The following provides base information for working with SIMP-managed 389-DS systems.
For more information about getting started with 389-DS, see the 389-DS Quickstart
22.214.171.124.1. File Locations
The default location for directory services
Information used to bootstrap the 389-DS instances. May, or may not, be relevant once the system is fully operational.
126.96.36.199.2. ds* Commands
389-DS uses a collection of commands for managing instances.
Some of the more useful are listed below.
It is important to know that the SIMP-managed 389-DS instances use an
account-to-DN mapping for the
root user that automatically maps
to the administrative DN for the instance if you are using LDAPI.
This makes the administration process much easier for daily activities and is recommended unless you need to manage the system remotely.
188.8.131.52.2.1. dsctl - Directory Server Control
List all instances on the system (ignore the
slapd-prefix when referencing them in other commands).
dsctl [instance_name] <start|stop|restart|status>
The easiest manner to manage the running state of your instances.
dsctl [instance_name] healthcheck
Check the instance for common issues
184.108.40.206.2.2. dsconf - Directory Server Configuration
dsconf [instance_name] config get
Print the main configuration of the specified instance.
dsconf [instance_name] security get
Print the security configuration of the specified instance.
dsconf [instance_name] pwpolicy get
Print the global password policy for the instance.
dsconf [instance_name] localpwp list
Print all known local password policies in the instance.
dsconf [instance_name] localpwp get [DN]
Print the details of the local password policy specified by
[DN](This is one of the items output by
Note that local password policies are overrides to individual global password policy entries.
220.127.116.11.2.3. dsidm - Directory Server Identity Management
dsidm command provides account management capabilities and the usage is
covered in detail in the account management sections.
To make using
dsidm easier, you may want to add something like the following
[<instance_name>] uri = ldapi://%%2fvar%%2frun%%2fslapd-<instance_name>.socket basedn = <base DN>
For a more concrete example, we will use the
accounts instance provided by
To find your base DN, you can run the following:
dsidm accounts -b "<base DN>" account list | head -1
Assuming that our base DN is
dc=local,dc=com, our configuration file would
look like the following:
[accounts] uri = ldapi://%%2fvar%%2frun%%2fslapd-accounts.socket basedn = dc=local,dc=com