'\" t .\" Title: opendj .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: April, 2013 .\" Manual: Tools Reference .\" Source: OpenDJ 2.5.0 .\" Language: English .\" .TH "OPENDJ" "5" "April, 2013" "OpenDJ 2.5.0" "Tools Reference" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" opendj \- a high\-performance, highly\-extensible, LDAPv3 compliant directory server .SH "DESCRIPTION" .PP OpenDJ is a high\-performance, highly\-extensible, pure Java directory server\&. The server is fully compliant with the LDAPv3 standard, and passes all of the compliance, interoperability and security tests suites\&. The directory server implements most of the standard and experimental LDAP extensions defined in the IETF as RFCs or Internet\-Drafts, ensuring maximum interoperability with LDAP client applications\&. .PP The OpenDJ software includes a rich set of APIs making the directory server easy to extend\&. The directory server supports a loosely consistent multi\-master replication model that guarantees high availability of data for all operations, searches or updates\&. While theoretically unlimited with regard to the number of masters, the directory server has been stressed under heavy and durable load with four masters\&. .PP The OpenDJ software includes: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} A graphical installation tool (QuickSetup) that enables you to have a server configured, and up and running in less than 3 minutes\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} A graphical control panel \fBcontrol-panel\fR(1M) that displays server status information and enables you to perform basic directory server administration\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} A rich set of command\-line utilities to perform all online administrative tasks both interactively and scripted\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Advanced security and password policies\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Advanced backup and restore capabilities\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Extensive user documentation at \fB\%\%http://opendj.forgerock.org/docs.html\fR\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} Full integration into the Solaris Service Management Facilities (SMF) and Role\-Based Access Management (RBAC) system (see \fBsmf\fR(5), \fBrbac\fR(5))\&. .RE .sp .RE .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP The default settings for the directory server are targeted at the initial evaluator or developer, running on a zone with a limited amount of resources\&. To scale the server, it is important to do initial tuning of the Java VM and of the server itself\&. .sp .RE .PP Support for OpenDJ is available from ForgeRock\&. More information can be found at \fB\%\%http://www.forgerock.com\fR\&. .SH "USAGE" .PP The OpenDJ software allows one to run one or more LADP server instances within the same zone, whereby each instance requires its own dedicated directory to store the instance specific data like server runtime configuration, schemas, certificates and keys, etc\&.\&. That\'s why this directory is usually referred as \fIinstance data directory\fR or \fIinstance directory\fR\&. .PP The software allows only the owner of the instance directory (default: \%\fBldapd\fR:\%\fBldapd\fR) to actually run the related OpenDJ server instance or exectute any related OpenDJ tools or utilities\&. To allow other users to use OpenDJ tools and utilities without doing a \fBsu\fR(1M) to become that user every time, the package installs an RBAC profile named "OpenDJ Admin"\&. Any user, which has this profile assigned (see \fBusermod\fR(1M)), is able to execute OpenDJ tools and utilities directly (if the shell is prefixed with a pf like pfksh, pftcsh) or by prefixing the command in question with \%\fBpfexec\fR \- the operating system will automatically change the gid:uid of the process and its children to ldapd:ldapd\&. .PP When the OpenDJ package gets installed, a default SMF service for a single OpenDJ server instance (also referred as the \fIdefault instance\fR) gets installed as well: svc:/network/ldap/opendj25:default\&. It will be used by the system or administrator to start/stop the server when needed (any user, which has the "OpenDJ Admin" profile assigned, has also the permission to manage this service or change its properties)\&. However, this service is initially disabled, because one needs to configure/initialize the associated OpenDJ server instance first\&. .PP To configure/initialize an instance, one needs to run \fBconfigure\fR(1M) to prepare the instance data directory (default: \%/var/share/ldap/opendj) and set the corresponding properties of the related SMF service\&. .if n \{\ .sp .\} .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 \fBNote\fR .ps -1 .br .PP This step is important, because every OpenDJ utility obtains the related instance data directory to use from the corresponding SMF service\&. It does this by querying the service for the property config/datadir\&. The reference to the service is obtained from the environment variable \%\fBSMF_FMRI\fR\&. If this variable is not set, the default service (svc:/network/ldap/opendj25:default) will be used\&. .sp .RE .PP When the instance data directory got prepared, one needs to initialize the related OpenDJ instance, i\&.e\&. set which ports to use, what encryption methods to use (e\&.g\&. SSL, TLS), initial password and the like (for more details see \fB\%\%http://opendj.forgerock.org/doc/install-guide/index.html\fR)\&. To do this, one needs to run OpenDJ\'s \fBsetup\fR(1M) utility \- the command line variant (option \%\fB\-\-cli\fR) is recommended\&. As mentioned above, it must be run either by an user having the "OpenDJ Admin" profile assigned, or the user owning the instance data directory\&. .PP Once the OpenDJ server instance is initialized, you may start/manage it using the \fBsvcadm\fR(1M) command as for any other service\&. .PP For your convinience, every OpenDJ tool which supports the option \%\fB\-\-propertiesFilePath\fR, will look for \%\fI$HOME\fR\%/\&.opendj/tools\&.properties and if it does not exist, for \%\fI$INSTANCE_ROOT\fR\%/config/tools\&.properties to obtain default parameters to use, unless a file was explicitly specified via the mentioned option\&. Default in this context means, command line arguments take precendence over the settings obtained from the properties file (if any)\&. If you don\'t want the tools to try using these files, just add the option \%\fB\-\-noPropertiesFile\fR when the comamnd gets launched\&. The format of the file and honored properties are described in the \%\fI$INSTALL_ROOT\fR\%/tmpl_instance/config/tools\&.properties itself\&. .SH "EXAMPLES" .PP Within the following examples, a hash prompt (# ) denotes commands executed by the user root, a dollar prompt ($ ) denotes a command executed by a user, which has the "OpenDJ Admin" profile assigned and is running a pfksh93\&. All examples assume, that the user (or role) ldapd owns the related instance data directory\&. Remember, if a user doesn\'t use a profile shell like pf*sh, he needs explicitly run all commands using pfexec infront of it\&. .PP \%\fBExample 1\fR: Create an OpenDJ admin user named vala which has the "OpenDJ Admin" profile assigned: .sp .if n \{\ .RS 4 .\} .nf # \%\fBuseradd \-d /local/home/vala \-m \-g staff \e \-c \'Claudia Mal Doran\' \e \-P \'OpenDJ Admin\' \-s /usr/bin/pfksh93 \-S files vala\fR .fi .if n \{\ .RE .