Command line switches for the database server
You can use command line switches to set options for the dbadmin command and to manage the IBM Engineering Requirements Management DOORS (DOORS ) database server.
For the list of the command line switches for the DOORS client, see Command line switches for the DOORS client.
Switch (abbreviation) | Parameter | Description |
---|---|---|
-data (-d) | port@DOORSserver | You must specify the switch. This switch identifies the database server, where port is the port number that the database server is using and DOORSserver is the name of the computer where the database server is installed. |
-killprocess (-k) | channel_identifier | This switch disconnects the user connection that is specified by the
channel_identifier parameter. The channel_identifier
parameter is displayed by the |
-killserver (-K) | This switch stops the server. | |
-locklist (-l) | This switch lists all of the files that are currently locked and the channel identifier for each file. | |
-outfile (-o) | filename | This switch sends output to a file. Use this switch with the
|
-password (-P) | password | This switch is the current password for the server. |
-newpassword (-p) | newpassword | This switch is the new password for the server. |
-unlock (-U) | channel_identifier | This switch unlocks the file that is specified by the
channel_identifier parameter. The channel_identifier
parameter is displayed by the |
-userlist (-u) | This switch lists all of the user connections. | |
-serverLogging | log_level | If the server was started with the loglevel and
logfile parameters, you can use this switch to change the level of logging. You do not need to restart the server for the new log level to take effect. For more information about logging, including a description of log levels, see Log files. |
-tdsUserFilterLimit | string | This switch sets limits on Rational® Directory Server user searches. |
-tdsGroupFilterLimit | string | This switch sets limits on Rational Directory Server group searches. |
-useCardAuthentication | This switch turns on smart card authentication. | |
-doNotUseCardAuthentication | This switch turns off smart card authentication. | |
-useOSUserAuthentication | This switch turns on OS user authentication. | |
-doNotUseOSUserAuthentication | This switch turns off OS user authentication. | |
-certName | string | This switch identifies the label of the certificate that identifies the server
during secure authentication. The default label is |
-enabledTlsProtocols | TLSV10 TLSV11 TLSV12 |
This switch can be used to select the protocols that are used for TLS
connections. The parameters for the option are comma-separated strings with three valid tokens:
TLSV10, TLSV11, and TLSV12.
Example
Enable only TLS v1.1 and TLS v1.2 with environment variable:
Note: enabledTlsProtocol cannot be used with the allowTls10And11
option. These two options cannot be used simultaneously.
|
-tls10CipherSuites -tls11CipherSuites -tls12CipherSuites |
See Cipher suites for RSA certificate |
These three switches can be used to customize the cipher suites for TLS protocols (v1.0, v1.1, and v1.2). Value of each option is a comma separated string. See Cipher suites for RSA certificate for a list of the cipher names used by default. Examples
As an environment variable:
Note: By default, DOORS complies with FIPS standard and optionally it supports SP800-131a. Both standards have a mandated set of cipher suites. Hence configuring cipher suites manually breaks compliance with FIPS and SP800.
|
Switch (abbreviation) | Parameter | Description |
---|---|---|
-dwaHost | DWAserver | This switch identifies the DWA
server, where DWAserver is the fully qualified hostname of the computer that the
web server is running on; for example, dwaserver.ibm.com. |
-dwaPort | port | This switch identifies the port number that the DWA
server is running on. See important notes after this table about default values and URIs. |
-dwaProtocol | http or https |
This switch specifies the protocol that the DWA
server is using. If communication is secure, enter See important notes after this table about the relationship of protocol and default port values. |
-dcnEnable | This switch enables the Data Change Notifications that are required to enable communication with the DWA server and broker. | |
-dcnBrokerUri | tcp:/ /broker:61616 |
This switch identifies the DWA broker, where broker is the computer that is hosting the broker and 61616 is the default port number that the broker uses. |
-dcnChannelName | dcn |
This switch sets up the Data Change Notifications channel. The channel name is
always "dcn" . |
-dcnInfo | This switch checks the status of the Data Change Notifications service. | |
-dcnEnable | This switch turns on the Data Change Notifications service. | |
-dcnDisable | This switch turns off the Data Change Notifications service. |
- If -dwaProtocol="https" and -dwaPort="", then the stored port number is 443.
