                                         [--output-file OUTPUT_FILE]
                                                         nickname

       nickname
              The name of the certificate to export

OPTIONS 'dsctl tls export-cert'
       --binary-format
              Export certificate in DER/binary format

       --output-file OUTPUT_FILE
              The name for the exported certificate. Default name  is  the  certificate  nickname
              with an extension of ".pem" or ".crt"

COMMAND 'dsctl healthcheck'
       usage: dsctl [instance] healthcheck [-h] [--list-checks] [--list-errors]
                                           [--dry-run] [--check CHECK [CHECK ...]]

OPTIONS 'dsctl healthcheck'
       --list-checks
              List of known checks

       --list-errors
              List of known error codes

       --dry-run
              Do not execute the actual check, only list what would be done

       --check CHECK [CHECK ...]
              Areas  to  check. These can be obtained by --list-checks. Every element on the left
              of the colon (:) may be replaced by an asterisk if multiple options  on  the  right
              are available.

COMMAND 'dsctl get-nsstate'
       usage: dsctl [instance] get-nsstate [-h] [--suffix SUFFIX] [--flip FLIP]

OPTIONS 'dsctl get-nsstate'
       --suffix SUFFIX
              The DN of the replication suffix to read the state from

       --flip FLIP
              Flip between Little/Big Endian, this might be required for certain architectures

COMMAND 'dsctl ldifgen'
       usage: dsctl [-v] [-j] [instance] ldifgen [-h]
                                       {users,groups,cos-def,cos-template,roles,mod-load,nested}
                                       ...

POSITIONAL ARGUMENTS 'dsctl ldifgen'
       dsctl ldifgen users
              Generate a LDIF containing user entries

       dsctl ldifgen groups
              Generate a LDIF containing groups and members

       dsctl ldifgen cos-def
              Generate a LDIF containing a COS definition (classic, pointer, or indirect)

       dsctl ldifgen cos-template
              Generate a LDIF containing a COS template

       dsctl ldifgen roles
              Generate a LDIF containing a role entry (managed, filtered, or indirect)

       dsctl ldifgen mod-load
              Generate  a  LDIF containing modify operations.  This is intended to be consumed by
              ldapmodify.

       dsctl ldifgen nested
              Generate a heavily nested database LDIF in a cascading/fractal tree design

COMMAND 'dsctl ldifgen users'
       usage: dsctl [-v] [-j] [instance] ldifgen users [-h] [--number NUMBER]
                                                       [--suffix SUFFIX]
                                                       [--parent PARENT] [--generic]
                                                       [--start-idx START_IDX]
                                                       [--rdn-cn] [--localize]
                                                       [--ldif-file LDIF_FILE]

OPTIONS 'dsctl ldifgen users'
       --number NUMBER
              The number of users to create.

       --suffix SUFFIX
              The database suffix where the entries will be created.

       --parent PARENT
              The parent entry that the user entries should be created under. If  not  specified,
              the entries are stored under random Organizational Units.

       --generic
              Create  generic  entries  in  the  format of "uid=user####". These entries are also
              compatible with ldclt.

       --start-idx START_IDX
              For generic LDIF's you can choose the starting index  for  the  user  entries.  The
              default is "0".

       --rdn-cn
              Use the attribute "cn" as the RDN attribute in the DN instead of "uid"

       --localize
              Localize the LDIF data

       --ldif-file LDIF_FILE
              The  LDIF file name. Default location is the server's LDIF directory using the name
              'ldifgen.ldif'

COMMAND 'dsctl ldifgen groups'
       usage: dsctl [-v] [-j] [instance] ldifgen groups [-h] [--number NUMBER]
                                                        [--suffix SUFFIX]
                                                        [--parent PARENT]
                                                        [--num-members NUM_MEMBERS]
                                                        [--create-members]
                                                        [--member-parent MEMBER_PARENT]
                                                        [--member-attr MEMBER_ATTR]
                                                        [--ldif-file LDIF_FILE]
                                                        NAME

       NAME   The group name.

OPTIONS 'dsctl ldifgen groups'
       --number NUMBER
              The number of groups to create.

       --suffix SUFFIX
              The database suffix where the groups will be created.

       --parent PARENT
              The parent entry that the group entries should be created under. If  not  specified
              the groups are stored under the suffix.

       --num-members NUM_MEMBERS
              The number of members in the group. Default is 10000

       --create-members
              Create the member user entries.

       --member-parent MEMBER_PARENT
              The  entry  DN  that the members should be created under. The default is the suffix
              entry.

       --member-attr MEMBER_ATTR
              The membership attribute to use in the group. Default is "uniquemember".

