set dsa Command -- Define the Knowledge Settings of a DSA

If you do not use DXmanager, use the set dsa command to define the knowledge of a DSA.
cad
If you do not use DXmanager, use the
set dsa
command to define the knowledge of a DSA.
You must declare the parameters in the order shown.
This command has the following format:
set dsa dsaname = { prefix = DN [ native-prefix = DN ] dsa-name = DN [ dsa-password = password ] [ ldap-dsa-name = DN ] [ ldap-dsa-password = password ] address = tcp hostname port port-number [ ,tcp hostname2 port port-number2 ] [ tsap = tsel ] [ ssap = ssel ] [ osi-psap = psel ] [ disp-psap = dispsap ] [ cmip-psap = cmipsap ] [ snmp-port = port-number ] [ console-port = port-number ] [ remote-console-port = port-number ] [ remote-console-ssl = true | false ] [ console-password = password | "{password-format}password-hash" ] [ auth-levels = anonymous | clear-password | ssl-auth ] [ dsp-idle-time = idle-time ] [ dsa-flags = dsaflag-list ] [ trust-flags = trustflag-list ] [ link-flags = linkflag-list ] };
  • dsaname
    Specifies the name of the DSA.
  • prefix
    Specifies a partial DN, which specifies the namespace partition served by this DSA.
  • native-prefix
    Specifies a partial DN, which the DSA recognizes as applicable to its entries. This is generally only used with LDAP servers.
  • dsa-name
    Specifies the name of the DSA as a DN; not to be confused with the name of the server
  • dsa-password
    Specifies the password other DSAs must supply to communicate with this DSA.
  • ldap-dsa-name
    Specifies the name of the LDAP DSA.
  • ldap-dsa-password
    Specifies the password of the LDAP DSA.
  • address
    Specifies one or more TCP/IP addresses for the DSA in one of the following forms:
    • address = tcp "
      IP address
      " port
      number
    • address = tcp "
      host name
      " port
      number
    If there is a choice of addresses associated with the host name, the IPv6 address is selected. To specify the IPv4 address, replace the string
    tcp
    with
    ipv4
    . To specify the IPv6 address, replace the string
    tcp
    with
    ipv6
    .
    The SNMP trap address remains at IPv4.
    Example:
    Specifying an IP address for IPv4 environments:
    address = tcp "345.785.987.224" port 19389
    Example
    : Specifying an IP address for IPv6 environments:
    address = tcp "fe80::20d:56ff:fed4:8300%5" port 19389
    Example:
    Specifying an IP address for hybrid IPv6/IPv4 environments:
    address = tcp "fe80::20d:56ff:fed4:8300%5" port 19389, tcp "345.785.987.224" port 19389
    Example:
    Specifying a host name:
    address = tcp "eagle" port 19389
    Example:
    Specifying a host name for IPv4 environments:
    address = ipv4 "eagle" port 19389
  • tsap
    Specifies a Transport SAP port number. This is not often used.
  • ssap
    Specifies a Session SAP port number. This is not often used.
  • osi-psap
    Specifies a Presentation SAP port number. This is not often used.
  • disp-psap
    Specifies DISP Presentation SAP. If this is not set, DISP is disabled.
  • cmip-psap
    CMIP is no longer supported.
  • snmp-port
    Specifies the SNMP port.
  • console-port
    Specifies the console port address, which allows the DSA console to accept connections from the local computer. If this is not specified, the DSA does not have a local console.
  • remote-console-port
    Allows the DSA console to accept a connection from a remote computer on this port. When this is not specified, there is no remote console for the DSA.
  • remote-console-ssl
    Forces the DSA to encrypt console sessions when it runs remotely.
  • console-password
    The password required for connections from a remote computer. This password is transmitted in clear text.
  • auth-levels
    Specifies the levels of authentication that will be accepted by this DSA. May include
    anonymous
    ,
    clear-password
    , and
    ssl-auth
    .
  • dsp-idle-time
    Specifies the maximum time (in seconds) that a DSP connection can be idle before it is disconnected.
