From c19cb1ec29359a2f63f32753c54b837cb6998187 Mon Sep 17 00:00:00 2001 From: Maxim Thomas Date: Tue, 1 Oct 2024 12:20:54 +0300 Subject: [PATCH] Generate man pages in the AsciiDoc format (#418) --- .github/workflows/deploy.yml | 5 +- .../forgerock/opendj/cli/ArgumentParser.java | 2 +- .../opendj/cli/SubCommandArgumentParser.java | 2 +- .../com/forgerock/opendj/cli/cli.properties | 12 +- .../resources/templates/dscfgAppendProps.ftl | 17 +- .../resources/templates/dscfgListItem.ftl | 12 +- .../resources/templates/dscfgListSubtypes.ftl | 40 +- .../resources/templates/dscfgReference.ftl | 24 +- .../resources/templates/dscfgSubcommand.ftl | 106 +- .../resources/templates/dscfgVarListEntry.ftl | 10 +- .../resources/templates/dscfgVariableList.ftl | 29 +- .../resources/templates/optionsRefSect1.ftl | 80 +- .../src/main/resources/templates/refEntry.ftl | 89 +- .../src/main/resources/templates/refSect1.ftl | 25 +- .../src/main/resources/templates/refSect2.ftl | 71 +- .../opendj/config/dsconfig/DSConfig.java | 10 +- .../opendj/dsconfig/dsconfig.properties | 4 +- opendj-doc-generated-ref/pom.xml | 281 +- .../asciidoc/admin-guide/chap-pwd-policy.adoc | 5 +- .../main/asciidoc/man-pages/_attributes.adoc | 39 + .../man-pages/_backendstat-examples.adoc | 37 + .../asciidoc/man-pages/_backup-examples.adoc | 55 + .../asciidoc/man-pages/_base64-examples.adoc | 40 + .../man-pages/_control-panel-examples.adoc | 26 + .../man-pages/_create-rc-script-examples.adoc | 28 + .../_description-dsconfig-subcommands.adoc | 124 + .../man-pages/_description-dsconfig.adoc | 28 + .../man-pages/_description-psearch-info.adoc | 67 + .../man-pages/_dsconfig-examples.adoc | 124 + .../man-pages/_dsreplication-examples.adoc | 71 + .../man-pages/_encode-password-examples.adoc | 49 + .../asciidoc/man-pages/_exit-codes-0-1.adoc | 29 + .../man-pages/_exit-codes-0-5-6-other.adoc | 35 + .../man-pages/_exit-codes-0-80-89.adoc | 31 + .../asciidoc/man-pages/_exit-codes-0-89.adoc | 29 + .../asciidoc/man-pages/_exit-codes-0-gt0.adoc | 29 + .../man-pages/_exit-codes-0-ldap-89.adoc | 37 + .../man-pages/_export-ldif-examples.adoc | 29 + .../src/main/asciidoc/man-pages/_files.adoc | 37 + .../src/main/asciidoc/man-pages/_filters.adoc | 23 + .../man-pages/_import-ldif-examples.adoc | 28 + .../man-pages/_ldapcompare-examples.adoc | 42 + .../man-pages/_ldapcompare-exit-codes.adoc | 49 + .../man-pages/_ldapdelete-examples.adoc | 41 + .../man-pages/_ldapmodify-examples.adoc | 129 + .../_ldappasswordmodify-examples.adoc | 33 + .../man-pages/_ldapsearch-examples.adoc | 88 + .../man-pages/_ldifdiff-examples.adoc | 64 + .../man-pages/_ldifdiff-exit-codes.adoc | 32 + .../man-pages/_ldifmodify-examples.adoc | 66 + .../man-pages/_ldifsearch-examples.adoc | 73 + .../man-pages/_list-backends-examples.adoc | 37 + .../man-pages/_makeldif-examples.adoc | 32 + .../man-pages/_makeldif-see-also.adoc | 22 + .../man-pages/_manage-account-examples.adoc | 47 + .../man-pages/_manage-tasks-examples.adoc | 32 + .../man-pages/_rebuild-index-examples.adoc | 28 + .../asciidoc/man-pages/_restore-examples.adoc | 55 + .../asciidoc/man-pages/_setup-examples.adoc | 42 + .../man-pages/_start-ds-examples.adoc | 26 + .../asciidoc/man-pages/_status-examples.adoc | 65 + .../asciidoc/man-pages/_stop-ds-examples.adoc | 29 + .../man-pages/_uninstall-examples.adoc | 37 + .../man-pages/_upgrade-exit-codes.adoc | 46 + .../_variablelist-ldap-controls.adoc | 51 + .../man-pages/_verify-index-examples.adoc | 43 + .../man-pages/_verify-index-exit-codes.adoc | 34 + .../man-pages/man-dsjavaproperties.adoc | 98 + .../man-pages/man-makeldif-template.adoc | 270 + .../main/asciidoc/man-pages/man-opendj.adoc | 76 + .../man-pages/man-windows-service.adoc | 83 + .../asciidoc/reference/admin-tools-ref.adoc | 7106 +- .../reference/dsconfig-subcommands-ref.adoc | 206465 +-------------- .../generated-doc-sources-assembly.xml | 2 +- .../assembly/sdk-tools-man-pages-assembly.xml | 126 +- ...server-tools-man-page-sources-assembly.xml | 2 +- .../server-tools-man-pages-assembly.xml | 2 +- .../asciidoc/extensions/nested-open-block.rb | 21 + .../doc/GenerateGlobalAcisTableMojo.java | 7 +- .../maven/doc/GenerateMessageFileMojo.java | 2 +- .../maven/doc/GenerateRefEntriesMojo.java | 12 +- .../maven/doc/GenerateSchemaDocMojo.java | 4 +- .../maven/doc/AsciidocConverterUtils.java | 7 + .../opendj/maven/doc/docs.properties | 13 +- .../templates/appendix-ldap-result-codes.ftl | 74 +- .../templates/log-message-reference.ftl | 62 +- .../templates/sec-locales-subtypes.ftl | 79 +- .../resources/templates/table-global-acis.ftl | 60 +- .../opendj/ldap/tools/tools.properties | 8 +- pom.xml | 2 +- 90 files changed, 3335 insertions(+), 214308 deletions(-) create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_attributes.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backendstat-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backup-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_base64-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_control-panel-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_create-rc-script-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig-subcommands.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-psearch-info.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsconfig-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsreplication-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_encode-password-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-1.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-5-6-other.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-80-89.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-89.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-gt0.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-ldap-89.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_export-ldif-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_files.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_filters.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_import-ldif-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-exit-codes.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapdelete-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapmodify-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldappasswordmodify-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapsearch-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldifdiff-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldifdiff-exit-codes.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldifmodify-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldifsearch-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_list-backends-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_makeldif-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_makeldif-see-also.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-account-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-tasks-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_rebuild-index-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_restore-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_setup-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_start-ds-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_status-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_stop-ds-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_uninstall-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_upgrade-exit-codes.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_variablelist-ldap-controls.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-examples.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-exit-codes.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-dsjavaproperties.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-makeldif-template.