Directory administration daemon
The directory administration daemon (idsdiradm) enables remote management of an instance of the IBM® Tivoli® Directory Server. It must be installed on the machine where the IBM Tivoli Directory Server is installed and must be running continuously. The directory administration daemon accepts requests by way of LDAP extended operations and supports starting, stopping, restarting, and status monitoring of the IBM Tivoli Directory Server.
The directory administration daemon does not support any access to the configuration file or the configuration backend. However, it supports dynamic update requests. By supporting dynamic update requests, the server ensures that its in memory configuration remains in sync with the server's configuration. For instance, if an update is made to the configuration file that impacts both the admin daemon and the directory server, the dynamic update request is sent to both the admin daemon and the directory server.
The admin daemon will not check the bind DN and password against the configuration file every time there is a bind request. Instead, it will issue a config update request for any changes to admin DN and password to take effect.
Only a subset of local admin group members can bind to the admin daemon. For instance, local admin group members configured with the roles of Audit admin, server configuration group member, and server start/stop administrator can bind to the admin daemon.
By default, the first instance of the IBM Directory administration daemon listens on two ports, port 3538 for non-SSL connections and port 3539 for SSL connections, if SSL communication is enabled.
The directory administration daemon can also be used to perform root DSE searches.
To start the directory administration daemon, run the program idsdiradm from any command prompt. See Starting an instance of the directory administration daemon.
Notes:
- The administration daemon supports auditing version 3 only.
- The administration daemon auditing is enabled for all operations by default.
- If you enable SSL communication, the directory administration daemon must be stopped and restarted for SSL to take effect. See Using Web Administration:.
- If you change the time zone on your Windows® machine, we need to restart the server and the administration daemon in order for the server and administration daemon to recognize the time change. This ensures that the time stamps in the administration daemon's logs match the time stamps in the server's logs.
- The administration daemon supports all read log access extended operations. This means that log files can be read remotely even when the directory server is not running.
Starting an instance of the directory administration daemon
By default, the administration daemon is started when you create a directory server instance.
To start an instance of the administration daemon do either of the following:
- For UNIX® or Linux-based and Windows-based systems issue the command:
idsdiradm -I <instancename>- For Windows-based systems, we can also use Control Panel ->Administrative Tools->Services, select IBM Tivoli Directory Server Instance V6.1 - <instancename> Admin Daemon, click Start.
On Linux® SLES systems, the Admin Daemon must not be started from inittab. Instead, start the Admin Daemon manually from the command line. See the idsdiradm command information in the IBM Tivoli Directory Server version 6.1 Command Reference for more information.
Stopping an instance of the directory administration daemon
To stop an instance of the administration daemon use one of the following methods:
- If you have already configured a directory administration DN and password, we can use the ibmdirctl command to stop the administration daemon. This command is not platform specific. See the ibmdirctl command information in the IBM Tivoli Directory Server version 6.1 Command Reference for more information.
Issue one of the commands:
ibmdirctl -D <adminDN> -w <adminPW> -h <hostname> -p <port> admstopThe ibmdirctl command can be issued locally or remotely.
idsdiradm -I <instancename> -kThe idsdiradm command must be issued locally.
- For Windows-based systems, we can also use IBM Tivoli Directory Server Instance V6.1 - <instancename> Admin Daemon, click Stop.
[ Top of Page | Previous Page | Next Page | Contents | Index ]