13.1 Interactive Mode

The interactive mode provides a text interface to control and use the DirXML Command Line utility.

  1. At the console, enter dxcmd.

  2. Enter the name of a user with sufficient rights to the Identity Manager objects, such as admin.novell.

  3. Enter the user’s password.

  4. Enter the number of the command you want to perform.

    Table 13-1 contains the list of options and what functionality is available.

  5. Enter 99 to quit the utility.

NOTE:If you are running eDirectory 8.8 on UNIX or Linux, you must specify the -host and -port parameters. For example, dxcmd -host 10.0.0.1 -port 524. If the parameters are not specified, a jclient error occurs.

novell.jclient.JCException: connect (to address) 111 UNKNOWN ERROR

By default, eDirectory 8.8 is not listening to localhost. The DirXML Command Line utility needs to resolve the server IP address or hostname and the port to be able to authenticate.

Table 13-1 Interactive Mode Options

Option

Description

1: Start Driver

Starts the driver. If there is more than one driver, each driver is listed with a number. Enter the number of the driver to start the driver.

2: Stop Driver

Stops the driver. If there is more than one driver, each driver is listed with a number. Enter the number of the driver to stop the driver.

3: Driver operations

Lists the operations available for the driver. If there is more than one driver, each driver is listed with a number. Enter the number of the driver to see the operations available. For a list of operations, see Table 13-2.

4: Driver set operations

Lists the operations available for the driver set. For a list of operations, see Table 13-3.

5: Log events operations

Lists the operations available for logging events through Audit. For a description of these options, see Table 13-6.

6: Get DirXML version

Lists the version of Identity Manager installed.

7: Job operations

Manages jobs created for Identity Manager.

8: JVM Statistics

Lists the performance statistics such as, memory, thread, runtime, classloader, garbage collection and OS information for an instrumented Java Virtual Machine (JVM).

99: Quit

Exits the DirXML Command Line utility.

Table 13-2 Driver Options

Options

Description

1: Start driver

Starts the driver.

2: Stop driver

Stops the driver.

3: Get driver state

Lists the state of the driver.

  • 0 - Driver is stopped

  • 1 - Driver is starting

  • 2 - Driver is running

  • 3 - Driver is stopping

4: Get driver start option

Lists the current driver start option.

  • 1 - Disabled

  • 2 - Manual

  • 3 - Auto

5: Set driver start option

Changes the start option of the driver.

  • 1 - Disabled

  • 2 - Manual

  • 3 - Auto

  • 99 - Exit

6: Resync driver

Forces a resynchronization of the driver. It prompts for a time delay: Do you want to specify a minimum time for resync? (yes/no).

If you enter Yes, specify the date and time you want the resynchronization to occur: Enter a date/time (format 9/27/05 3:27 PM).

If you enter No, the resynchronization occurs immediately.

7: Migrate from application into DirXML

Processes an XML document that contains a query command: Enter filename of XDS query document:

Create the XML document that contains a query command by using the NetIQ nds.dtd.

Examples:

NetWare: sys:\files\query.xml

Windows: c:\files\query.xml

Linux: /files/query.xml

8: Submit XDS command document to driver

Submits an XDS command document to the driver’s Subscriber channel, bypassing the driver cache. The document is processed before anything that might be in the cache at the time of the submission. It also means that the submission fails if the driver is not running.

Enter filename of XDS command document:

Examples:

Windows: c:\files\user.xml

Linux: /files/user.xml

Enter name of file for response:

Examples:

Windows: c:\files\user.log

Linux: /files/user.log

9: Submit XDS event document to driver

Submits an XDS event document to the driver’s Subscriber channel, bypassing the driver cache. The document is processed before anything that might be in the cache at the time of the submission. It also means that the submission fails if the driver is not running.

Enter filename of XDS event document:

Examples:

Windows: c:\files\add.xml

Linux: /files/add.xml

10: Queue event for driver

Submits a document to the driver’s Subscriber channel by queuing the document in the driver cache. The document is processed after anything that might be in the cache at the time of the submission. The submission does not fail if the driver is not running.