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-opendj.adoc create mode 100644 opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-windows-service.adoc create mode 100644 opendj-doc-generated-ref/src/main/resources/asciidoc/extensions/nested-open-block.rb create mode 100644 opendj-doc-maven-plugin/src/main/java/org/openidentityplatform/opendj/maven/doc/AsciidocConverterUtils.java diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 521983b4da..f79fcc2e98 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -133,8 +133,9 @@ jobs: GITHUB_TOKEN: ${{ github.token }} run: | cd ${{ github.event.repository.name }}.wiki - rm -rf docbkx - cp -R ../opendj-doc-generated-ref/target/docbkx ../${{ github.event.repository.name }}.wiki + rm -rf asciidoc + mkdir asciidoc + cp -R ../opendj-doc-generated-ref/target/asciidoc/pdf ../${{ github.event.repository.name }}.wiki/asciidoc git add -A git commit -a -m "upload docs after deploy ${{ github.sha }}" git push --quiet --force diff --git a/opendj-cli/src/main/java/com/forgerock/opendj/cli/ArgumentParser.java b/opendj-cli/src/main/java/com/forgerock/opendj/cli/ArgumentParser.java index 8780bc8797..720dc5093b 100644 --- a/opendj-cli/src/main/java/com/forgerock/opendj/cli/ArgumentParser.java +++ b/opendj-cli/src/main/java/com/forgerock/opendj/cli/ArgumentParser.java @@ -659,7 +659,7 @@ void toRefEntry(StringBuilder builder, String synopsisArgs, List argLi * @return A String with line separators replaced by {@code </para><para>}. */ String eolToNewPara(final LocalizableMessage input) { - return input.toString().replaceAll(EOL, ""); + return input.toString().replaceAll(EOL, "\n"); } /** diff --git a/opendj-cli/src/main/java/com/forgerock/opendj/cli/SubCommandArgumentParser.java b/opendj-cli/src/main/java/com/forgerock/opendj/cli/SubCommandArgumentParser.java index 3dd33d29e4..06c3b7464d 100644 --- a/opendj-cli/src/main/java/com/forgerock/opendj/cli/SubCommandArgumentParser.java +++ b/opendj-cli/src/main/java/com/forgerock/opendj/cli/SubCommandArgumentParser.java @@ -1132,7 +1132,7 @@ private void setSubCommandOptionsInfo(Map map, SubCommand subCom Map info = new HashMap<>(); if (subCommandUsageHandler != null) { if (!doesHandleProperties(a)) { - nameOption = ""; + nameOption = "`" + optionSynopsis + "`"; } // Let this build its own arbitrarily formatted additional info. diff --git a/opendj-cli/src/main/resources/com/forgerock/opendj/cli/cli.properties b/opendj-cli/src/main/resources/com/forgerock/opendj/cli/cli.properties index b469dbb333..ea5ff6bbc9 100644 --- a/opendj-cli/src/main/resources/com/forgerock/opendj/cli/cli.properties +++ b/opendj-cli/src/main/resources/com/forgerock/opendj/cli/cli.properties @@ -448,14 +448,14 @@ ERR_ERROR_CANNOT_READ_HOST_NAME=Cannot read the host name # Strings for generated reference documentation. REF_TITLE_DESCRIPTION=Description REF_TITLE_OPTIONS=Options -REF_INTRO_OPTIONS=The %s command takes the following options: +REF_INTRO_OPTIONS=The `%s` command takes the following options: REF_DEFAULT=Default: %s REF_TITLE_SUBCOMMANDS=Subcommands -REF_INTRO_SUBCOMMANDS=The %s command supports the following subcommands: +REF_INTRO_SUBCOMMANDS=The `%s` command supports the following subcommands: REF_PART_TITLE_SUBCOMMANDS=%s Subcommands Reference -REF_PART_INTRO_SUBCOMMANDS=This section covers %s subcommands. -REF_DEFAULT_BACKEND_TYPE=Default: je for standard edition, \ - pdb for OEM edition. +REF_PART_INTRO_SUBCOMMANDS=This section covers `%s` subcommands. +REF_DEFAULT_BACKEND_TYPE=Default: `je` for standard edition, \ + `pdb` for OEM edition. # Supplements to descriptions for generated reference documentation. -SUPPLEMENT_DESCRIPTION_CONTROLS= +SUPPLEMENT_DESCRIPTION_CONTROLS=include::./_variablelist-ldap-controls.adoc[] diff --git a/opendj-cli/src/main/resources/templates/dscfgAppendProps.ftl b/opendj-cli/src/main/resources/templates/dscfgAppendProps.ftl index 4d20a023e2..6d5e1988fa 100644 --- a/opendj-cli/src/main/resources/templates/dscfgAppendProps.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgAppendProps.ftl @@ -12,13 +12,16 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - - ${title} - - ${intro} - +[#${id}] +== ${title} - ${list} - +${intro} + +-- + +${list} + +-- diff --git a/opendj-cli/src/main/resources/templates/dscfgListItem.ftl b/opendj-cli/src/main/resources/templates/dscfgListItem.ftl index d4836c232f..0c0d0ef1b2 100644 --- a/opendj-cli/src/main/resources/templates/dscfgListItem.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgListItem.ftl @@ -12,14 +12,6 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - - - - xlink:href="reference#${id}" - xlink:role="http://docbook.org/xlink/role/olink" - xlink:show="new" - >${name}: ${description} - - +* xref:dsconfig-subcommands-ref.adoc#${id}[${name}, window=_blank]: ${description} diff --git a/opendj-cli/src/main/resources/templates/dscfgListSubtypes.ftl b/opendj-cli/src/main/resources/templates/dscfgListSubtypes.ftl index 5789cbc05d..e86d9680bd 100644 --- a/opendj-cli/src/main/resources/templates/dscfgListSubtypes.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgListSubtypes.ftl @@ -12,34 +12,22 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - - - ${dependencies} - +[open] +==== +${dependencies} - - ${typesIntro} - +${typesIntro} - <#list children as child> - - ${child.name} - - - ${child.default} - - - - ${child.enabled} - - - - ${child.link} - - - +<#list children as child> +`${child.name}`:: ++ +${child.default} ++ +${child.enabled} ++ +${child.link} - - +==== diff --git a/opendj-cli/src/main/resources/templates/dscfgReference.ftl b/opendj-cli/src/main/resources/templates/dscfgReference.ftl index 860b8faa32..443ccb94d1 100644 --- a/opendj-cli/src/main/resources/templates/dscfgReference.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgReference.ftl @@ -12,24 +12,16 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> ${marker} - - ${title} +[#${name}-subcommands-ref] +== ${title} +:leveloffset: 1 - - - ${partintro} - - +${partintro} - <#list subcommands as subcommand> - - - +<#list subcommands as subcommand> +include::./man-${subcommand.id}.adoc[] + diff --git a/opendj-cli/src/main/resources/templates/dscfgSubcommand.ftl b/opendj-cli/src/main/resources/templates/dscfgSubcommand.ftl index cfdd01d24a..5c134c7b35 100644 --- a/opendj-cli/src/main/resources/templates/dscfgSubcommand.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgSubcommand.ftl @@ -1,6 +1,5 @@ ${marker} - - - + Copyright 2011-2017 ForgeRock AS. + Portions Copyright ${year} 3A Systems LLC. +//// - - - ${year} - 2011-2017 ForgeRock AS. 2017-${year} Open Identity Platform Community - - +[#${id}] += ${name}(1) +:doctype: manpage +:manmanual: Directory Server Tools +:mansource: OpenDJ - - ${name}1 - OpenDJ - ${r"${project.version}"} - +== Name +${name} - ${purpose} - - ${name} - ${purpose} - +== Synopsis - - - ${name} - ${args} - - +`${name}` ${args} - - ${descTitle} +[#${id}-description] +== ${descTitle} - - ${description?ensure_ends_with(".")} - +${description?ensure_ends_with(".")} - <#if info??>${info} - +<#if info??>${info} - <#if options??> - - ${optionsTitle} +<#if options??> +[#${id}-options] +== ${optionsTitle} - - - ${optionsIntro} - +${optionsIntro} +-- <#list options as option> - - - - - ${option.description?ensure_ends_with(".")} - +`${option.synopsis?xml}`:: +${option.description?ensure_ends_with(".")} <#if option.info??> - <#if option.info.usage??>${option.info.usage} - + <#if option.info.usage??> ++ +${option.info.usage} + <#if option.info.default??> - - ${option.info.default} - ++ +${option.info.default} + + <#if option.info.doc??> ++ +${option.info.doc} - - <#if option.info.doc??>${option.info.doc} - - - - - - - <#if propertiesInfo??>${propertiesInfo} - +-- + +<#if propertiesInfo??> +${propertiesInfo} + diff --git a/opendj-cli/src/main/resources/templates/dscfgVarListEntry.ftl b/opendj-cli/src/main/resources/templates/dscfgVarListEntry.ftl index 714e5d6899..e45d6ecb58 100644 --- a/opendj-cli/src/main/resources/templates/dscfgVarListEntry.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgVarListEntry.ftl @@ -12,10 +12,8 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - - ${term} - - ${definition} - - + +${term}:: +${definition} diff --git a/opendj-cli/src/main/resources/templates/dscfgVariableList.ftl b/opendj-cli/src/main/resources/templates/dscfgVariableList.ftl index 192ca8c4d9..71c8d7b735 100644 --- a/opendj-cli/src/main/resources/templates/dscfgVariableList.ftl +++ b/opendj-cli/src/main/resources/templates/dscfgVariableList.ftl @@ -12,29 +12,18 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015-2016 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - <#list properties as property> +${property.term}:: +[open] +==== +${property.descTitle}:: +${property.description?xml} - - ${property.term} - - +${property.list} - - ${property.descTitle} - - - ${property.description?xml} - - - +==== - ${property.list} - - - - - - + \ No newline at end of file diff --git a/opendj-cli/src/main/resources/templates/optionsRefSect1.ftl b/opendj-cli/src/main/resources/templates/optionsRefSect1.ftl index a07cc9bd47..9efbc25c1b 100644 --- a/opendj-cli/src/main/resources/templates/optionsRefSect1.ftl +++ b/opendj-cli/src/main/resources/templates/optionsRefSect1.ftl @@ -1,51 +1,43 @@ <#-- - # The contents of this file are subject to the terms of the Common Development and - # Distribution License (the License). You may not use this file except in compliance with the - # License. - # - # You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the - # specific language governing permission and limitations under the License. - # - # When distributing Covered Software, include this CDDL Header Notice in each file and include - # the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL - # Header, with the fields enclosed by brackets [] replaced by your own identifying - # information: "Portions Copyright [year] [name of copyright owner]". - # - # Copyright 2015 ForgeRock AS. - #--> - - ${title} +# The contents of this file are subject to the terms of the Common Development and +# Distribution License (the License). You may not use this file except in compliance with the +# License. +# +# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the +# specific language governing permission and limitations under the License. +# +# When distributing Covered Software, include this CDDL Header Notice in each file and include +# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL +# Header, with the fields enclosed by brackets [] replaced by your own identifying +# information: "Portions Copyright [year] [name of copyright owner]". +# +# Copyright 2015 ForgeRock AS. +# Portions Copyright 2024 3A Systems LLC. +#--> - - ${intro} - +[#${name}-options] +== ${title} - <#list groups as group> - +${intro} + +<#list groups as group> <#if group.description??> - - ${group.description} - +.${group.description} - <#list group.options as option> - - - - - ${option.description?ensure_ends_with(".")} - - - <#if option.default??> - - ${option.default} - - - - <#if option.info??>${option.info} - - - - +-- + <#list group.options as option> +`${option.synopsis?xml}`:: +${option.description?ensure_ends_with(".")} + <#if option.default??> ++ +${option.default} + + <#if option.info??> ++ +${option.info} + - + +-- + diff --git a/opendj-cli/src/main/resources/templates/refEntry.ftl b/opendj-cli/src/main/resources/templates/refEntry.ftl index e44a80396c..a3876030cf 100644 --- a/opendj-cli/src/main/resources/templates/refEntry.ftl +++ b/opendj-cli/src/main/resources/templates/refEntry.ftl @@ -1,4 +1,4 @@ -<#-- +//// # The contents of this file are subject to the terms of the Common Development and # Distribution License (the License). You may not use this file except in compliance with the # License. @@ -12,75 +12,38 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. - #--> - - - + # Portions ${year} 3A Systems LLC. + # +//// - - - ${year} - 2011-2017 ForgeRock AS. 2017-${year} Open Identity Platform Community - - +[#${name}-1] += ${name}(1) - - ${name}1 - OpenDJ - ${r"${project.version}"} - +:doctype: manpage +:manmanual: Directory Server Tools +:mansource: OpenDJ - - ${name} - ${shortDesc} - +== Name +${name} - ${shortDesc} - - - ${name} - <#if args??>${args} - - +== Synopsis +`${name}` <#if args??>`${args}` - - ${descTitle} +[#${name}-description] +== ${descTitle} - - ${description?ensure_ends_with(".")} - +${description?ensure_ends_with(".")} - <#if info??>${info} - +<#if info??>${info} - <#if optionSection??> - ${optionSection} - +<#if optionSection??> +${optionSection} + - <#if subcommands??> - ${subcommands} - +<#if subcommands??> +${subcommands} + - <#if trailingSectionString??> - ${trailingSectionString} - - +<#if trailingSectionString??> +${trailingSectionString} + diff --git a/opendj-cli/src/main/resources/templates/refSect1.ftl b/opendj-cli/src/main/resources/templates/refSect1.ftl index 5166739eae..1feb4b8ba9 100644 --- a/opendj-cli/src/main/resources/templates/refSect1.ftl +++ b/opendj-cli/src/main/resources/templates/refSect1.ftl @@ -12,21 +12,18 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - - ${title} - <#if info??> - ${info} - +[#${name}-subcommands] +== Subcommands - - ${intro} - +<#if info??> +${info} + - <#if isItemizedList??> - <#list subcommands as subcommand> - ${subcommand} - - <#if isItemizedList??> - +${intro} + +<#list subcommands as subcommand> +${subcommand} + diff --git a/opendj-cli/src/main/resources/templates/refSect2.ftl b/opendj-cli/src/main/resources/templates/refSect2.ftl index 4dcba4ea70..fd1973a311 100644 --- a/opendj-cli/src/main/resources/templates/refSect2.ftl +++ b/opendj-cli/src/main/resources/templates/refSect2.ftl @@ -12,54 +12,43 @@ # information: "Portions Copyright [year] [name of copyright owner]". # # Copyright 2015 ForgeRock AS. + # Portions Copyright 2024 3A Systems LLC. #--> - - ${name} - - ${description?ensure_ends_with(".")} - +[#${id}] +=== ${name} - <#if info??>${info} +${description?ensure_ends_with(".")} - <#if options??> - - ${optionsTitle} +<#if info??>${info} - - - ${optionsIntro} - +<#if options??> +[#${id}-options] +==== ${optionsTitle} - <#list options as option> +-- - - - - - ${option.description?ensure_ends_with(".")} - +<#list options as option> +`${option.synopsis?xml}`:: +${option.description?ensure_ends_with(".")} +<#if option.info??> ++ +<#if option.info.usage??>${option.info.usage} +<#if option.info.default??> ++ +${option.info.default} + +<#if option.info.doc??> ++ +${option.info.doc} + + + - <#if option.info??> - <#if option.info.usage??>${option.info.usage} +-- - <#if option.info.default??> - - ${option.info.default} - - + - <#if option.info.doc??>${option.info.doc} - - - - - - - - - - <#if propertiesInfo??> - ${propertiesInfo} - - +<#if propertiesInfo??> +${propertiesInfo} + diff --git a/opendj-config/src/main/java/org/forgerock/opendj/config/dsconfig/DSConfig.java b/opendj-config/src/main/java/org/forgerock/opendj/config/dsconfig/DSConfig.java index 44abe97cd0..80b3f0c8a7 100644 --- a/opendj-config/src/main/java/org/forgerock/opendj/config/dsconfig/DSConfig.java +++ b/opendj-config/src/main/java/org/forgerock/opendj/config/dsconfig/DSConfig.java @@ -128,9 +128,9 @@ public final class DSConfig extends ConsoleApplication { */ private final class DSConfigSubCommandUsageHandler implements SubCommandUsageHandler { /** Marker to open a DocBook XML paragraph. */ - private String op = ""; + private String op = ""; /** Marker to close a DocBook XML paragraph. */ - private String cp = ""; + private String cp = ""; @Override public String getArgumentAdditionalInfo(SubCommand sc, Argument a, String nameOption) { @@ -496,14 +496,14 @@ private long valueOf(final DurationUnit baseUnit, long upperLimit) { @Override public String visitEnum(EnumPropertyDefinition prop, Void p) { - b.append("").append(EOL); + b.append(EOL); final Class en = prop.getEnumClass(); final Object[] constants = en.getEnumConstants(); for (Object enumConstant : constants) { final LocalizableMessage valueSynopsis = prop.getValueSynopsis((Enum) enumConstant); appendVarListEntry(b, enumConstant.toString(), op + valueSynopsis + cp); } - b.append("").append(EOL); + b.append(EOL); return null; } @@ -576,7 +576,7 @@ public String visitUnknown(PropertyDefinition prop, Void p) { } private String getLink(String target) { - return " "; + return " <<" + target + ">>"; } } diff --git a/opendj-config/src/main/resources/com/forgerock/opendj/dsconfig/dsconfig.properties b/opendj-config/src/main/resources/com/forgerock/opendj/dsconfig/dsconfig.properties index 2ba589280c..bd5badbb04 100644 --- a/opendj-config/src/main/resources/com/forgerock/opendj/dsconfig/dsconfig.properties +++ b/opendj-config/src/main/resources/com/forgerock/opendj/dsconfig/dsconfig.properties @@ -442,8 +442,8 @@ REF_DSCFG_IP_ADDRESS_MASK_1037=An IP address mask REF_DSCFG_STRING_1038=A String REF_DSCFG_UNKNOWN_1039=Unknown REF_SHORT_DESC_DSCONFIG_1040=manage OpenDJ directory server configuration -REF_DSCFG_DOC_TOOL_DESCRIPTION_1041= -REF_DSCFG_DOC_SUBCOMMANDS_DESCRIPTION_1042= +REF_DSCFG_DOC_TOOL_DESCRIPTION_1041=include::./_description-dsconfig.adoc[] +REF_DSCFG_DOC_SUBCOMMANDS_DESCRIPTION_1042=include::./_description-dsconfig-subcommands.adoc[] INFO_DESCRIPTION_BATCH=Reads from standard input a set of commands to be executed INFO_DESCRIPTION_BATCH_FILE_PATH=Path to a batch file containing a set of commands to be executed diff --git a/opendj-doc-generated-ref/pom.xml b/opendj-doc-generated-ref/pom.xml index 1b7a0f0bbe..0ca7b9bb66 100644 --- a/opendj-doc-generated-ref/pom.xml +++ b/opendj-doc-generated-ref/pom.xml @@ -13,6 +13,7 @@ ~ information: "Portions Copyright [year] [name of copyright