- If -dwaProtocol="http" and -dwaPort="", then the stored port number is
80.
If the -dwaPort value is set to match the default, and the -dwaProtocol value is changed, the port value is changed to match the default value of the new protocol. For example, if the current setting is -dwaProtocol="http" and -dwaPort="80", and the dbadmin command is run again with -dwaProtocol="https", then the port value is reset to 443.
The client and interoperation server that are available in the current release of DOORS do not include the port value in generated URIs. If you are using an older client, generated URIs might include the port value.
Switch (abbreviation) | Parameter | Description |
---|---|---|
-minstall | -port
port_number
-serverdata
server_data_path |
This switch creates an additional DOORS
database server service on computers with Windows operating
systems if the parameters are set with these values:
"doorsd -minstall -port 36666 -serverdata <DOORS_install_dir>\new_data". An instance number, such as 00001, is assigned to the new service. |
-remove | This switch removes the default service that is created when the database server is installed the first time. | |
-mremove | -i service_instance_number |
This switch removes a specific instance of the database server service where portnumber is equal to the instance number assigned to the name of the database service. |
-list | This switch outputs a list, in table format, of all configured DOORS database server services and their status. | |
-logfile | log_file | This switch set the file that is used for database server transaction logging. For a description of log levels, see Log files. |
-loglevel | log_level | This switch sets the level of detail for information that is recorded by the database server transactional logging. Use the value 0 to turn off logging. Use the value 6 to produce the most verbose details. |
-start | This switch starts the default database server service. | |
-stop | This switch stops the default database server service. | |
-logxconfig (-X) | logging_file_name | The full name of the log4cxx configuration file; for
example, <DOORS_install_dir>\logging-config.xml . Log4cxx
is a framework for logging application messages. When you use this parameter on the command line or
in the registry, application messages are output to in the specified configuration file. Six levels
of message are logged:
|
-secure | on, ON, off, OFF |
This switch specifies whether the DOORS server is configured to start in secure mode. |
-keyDB | filename | This switch is the full path to the key database file that contains the keys
that are used for DOORS
SSL authentication and validation, including the file name. The default path is DOORS\9.version\certdb\client_authentication.kdb. This switch takes precedence over the -certdb switch. To specify a location for the Rational Directory Server key database folder, use the -certdb switch. To specify a separate location for the DOORS SSL key database file, use the -keyDB switch. |
-certdb | folder_name | This switch identifies the folder that contains the key database files that
contain the keys for the Rational Directory Server and
DOORS
SSL. The default path is DOORS\9.version\certdb\. To put the key database files for DOORS SSL in a separate folder, use the -keyDB switch. The -keyDB switch takes precedence over the -certdb switch. |
-certName | string | This switch identifies the label of the certificate that identifies the server
during secure authentication. The default label is |
-serverhostname | string | This switch is the name that the server uses to identify itself during
certificate validation. The default label is |
-timeout | time |
You can add a timeout for Transport Layer Security (TLS) and Secure Sockets Layer (SSL). The range that is supported for the timeout is 100 - 60000 milliseconds. Example Important: If you enter the timeout that is not within the specified range, the server
doesn’t start, and an error message is shown.
|
Cipher suites for RSA certificates
- tls10CipherSuites
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
- tls11CipherSuites
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
- tls12CipherSuites
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Example command line command
You can use command line switches in shortcuts and on the command line.
36677@IBMEDSERV
, enter this
command:dbadmin -data 36677@abc -killserver
Example shortcut command
"<DOORS_install_dir>\bin\doorsd.exe" -start