\} .PP \%\fBExample 2\fR: Check which profiles you have: .sp .if n \{\ .RS 4 .\} .nf $ \%\fBprofiles\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf OpenDJ Admin Basic Solaris User All .fi .if n \{\ .RE .\} .PP \%\fBExample 3\fR: Check which authorizations you have: .sp .if n \{\ .RS 4 .\} .nf $ \%\fBauths\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf solaris\&.admin\&.wusb\&.read,solaris\&.mail\&.mailq,\e solaris\&.network\&.autoconf\&.read,\e solaris\&.smf\&.manage\&.opendj,solaris\&.smf\&.value\&.opendj .fi .if n \{\ .RE .\} .PP \%\fBExample 4\fR: Prepare the instance directory for the default instance using a separate ZFS: .sp .if n \{\ .RS 4 .\} .nf # \%\fBzfs create \-o mountpoint=/data/opendj \-o recordsize=8k \e \-p pool1/data/opendj\fR # \%\fBchown ldapd:ldapd /data/opendj\fR # \%\fBexit\fR $ \%\fB/opt/opendj25/configure \-\-instancePath=/data/opendj\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf Preparing instance data dir \'/data/opendj\' \&.\&.\&. Done\&. Now you should initialize the instance with: /opt/opendj25/setup \-\-cli .fi .if n \{\ .RE .\} .PP \%\fBExample 5\fR: Initialize the default OpenDJ server instance using the CLI version of setup\&. Note that we choose to not start the server automatically after setup (because we want SMF to manage it) and to use the Java Key Store (which is the default one): .sp .if n \{\ .RS 4 .\} .nf $ \%\fB/opt/opendj25/setup \-\-cli \e \-\-baseDN dc=example,dc=com \e \-\-addBaseEntry \e \-\-ldapPort 389 \e \-\-enableStartTLS \e \-\-ldapsPort 636 \e \-\-adminConnectorPort 4444 \e \-\-rootUserDN \'cn=Directory Manager\' \e \-\-rootUserPassword mySecretPassword \e \-\-generateSelfSignedCertificate \e \-\-hostName ldap\&.example\&.com \e \-\-no\-prompt \e \-\-noPropertiesFile \e \-\-doNotStart\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf OpenDJ 2\&.5\&.0\-Xpress1 Please wait while the setup program initializes\&.\&.\&. See /var/tmp/opendj\-setup\-5261833234574364216\&.log for a detailed log \e of this operation\&. Configuring Directory Server \&.\&.\&.\&.\&. Done\&. Configuring Certificates \&.\&.\&.\&.\&. Done\&. Creating Base Entry dc=example,dc=com \&.\&.\&.\&.\&. Done\&. To see basic server configuration status and configuration you can \e launch /opt/opendj25/bin/status .fi .if n \{\ .RE .\} .PP \%\fBExample 6\fR: Adjust the JVM parameter and arguments for the OpenDJ utilities (the success message is a little bit imprecise\&. It should actually say "OpenDJ" instead of "server" commands): .sp .if n \{\ .RS 4 .\} .nf $ \%\fBcp /data/opendj/config/java\&.properties $HOME/\fR $ \%\fBvim $HOME/java\&.properties\fR $ \%\fB/opt/opendj25/bin/dsjavaproperties $HOME/java\&.properties\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf The operation was successful\&. The server commands will use \e the java arguments and java home specified in the properties \e file located in /data/opendj/config/java\&.properties .fi .if n \{\ .RE .\} .PP \%\fBExample 7\fR: Instruct SMF to start the default OpenDJ instance now (and every time, the zone gets rebooted \- as well as to stop the server, when the zone is going down): .sp .if n \{\ .RS 4 .\} .nf $ \%\fBsvcadm enable opendj25:default\fR .fi .if n \{\ .RE .\} .PP \%\fBExample 8\fR: Check the state of the service: .sp .if n \{\ .RS 4 .\} .nf $ \%\fBsvcs \-l opendj25:default\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf fmri svc:/network/ldap/opendj25:default name OpenDJ LDAP directory server enabled true state online next_state none state_time Mon Apr 22 09:28:19 2013 logfile /var/svc/log/network\-ldap\-opendj25:default\&.log restarter svc:/system/svc/restarter:default contract_id 5037 manifest /lib/svc/manifest/network/ldap/opendj25\&.xml dependency require_all/none svc:/system/filesystem/local (online) dependency optional_all/refresh svc:/system/identity:domain (online) dependency require_all/none svc:/network/service (online) .fi .if n \{\ .RE .