Enter filename of XDS event document:

Examples:

Windows: c:\files\add.xml

Linux: /files/add.xml

11: Check object password

Validates that an object’s password in the connected system is associated with a driver. It matches the object’s eDirectory password (Distribution Password, used with Universal Password).

Enter user name:

12: Initialize new driver object

Performs an internal initialization of data on a new Driver object. This is only for testing purposes.

13: Password operations

There are nine Password options. See Table 13-4 for a description of these options.

14: Cache operations

There are five Cache operations. See Table 13-5 for a descriptions of these options.

99: Exit

Exits the driver options.

Sample XDS Event Document

<nds dtdversion="1.1" ndsversion="8.6" xml:space="default">
  <input>
    <add class-name="User" src-dn="Doe John">
      <association>JDoe@novell.com</association>
      <add-attr attr-name="LastName">
        <value type="string">John</value>
      </add-attr>
      <add-attr attr-name="FirstName">
        <value type="string">Doe</value>
      </add-attr>
      <add-attr attr-name="Email">
        <value type="string">JDoe@novell.com</value>
      </add-attr>
    </add>
  </input>
</nds>

Sample XDS Command Document

<nds dtdversion="3.5" ndsversion="8.x">
  <source>
    <product version="3.5.11.4223">DirXML</product>
    <contact>Novell, Inc.</contact>
  </source>
  <input>
    <add cached-time="20080519102858.809Z" class-name="User" eventid=
      "blr-krajiv-sles#20080519102858#1#1" qualified-srcdn=
      "O=n\OU=People\CN=JDoe" src-dn="\KRAJIV-LINUXTREE\n\People\JDoe"
      src-entry-id="32956" timestamp="1211192938#9">
      <add-attr attr-name="Internet EMail Address">
        <value timestamp="1211192938#8"
          type="string">JDoe@novell.com</value>
      </add-attr>
      <add-attr attr-name="Given Name">
        <value timestamp="1211192938#5" type="string">John</value>
      </add-attr>
      <add-attr attr-name="Surname">
        <value timestamp="1211192938#9" type="string">Doe</value>
      </add-attr>
    </add>
  </input>
</nds>

Table 13-3 Driver Set Operations

Operation

Description

1: Associate driver set with server

Adds a driver set to the server after which the driver set becomes active.

2: Disassociate driver set from server

Removes a driver set from the server after which the driver set becomes inactive.

3: Export Identity Manager server public key certificate

Exports the DirXML server's public key certificate which is used for encrypting data when setting passwords.

4: Regenerate Identity Manager server keypair

Makes the DirXML Engine regenerate the public key/private key pair which is used for encrypting data when setting passwords.

5: Passwords operations

There are four password operations. For description of these operations, see the operations 5, 6, 7, and 99 in the Table 13-4.

6: Get default reciprocal attribute mappings

Lists the default reciprocal attribute mappings.

7: Regenerate all Identity Manager server keys

Makes the DirXML Engine regenerate all server-specific encryption keys.

8: Apply Activation

Activates the Identity Manager Engine and Drivers depending on the activation file you select.

9: View Activation

Displays the existing activation information for Identity Manager Engine and drivers.

99: > Exit

Exits the current menu and takes you back to the DirXML commands.

Table 13-4 Password Operations

Operation

Description

1: Set shim password

Sets the application password. This is the password of the user account you are using to authenticate into the connected system with.

2: Clear shim password

Clears the application password.

3: Set Remote Loader password

The Remote Loader password is used to control access to the Remote Loader instance.

Enter the Remote Loader password, then confirm the password by typing it again.

4: Clear Remote Loader password

Clears the Remote Loader password so no Remote Loader password is set on the Driver object.

5: Set named password

Allows you to store a password or other pieces of security information on the driver. For more information, see Section 10.0, Securely Storing Driver Passwords with Named Passwords.

There are four prompts to fill in:

  • Enter password name:

  • Enter password description:

  • Enter password:

  • Confirm password

6: Clear named passwords

Clears a specified named password or all named passwords that are stored on the driver object: Do you want to clear all named passwords? (yes/no).

If you enter Yes, all named passwords are cleared. If you enter No, you are prompted to specify the password name that you want to clear.

7: List named passwords

Lists all named passwords that are stored on the driver object. It lists the password name and the password description.

8: Get password state

Lists if a password is set for:

  • Driver Object password:

  • Application password:

  • Remote loader password:

The dxcmd utility allows you to set the Application password and the Remote Loader password. You cannot set the Driver Object password with this utility. It shows if the password has been set or not.

99: Exit

Exits the current menu and takes you back to the Driver options.

Table 13-5 Cache Operations

Operation

Description

1: Get driver cache limit

Displays the current cache limit that is set for the driver.

2: Set driver cache limit

Sets the driver cache limit in kilobytes. A value of 0 is unlimited.

3: View cached transactions

A text file is created with the events that are stored in cache. You can select the number of transactions to view.

  • Enter position token (default=0):

  • Enter maximum transactions records to return (default=1):

  • Enter name of file for response:

4: Delete cached transactions

Deletes the transactions stored in the cache.

  • Enter position token (default=0):

  • Enter event-id value of first transaction record to delete (optional):

  • Enter number of transaction records to delete (default=1):

99: Exit

Exits the current menu and takes you back to the Driver options.

NOTE:In the same dxcmd session, if you wish to view the cached transactions after deleting few transactions, you have to reset the position value to 0 rather than accepting the default value. If you accept the default value, you may receive an ERR_INVALID_REQUEST exception.

Table 13-6 Log Events Operations

Operation

Description

1: Set driver set log events

Allows you to log driver set events through Audit. There are 49 items you can select to log. See Table 13-7 for a list of these options.

Enter the number of the item you want to log. After the items are selected, enter 99 to accept the selections.

2: Reset driver set log events

Resets all of the log event options.

3: Set driver log events

Allows you to log driver events through Audit. There are 49 items to select to log. See Table 13-7 for a list of these options.

Enter the number of the item you want to log. After the items are selected, enter 99 to accept the selections.

4: Reset driver log events

Resets all of the log event options.

99: Exit

Exits the log events operations menu.

Table 13-7 Driver Set and Driver Log Events

Options

1: Status success

2: Status retry

3: Status warning

4: Status error

5: Status fatal

6: Status other

7: Query elements

8: Add elements

9: Remove elements

10: Modify elements

11: Rename elements

12: Move elements

13: Add-association elements

14: Remove-association elements

15: Query-schema elements

16: Check-password elements

17: Check-object-password elements

18: Modify-password elements

19: Sync elements

20: Pre-transformed XDS document from shim

21: Post input transformation XDS document

22: Post output transformation XDS document

23: Post event transformation XDS document

24: Post placement transformation XDS document

25: Post create transformation XDS document

26: Post mapping transformation <inbound> XDS document

27: Post mapping transformation <outbound> XDS document

28: Post matching transformation XDS document

29: Post command transformation XDS document

30: Post-filtered XDS document <Publisher>

31: User agent XDS command document

32: Driver resync request

33: Driver migrate from application

34: Driver start

35: Driver stop

36: Password sync

37: Password request

38: Engine error

39: Engine warning

40: Add attribute

41: Clear attribute

42: Add value

43: Remove value

44: Merge entire

45: Get named password

46: Reset Attributes

47: Add Value - Add Entry

48: Set SSO Credential

49: Clear SSO Credential

50: Set SSO Passphrase

51: User defined IDs

99: Accept checked items

Table 13-8 Job Operations

Options

Description

1: Get available job definitions

Allows you to select an existing job.

Enter the driverset number or the driver number:

Do you want to filter the job definitions by containment? Enter Yes or No

Enter name of the file for response:

Examples:

Windows: c:\files\user.log

Linux: /files/user.log

2: Operations on specific job object

Allows you to perform operations for a specific job.

Enter the job number:

The following list of options appears:

  • 1: Send job update notification
  • 2: Start job
  • 3: Abort running job
  • 4: Get job state
  • 5: Check job configuration
  • 6: Passwords operations
  • 99: Exit