|
|
This manual page is for Mac OS X Server version 10.6.3If you are running Mac OS X (client), this command is not available. If you are running a different version of Mac OS X Server, view the documentation locally:
Reading manual pagesManual pages are intended as a quick reference for people who already understand a technology.
|
slapconfig(8) BSD System Manager's Manual slapconfig(8)
NAME
slapconfig -- tool to configure slapd and related daemons
SYNOPSIS
slapconfig command [command-options] [-q]
DESCRIPTION
slapconfig is a utility for configuring slapd, slurpd, and the Directory Services search policy. It
must be run by root.
USAGE
-q suppress prompts.
Queries
-defaultsuffix Returns the default suffix which is based on the machine's DNS name, or hostname
if DNS is not available.
-getauthmechanisms Returns a list of authentication methods, their current states, and whether or
not the method requires a recoverable password to be stored.
-getclientconfig Returns whether this machine is an LDAP client, not a client, or advanced.
-getldapconfig Returns the LDAP server settings.
-getmacosxodpolicy Returns a property list containing the directory binding settings.
-getmasterconfig Returns the list of replicas and replication interval.
-getpasswordserveraddress
Returns the IP address of the default password server.
-getreplicaconfig Returns the master address and last update date.
-getstyle Returns whether configuration is master, replica, client, or standalone.
-help Print usage information.
-ver Displays version information.
Setup
-addreplica <replica-address>
Adds a replica to the slapd configuration file.
-changeip <old-ip> <new-ip> [<old-host> <new-host>]
Updates configuration records and files to contain the new host information. It does not change the IP
address in Network preferences.
-createldapmasterandadmin [--allow_local_realm] <new-admin> <new-fullname> <new-uid> [<search base
suffix> [<realm>]]
Creates a new master LDAP server. Copies the root account to the new master domain. Creates a new
directory node administrator.
-createreplica <master IP or name> <admin user>
Create a new replica from an existing LDAP master.
-destroyldapserver
Turns off the LDAP server and deletes its database.
-kerberize [-f] [--allow_local_realm] <admin> [<realm>]
Ensures a Kerberos principal for each user in the directory, creating one if necessary. Pass in -f to
force kerberization of a server.
-promotereplica -<admin-user>
Converts an existing replica into a master using the current database.
-removereplica -<replica-address>
Removes a replica from the slapd configuration file.
-setclient
Sets NetInfo to use DHCP binding, enables LDAP directory binding with DHCP (Option 95), and sets the
search policy to Automatic.
-setldapconfig [-maxresults <maximum search results>] [-searchtimeout timeout] [-ssl on|off] [-sslcert
<path to cert>] [-sslkey <path to key>] [-sslcacert <path to CA cert>]
Applies the specified settings and restarts slapd. Settings not specified are unchanged.
-setstandalone
Configures the machine to only use the local directory.
-setldapdhcp
Enables binding to an LDAP server using DHCP option 95.
-setldapstatic <IP-or-name> [port [SSL|NoSSL [search base]]]
Configures to use the specified LDAP server. Requires server based mappings.
-setldapnetinfodhcp
Enables binding to LDAP using DHCP.
-setmacosxodpolicy [-binding [disabled|enabled|required]] [-cleartext [blocked|allowed]] [-encrypt
[yes|no]] [-sign [yes|no]] [-clientcaching [yes|no]] [-man-in-middle [blocked|allowed]]
Sets directory binding options.
-startldapserver Configures launchd to run slapd.
-stopldapserver Configures launchd not to run slapd.
-updateaddresses Merges new interfaces into the list of LDAP replicas.
Password Server
-pwsrekey keysize Divorces the password server from a replicated system and issues a new RSA key.
Users in the local and LDAP directories are migrated to the new key. Valid key
sizes are 1024, 2048, and 3072. There is a performance penalty when using large
keys.
-setauthmechanisms mech [on|off] [mech [on|off] ...]
Sets the states of authentication methods.
-settopasswordserver user directory-administrator
Converts a user account to have an Open Directory authentication type. A new
password server slot and kerberos principal are created. If the user was previ-ously previously
ously an Open Directory user, the old slot and principal are deleted and
replaced.
-startpasswordserver Sets up a launchd plist file and starts the password server.
-stoppasswordserver Sets the launchd plist file to be disabled and stops the password server.
-stripsyncdates Removes the last synchronization dates and transaction ID values from the pass-word password
word server's replication list, causing all records to replicate.
Runtime
-enableslapdlog Turns on the LDAP server logging to /var/log/slapd.log.
-replicatenow Initiates replication sessions for LDAP and Password Server.
Backup and Restore
-backupdb [-noEncrypt] <archive-path>
Creates an archive containing the LDAP, Password Server and Kerberos databases.
-restoredb <archive-path>
Restores a directory to the backed-up state.
-mergedb [-f] <archive-path>
Merges a backup archive into an existing directory system. By default, if the Kerberos realm in the ar-chive archive
chive does not exist on the server, the merge command aborts. The [-f] option can be used to force the
merge without the Kerberos principals. To create new Kerberos principals in the server's realm, use the
"slapconfig -kerberize" command. The [-f] option can be used to force kerberization, if the OD master
is bound to another realm. If the Password Server can supply a plain text password for an account, it
will restore the password, otherwise the user is required to change the password at the next login. A
Kerberos principal is created for the user when the password is changed, or when the administrator sets
it. Although it is not possible to determine whether or not all accounts have recoverable passwords,
the current behavior can be determined by using "slapconfig -getauthmechanisms" and checking the status
of the "WEBDAV-DIGEST" and "APOP" mechanisms. If either one is enabled, then the Password Server stores
recoverable passwords. Otherwise, it does not.
ENVIRONMENT
The environment variable SSOUtilDebugLevel can be set to change the verbosity of the log. Valid values
are [0-9]. The default value is 1.
FILES
/usr/sbin/slapconfig
SEE ALSO
DirectoryService(1), slapd(8)
MacOSX May 12, 2010 MacOSX
|
The way to report a problem with this manual page depends on the type of problem: