Menu Close
Settings Close

Language and Page Formatting Options

1.11. Creating and Using a .dsrc File to Set Default Options for Directory Server Command-line Utilities

A ~/.dsrc file simplifies commands that use the Directory Server command-line utilities. By default, these utilities require that you pass, for example, an LDAP URL or bind distinguished name (DN) to the command. If you store these settings in a ~/dsrc file, you can use the command-line utilities without specifying these settings each time.

1.11.1. How a .dsrc File Simplifies Commands

The following is an example of a ~/.dsrc file that specifies the LDAP URL of an instance and a bind DN:
[server1]
uri = ldap://server1.example.com
binddn = cn=Directory Manager
binddn = dc=example,dc=com
With these settings, you can use shorter Directory Server commands. For example, to create a user account:
# dsidm server1 user create
Without the ~/.dsrc file, you must specify the bind DN, LDAP URL, and base DN in the command:
# dsidm -D cn=Directory Manager ldap://server1.example.com -b "dc=example,dc=com" user create

1.11.2. Using the dsctl Utility to Create a .dsrc File

Instead of manually creating a ~/.dsrc file, you can use the dsctl utility to create it:
# dsctl instance_name dsrc create ...
You can pass the following options to the command:
  • --uri: Sets the URL to the instance in the format protocol://host_name_or_IP_address_or_socket.
    Examples:
    • --uri ldap://server.example.com
    • --uri = ldaps://server.example.com
    • --uri = ldapi://%%2fvar%%2frun%%2fslapd-instance_name.socket
      If you set the path to an Directory Server socket, use %%02 instead of slashes (/) in the path.

      Important

      If you use an ldapi URL, the server identifies the user ID (UID) and group ID (GID) of the user who runs the Directory Server command-line utility. If you run the command as the root user, both UID and GID are 0 and Directory Server automatically authenticates you as cn=Directory Manager without entering the corresponding password.
  • --starttls: Sets configures the utilities to connect to an LDAP port and then send the STARTTLS command to switch to an encrypted connection.
  • --basedn: Sets the base distinguished name (DN). For example: --basedn dc=example,dc=com
  • --binddn: Sets the bind DN. For example: --binddn cn=Directory Manager
  • --pwdfile: Sets the path to a file that contains the password of bind DN. For example: --pwdfile /root/rhds.pwd
  • --tls-cacertdir: When you use an LDAPS connection, the path set in this parameter defines the directory with the certificate authority (CA) certificate that is required to verify the server's certificate. For example: --tls-cacertdir /etc/pki/CA/certs/
    Note that you must use the c_rehash /etc/pki/CA/certs/ command after you copied the CA certificate to the specified directory.
  • --tls-cert: Sets the absolute path to the server's certificate. For example: --tls-cert /etc/dirsrv/slapd-instance_name/Server-Cert.crt
  • --tls-key: Sets the absolute path to the server's private key. For example: --tls-key /etc/dirsrv/slapd-instance_name/Server-Cert.key
  • --tls-reqcert: Sets what checks the client utilities perform on server certificates in a TLS session. For example: --tls-reqcert hard
    The following parameters are available:
    • never: The utilities do not request or check the server certificate.
    • allow: The utilities ignore certificate errors and the connection is established anyway.
    • hard: The utilities terminate the connection on certificate errors.
  • --saslmech: Sets the SASL mechanism to use to PLAIN or EXTERNAL. For example: --saslmech PLAIN