\} .PP \%\fBExample 9\fR: Check the state of the OpenDJ server instance: .sp .if n \{\ .RS 4 .\} .nf $ \%\fB/opt/opendj25/bin/status \-\-bindDN \'cn=Directory Manager\' \e \-w mySecretPassword\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf \-\-\- Server Status \-\-\- Server Run Status: Started Open Connections: 1 \-\-\- Server Details \-\-\- Host Name: ldap\&.example\&.com Administrative Users: cn=Directory Manager Installation Path: /opt/opendj25 Instance Path: /data/opendj Version: OpenDJ 2\&.5\&.0\-Xpress1 Java Version: 1\&.7\&.0_17 Administration Connector: Port 4444 (LDAPS) \-\-\- Connection Handlers \-\-\- Address:Port : Protocol : State \-\-\-\-\-\-\-\-\-\-\-\-\-:\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-:\-\-\-\-\-\-\-\-\- \-\- : LDIF : Disabled 0\&.0\&.0\&.0:161 : SNMP : Disabled 0\&.0\&.0\&.0:389 : LDAP (allows StartTLS) : Enabled 0\&.0\&.0\&.0:636 : LDAPS : Enabled 0\&.0\&.0\&.0:1689 : JMX : Disabled \-\-\- Data Sources \-\-\- Base DN: dc=example,dc=com Backend ID: userRoot Entries: 1 Replication: Disabled .fi .if n \{\ .RE .\} .PP \%\fBExample 10\fR: An example for \%~/\&.opendj/tools\&.properties: .sp .if n \{\ .RS 4 .\} .nf hostname=directory\&.example\&.com port=389 bindDN=uid=kvaughan,ou=People,dc=example,dc=com ldapcompare\&.port=389 ldapdelete\&.port=389 ldapmodify\&.port=389 ldappasswordmodify\&.port=389 ldapsearch\&.port=389 .fi .if n \{\ .RE .\} .PP \%\fBExample 11\fR: Check the contents of the admin key store (you can do this as user ldapd as well): .sp .if n \{\ .RS 4 .\} .nf # \%\fBkeytool \-list \-v \e \-keystore /data/opendj/config/admin\-keystore \-storepass \e `cat /data/opendj/config/admin\-keystore\&.pin`\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: admin\-cert Creation date: 21\&.04\&.2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=ldap\&.example\&.com, O=Administration Connector Self\-Signed Certificate Issuer: CN=ldap\&.exampl\&.com, O=Administration Connector Self\-Signed Certificate Serial number: 4a50ad15 Valid from: Sun Apr 21 09:51:35 CEST 2013 until: Tue Apr 21 09:51:35 CEST 2015 Certificate fingerprints: MD5: 00:A7:BC:FC:1E:FA:DC:0C:CF:F6:9A:F7:58:26:42:EC SHA1: D0:55:04:A2:13:48:29:DE:CA:32:8E:DF:CD:55:3F:80:C5:AB:D7:DF SHA256: FF:66:A1:D0:C8:CB:A3:2E:94:3C:40:20:B9:07:65:31:97:80:90:7B:3D:69:66:B2:ED:6E:FF:05:90:AD:8C:98 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* ******************************************* .fi .if n \{\ .RE .\} .PP \%\fBExample 12\fR: Check the contents of the admin trust store (you can do this as user ldapd as well): .sp .if n \{\ .RS 4 .\} .nf # \%\fBkeytool \-list \-v \e \-keystore /data/opendj/config/admin\-truststore \-storepass \e `cat /data/opendj/config/admin\-keystore\&.pin`\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: admin\-cert Creation date: 21\&.04\&.2013 Entry type: trustedCertEntry Owner: CN=ldap\&.example\&.com, O=Administration Connector Self\-Signed Certificate Issuer: CN=ldap\&.example\&.com, O=Administration Connector Self\-Signed Certificate Serial number: 4a50ad15 Valid from: Sun Apr 21 09:51:35 CEST 2013 until: Tue Apr 21 09:51:35 CEST 2015 Certificate fingerprints: MD5: 00:A7:BC:FC:1E:FA:DC:0C:CF:F6:9A:F7:58:26:42:EC SHA1: D0:55:04:A2:13:48:29:DE:CA:32:8E:DF:CD:55:3F:80:C5:AB:D7:DF SHA256: FF:66:A1:D0:C8:CB:A3:2E:94:3C:40:20:B9:07:65:31:97:80:90:7B:3D:69:66:B2:ED:6E:FF:05:90:AD:8C:98 Signature algorithm name: SHA1withRSA Version: 3 .fi .if n \{\ .RE .\} .PP \%\fBExample 13\fR: Check the contents of the trust store used wrt\&. replication (you can do this as user ldapd as well): .sp .if n \{\ .RS 4 .