set dsa Command -- Define the Knowledge Settings of a DSA
If you do not use DXmanager, use the set dsa command to define the knowledge of a DSA.
cad
If you do not use DXmanager, use the
set dsa
command to define the knowledge of a DSA. You must declare the parameters in the order shown.
This command has the following format:
set dsa dsaname = { prefix = DN [ native-prefix = DN ] dsa-name = DN [ dsa-password = password ] [ ldap-dsa-name = DN ] [ ldap-dsa-password = password ] address = tcp hostname port port-number [ ,tcp hostname2 port port-number2 ] [ tsap = tsel ] [ ssap = ssel ] [ osi-psap = psel ] [ disp-psap = dispsap ] [ cmip-psap = cmipsap ] [ snmp-port = port-number ] [ console-port = port-number ] [ remote-console-port = port-number ] [ remote-console-ssl = true | false ] [ console-password = password | "{password-format}password-hash" ] [ auth-levels = anonymous | clear-password | ssl-auth ] [ dsp-idle-time = idle-time ] [ dsa-flags = dsaflag-list ] [ trust-flags = trustflag-list ] [ link-flags = linkflag-list ] };
- dsanameSpecifies the name of the DSA.
- prefixSpecifies a partial DN, which specifies the namespace partition served by this DSA.
- native-prefixSpecifies a partial DN, which the DSA recognizes as applicable to its entries. This is generally only used with LDAP servers.
- dsa-nameSpecifies the name of the DSA as a DN; not to be confused with the name of the server
- dsa-passwordSpecifies the password other DSAs must supply to communicate with this DSA.
- ldap-dsa-nameSpecifies the name of the LDAP DSA.
- ldap-dsa-passwordSpecifies the password of the LDAP DSA.
- addressSpecifies one or more TCP/IP addresses for the DSA in one of the following forms:
- address = tcp "IP address" portnumber
- address = tcp "host name" portnumber
tcpwithipv4. To specify the IPv6 address, replace the stringtcpwithipv6.The SNMP trap address remains at IPv4.Example:Specifying an IP address for IPv4 environments:address = tcp "345.785.987.224" port 19389Example: Specifying an IP address for IPv6 environments:address = tcp "fe80::20d:56ff:fed4:8300%5" port 19389Example:Specifying an IP address for hybrid IPv6/IPv4 environments:address = tcp "fe80::20d:56ff:fed4:8300%5" port 19389, tcp "345.785.987.224" port 19389Example:Specifying a host name:address = tcp "eagle" port 19389Example:Specifying a host name for IPv4 environments:address = ipv4 "eagle" port 19389 - tsapSpecifies a Transport SAP port number. This is not often used.
- ssapSpecifies a Session SAP port number. This is not often used.
- osi-psapSpecifies a Presentation SAP port number. This is not often used.
- disp-psapSpecifies DISP Presentation SAP. If this is not set, DISP is disabled.
- cmip-psapCMIP is no longer supported.
- snmp-portSpecifies the SNMP port.
- console-portSpecifies the console port address, which allows the DSA console to accept connections from the local computer. If this is not specified, the DSA does not have a local console.
- remote-console-portAllows the DSA console to accept a connection from a remote computer on this port. When this is not specified, there is no remote console for the DSA.
- remote-console-sslForces the DSA to encrypt console sessions when it runs remotely.
- console-passwordThe password required for connections from a remote computer. This password is transmitted in clear text.
- auth-levelsSpecifies the levels of authentication that will be accepted by this DSA. May includeanonymous,clear-password, andssl-auth.
- dsp-idle-timeSpecifies the maximum time (in seconds) that a DSP connection can be idle before it is disconnected.
- dsa-flagsSpecifies the flags that control the operation of the DSA. DSA flags are as follows:
- limit-listDisables the list operation on the DSA.
- limit-searchRestricts complex searches or searches with no filter on the DSA.
- limit-search-exactLimits a DSA to performing exact searches, that is searches with a single equality filter item with no wildcards.
- load-shareMarks a DSA as part of a load share group. The DSA should have other peer DSAs with the same prefix, which are also marked as load-share. A router DSA shares operations over each DSA in the load share group.
- multi-writeMarks a DSA as part of a multiwrite group. The DSA should have other peer DSAs, with the same prefix, which are also marked as multiwrite. Updates are automatically propagated to all peer DSAs marked as multiwrite.
- multi-write-asyncMakes the DSA update asynchronously, even though it is in a multiwrite group.
- multi-write-group-hubSpecifies which DSAs in the group acts as the hub. This only works if you also have multi-write-group enabled. This setting prevents unsuitable DSAs being selected as the hub in a failover situation.
- no-routing-acPermits forwarding of a request to another DSA regardless of access control constraints.
- no-service-while-recoveringWhile this DSA is in recovery mode, it only accepts updates from peers: this prevents clients from accessing out-of-date data.
- read-onlyDisables update operations on the DSA.
- relayPermits a router DSA to exist without consuming a level of the DIT.
- shadowPermits a DSA to be updated by DISP or multiwrite, but prevents any other updates, for example, through DAP or LDAP.
- trust-flagsSpecifies flags relating to trust that control the operation of the DSA. Thrust flags are as follows:
- allow-check-passwordPermits a DSA, while processing a bind request from a user who is not local, to pass a name and password-compare request to this DSA. The result of the compare request is then used to authenticate the user.
- trust-conveyed-originatorSignifies that a DSA treats the originator and authentication level passed in DSP chaining arguments as if that user and authentication level were authenticated locally.
- allow-upgradingLets the DSA pass an anonymous user request across an authenticated DSP link.
- allow-downgradingLets the DSA pass an authenticated user request across an anonymous DSP link.
- no-server-credentialsRemoves the requirement for mutual authentication and permits a link to be set up if the remote DSA does not send credentials in the bind response.
- link-flagsSpecifies flags that control connecting to the DSA. Link flags are as follows
- dsp-ldapThe DSA is treated as an LDAP server that supports LDAP 3.0. Other DSAs will send requests to the DSA as if it was an LDAP server.When dsp-ldap is configured, there will be no COMPARE operation on the userPassword attribute, following a bind. If the same user connects more than once, that user will use the same link, and dxserver will check that the user and the password are the same.
- dsp-ldap-proxyCauses the last DSA in the chain to use the authorization of the originating user to perform operations on the LDAP server.
- dsp-ldapv3The DSA is treated as an LDAP server that supports LDAP 3.0.
- ms-adThe DSA is treated as an Active Directory service. If you observe any problems with linking to Active Directory, set this flag.
- nexorAllows this DSA to bind anonymously to a Nexor DSA. To bind anonymously with a Nexor DSA, the message ID must be stripped of all identifying credentials.
- rebindAllows this DSA to support concurrent binds. If this flag is not set on a link that a DSA requires for authenticating concurrent binds, these binds will fail. Used in conjunction with the set concurrent-bind-user command.Only use this flag for LDAP directories. If you do not use dsp-ldap, we recommend that you do not use use rebind either.
- siemensAllows this DSA to bind anonymously to a Siemens DSA. To bind anonymously with a Siemens DSA, the message ID must be non-zero.
- ssl-encryptionAll DSA-to-DSA communication to the DSA with this link flag uses SSL encryption.
- ssl-encryption-remoteIt is similar to ssl-encryption, but SSL encryption is not used if the target DXserver is on the same host.
- unavailableMarks a DSA as unavailable. A DSA will not forward requests to a DSA marked as unavailable.