owner]". ~ ~ Copyright 2016 ForgeRock AS. + ~ Portions Copyright 2024 3A Systems LLC. --> 4.0.0 @@ -126,7 +127,7 @@ prepare-package - ${project.build.directory}/docbkx-sources/shared + ${project.build.directory}/asciidoc/source/partials - org.openidentityplatform.commons - doc-maven-plugin + maven-antrun-plugin - build-man-pages + copy-man-pages package - process - build - release + run + + + + + + + + + + + + + + + org.asciidoctor + asciidoctor-maven-plugin + 2.2.6 + + + generate-manpage-doc + package + + process-asciidoc + + + + ${project.basedir}/src/main/resources/asciidoc/extensions/nested-open-block.rb + + manpage + ${project.build.directory}/asciidoc/source/man-pages + ${project.build.directory}/asciidoc/man-pages + + + + + + + + org.openidentityplatform.commons + doc-maven-plugin + build-man-pages-asciidoc package @@ -618,55 +620,8 @@ OpenDJ ${project.version} ${project.version} - true - - no - - - man - epub - html - pdf - webhelp - xhtml5 - bootstrap - - - org.apache.maven.plugins - maven-antrun-plugin - - - zip-docs - package - - - - - - > - - - - run - - - - - - ant-contrib - ant-contrib - ${ant.contrib.version} - - - ant - ant - - - - - diff --git a/opendj-doc-generated-ref/src/main/asciidoc/admin-guide/chap-pwd-policy.adoc b/opendj-doc-generated-ref/src/main/asciidoc/admin-guide/chap-pwd-policy.adoc index 3ef249b559..20df95971f 100644 --- a/opendj-doc-generated-ref/src/main/asciidoc/admin-guide/chap-pwd-policy.adoc +++ b/opendj-doc-generated-ref/src/main/asciidoc/admin-guide/chap-pwd-policy.adoc @@ -821,7 +821,8 @@ a|The cost parameter specifies a key expansion iteration count as a power of two a|Crypt a|`crypt-password-storage-encryption-algorithm` a|Specifies the crypt algorithm to use to encrypt new passwords. - -- + +-- The following values are supported: `unix`:: @@ -1008,7 +1009,7 @@ $ ldappasswordmodify \ --authzID "u:bjensen" \ --newPassword '!ABcd$%^' ---- -In the preceding example, the character set of ASCII punctuation, `!\"#\$%&\'\(\)*+,-./:\;\\<=\>?@[\\]^_\`{\|}~`, is hard to read because of all the escape characters. In practice it can be easier to enter sequences like that by using `dsconfig` in interactive mode, and letting it do the escaping for you. You can also use the `--commandFilePath {path}` option to save the result of your interactive session to a file for use in scripts later. +In the preceding example, the character set of ASCII punctuation, ``!\"#\$%&\'\(\)*+,-./:\;\\<=\>?@[\\]^_\`{\|}~``, is hard to read because of all the escape characters. In practice it can be easier to enter sequences like that by using `dsconfig` in interactive mode, and letting it do the escaping for you. You can also use the `--commandFilePath {path}` option to save the result of your interactive session to a file for use in scripts later. An attempt to set an invalid password fails as shown in the following example: diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_attributes.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_attributes.adoc new file mode 100644 index 0000000000..5fea5dc4f4 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_attributes.adoc @@ -0,0 +1,39 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Attributes +The optional attribute list specifies the attributes to return in the entries found +by the search. In addition to identifying attributes by name such as `cn sn mail` +and so forth, you can use the following notations, too. +-- + +`*`:: +Return all user attributes such as `cn`, `sn`, and `mail`. + +`+`:: +Return all operational attributes such as `etag` and `pwdPolicySubentry`. + +`@objectclass`:: +Return all attributes of the specified object class, where __objectclass__ is one of the object classes on the entries returned by the search. + +`1.1`:: +Return no attributes, only the DNs of matching entries. + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backendstat-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backendstat-examples.adoc new file mode 100644 index 0000000000..26c8714991 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backendstat-examples.adoc @@ -0,0 +1,37 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example displays index information. + +[source, console] +---- +$ bin/backendstat dump-index -n userRoot -b dc=example,dc=com -i id2childrencount + + Key (len 2): 1#52 + Value (len 8): 1 + Key (len 2): 2#52 + Value (len 8): 500000 + Key (len 9): Total Children Count + Value (len 8): 500001 + + Total Records: 3 + Total / Average Key Size: 13 bytes / 4 bytes + Total / Average Data Size: 24 bytes / 8 bytes +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backup-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backup-examples.adoc new file mode 100644 index 0000000000..7c698dd438 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_backup-examples.adoc @@ -0,0 +1,55 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples + +The following example backs up all user data while the server is online. + +[source, console] +---- +$ backup -p 4444 -D "cn=Directory Manager" -w password \ + -a -d /path/to/opendj/bak -t 0 +Backup task 20110613143801866 scheduled to start ... +---- +The following example schedules back up of all user data every night at 2 AM when the server is online, and +notifies \diradmin@example.com when finished, or on error. + +[source, console] +---- +$ backup -p 4444 -D "cn=Directory Manager" -w password -a \ + -d /path/to/opendj/bak --recurringTask "00 02 * * *" \ + --completionNotify diradmin@example.com --errorNotify diradmin@example.com +Recurring Backup task BackupTask-988d6adf-4d65-44bf-8546-6ea74a2480b0 +scheduled successfully +---- +The following example backs up all user data while the server is offline. + +[source, console] +---- +$ stop-ds +Stopping Server... +... + +$ backup --backupAll --backupDirectory /path/to/opendj/bak +... msg=The backup process completed successfully + +$ start-ds +... The Directory Server has started successfully +---- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_base64-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_base64-examples.adoc new file mode 100644 index 0000000000..c98edf759c --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_base64-examples.adoc @@ -0,0 +1,40 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following command shows the changes from the external change log +in human-readable format. + + +[source] +---- +$ base64 decode -d YWRkOiBkZXNjcmlwdGlvbgpkZXNjcmlwdGlvbjogQSB0aGlyZCBjaGFuZ2UK\ +LQpyZXBsYWNlOiBtb2RpZmllcnNOYW1lCm1vZGlmaWVyc05hbWU6IGNuPURpcmVjdG9yeSBNYW5hZ2V\ +yLGNuPVJvb3QgRE5zLGNuPWNvbmZpZwotCnJlcGxhY2U6IG1vZGlmeVRpbWVzdGFtcAptb2RpZnlUaW\ +1lc3RhbXA6IDIwMTEwNjEzMDcxMjEwWgotCg== +add: description +description: A third change +- +replace: modifiersName +modifiersName: cn=Directory Manager,cn=Root DNs,cn=config +- +replace: modifyTimestamp +modifyTimestamp: 20110613071210Z +- +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_control-panel-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_control-panel-examples.adoc new file mode 100644 index 0000000000..5808cc289e --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_control-panel-examples.adoc @@ -0,0 +1,26 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example starts the Control Panel on a remote host. + +[source, console] +---- +$ control-panel -r -h opendj.example.com -p 4444 & +---- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_create-rc-script-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_create-rc-script-examples.adoc new file mode 100644 index 0000000000..ef128906bd --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_create-rc-script-examples.adoc @@ -0,0 +1,28 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example adds a script to start OpenDJ at boot time on a Debian-based system, +and then updates the runlevel system to use the script. + +[source, console] +---- +$ sudo create-rc-script -f /etc/init.d/opendj -u opendj-user +$ sudo update-rc.d opendj +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig-subcommands.