       --ldif-file LDIF_FILE
              The LDIF file name. Default location is the server's LDIF directory using the  name
              'ldifgen.ldif'

COMMAND 'dsctl ldifgen cos-def'
       usage: dsctl [-v] [-j] [instance] ldifgen cos-def [-h] [--type TYPE]
                                                         [--parent PARENT]
                                                         [--create-parent]
                                                         [--cos-specifier COS_SPECIFIER]
                                                         [--cos-template COS_TEMPLATE]
                                                         [--cos-attr [COS_ATTR ...]]
                                                         [--ldif-file LDIF_FILE]
                                                         NAME

       NAME   The COS definition name.

OPTIONS 'dsctl ldifgen cos-def'
       --type TYPE
              The COS definition type: "classic", "pointer", or "indirect".

       --parent PARENT
              The parent entry that the COS definition should be created under.

       --create-parent
              Create the parent entry

       --cos-specifier COS_SPECIFIER
              Used  in a classic COS definition, this attribute located in the user entry is used
              to select which COS template to use.

       --cos-template COS_TEMPLATE
              The DN of the COS template  entry,  only  used  for  "classic"  and  "pointer"  COS
              definitions.

       --cos-attr [COS_ATTR ...]
              A list of attributes which defines which attribute the COS generates values for.

       --ldif-file LDIF_FILE
              The  LDIF file name. Default location is the server's LDIF directory using the name
              'ldifgen.ldif'

COMMAND 'dsctl ldifgen cos-template'
       usage: dsctl [-v] [-j] [instance] ldifgen cos-template [-h] [--parent PARENT]
                                                              [--create-parent]
                                                              [--cos-priority COS_PRIORITY]
                                                              [--cos-attr-val COS_ATTR_VAL]
                                                              [--ldif-file LDIF_FILE]
                                                              NAME

       NAME   The COS template name.

OPTIONS 'dsctl ldifgen cos-template'
       --parent PARENT
              The DN of the entry to store the COS template entry under.

       --create-parent
              Create the parent entry

       --cos-priority COS_PRIORITY
              Sets the priority of this conflicting/competing COS templates.

       --cos-attr-val COS_ATTR_VAL
              defines the attribute and value that the template provides.

       --ldif-file LDIF_FILE
              The LDIF file name. Default location is the server's LDIF directory using the  name
              'ldifgen.ldif'

COMMAND 'dsctl ldifgen roles'
       usage: dsctl [-v] [-j] [instance] ldifgen roles [-h] [--type TYPE]
                                                       [--parent PARENT]
                                                       [--create-parent]
                                                       [--filter FILTER]
                                                       [--role-dn [ROLE_DN ...]]
                                                       [--ldif-file LDIF_FILE]
                                                       NAME

       NAME   The Role name.

OPTIONS 'dsctl ldifgen roles'
       --type TYPE
              The Role type: "managed", "filtered", or "nested".

       --parent PARENT
              The DN of the entry to store the Role entry under

       --create-parent
              Create the parent entry

       --filter FILTER
              A search filter for gathering Role members. Required for a "filtered" role.

       --role-dn [ROLE_DN ...]
              A  DN of a role entry that should be included in this role. Used for "nested" roles
              only.

       --ldif-file LDIF_FILE
              The LDIF file name. Default location is the server's LDIF directory using the  name
              'ldifgen.ldif'

COMMAND 'dsctl ldifgen mod-load'
       usage: dsctl [-v] [-j] [instance] ldifgen mod-load [-h] [--create-users]
                                                          [--delete-users]
                                                          [--num-users NUM_USERS]
                                                          [--parent PARENT]
                                                          [--create-parent]
                                                          [--add-users ADD_USERS]
                                                          [--del-users DEL_USERS]
                                                          [--modrdn-users MODRDN_USERS]
                                                          [--mod-users MOD_USERS]
                                                          [--mod-attrs [MOD_ATTRS ...]]
                                                          [--randomize]
                                                          [--ldif-file LDIF_FILE]

OPTIONS 'dsctl ldifgen mod-load'
       --create-users
              Create  the entries that will be modified or deleted. By default the script assumes
              the user entries already exist.

       --delete-users
              Delete all the user entries at the end of the LDIF.

       --num-users NUM_USERS
              The number of user entries that will be modified or deleted

       --parent PARENT
              The DN of the parent entry where the user entries are located.

       --create-parent
              Create the parent entry

       --add-users ADD_USERS
              The number of additional entries to add during the load.

       --del-users DEL_USERS
              The number of entries to delete during the load.

       --modrdn-users MODRDN_USERS
              The number of entries to perform a modrdn operation on.

       --mod-users MOD_USERS
              The number of entries to modify.

       --mod-attrs [MOD_ATTRS ...]
              List of attributes the script will randomly choose from when  modifying  an  entry.
              The default is "description".