\} .nf # \%\fBkeytool \-list \-v \e \-keystore /data/opendj/config/ads\-truststore \-storepass \e `cat /data/opendj/config/ads\-keystore\&.pin`\fR .fi .if n \{\ .RE .\} .sp .if n \{\ .RS 4 .\} .nf Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: ea2f4b92885143d7f314f84440de01b7 Creation date: 21\&.04\&.2013 Entry type: trustedCertEntry Owner: CN=ldap\&.example\&.com, O=OpenDJ Certificate Issuer: CN=ldap\&.example\&.com, O=OpenDJ Certificate Serial number: 46d0e045 Valid from: Sun Apr 21 09:51:36 CEST 2013 until: Sat Apr 16 09:51:36 CEST 2033 Certificate fingerprints: MD5: EA:2F:4B:92:88:51:43:D7:F3:14:F8:44:40:DE:01:B7 SHA1: 1F:7D:5F:76:D7:AA:1F:F6:0E:E9:EC:EF:BA:9D:BF:D6:2E:AC:32:D8 SHA256: 3D:87:1A:B5:5B:13:DF:CF:AA:5D:DC:C7:34:0E:92:E3:60:51:EA:92:36:EF:B4:59:14:A8:38:05:FD:25:CC:45 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* ******************************************* Alias name: ads\-certificate Creation date: 21\&.04\&.2013 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=ldap\&.example\&.com, O=OpenDJ Certificate Issuer: CN=ldap\&.example\&.com, O=OpenDJ Certificate Serial number: 46d0e045 Valid from: Sun Apr 21 09:51:36 CEST 2013 until: Sat Apr 16 09:51:36 CEST 2033 Certificate fingerprints: MD5: EA:2F:4B:92:88:51:43:D7:F3:14:F8:44:40:DE:01:B7 SHA1: 1F:7D:5F:76:D7:AA:1F:F6:0E:E9:EC:EF:BA:9D:BF:D6:2E:AC:32:D8 SHA256: 3D:87:1A:B5:5B:13:DF:CF:AA:5D:DC:C7:34:0E:92:E3:60:51:EA:92:36:EF:B4:59:14:A8:38:05:FD:25:CC:45 Signature algorithm name: SHA1withRSA Version: 3 ******************************************* ******************************************* .fi .if n \{\ .RE .\} .SH "ENVIRONMENT VARIABLES" .PP SMF_FMRI .RS 4 Contains the SMF Fault Management Resource Identifier of the SMF service to use to obtain the name of the instance data directory (service property config/datadir), which is needed by all OpenDJ tools\&. If unset, svc:/network/ldap/opendj:default will be used\&. .RE .PP INSTANCE_ROOT .RS 4 This variable should not explicitly set: it will be set to the value of the config/datadir property of the corresponding SMF service (see SMF_FMRI above)\&. However, if it is set, the service $SMF_FMRI gets not queried for the mentioned property and thus can bee seen as an overwrite of the instance data directory to be used\&. .RE .PP INSTALL_ROOT .RS 4 Gets set by the OpenDJ tools internally and refers to the installation directory of OpenDJ (default: \%/opt/opendj25)\&. .RE .PP OPENDJ_JAVA_BIN .RS 4 The name of the java VM executable to use\&. If not set, it gets determined automatically\&. NOTE: Usually one should \fInot\fR set it explicitly but use \%\fI$INSTANCE_ROOT\fR\%/config/java\&.properties instead\&. Depending on how it was created, it may even overrule, i\&.e\&. reset the value of this variable\&. See \fBdsjavaproperties\fR(1M) for more information\&. .RE .PP JAVA_BIN .RS 4 Used as fallback for OPENDJ_JAVA_BIN (same note applies)\&. .RE .PP OPENDJ_JAVA_HOME .RS 4 Used as fallback to find the Java VM executable to use\&. Same note as for OPENDJ_JAVA_BIN applies\&. .RE .PP JAVA_HOME .RS 4 Used as fallback to find the Java VM executable to use\&. Same note as for OPENDJ_JAVA_BIN applies\&. .RE .SH "FILES" .PP /opt/opendj25 .RS 4 The default OpenDJ install directory\&. .RE .PP /var/share/ldap/opendj .RS 4 The default OpenDJ server instance data directory\&. .RE .PP \%\fI$HOME\fR/\&.opendj/tools\&.properties .RS 4 A Java properties file with default parameter settings to use, when a command, that supports the option \%\fB\-\-propertiesFilePath\fR gets launched without the option \%\fB\-\-noPropertiesFile\fR\&. .RE .PP \%\fI$INSTANCE_ROOT\fR/config/tools\&.properties .RS 4 A Java properties file with default parameter settings to use, when a command, that