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig-subcommands.adoc new file mode 100644 index 0000000000..1c600405c5 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig-subcommands.adoc @@ -0,0 +1,124 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +The `dsconfig` command provides many subcommands. + +Subcommands let you create, list, and delete entire configuration components, and also let you get and set component properties. Subcommands therefore have names that reflect these five actions. + +* create-__component__ + +* list-__component__s + +* delete-__component__ + +* get-__component__-prop + +* set-__component__-prop + +Here, __component__ names are names of managed object types. Subcommand __component__ names are lower-case, hyphenated versions of the friendly names. When you act on an actual configuration component, you provide the name of the component as an option argument. +For example, the Log Publisher component has these corresponding subcommands. + +* `create-log-publisher` + +* `list-log-publishers` + +* `delete-log-publisher` + +* `get-log-publisher-prop` + +* `set-log-publisher-prop` + +When you create or delete Log Publisher components and when you get and set their configuration properties, you provide the name of the actual log publisher, which you can find by using the `list-log-publishers` subcommand. + +[source, console] +---- +$ dsconfig \ + list-log-publishers \ + --hostname opendj.example.com \ + --port 4444 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --trustAll + +Log Publisher : Type : enabled +------------------------------:------------------------:-------- +File-Based Access Logger : file-based-access : true +File-Based Audit Logger : file-based-audit : false +File-Based Debug Logger : file-based-debug : false +File-Based Error Logger : file-based-error : true +File-Based HTTP Access Logger : file-based-http-access : false +Replication Repair Logger : file-based-error : true + +$ dsconfig \ + get-log-publisher-prop \ + --publisher-name "File-Based Access Logger" \ + --property rotation-policy \ + --hostname opendj.example.com \ + --port 4444 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --trustAll +Property : Value(s) +----------------:-------------------------------------------------------------- +rotation-policy : 24 Hours Time Limit Rotation Policy, Size Limit Rotation + : Policy +---- +Many subcommands let you set property values. Notice in the reference for the subcommands below that specific options are available for handling multi-valued properties. Whereas you can assign a single property value by using the `--set` option, you assign multiple values to a multi-valued property by using the `--add` option. You can reset the values of the multi-valued property by using the `--reset` option. +Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. + +* `ms`: milliseconds + +* `s`: seconds + +* `m`: minutes + +* `h`: hours + +* `d`: days + +* `w`: weeks + +Use the following options to view help for subcommands. +-- + +`dsconfig --help-all`:: +Display all subcommands + +`dsconfig --help-core-server`:: +Display subcommands relating to core server + +`dsconfig --help-database`:: +Display subcommands relating to caching and back-ends + +`dsconfig --help-logging`:: +Display subcommands relating to logging + +`dsconfig --help-replication`:: +Display subcommands relating to replication + +`dsconfig --help-security`:: +Display subcommands relating to authentication and authorization + +`dsconfig --help-user-management`:: +Display subcommands relating to user management + +-- +For help with individual subcommands, either use `dsconfig subcommand --help`, or start `dsconfig` in interactive mode, without specifying a subcommand. + +To view all component properties, use the `dsconfig list-properties` command. diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig.adoc new file mode 100644 index 0000000000..25d696a23c --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-dsconfig.adoc @@ -0,0 +1,28 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +The `dsconfig` command is the primary command-line tool for viewing and editing OpenDJ configuration. When started without arguments, `dsconfig` prompts you for administration connection information, including the host name, administration port number, administrator bind DN and administrator password. The `dsconfig` command then connects securely to the directory server over the administration port. Once connected it presents you with a menu-driven interface to the server configuration. + +When you pass connection information, subcommands, and additional options to `dsconfig`, the command runs in script mode and so is not interactive, though it can prompt you to ask whether to apply changes and whether to trust certificates (unless you use the `--no-prompt` and `--trustAll` options, respectively). + +You can prepare `dsconfig` batch scripts by running the tool with the `--commandFilePath` option in interactive mode, then reading from the batch file with the `--batchFilePath` option in script mode. Batch files can be useful when you have many `dsconfig` commands to run and want to avoid starting the JVM for each command. Alternatively, you can read commands from standard input by using the `--batch` option. + +The `dsconfig` command categorizes directory server configuration into __components__, also called __managed objects__. Actual components often inherit from a parent component type. For example, one component is a Connection Handler. An LDAP Connection Handler is a type of Connection Handler. You configure the LDAP Connection Handler component to specify how OpenDJ directory server handles LDAP connections coming from client applications. + +Configuration components have __properties__. For example, the LDAP Connection Handler component has properties such as `listen-port` and `allow-start-tls`. You can set the component's `listen-port` property to `389` to use the default LDAP port number. You can set the component's `allow-start-tls` property to `true` to permit LDAP client applications to use StartTLS. Much of the configuration you do with `dsconfig` involves setting component properties. diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-psearch-info.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-psearch-info.adoc new file mode 100644 index 0000000000..54a8b02bd8 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_description-psearch-info.adoc @@ -0,0 +1,67 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// +A persistent search allows the client to continue receiving new results whenever changes are made to data that is in the scope of the search, thus using the search as a form of change notification. +[open] +==== +The optional `changetype` setting defines the kinds of updates that result in notification. If you do not set the `changetype`, the default behavior is to send notifications for all updates. + +`add`:: +Send notifications for LDAP add operations. + +`del`,`delete`:: +Send notifications for LDAP delete operations. + +`mod`,`modify`:: +Send notifications for LDAP modify operations. + +`moddn`,`modrdn`,`modifydn`:: +Send notifications for LDAP modify DN (rename and move) operations. + +`all`,`any`:: +Send notifications for all LDAP update operations. + +==== +[open] +==== +The optional `changesonly` setting defines whether the server returns existing entries as well as changes. + +`true`:: +Do not return existing entries, but instead only notifications about changes. + ++ +This is the default setting. + +`false`:: +Also return existing entries. + +==== +[open] +==== +The optional `entrychgcontrols` setting defines whether the server returns an Entry Change Notification control with each entry notification. The Entry Change Notification control provides additional information about the change that caused the entry to be returned by the search. In particular, it indicates the change type, the change number if available, and the previous DN if the change type was a modify DN operation. + +`true`:: +Do request the Entry Change Notification control. + ++ +This is the default setting. + +`false`:: +Do not request the Entry Change Notification control. + +==== diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsconfig-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsconfig-examples.adoc new file mode 100644 index 0000000000..a4ccb3703d --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsconfig-examples.adoc @@ -0,0 +1,124 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +Much of the __OpenDJ Administration Guide__ consists of `dsconfig` examples with text in between. +This section therefore remains short. + +The following example starts `dsconfig` in interactive, menu-driven mode on the default port of the current host. + +[source, console] +---- +$ dsconfig -h opendj.example.com -p 4444 -D "cn=Directory Manager" -w password + +>>>> OpenDJ configuration console main menu + +What do you want to configure? + + 1) Access Control Handler 23) Log Publisher + 2) Access Log Filtering Criteria 24) Log Retention Policy + 3) Account Status Notification Handler 25) Log Rotation Policy + 4) Administration Connector 26) Matching Rule + 5) Alert Handler 27) Monitor Provider + 6) Attribute Syntax 28) Password Generator + 7) Backend 29) Password Policy + 8) Backend Index 30) Password Storage Scheme + 9) Backend VLV Index 31) Password Validator + 10) Certificate Mapper 32) Plugin + 11) Connection Handler 33) Plugin Root + 12) Crypto Manager 34) Replication Domain + 13) Debug Target 35) Replication Server + 14) Entry Cache 36) Root DN + 15) Extended Operation Handler 37) Root DSE Backend + 16) External Changelog Domain 38) SASL Mechanism Handler + 17) Global Configuration 39) Schema Provider + 18) Group Implementation 40) Synchronization Provider + 19) HTTP Authorization Mechanism 41) Trust Manager Provider + 20) HTTP Endpoint 42) Virtual Attribute + 21) Identity Mapper 43) Work Queue + 22) Key Manager Provider + + q) quit + +Enter choice: +---- +The following example demonstrates generating a batch file that corresponds to an interactive session enabling +the debug log. The example then demonstrates using a modified batch file to disable the debug log. + +[source, console] +---- +$ dsconfig \ + --hostname opendj.example.com \ + --port 4444 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --commandFilePath ~/enable-debug-log.batch + ... +$ cat ~/enable-debug-log.batch +# dsconfig session start date: 19/Oct/2011:08:52:22 +0000 + +# Session operation number: 1 +# Operation date: 19/Oct/2011:08:55:06 +0000 +dsconfig set-log-publisher-prop \ + --publisher-name File-Based\ Debug\ Logger \ + --set enabled:true \ + --hostname opendj.example.com \ + --port 4444 \ + --trustStorePath /path/to/opendj/config/admin-truststore \ + --bindDN cn=Directory\ Manager \ + --bindPassword ****** \ + --no-prompt + +$ cp ~/enable-debug-log.batch ~/disable-debug-log.batch +$ vi ~/disable-debug-log.batch +$ cat ~/disable-debug-log.batch +set-log-publisher-prop \ + --publisher-name File-Based\ Debug\ Logger \ + --set enabled:false \ + --hostname opendj.example.com \ + --port 4444 \ + --trustStorePath /path/to/opendj/config/admin-truststore \ + --bindDN cn=Directory\ Manager \ + --bindPassword password \ + --no-prompt + +$ dsconfig --batchFilePath ~/disable-debug-log.batch --no-prompt +set-log-publisher-prop +--publisher-name +File-Based Debug Logger +--set +enabled:false +--hostname +opendj.example.com +--port +4444 +--trustStorePath +/path/to/opendj/config/admin-truststore +--bindDN +cn=Directory Manager +--bindPassword +password +--no-prompt + +$ +---- +Notice that the original command file looks like a shell script with the bind password +value replaced by asterisks. To pass the content as a batch file to `dsconfig`, strip `dsconfig` itself, and include t +he bind password for the administrative user or replace that option with an alternative, such as reading the password from a file. + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsreplication-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsreplication-examples.adoc new file mode 100644 index 0000000000..eb179b2716 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_dsreplication-examples.adoc @@ -0,0 +1,71 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example enables and then initializes replication for a new replica +on `opendj2.example.com` from an existing replica on `opendj.example.com`. + +[source, console] +---- +$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com \ + --host1 opendj.example.com --port1 4444 --bindDN1 "cn=Directory Manager" \ + --bindPassword1 password --replicationPort1 8989 \ + --host2 opendj2.example.com --port2 4444 --bindDN2 "cn=Directory Manager" \ + --bindPassword2 password --replicationPort2 8989 + +Establishing connections ..... Done. +Checking registration information ..... Done. +Updating remote references on server opendj.example.com:4444 ..... Done. +Configuring Replication port on server opendj2.example.com:4444 ..... Done. +Updating replication configuration for baseDN dc=example,dc=com on server + opendj.example.com:4444 ..... Done. +Updating replication configuration for baseDN dc=example,dc=com on server + opendj2.example.com:4444 ..... Done. +Updating registration configuration on server + opendj.example.com:4444 ..... Done. +Updating registration configuration on server + opendj2.example.com:4444 ..... Done. +Updating replication configuration for baseDN cn=schema on server + opendj.example.com:4444 ..... Done. +Updating replication configuration for baseDN cn=schema on server + opendj2.example.com:4444 ..... Done. +Initializing registration information on server opendj2.example.com:4444 with + the contents of server opendj.example.com:4444 ..... Done. +Initializing schema on server opendj2.example.com:4444 with the contents of + server opendj.example.com:4444 ..... Done. + +Replication has been successfully enabled. Note that for replication to + work you must initialize the contents of the base DN's that are being + replicated (use dsreplication initialize to do so). + +See +/var/.../opends-replication-7958637258600693490.log +for a detailed log of this operation. + +$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com \ + -h opendj.example.com -p 4444 + +Initializing base DN dc=example,dc=com with the contents from + opendj.example.com:4444: 160 entries processed (100 % complete). +Base DN initialized successfully. + +See +/var/.../opends-replication-5020375834904394170.log +for a detailed log of this operation. +---- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_encode-password-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_encode-password-examples.adoc new file mode 100644 index 0000000000..8e220bddad --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_encode-password-examples.adoc @@ -0,0 +1,49 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example encodes a password, and also shows comparison of a password with the encoded value. + +[source, console] +---- +$ encode-password -l +3DES +AES +BASE64 +BLOWFISH +CLEAR +CRYPT +MD5 +RC4 +SHA +SMD5 +SSHA +SSHA256 +SSHA384 +SSHA512 + +$ encode-password -c secret12 -s CRYPT +Encoded Password: "{CRYPT}ZulJ6Dy3TFnrE" + +$ encode-password -c secret12 -s CRYPT -e "{CRYPT}ZulJ6Dy3TFnrE" -r +The provided clear-text and encoded passwords match + +$ echo $? +6 +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-1.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-1.adoc new file mode 100644 index 0000000000..c7d9a3d160 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-1.adoc @@ -0,0 +1,29 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- +0:: +The command completed successfully. + +1:: +An error occurred. + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-5-6-other.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-5-6-other.adoc new file mode 100644 index 0000000000..bb29b18917 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-5-6-other.adoc @@ -0,0 +1,35 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- +0:: +The command completed successfully. + +5:: +The `-r` option was used, and the compare did not match. + +6:: +The `-r` option was used, and the compare did match. + +other:: +An error occurred. + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-80-89.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-80-89.adoc new file mode 100644 index 0000000000..f463f6fcc8 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-80-89.adoc @@ -0,0 +1,31 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- +0:: +The command completed successfully. + +80:: +The command could not complete due to an input/output error. + +89:: +An error occurred while parsing the command-line arguments. + +-- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-89.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-89.adoc new file mode 100644 index 0000000000..134f142fd7 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-89.adoc @@ -0,0 +1,29 @@ +//// + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions copyright [year] [name of copyright owner]". + + Copyright 2017 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. +//// + + +== Exit Codes +-- + +0:: +The command completed successfully. + +89:: +An error occurred while parsing the command-line arguments. + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-gt0.