       --randomize
              Randomly perform the specified add, mod, delete, and modrdn operations

       --ldif-file LDIF_FILE
              The  LDIF file name. Default location is the server's LDIF directory using the name
              'ldifgen.ldif'

COMMAND 'dsctl ldifgen nested'
       usage: dsctl [-v] [-j] [instance] ldifgen nested [-h] [--num-users NUM_USERS]
                                                        [--node-limit NODE_LIMIT]
                                                        [--suffix SUFFIX]
                                                        [--ldif-file LDIF_FILE]

OPTIONS 'dsctl ldifgen nested'
       --num-users NUM_USERS
              The total number of user entries to create in the entire LDIF (does not include the
              container entries).

       --node-limit NODE_LIMIT
              The total number of user entries to create under each node/subtree

       --suffix SUFFIX
              The suffix DN for the LDIF

       --ldif-file LDIF_FILE
              The  LDIF file name. Default location is the server's LDIF directory using the name
              'ldifgen.ldif'

COMMAND 'dsctl dsrc'
       usage: dsctl [-v] [-j] [instance] dsrc [-h] {create,modify,delete,display,repl-mon} ...

POSITIONAL ARGUMENTS 'dsctl dsrc'
       dsctl dsrc create
              Generate the .dsrc file

       dsctl dsrc modify
              Modify the .dsrc file

       dsctl dsrc delete
              Delete instance configuration from the .dsrc file.

       dsctl dsrc display
              Display the contents of the .dsrc file.

       dsctl dsrc repl-mon
              Display the contents of the .dsrc file.

COMMAND 'dsctl dsrc create'
       usage: dsctl [-v] [-j] [instance] dsrc create [-h] [--uri URI]
                                                     [--basedn BASEDN]
                                                     [--people-rdn PEOPLE_RDN]
                                                     [--groups-rdn GROUPS_RDN]
                                                     [--binddn BINDDN]
                                                     [--saslmech SASLMECH]
                                                     [--tls-cacertdir TLS_CACERTDIR]
                                                     [--tls-cert TLS_CERT]
                                                     [--tls-key TLS_KEY]
                                                     [--tls-reqcert TLS_REQCERT]
                                                     [--starttls] [--pwdfile PWDFILE]
                                                     [--do-it]

OPTIONS 'dsctl dsrc create'
       --uri URI
              The URI (LDAP URL) for the Directory Server instance.

       --basedn BASEDN
              The default database suffix.

       --people-rdn PEOPLE_RDN
              Set the RDN for the 'people' subtree. Default is "ou=people"

       --groups-rdn GROUPS_RDN
              Set the RDN for the 'groups' subtree. Default is "ou=groups"

       --binddn BINDDN
              The default Bind DN used or authentication.

       --saslmech SASLMECH
              The SASL mechanism to use: PLAIN or EXTERNAL.

       --tls-cacertdir TLS_CACERTDIR
              The directory containing the Trusted Certificate Authority certificate.

       --tls-cert TLS_CERT
              The absolute file name to the server certificate.

       --tls-key TLS_KEY
              The absolute file name to the server certificate key.

       --tls-reqcert TLS_REQCERT
              Request certificate strength: 'never', 'allow', 'hard'

       --starttls
              Use startTLS for connection to the server.

       --pwdfile PWDFILE
              The absolute path to a file containing the Bind DN's password.

       --do-it
              Create the file without any confirmation.

COMMAND 'dsctl dsrc modify'
       usage: dsctl [-v] [-j] [instance] dsrc modify [-h] [--uri [URI]]
                                                     [--basedn [BASEDN]]
                                                     [--people-rdn [PEOPLE_RDN]]
                                                     [--groups-rdn [GROUPS_RDN]]
                                                     [--binddn [BINDDN]]
                                                     [--saslmech [SASLMECH]]
                                                     [--tls-cacertdir [TLS_CACERTDIR]]
                                                     [--tls-cert [TLS_CERT]]
                                                     [--tls-key [TLS_KEY]]
                                                     [--tls-reqcert [TLS_REQCERT]]
                                                     [--starttls] [--cancel-starttls]
                                                     [--pwdfile [PWDFILE]] [--do-it]

OPTIONS 'dsctl dsrc modify'
       --uri [URI]
              The URI (LDAP URL) for the Directory Server instance.

       --basedn [BASEDN]
              The default database suffix.

       --people-rdn [PEOPLE_RDN]
              Sets the RDN used for the 'people' container

       --groups-rdn [GROUPS_RDN]
              Sets the RDN used for the 'groups' container

       --binddn [BINDDN]
              The default Bind DN used or authentication.

       --saslmech [SASLMECH]
              The SASL mechanism to use: PLAIN or EXTERNAL.

       --tls-cacertdir [TLS_CACERTDIR]
              The directory containing the Trusted Certificate Authority certificate.

       --tls-cert [TLS_CERT]
              The absolute file name to the server certificate.

