How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I set advanced properties with dsconfig in DS (All versions)?

Last updated Jun 15, 2021

The purpose of this article is to provide assistance with setting advanced properties with dsconfig in DS. Advanced properties are not shown by default.


Setting advanced properties with dsconfig

There are a number of DS configuration settings that you can set with dsconfig that are considered advanced properties. These advanced properties are not shown by default.

For example, if you want to permit multiple password values in a password policy using the dsconfig set-password-policy-prop command and know from looking at Password Policy that the property you want to set is advanced, you just need to include --advanced before the sub-command. For example:

  • DS 7.1 and later: $ ./dsconfig set-password-policy-prop --bindDN uid=admin --bindPassword password --policy-name "Multi Value Policy" --advanced --set allow-multiple-password-values:true --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
  • DS 7: $ ./dsconfig set-password-policy-prop --bindDN uid=admin --bindPassword password --policy-name "Multi Value Policy" --advanced --set allow-multiple-password-values:true --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
  • Pre-DS 7: $ ./dsconfig set-password-policy-prop --bindDN "cn=Directory Manager" --bindPassword password --policy-name "Multi Value Policy" --advanced --set allow-multiple-password-values:true --trustAll --no-prompt

Similarly, you can use --advanced with a get command to show all properties, including the advanced ones.

For example, if you want to check the current property settings for the LDAP Connection Handler using the dsconfig get-connection-handler-prop command, you would use a command such as the following depending on your version:

  • DS 7.1 and later: $ ./dsconfig get-connection-handler-prop --port 4444 --bindDN uid=admin --bindPassword password --handler-name LDAP --advanced --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePassword:file /path/to/ds/config/keystore.pin --no-prompt
  • DS 7: $ ./dsconfig get-connection-handler-prop --port 4444 --bindDN uid=admin --bindPassword password --handler-name LDAP --advanced --usePkcs12TrustStore /path/to/ds/config/keystore --trustStorePasswordFile /path/to/ds/config/keystore.pin --no-prompt
  • DS 6.x: $ ./dsconfig get-connection-handler-prop --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --handler-name LDAP --advanced --trustAll --no-prompt
  • DS 5.x: $ ./dsconfig get-connection-handler-prop --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --handler-name "LDAP Connection Handler" --advanced --trustAll --no-prompt

See Also

dsconfig

Configuration Reference

Related Training

ForgeRock Directory Services Core Concepts (DS-400)

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.