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-gt0.adoc new file mode 100644 index 0000000000..0b5a4cbd34 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-gt0.adoc @@ -0,0 +1,29 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- +0:: +The command completed successfully. + +> 0:: +An error occurred. + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-ldap-89.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-ldap-89.adoc new file mode 100644 index 0000000000..38cb9f9db5 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_exit-codes-0-ldap-89.adoc @@ -0,0 +1,37 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- +0:: +The command completed successfully. + +__ldap-error__:: +An LDAP error occurred while processing the operation. + ++ +LDAP result codes are described in + link:http://tools.ietf.org/html/rfc4511#appendix-A[RFC 4511, window=_blank]. + Also see the additional information for details. + +89:: +An error occurred while parsing the command-line arguments. + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_export-ldif-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_export-ldif-examples.adoc new file mode 100644 index 0000000000..eafd7b3cff --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_export-ldif-examples.adoc @@ -0,0 +1,29 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples + +The following example exports data to a file, `Example.ldif`, with the server offline. + +[source, console] +---- +$ export-ldif -b dc=example,dc=com -n userRoot -l ../ldif/Example.ldif +... category=BACKEND severity=INFORMATION ... +...Exported 160 entries and skipped 0 in 0 seconds (average rate 1428.6/sec) +---- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_files.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_files.adoc new file mode 100644 index 0000000000..fee48a9751 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_files.adoc @@ -0,0 +1,37 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Files +You can use `~/.opendj/tools.properties` to set the defaults for bind DN, host name, +and port number as in the following example. + +[source, ini] +---- +hostname=directory.example.com +port=1389 +bindDN=uid=kvaughan,ou=People,dc=example,dc=com + +ldapcompare.port=1389 +ldapdelete.port=1389 +ldapmodify.port=1389 +ldappasswordmodify.port=1389 +ldapsearch.port=1389 +---- + +The location on Windows is `%UserProfile%/.opendj/tools.properties`. diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_filters.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_filters.adoc new file mode 100644 index 0000000000..66a1bdd038 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_filters.adoc @@ -0,0 +1,23 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Filters +The filter argument is a string representation of an LDAP search filter as in +`(cn=Babs Jensen)`, `(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))`, +or `(cn:caseExactMatch:=Fred Flintstone)`. diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_import-ldif-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_import-ldif-examples.adoc new file mode 100644 index 0000000000..b8e865c5da --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_import-ldif-examples.adoc @@ -0,0 +1,28 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example imports the content of a file, `Example.ldif`, with the server offline. + +[source, console] +---- +$ import-ldif -b dc=example,dc=com -n userRoot -l /path/to/Example.ldif +... category=RUNTIME_INFORMATION severity=NOTICE... +... msg=Import LDIF environment close took 0 seconds +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-examples.adoc new file mode 100644 index 0000000000..6e420bbbcc --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-examples.adoc @@ -0,0 +1,42 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following examples demonstrate comparing Babs Jensen's UID. + +The following example uses a matching UID value. + +[source, console] +---- +$ ldapcompare -p 1389 uid:bjensen uid=bjensen,ou=people,dc=example,dc=com +Comparing type uid with value bjensen in entry +uid=bjensen,ou=people,dc=example,dc=com +Compare operation returned true for entry +uid=bjensen,ou=people,dc=example,dc=com +---- +The following example uses a UID value that does not match. + +[source, console] +---- +$ ldapcompare -p 1389 uid:beavis uid=bjensen,ou=people,dc=example,dc=com +Comparing type uid with value beavis in entry +uid=bjensen,ou=people,dc=example,dc=com +Compare operation returned false for entry +uid=bjensen,ou=people,dc=example,dc=com +---- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-exit-codes.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-exit-codes.adoc new file mode 100644 index 0000000000..98c3fe5831 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapcompare-exit-codes.adoc @@ -0,0 +1,49 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- +0:: +The command completed successfully. + + +5:: +The LDAP compare operation did not match. + + +6:: +The `-m` option was used, + and the LDAP compare operation did match. + + +__ldap-error__:: +An LDAP error occurred while processing the operation. + ++ +LDAP result codes are described in + link:http://tools.ietf.org/html/rfc4511#appendix-A[RFC 4511, window=_blank]. + Also see the additional information for details. + + +89:: +An error occurred while parsing the command-line arguments. + + +-- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapdelete-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapdelete-examples.adoc new file mode 100644 index 0000000000..b036747af1 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapdelete-examples.adoc @@ -0,0 +1,41 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following command deletes a user entry from the directory. + + +[source] +---- +$ ldapdelete -p 1389 -D "cn=Directory Manager" -w password \ + uid=bjensen,ou=people,dc=example,dc=com +Processing DELETE request for uid=bjensen,ou=people,dc=example,dc=com +DELETE operation successful for DN uid=bjensen,ou=people,dc=example,dc=com +---- +The following command deletes the `ou=Groups` entry + and all entries underneath `ou=Groups`. + + +[source] +---- +$ ldapdelete -p 1389 -D "cn=Directory Manager" -w password -x \ + ou=groups,dc=example,dc=com +Processing DELETE request for ou=groups,dc=example,dc=com +DELETE operation successful for DN ou=groups,dc=example,dc=com +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapmodify-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapmodify-examples.adoc new file mode 100644 index 0000000000..50f7f507cb --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_ldapmodify-examples.adoc @@ -0,0 +1,129 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example demonstrates use of the command to add an entry to the directory. + +[source, console] +---- +$ cat newuser.ldif +dn: uid=newuser,ou=People,dc=example,dc=com +uid: newuser +facsimileTelephoneNumber: +1 408 555 1213 +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: top +givenName: New +cn: New User +cn: Real Name +telephoneNumber: +1 408 555 1212 +sn: Jensen +roomNumber: 1234 +homeDirectory: /home/newuser +uidNumber: 10389 +mail: newuser@example.com +l: South Pole +ou: Product Development +ou: People +gidNumber: 10636 + +$ ldapmodify -p 1389 -a -f newuser.ldif \ + -D uid=kvaughan,ou=people,dc=example,dc=com -w bribery +Processing ADD request for uid=newuser,ou=People,dc=example,dc=com +ADD operation successful for DN uid=newuser,ou=People,dc=example,dc=com +---- +The following listing shows a UNIX shell script that adds a user entry. + +[source, shell] +---- +#!