Manages the Directory Server.
Restriction: This topic applies only when the Enterprise Server feature is enabled.
Syntax for starting or stopping the Directory Server:
mfds [/d|/dn network-address|/n network-address] [/j journal-path] [/r] [/p port-number]
Syntax for stopping the Directory Server:
mfds [/p port-number] -s option [username password]
Syntax for reporting and exporting information:
mfds /v
mfds /m
mfds /e root-DN user-partition-DN group-partition-DN
resource-partition-DN schema-format ldif-filename
sec-path
mfds /l [schema partition Distinguished Name] option ldif-filename [schema-version-1] [schema-version-2]
Syntax for exporting the currently active MFDS process repository to a specified path:
mfds -x [repository type] [repository address] [server name] <options> <user id> <password>
Examples:
"mfds -x 1 c:\myrepository *"
"mfds -x 1 c:\myrepository * S"
"mfds -x 1 c:\myrepository * O"
"mfds /x 1 c:\myrepository * SO"
"mfds /x 1 c:\myrepository ESDEMO"
"mfds /x 1 c:\myrepository ESDEMO D myid mypwd"
Syntax for creating a readable journal file from a binary journal file:
mfds /t output-filename input-filename
Note:
If
output-filename is not specified, a default file of
journal.txt will be created in the same directory as the
input-filename
If
input-filename is not specified, the default
journal.dat file as specified by the default MFDS options file (mfdsacfg.dat) will be used.
This option can only convert
journal.dat files to text if they have originated on the same hardware and software platform; it is not guaranteed that journal files
imported from UNIX can be read by Windows and visa versa.
Syntax for secure access to MFDS:
mfds /b
Use this startup option to block anonymous read access to the MFDS ES configuration data. If this option is specified, applications
that connect to the MFDS process to query ES configuration information (for example mdump and other utilities) will be required
to specify valid credentials based on the current MFDS security configuration, otherwise the connection will be rejected.
Syntax for installing and uninstalling Windows services:
mfds /c
mfds /u
mfds /i
Syntax for importing an XML formatted repository:
mfds /g [repository type] [repository address] <opts> <user id> <password>
Syntax for specifying a default user ID
mfds /f userID
On UNIX, if you use this command before the MFDS process starts, MFDS changes the effective user ID to the specified value
after it has started listening on its configured endpoint. This enables the MFDS process to run using a non-root user ID while
still using the default privileged port 86. If the specified user ID specified invalid, the MFDS process terminates.
Parameters:
- /d
- Show debug information; this is a record of activity on the Directory Server that can be useful when investigating problems
- /dn
network-address
- Show debug information and bind to the specific network adapter at
network-address, where
network-address can be either the IPv4 address or the hostname.
- /e
root DNuser partition DNgroup partition DNresource partition DNschema formatldif-filenamesec-path
- Export Directory Server users and groups from the MF Directory Server repository to an LDIF file:
-
root-DN
The application partition to which all of the exported entries will be assigned.
-
user-partition-DN
The name of the container within the application partition to which the exprted users will be assigned.
-
group-partition-DN
The container within the application partition to which the exported groups will be assigned.
-
root-DN
The container within the application partition to which the exported resource definitions will be assigned.
-
schema-format
Values: 1 = Active Directory (Default).
-
sec-path
The location of the MF Directory Server repository.
- /f
userID
- if you use this command before the MFDS process starts, MFDS changes the effective user ID to the specified value after it
has started listening on its configured endpoint. This enables the MFDS process to run using a non-root user ID while still
using the default privileged port 86. If the specified user ID specified invalid, the MFDS process terminates.
Equivalent to setting
Default process user ID from the GUI.
- /j
directory-path
- Override the journal path. Journal data will be written to the filesystem directory that you specify. For example: mfds /j
e:\journal
- /l [schema partition Distinguished Name]
optionldif-filename [schema-version-1] [schema-version-2]
- Export the schema extensions that an LDAP server will require to support Micro Focus applications.
- schema partition Distinguished Name
- Specifies the DN of the partition in the Directory Information Tree where the schema definition is held. The schema partition
holds, amongst other things, attributeSchema and classSchema objectclass instances.
- option
- Specifies the target directory server type:
- 0
- Microsoft Active Directory Lightweight Directory Server (AD LDS)
- 1
- Active Directory
This is the default value.
- 2
- OpenLDAP
- 3
- Sun Directory
- 4
- OpenLDAP (v2.4)
[3]
Note: If you specify the
ldif-filename, you must also specify a value for this parameter.
- ldif-filename
- Specifies the name of the destination file.
The default: mfds_schema_[
mfds version
].ldf (for example, mfds_schema_1.05.09.ldf)
- schema-version-1
- Specifies the version of the schema extensions to be generated:
- 0
- Is the current schema version and is the default value. Numbers greater than 0 specify older schema versions.
- schema-version-2
- This option is used for upgrading from a previous schema. If schema-version-2 is specified and is less than the schema-version-1,
the output file is a delta between the schema-version-1 and schema-version-2.
If schema-version-2 is greater than or equal to schema-version-1, this option is ignored.
- /m
- Display the location of the Directory Server repository.
- /n
network-address
- Bind to the specific network adapter at
network-address, where
network-address can be either the IPv4 address or the hostname.
- /p
port-number
- Bind to a non-standard port.
Note:
Many programs depend on Directory Server using the default port (86). Therefore, if you use an alternative port, you may experience
interoperability problems.
You should also consider carefully before using this option to run more than one Directory Server on the same machine. By
default, both would use the same options file and repository, and might therefore encounter conflicts.
- /r
- Refuse access to the
Enterprise Server Administration interface.
- /s
option [usernamepassword]
- Request a controlled shutdown of a Directory Server and optionally the associated enterprise servers. If the Directory Server
is not using the default port, the
/p option must be used to specify the port that is being used.
Option:
- Value 1: Shutdown the Directory Server only
- Value 2: Shutdown the Directory Server and any associated enterprise servers.
Username and password: These must be supplied if the Directory Server is running with Restrict administration access checked.
- /v
- Show version information for Directory Server
- /x [repository type]
- 1 = file:///
- 5 = XML
- [repository address]
- Absolute directory path to repository.
- [server name]
- * = export all servers
- <opts>
-
- D = (default) do not delete or overwrite any existing repository contents at specified location.
- O = delete and overwrite any existing repository contents at specified location.
- S = export server and security manager configuration.
- <user id> <password>
- These are the MFDS credentials required if administration access is restricted.
- /g [repository type]
- 5 = XML
- [repository address]
- Absolute directory path to repository.
- <opts>
-
- <user id> <password>
- These are the MFDS credentials required if administration access is restricted.
Comments:
The command to start the Directory Server can be inserted into your startup shell script; then the Directory Server will be started automatically when the machine is started. The mfds command must be inserted after the command to start up TCP/IP, because Directory Server needs TCP/IP to be running. If the command has been added to your startup shell script you would normally need to start the Directory Server only if you performed a shutdown since you started the machine.
On UNIX you should use a dash (-) before a parameter as an alternative to a forward slash (/).