  • dsa-flags
    Specifies the flags that control the operation of the DSA. DSA flags are as follows:
    • limit-list
      Disables the list operation on the DSA.
    • limit-search
      Restricts complex searches or searches with no filter on the DSA.
    • limit-search-exact
      Limits a DSA to performing exact searches, that is searches with a single equality filter item with no wildcards.
    • load-share
      Marks a DSA as part of a load share group. The DSA should have other peer DSAs with the same prefix, which are also marked as load-share. A router DSA shares operations over each DSA in the load share group.
    • multi-write
      Marks a DSA as part of a multiwrite group. The DSA should have other peer DSAs, with the same prefix, which are also marked as multiwrite. Updates are automatically propagated to all peer DSAs marked as multiwrite.
    • multi-write-async
      Makes the DSA update asynchronously, even though it is in a multiwrite group.
    • multi-write-group-hub
      Specifies which DSAs in the group acts as the hub. This only works if you also have multi-write-group enabled. This setting prevents unsuitable DSAs being selected as the hub in a failover situation.
    • no-routing-ac
      Permits forwarding of a request to another DSA regardless of access control constraints.
    • no-service-while-recovering
      While this DSA is in recovery mode, it only accepts updates from peers: this prevents clients from accessing out-of-date data.
    • read-only
      Disables update operations on the DSA.
    • relay
      Permits a router DSA to exist without consuming a level of the DIT.
    • shadow
      Permits a DSA to be updated by DISP or multiwrite, but prevents any other updates, for example, through DAP or LDAP.
  • trust-flags
    Specifies flags relating to trust that control the operation of the DSA. Thrust flags are as follows:
    • allow-check-password
      Permits a DSA, while processing a bind request from a user who is not local, to pass a name and password-compare request to this DSA. The result of the compare request is then used to authenticate the user.
    • trust-conveyed-originator
      Signifies that a DSA treats the originator and authentication level passed in DSP chaining arguments as if that user and authentication level were authenticated locally.
    • allow-upgrading
      Lets the DSA pass an anonymous user request across an authenticated DSP link.
    • allow-downgrading
      Lets the DSA pass an authenticated user request across an anonymous DSP link.
    • no-server-credentials
      Removes the requirement for mutual authentication and permits a link to be set up if the remote DSA does not send credentials in the bind response.
  • link-flags
    Specifies flags that control connecting to the DSA. Link flags are as follows
    • dsp-ldap
      The DSA is treated as an LDAP server that supports LDAP 3.0. Other DSAs will send requests to the DSA as if it was an LDAP server.
      When dsp-ldap is configured, there will be no COMPARE operation on the userPassword attribute, following a bind. If the same user connects more than once, that user will use the same link, and dxserver will check that the user and the password are the same.
    • dsp-ldap-proxy
      Causes the last DSA in the chain to use the authorization of the originating user to perform operations on the LDAP server.
    • dsp-ldapv3
      The DSA is treated as an LDAP server that supports LDAP 3.0.
    • ms-ad
      The DSA is treated as an Active Directory service. If you observe any problems with linking to Active Directory, set this flag.
    • nexor
      Allows this DSA to bind anonymously to a Nexor DSA. To bind anonymously with a Nexor DSA, the message ID must be stripped of all identifying credentials.
    • rebind
      Allows this DSA to support concurrent binds. If this flag is not set on a link that a DSA requires for authenticating concurrent binds, these binds will fail. Used in conjunction with the set concurrent-bind-user command.
      Only use this flag for LDAP directories. If you do not use dsp-ldap, we recommend that you do not use use rebind either.
    • siemens
      Allows this DSA to bind anonymously to a Siemens DSA. To bind anonymously with a Siemens DSA, the message ID must be non-zero.
    • ssl-encryption
      All DSA-to-DSA communication to the DSA with this link flag uses SSL encryption.
    • ssl-encryption-remote
      It is similar to ssl-encryption, but SSL encryption is not used if the target DXserver is on the same host.
    • unavailable
      Marks a DSA as unavailable. A DSA will not forward requests to a DSA marked as unavailable.