OpenDJ server software installs with a cross-platform, Java Swing-based Control Panel for many day-to-day tasks. OpenDJ server software also installs command-line tools for configuration and management tasks.
This chapter is one of the few to include screen shots of the control panel. Most examples make use of the command-line tools. Once you understand the concepts, and how to perform a task using the command-line tools, you no doubt need no more than to know where to start in the Control Panel to accomplish what you set out to do.
At a protocol level, administration tools and interfaces connect to servers through a different network port than that used to listen for traffic from other client applications.
This chapter takes a quick look at the tools for managing directory services.
OpenDJ Control Panel offers a graphical user interface for managing both local and remote servers. You choose the server to manage when you start the Control Panel. The Control Panel connects to the administration server port, making a secure LDAPS connection.
Start OpenDJ Control Panel by running the control-panel command.
(Linux, Solaris) Run /path/to/opendj/bin/control-panel.
(Mac OS X) Double-click
When you login to OpenDJ Control Panel, you authenticate over LDAP. This means that if users can run the Control Panel, they can use it to manage a running server. Yet, to start and stop the server process through OpenDJ Control Panel, you must start the Control Panel on the system where OpenDJ runs, as the user who owns the OpenDJ server files (such as the user who installed OpenDJ). In other words, the OpenDJ Control Panel does not do remote process management.
Down the left side of OpenDJ Control Panel, notice what you can configure.
Directory data provisioning is typically not something you do by hand in most deployments. Usually entries are created, modified, and deleted through specific directory client applications. The Manage Entries window can be useful, however, both in the lab as you design and test directory data, and also if you modify individual ACIs or debug issues with particular entries.
Additionally, the Directory Data list makes it easy to create a new base DN, and then import user data for the new base DN from LDIF. You can also use the tools in the list to export user data to LDIF, and to backup and restore user data.
The Manage Schema window lets you browse and modify the rules that define how data is stored in the directory. You can add new schema definitions such as new attribute types and new object classes while the server is running, and the changes you make take effect immediately.
The Manage Indexes window gives you a quick overview of all
the indexes currently maintained for directory attributes. To protect
your directory resources from being absorbed by costly searches on
unindexed attributes, you may choose to keep the default behavior,
preventing unindexed searches, instead adding indexes required by specific
applications. (Notice that if the number of user data entries is smaller
than the default resource limits, you can still perform what appear
to be unindexed searches. That is because the
index returns all user data entries without hitting a resource limit that
would make the search unindexed.)
OpenDJ Control Panel also allows you to verify and rebuild existing indexes, which you may have to do after an upgrade operation, or if you have reason to suspect index corruption.
The Monitoring list gives you windows to observe information about the system, the JVM used, and indications about how the cache is used, whether the work queue has been filling up, as well as details about the database. You can also view the numbers and types of requests arriving over the connection handlers, and the current tasks in progress as well.
If you did not set appropriate JVM runtime options during the installation process, this is the list that allows you to do so through the Control Panel.
Before you try the examples in this guide, set your PATH to include the OpenDJ directory server tools. Where the tools are located depends on the operating system and on the packages used to install OpenDJ.
|OpenDJ running on...||OpenDJ installed from...||Default path to tools...|
|Apple Mac OS X, Linux distributions, Oracle Solaris||WebStart, .zip|
|Linux distributions||.deb, .rpm|
|Microsoft Windows||WebStart, .zip|
You find the installation and upgrade tools,
in the parent directory of the other tools,
as these tools are not used for everyday administration.
For example, if the path to most tools is
you can find these tools in
For instructions on how to use the installation and upgrade tools, see the
All OpenDJ command-line tools take the
All commands call Java programs and therefore involve starting a JVM.
The following list uses the UNIX names for the tools. On Windows all command-line tools have the extension .bat.
Backup or schedule backup of directory data.
Encode and decode data in base64 format.
Base64 encoding represents binary data in ASCII, and can be used to encode character strings in LDIF, for example.
Generate a script you can use to start, stop, and restart the server
either directly or at system boot and shutdown. Use create-rc-script -f
Debug JE databases.
The dsconfig command is the primary command-line tool for viewing and editing OpenDJ configuration. When started without arguments, dsconfig prompts you for administration connection information. Once connected it presents you with a menu-driven interface to the server configuration.
When you pass connection information, subcommands, and additional options to dsconfig, the command runs in script mode and so is not interactive.
You can prepare dsconfig batch scripts by running
the tool with the
--commandFilePath option in interactive
mode, then reading from the batch file with the
--batchFile option in script mode. Batch files can be
useful when you have many dsconfig commands to run
and want to avoid starting the JVM and setting up a new connection for
Apply changes you make to
opendj/config/java.properties, which sets Java
Configure data replication between directory servers to keep their contents in sync.
Encode a clear text password according to one of the available storage schemes.
Export directory data to LDAP Data Interchange Format, a standard, portable, text-based representation of directory content.
Load LDIF content into the directory, overwriting existing data.
Compare the attribute values you specify with those stored on entries in the directory.
Delete one entry or an entire branch of subordinate entries in the directory.
Modify the specified attribute values for the specified entries.
Use the ldapmodify command with the
-a option to add new entries.
Modify user passwords.
Search a branch of directory data for entries matching the LDAP filter that you specify.
Display differences between two LDIF files, with the resulting output having LDIF format.
Similar to the ldapmodify command, modify specified attribute values for specified entries in an LDIF file.
Similar to the ldapsearch command, search a branch of data in LDIF for entries matching the LDAP filter you specify.
List backends and base DNs served by OpenDJ.
Generate directory data in LDIF, based on templates that define how the data should appear.
The make-ldif command is designed to help you quickly generate test data that mimics data you expect to have in production, but without compromising private information.
Lock and unlock user accounts, and view and manipulate password policy state information.
View information about tasks scheduled to run in the server, and cancel specified tasks.
Rebuild an index stored in a JE backend.
Restore user data from backup.
Start OpenDJ directory server.
Display information about the server.
Stop OpenDJ directory server.
Verify that an index stored in a JE backend is not corrupt.
Register OpenDJ as a Windows Service.