Manages the Directory Server.
Restriction: This topic applies only when the Enterprise Server feature is enabled.
Syntax for starting or stopping the Directory Server:
mfds [/d|/n network-address] [/j journal-path] [/r]
Syntax for stopping the Directory Server:
mfds /s option [username password]
Syntax for reporting and exporting information:
mfds /v
mfds /m
mfds /e root-DN user-partition-DN group-partition-DN
resource-partition-DN schema-format ldif-filename
sec-path
mfds /l [schema partition Distinguished Name] option ldif-filename [schema-version-1] [schema-version-2]
Syntax for exporting the currently active MFDS process repository to a specified path:
mfds /x [repository type] [repository address] [server name] <options> <user id> <password>
CAUTION:
If MFDS is configured to store sensitive values in the vault (for example XA openstring or autostart credentials), these values
can be included when exporting Enterprise Server configuration data in legacy file, XML, or JSON format.
Micro Focus recommends that you protect the exported files with appropriate access control.
Examples:
"mfds /x 1 c:\myrepository *"
"mfds /x 1 c:\myrepository * S"
"mfds /x 1 c:\myrepository * O"
"mfds /x 1 c:\myrepository * SO"
"mfds /x 1 c:\myrepository ESDEMO"
"mfds /x 1 c:\myrepository ESDEMO D myid mypwd"
Syntax for creating a readable journal file from a binary journal file:
mfds /t output-filename input-filename
Note:
If
output-filename is not specified, a default file of
journal.txt will be created in the same directory as the
input-filename
If
input-filename is not specified, the default
journal.dat file as specified by the default MFDS options file (mfdsacfg.xml) will be used. By default, the
mfdsacfg.xml file is located in
%ProgramFiles(x86)%\Micro Focus\Visual COBOL\etc (Windows) or
$COBDIR/etc (UNIX).
This option can only convert
journal.dat files to text if they have originated on the same hardware and software platform; it is not guaranteed that journal files
imported from UNIX can be read by Windows and vice versa.
Syntax for secure access to MFDS:
mfds /b
Use this startup option to block anonymous read access to the MFDS
Enterprise Server configuration data. If this option is specified, applications that connect to the MFDS process to query
Enterprise Server configuration information (for example, mdump and other utilities) will be required to specify valid credentials based on
the current MFDS security configuration, otherwise the connection will be rejected.
Note: From
Visual COBOL 7.0, this has become the default behavior.
Syntax for installing and uninstalling Windows services:
mfds /c
mfds /u
mfds /i
Syntax for importing an XML formatted repository:
mfds /g [repository type] [repository address] <opts> <user id> <password>
Syntax for specifying a default user ID
mfds /f userID
On UNIX, if you use this command before the MFDS process starts, MFDS changes the effective user ID to the specified value
after it has started listening on its configured endpoint. This enables the MFDS process to run using a non-root user ID while
still using the default privileged port 86. If the specified user ID specified invalid, the MFDS process terminates.
Parameters:
- /c
- Install the Directory Server as a Windows service, and when it runs, show the debug information console. Once you have issued
the
mfds command with this parameter, you start Directory Server using the Windows Control Panel.
- /d
- Show debug information; this is a record of activity on the Directory Server that can be useful when investigating problems
- /e
root DNuser partition DNgroup partition DNresource partition DNschema formatldif-filenamesec-path
- Export Directory Server users and groups from the MF Directory Server repository to an LDIF file:
-
root-DN
The application partition to which all of the exported entries will be assigned.
-
user-partition-DN
The name of the container within the application partition to which the exported users will be assigned.
-
group-partition-DN
The container within the application partition to which the exported groups will be assigned.
-
root-DN
The container within the application partition to which the exported resource definitions will be assigned.
-
schema-format
Values: 1 = Active Directory (Default).
-
sec-path
The location of the MF Directory Server repository.
- /f
userID
- if you use this command before the MFDS process starts, MFDS changes the effective user ID to the specified value after it
has started listening on its configured endpoint. This enables the MFDS process to run using a non-root user ID while still
using the default privileged port 86. If the specified user ID specified invalid, the MFDS process terminates.
Equivalent to setting
Default process user ID from the GUI.
- /i
- Install the Directory Server as a Windows service, and when it runs, do not show the debug information console. Once you have
issued the
mfds command with this parameter, you start Directory Server using the Windows Control Panel.
- /j
directory-path
- Override the journal path. Journal data will be written to the filesystem directory that you specify. For example: mfds /j
e:\journal
- /l [schema partition Distinguished Name]
optionldif-filename [schema-version-1] [schema-version-2]
- Export the schema extensions that an LDAP server will require to support Micro Focus applications.
- schema partition Distinguished Name
- Specifies the DN of the partition in the Directory Information Tree where the schema definition is held. The schema partition
holds, amongst other things, attributeSchema and classSchema objectclass instances.
- option
- Specifies the target directory server type:
- 0
- Microsoft Active Directory Lightweight Directory Server (AD LDS)
- 1
- Active Directory
This is the default value.