       --tls-key [TLS_KEY]
              The absolute file name to the server certificate key.

       --tls-reqcert [TLS_REQCERT]
              Request certificate strength: 'never', 'allow', 'hard'

       --starttls
              Use startTLS for connection to the server.

       --cancel-starttls
              Do not use startTLS for connection to the server.

       --pwdfile [PWDFILE]
              The absolute path to a file containing the Bind DN's password.

       --do-it
              Update the file without any confirmation.

COMMAND 'dsctl dsrc delete'
       usage: dsctl [-v] [-j] [instance] dsrc delete [-h] [--do-it]

OPTIONS 'dsctl dsrc delete'
       --do-it
              Delete this instance's configuration from the .dsrc file.

COMMAND 'dsctl dsrc display'
       usage: dsctl [-v] [-j] [instance] dsrc display [-h]

COMMAND 'dsctl dsrc repl-mon'
       usage: dsctl [-v] [-j] [instance] dsrc repl-mon [-h]
                                                       [--add-conn ADD_CONN [ADD_CONN ...]]
                                                       [--del-conn DEL_CONN [DEL_CONN ...]]
                                                       [--add-alias ADD_ALIAS [ADD_ALIAS ...]]
                                                       [--del-alias DEL_ALIAS [DEL_ALIAS ...]]

OPTIONS 'dsctl dsrc repl-mon'
       --add-conn ADD_CONN [ADD_CONN ...]
              Add a replica connection: 'NAME:HOST:PORT:BINDDN:CREDENTIAL'

       --del-conn DEL_CONN [DEL_CONN ...]
              delete a replica connection by its NAME

       --add-alias ADD_ALIAS [ADD_ALIAS ...]
              Add a host/port alias: 'ALIAS_NAME:HOST:PORT'

       --del-alias DEL_ALIAS [DEL_ALIAS ...]
              delete a host/port alias by its ALIAS_NAME

COMMAND 'dsctl cockpit'
       usage: dsctl [-v] [-j] [instance] cockpit [-h]
                                       {enable,open-firewall,disable,close-firewall}
                                       ...

POSITIONAL ARGUMENTS 'dsctl cockpit'
       dsctl cockpit enable
              Enable the Cockpit socket

       dsctl cockpit open-firewall
              Open the firewall for the "cockpit" service

       dsctl cockpit disable
              Disable the Cockpit socket

       dsctl cockpit close-firewall
              Remove the "cockpit" service from the firewall settings

COMMAND 'dsctl cockpit enable'
       usage: dsctl [-v] [-j] [instance] cockpit enable [-h]

COMMAND 'dsctl cockpit open-firewall'
       usage: dsctl [-v] [-j] [instance] cockpit open-firewall [-h] [--zone ZONE]

OPTIONS 'dsctl cockpit open-firewall'
       --zone ZONE
              The firewall zone

COMMAND 'dsctl cockpit disable'
       usage: dsctl [-v] [-j] [instance] cockpit disable [-h]

COMMAND 'dsctl cockpit close-firewall'
       usage: dsctl [-v] [-j] [instance] cockpit close-firewall [-h]

COMMAND 'dsctl dblib'
       usage: dsctl [-v] [-j] [instance] dblib [-h] {bdb2mdb,mdb2bdb,cleanup} ...

POSITIONAL ARGUMENTS 'dsctl dblib'
       dsctl dblib bdb2mdb
              Migrate bdb databases to lmdb

       dsctl dblib mdb2bdb
              Migrate lmdb databases to bdb

       dsctl dblib cleanup
              Remove migration ldif file and old database

COMMAND 'dsctl dblib bdb2mdb'
       usage: dsctl [-v] [-j] [instance] dblib bdb2mdb [-h] [--tmpdir TMPDIR]

OPTIONS 'dsctl dblib bdb2mdb'
       --tmpdir TMPDIR
              ldif migration files directory path.

COMMAND 'dsctl dblib mdb2bdb'
       usage: dsctl [-v] [-j] [instance] dblib mdb2bdb [-h] [--tmpdir TMPDIR]

OPTIONS 'dsctl dblib mdb2bdb'
       --tmpdir TMPDIR
              ldif migration files directory path.

COMMAND 'dsctl dblib cleanup'
       usage: dsctl [-v] [-j] [instance] dblib cleanup [-h]

OPTIONS

       -v, --verbose
              Display verbose operation tracing during command execution

       -j, --json
              Return result in JSON object

       -l, --list
              List available Directory Server instances

AUTHOR

       Red Hat, Inc., and William Brown <389-devel@lists.fedoraproject.org>

DISTRIBUTION

       The     latest      version      of      lib389      may      be      downloaded      from
       ⟨http://www.port389.org/docs/389ds/FAQ/upstream-test-framework.html