manpagez: man pages & more
man slapconfig(8)
Home | html | info | man
slapconfig(8)             BSD System Manager's Manual            slapconfig(8)


NAME

     slapconfig -- tool to configure slapd and related daemons


SYNOPSIS

     slapconfig command [command-options] [-q]


DESCRIPTION

     slapconfig is a utility for configuring slapd, slurpd, and the Directory
     Services search policy. It must be run by root.


USAGE

     -q                    suppress prompts.

   Queries
     -defaultsuffix        Returns the default suffix which is based on the
                           machine's DNS name, or hostname if DNS is not
                           available.

     -getauthmechanisms    Returns a list of authentication methods, their
                           current  states, and whether or not the method
                           requires a recoverable password to be stored.

     -getclientconfig      Returns whether this machine is an LDAP client, not
                           a client, or advanced.

     -getldapconfig        Returns the LDAP server settings.

     -getmacosxodpolicy    Returns a property list containing the directory
                           binding settings.

     -getmasterconfig      Returns the list of replicas and replication inter-
                           val.

     -getpasswordserveraddress
                           Returns the IP address of the default password
                           server.

     -getreplicaconfig     Returns the master address and last update date.

     -getstyle             Returns whether configuration is master, replica,
                           client, or standalone.

     -help                 Print usage information.

     -ver                  Displays version information.

   Setup
     -addreplica <replica-address>
     Adds a replica to the slapd configuration file.

     -changeip <old-ip> <new-ip> [<old-host> <new-host>]
     Updates configuration records and files to contain the new host informa-
     tion.  It does not change the IP address in Network preferences.

     -createldapmasterandadmin [--allow_local_realm] <new-admin>
     <new-fullname> <new-uid> [<search base suffix> [<realm>]]
     Creates a new master LDAP server. Copies the root account to the new mas-
     ter domain. Creates a new directory node administrator.

     -createreplica <master IP or name> <admin user>
     Create a new replica from an existing LDAP master.

     -destroyldapserver
     Turns off the LDAP server and deletes its database.

     -kerberize [-f] [--allow_local_realm] <admin> [<realm>]
     Ensures a Kerberos principal for each user in the directory, creating one
     if necessary. Pass in -f to force kerberization of a server.

     -promotereplica -<admin-user>
     Converts an existing replica into a master using the current database.

     -removereplica -<replica-address>
     Removes a replica from the slapd configuration file.

     -setclient
     Sets NetInfo to use DHCP binding, enables LDAP directory binding with
     DHCP (Option 95), and sets the search policy to Automatic.

     -setldapconfig [-maxresults <maximum search results>] [-searchtimeout
     timeout] [-ssl on|off] [-sslcert <path to cert>] [-sslkey <path to key>]
     [-sslcacert <path to CA cert>]
     Applies the specified settings and restarts slapd. Settings not specified
     are unchanged.

     -setstandalone
     Configures the machine to only use the local directory.

     -setldapdhcp
     Enables binding to an LDAP server using DHCP option 95.

     -setldapstatic <IP-or-name> [port [SSL|NoSSL [search base]]]
     Configures to use the specified LDAP server. Requires server based map-
     pings.

     -setldapnetinfodhcp
     Enables binding to LDAP using DHCP.

     -setmacosxodpolicy [-binding [disabled|enabled|required]] [-cleartext
     [blocked|allowed]] [-encrypt [yes|no]] [-sign [yes|no]] [-clientcaching
     [yes|no]] [-man-in-middle [blocked|allowed]]
     Sets directory binding options.

     -startldapserver      Configures launchd to run slapd.

     -stopldapserver       Configures launchd not to run slapd.

     -updateaddresses      Merges new interfaces into the list of LDAP repli-
                           cas.

   Password Server
     -pwsrekey keysize     Divorces the password server from a replicated sys-
                           tem and issues a new RSA key. Users in the local
                           and LDAP directories are migrated to the new key.
                           Valid key sizes are 1024, 2048, and 3072. There is
                           a performance penalty when using large keys.

     -setauthmechanisms mech [on|off] [mech [on|off] ...]
                           Sets the states of authentication methods.

     -settopasswordserver user directory-administrator
                           Converts a user account to have an Open Directory
                           authentication type. A new password server slot and
                           kerberos principal are created. If the user was
                           previously an Open Directory user, the old slot and
                           principal are deleted and replaced.

     -startpasswordserver  Sets up a launchd plist file and starts the pass-
                           word server.

     -stoppasswordserver   Sets the launchd plist file to be disabled and
                           stops the password server.

     -stripsyncdates       Removes the last synchronization dates and transac-
                           tion ID values from the password server's replica-
                           tion list, causing all records to replicate.

   Runtime
     -enableslapdlog       Turns on the LDAP server logging to
                           /var/log/slapd.log.

     -replicatenow         Initiates replication sessions for LDAP and Pass-
                           word Server.

   Backup and Restore
     -backupdb [-noEncrypt] <archive-path>
     Creates an archive containing the LDAP, Password Server and Kerberos
     databases.

     -restoredb <archive-path>
     Restores a directory to the backed-up state.

     -mergedb [-f] <archive-path>
     Merges a backup archive into an existing directory system. By default, if
     the Kerberos realm in the archive does not exist on the server, the merge
     command aborts. The [-f] option can be used to force the merge without
     the Kerberos principals. To create new Kerberos principals in the
     server's realm, use the "slapconfig -kerberize" command. The [-f] option
     can be used to force kerberization, if the OD master is bound to another
     realm. If the Password Server can supply a plain text password for an
     account, it will restore the password, otherwise the user is required to
     change the password at the next login. A Kerberos principal is created
     for the user when the password is changed, or when the administrator sets
     it. Although it is not possible to determine whether or not all accounts
     have recoverable passwords, the current behavior can be determined by
     using "slapconfig -getauthmechanisms" and checking the status of the
     "WEBDAV-DIGEST" and "APOP" mechanisms. If either one is enabled, then the
     Password Server stores recoverable passwords. Otherwise, it does not.


ENVIRONMENT

     The environment variable SSOUtilDebugLevel can be set to change the ver-
     bosity of the log.  Valid values are [0-9]. The default value is 1.


FILES

     /usr/sbin/slapconfig


SEE ALSO

     DirectoryService(1), slapd(8)

MacOSX                          April 15, 2010                          MacOSX

Mac OS X 10.6Server - Generated Thu Apr 15 07:13:18 CDT 2010
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.