supports the option \%\fB\-\-propertiesFilePath\fR gets launched without the option \%\fB\-\-noPropertiesFile\fR and there is no tools\&.properties file in the user\'s \%\fI$HOME\fR\%/\&.opendj/\&. .RE .PP \%\fI$INSTALL_ROOT\fR/tmpl_instance/config/tools\&.properties .RS 4 A tools\&.properties example incl\&. documentation\&. .RE .PP \%\fI$INSTANCE_ROOT\fR/config/java\&.properties .RS 4 A Java properties file used by \fBdsjavaproperties\fR(1M) to define the default JVM executable and arguments to be used by OpenDJ tools\&. .RE .PP \%\fI$INSTALL_ROOT\fR/tmpl_instance/config/java\&.properties .RS 4 A java\&.properties example incl\&. documentation\&. .RE .PP \%\fI$INSTANCE_ROOT\fR/db .RS 4 Directory where the embedded Java Berkeley DB stores its files\&. .RE .PP \%\fI$INSTANCE_ROOT\fR/config/MakeLDIF .RS 4 Directory containing LDIF templates incl\&. an example\&. See \fBmake-ldif\fR(1M) for more information\&. .RE .PP \%\fI$INSTANCE_ROOT\fR\%/config/admin\-keystore .RS 4 The Java Key Store (JKS) containing SSL certificate(s) used by the server itself for authentication/authorization\&. .RE .PP \%\fI$INSTANCE_ROOT\fR\%/config/admin\-truststore .RS 4 The Java Key Store (JKS) containing SSL CA certificate(s), which hould be used to determine, whether to trust a certificate sent by a client\&. I\&.e\&. if a client presents a certificate which is signed by an instance (or one of its descendants) represented by a certificate in the truststore, the server accepts the client certificate and checks its contents to do further validation\&. .RE .PP \%\fI$INSTANCE_ROOT\fR\%/config/admin\-keystore\&.pin .RS 4 The file with the password required to access/manage the \%\fI$INSTANCE_ROOT\fR\%/config/admin\-keystore as well as the \%\fI$INSTANCE_ROOT\fR\%/config/admin\-truststore\&. .RE .PP \%\fI$INSTANCE_ROOT\fR\%/config/ads\-truststore .RS 4 The Java Key Store (JKS) containing SSL certificate(s) used for replication\&. .RE .PP \%\fI$INSTANCE_ROOT\fR\%/config/ads\-truststore\&.pin .RS 4 The file with the password required to access/manage the \%\fI$INSTANCE_ROOT\fR\%/config/ads\-truststore\&. .RE .PP /etc/security/auth_attr\&.d/opendj .RS 4 Location of the OpenDJ authorization definitions\&. On Solaris 10 these authorizations are append to \%/etc/security/auth_attr\&. .RE .PP /etc/security/prof_attr\&.d/opendj .RS 4 Location of the definition of the "OpenDJ Admin" profile description\&. On Solaris 10 it is append to \%/etc/security/prof_attr\&. .RE .PP /etc/security/exec_attr\&.d/opendj25 .RS 4 Location of the OpenDJ execution profile\&. On Solaris 10 it is append to \%/etc/security/exec_attr\&. .RE .SH "SEE ALSO" .PP \fBconfigure\fR(1M), \fBsetup\fR(1M), \fBupgrade\fR(1M), \fBunconfigure\fR(1M) .PP \fBbackup\fR(1M), \fBbase64\fR(1M), \fBcontrol-panel\fR(1M), \fBdbtest\fR(1M), \fBdsconfig\fR(1M), \fBdsframework\fR(1M), \fBdsjavaproperties\fR(1M), \fBdsreplication\fR(1M), \fBencode-password\fR(1M), \fBexport-ldif\fR(1M), \fBimport-ldif\fR(1M), \fBldapcompare\fR(1M), \fBldapdelete\fR(1M), \fBldapmodify\fR(1M), \fBldappasswordmodify\fR(1M), \fBldapsearch\fR(1M), \fBldif-diff\fR(1M), \fBldifmodify\fR(1M), \fBldifsearch\fR(1M), \fBlist-backends\fR(1M), \fBmake-ldif\fR(1M), \fBmanage-account\fR(1M), \fBmanage-tasks\fR(1M), \fBrebuild-index\fR(1M), \fBrestore\fR(1M), \fBstart-ds\fR(1M), \fBstatus\fR(1M), \fBstop-ds\fR(1M), \fBverify-index\fR(1M), \fBmake-ldif-template\fR(5) .PP \fBsmf\fR(5), \fBrbac\fR(5), \fBuseradd\fR(1M), \fBusermod\fR(1M), \fBpfexec\fR(1M), \fBsvcadm\fR(1M), \fBsvccfg\fR(1M), \fBsvcprop\fR(1)\&. .PP \fB\%\%http://www.forgerock.com/\fR, \fB\%\%http://opendj.forgerock.org/\fR, \fB\%\%https://wikis.forgerock.org/confluence/display/OPENDJ/Home\fR, \fB\%\%http://docs.oracle.com/cd/E19476-01/index.html\fR