- 2
- OpenLDAP
- 3
- Sun Directory
- 4
- OpenLDAP (v2.4)
Note: If you specify the
ldif-filename, you must also specify a value for this parameter.
- ldif-filename
- Specifies the name of the destination file.
The default: mfds_schema_[
mfds version
].ldf (for example, mfds_schema_1.05.09.ldf)
- schema-version-1
- Specifies the version of the schema extensions to be generated:
- 0
- Is the current schema version and is the default value. Numbers greater than 0 specify older schema versions.
- schema-version-2
- This option is used for upgrading from a previous schema. If schema-version-2 is specified and is less than the schema-version-1,
the output file is a delta between the schema-version-1 and schema-version-2.
If schema-version-2 is greater than or equal to schema-version-1, this option is ignored.
- /m
- Display the location of the Directory Server repository.
- /n
network-addresses
- Bind to specific network adapters at
network-addresses, where
network-addresses can be an IPv4, IPv6 address, or a hostname. Multiple addresses can be specified as a quoted, space-separated list. Each
address can be specified with either TCP: or UDP: protocol proceeding the address. For example:
mfds /n "TCP:252.162.131.105 UDP:6202:8e2a:686a:6a77:2855:c4df:960f:3cc2 TCP:host-name"
Note: If a UDP protocol is used then MFDS will attempt to start the UDP listener on that address. If no UDP protocol is used then
MFDS will use the first available IPv4 address to start the UDP listener on.
If "0.0.0.0" is specified for the
network-address then it will listen on all IPv4 addresses and if "::" is specified then it will listen on all IPv6 addresses. You can combine
these to listen on both IPv4 and IPv6 addresses, for example,
mfds /n "0.0.0.0 ::"
- /r
- Refuse access to the
Enterprise Server Administration interface.
- /s
option [username
password]
- Request a controlled shutdown of a Directory Server and optionally the associated enterprise servers. If the Directory Server
is not using the default port, then you must specify the CCITCP2_PORT environment variable with the port that is being used.
Option:
- Value 1: Shutdown the Directory Server only
- Value 2: Shutdown the Directory Server and any associated enterprise servers.
Username and password: These must be supplied if the Directory Server is running with Restrict administration access checked.
This option supports the specification of the optional
Enterprise Server user id and password parameters using a configured
Micro Focus Vault Facility location rather than using literal strings for credentials. For example:
mfds /s 1 mfsecret:user/user_001/id mfsecret:user/user_001/pwd
where
user/user_001/id and
user/user_001/pwd are examples of secrets stored in the default configured vault. These values can be populated and administered using the
mfsecretsadmin utility. See
Vault Facility for more information.
The mfds /x and /g command-line options also support credentials stored in the vault.
- /u
- Uninstall Directory Server as a Windows service
- /v
- Show version information for Directory Server
- /x [repository type]
- Enables you to export the
Enterprise Server configuration information from the running MFDS process. You can exported in either of the following formats:
- 1
- file://
- 5
- XML
CAUTION:
If MFDS is configured to store sensitive values in the vault (for example XA openstring or autostart credentials), these values
can be included when exporting Enterprise Server configuration data in legacy file, XML, or JSON format.
Micro Focus recommends that you protect the exported files with appropriate access control.
- [repository address]
- Absolute directory path to repository.
- [server name]
- * = export all servers
- <opts>
-
- D = (default) do not delete or overwrite any existing repository contents at specified location.
- O = delete and overwrite any existing repository contents at specified location.
- S = export server and security manager configuration.
- <user id> <password>
- These are the MFDS credentials required if administration access is restricted.
- /g [repository type]
- Enables you to import the
Enterprise Server configuration into the current running MFDS process. You can import either of the following formats:
- 1
- file://
- 5
- XML
- [repository address]
- Absolute directory path to repository.
- <opts>
-
- <user id> <password>
- These are the MFDS credentials required if administration access is restricted.
- --listen-all
- Set MFDS to listen on all configured network adapters.
- --listen-loopback
- Set MFDS to listen on loopback only.
- --vault-migrate
- Migrates sensitive data values from the default MFDS repository into the configured vault. From
Visual COBOL 8.0, the migration occurs automatically when MFDS first starts. Once migrated, sensitive data values stored in the MFDS repository
are removed and are available only from the configured vault.
- --ui-on
- Set MFDS to enable Web UI.
- --ui-off
- Set MFDS to disable Web UI.
- --anonymous-access-on
- Set MFDS to allow anonymous client access.
- --anonymous-access-off
- Set MFDS to disallow anonymous client access.
Comments:
The command to start the Directory Server can be inserted into your startup shell script; then the Directory Server will be started automatically when the machine is started. The mfds command must be inserted after the command to start up TCP/IP, because Directory Server needs TCP/IP to be running. If the command has been added to your startup shell script you would normally need to start the Directory Server only if you performed a shutdown since you started the machine.
You can use both a dash (-) or a forward slash (/) before a parameter.