/bin/sh +# +# Add a new user with the ldapmodify utility. +# + +usage(){ + echo "Usage: $0 uid firstname lastname" + exit 1 +} +[[ $# -lt 3 ]] && usage + +LDAPMODIFY=/path/to/opendj/bin/ldapmodify +HOST=opendj.example.com +PORT=1389 +ADMIN=uid=kvaughan,ou=people,dc=example,dc=com +PWD=bribery + +$LDAPMODIFY -h $HOST -p $PORT -D $ADMIN -w $PWD -a <> + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-account-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-account-examples.adoc new file mode 100644 index 0000000000..14e3547f27 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-account-examples.adoc @@ -0,0 +1,47 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +For the following examples the directory admin user, Kirsten Vaughan, +has `ds-privilege-name: password-reset` and the following ACI on `ou=People,dc=example,dc=com`. + +[source] +---- +(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")( + version 3.0;acl "Admins can run amok"; allow(all) groupdn = + "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";) +---- +The following command locks a user account. + +[source, console] +---- +$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \ + -w bribery set-account-is-disabled -O true \ + -b uid=bjensen,ou=people,dc=example,dc=com -X +Account Is Disabled: true +---- +The following command unlocks a user account. + +[source, console] +---- +$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \ + -w bribery clear-account-is-disabled \ + -b uid=bjensen,ou=people,dc=example,dc=com -X +Account Is Disabled: false +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-tasks-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-tasks-examples.adoc new file mode 100644 index 0000000000..f53552a6a9 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_manage-tasks-examples.adoc @@ -0,0 +1,32 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example demonstrates use of the command with a server that does daily backups at 2:00 AM. + +[source, console] +---- +$ manage-tasks -p 4444 -h opendj.example.com -D "cn=Directory Manager" \ + -w password -s + + ID Type Status + --------------------------------------------------------------- + example-backup Backup Recurring + example-backup-20110622020000000 Backup Waiting on start time +---- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_rebuild-index-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_rebuild-index-examples.adoc new file mode 100644 index 0000000000..e9504981ac --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_rebuild-index-examples.adoc @@ -0,0 +1,28 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example schedules a task to start immediately that rebuilds the `cn` (common name) index. + +[source, console] +---- +$ rebuild-index -p 4444 -h opendj.example.com -D "cn=Directory Manager" \ + -w password -b dc=example,dc=com -i cn -t 0 +Rebuild Index task 20110607160349596 scheduled to start Jun 7, 2011 4:03:49 PM +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_restore-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_restore-examples.adoc new file mode 100644 index 0000000000..6c97096b63 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_restore-examples.adoc @@ -0,0 +1,55 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example schedules a restore as a task to begin immediately while OpenDJ directory server is online. + +[source, console] +---- +$ restore -p 4444 -D "cn=Directory Manager" -w password + -d /path/to/opendj/bak -I 20110613080032 -t 0 +Restore task 20110613155052932 scheduled to start Jun 13, 2011 3:50:52 PM CEST +---- +The following example restores data while OpenDJ is offline. + +[source, console] +---- +$ stop-ds +Stopping Server... +... + +$ restore --backupDirectory /path/to/opendj/bak/userRoot \ + --listBackups +Backup ID: 20120928102414Z +Backup Date: 28/Sep/2012:12:24:17 +0200 +Is Incremental: false +Is Compressed: false +Is Encrypted: false +Has Unsigned Hash: false +Has Signed Hash: false +Dependent Upon: none + +$ restore --backupDirectory /path/to/opendj/bak/userRoot \ + --backupID 20120928102414Z +[28/Sep/2012:12:26:20 +0200] ... msg=Restored: 00000000.jdb (size 355179) + +$ start-ds +[28/Sep/2012:12:27:29 +0200] ... The Directory Server has started successfully +---- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_setup-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_setup-examples.adoc new file mode 100644 index 0000000000..c190989585 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_setup-examples.adoc @@ -0,0 +1,42 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following command installs OpenDJ directory server, enabling StartTLS and importing 100 +example entries without interaction. + +[source, console] +---- +$ /path/to/opendj/setup --cli -b dc=example,dc=com -d 100 \ + -D "cn=Directory Manager" -w password -h opendj.example.com -p 1389 \ + --generateSelfSignedCertificate --enableStartTLS -n + +OpenDJ version + Please wait while the setup program initializes... + +See /var/.../opends-setup-484...561.log for a detailed log of this operation. + +Configuring Directory Server ..... Done. +Configuring Certificates ..... Done. +Importing Automatically-Generated Data (100 Entries) ......... Done. +Starting Directory Server .......... Done. + +To see basic server configuration status and configuration you can launch + /path/to/opendj/bin/status +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_start-ds-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_start-ds-examples.adoc new file mode 100644 index 0000000000..6f6d6a1a33 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_start-ds-examples.adoc @@ -0,0 +1,26 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following command starts the server without displaying information about the startup process. + +[source, console] +---- +$ start-ds -Q +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_status-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_status-examples.adoc new file mode 100644 index 0000000000..4b9d8ee679 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_status-examples.adoc @@ -0,0 +1,65 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples + +[source, console] +---- +$ status -D "cn=Directory Manager" -w password + + --- Server Status --- +Server Run Status: Started +Open Connections: 1 + + --- Server Details --- +Host Name: localhost.localdomain +Administrative Users: cn=Directory Manager +Installation Path: /path/to/opendj +Version: OpenDJ version +Java Version: version +Administration Connector: Port 4444 (LDAPS) + + --- Connection Handlers --- +Address:Port : Protocol : State +-------------:-------------:--------- +-- : LDIF : Disabled +8989 : Replication : Enabled +0.0.0.0:161 : SNMP : Disabled +0.0.0.0:636 : LDAPS : Disabled +0.0.0.0:1389 : LDAP : Enabled +0.0.0.0:1689 : JMX : Disabled + + --- Data Sources --- +Base DN: dc=example,dc=com +Backend ID: userRoot +Entries: 160 +Replication: Enabled +Missing Changes: 0 +Age of Oldest Missing Change: + +Base DN: dc=myCompany,dc=com +Backend ID: myCompanyRoot +Entries: 3 +Replication: Disabled + +Base DN: o=myOrg +Backend ID: myOrgRoot +Entries: 3 +Replication: Disabled +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_stop-ds-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_stop-ds-examples.adoc new file mode 100644 index 0000000000..e312dab5be --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_stop-ds-examples.adoc @@ -0,0 +1,29 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example restarts OpenDJ directory server. + +[source, console] +---- +$ stop-ds --restart +Stopping Server... + +...The Directory Server has started successfully +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_uninstall-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_uninstall-examples.adoc new file mode 100644 index 0000000000..edabfdcb60 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_uninstall-examples.adoc @@ -0,0 +1,37 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following command removes OpenDJ directory server without interaction. + +[source, console] +---- +$ /path/to/opendj/uninstall -a --cli -I admin -w password -n + +Stopping Directory Server ..... Done. +Deleting Files under the Installation Path ..... Done. + +The Uninstall Completed Successfully. +To complete the uninstallation, you must delete manually the following files +and directories: +/path/to/opendj/lib +See /var/.../opends-uninstall-3...0.log for a detailed log of this operation. + +$ rm -rf /path/to/opendj +---- diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_upgrade-exit-codes.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_upgrade-exit-codes.adoc new file mode 100644 index 0000000000..114419eb30 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_upgrade-exit-codes.adoc @@ -0,0 +1,46 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes + +-- +0:: +The command completed successfully. + +2:: +The command was run in non-interactive mode, but could not complete + because confirmation was required to run a long or critical task. ++ +See the error message or the log for details. + +other:: +An error occurred. + +-- + +See the OpenDJ Installation Guide + for an example upgrade process for OpenDJ directory server + installed from the cross-platform (.zip) delivery. + +Native packages (.deb, .rpm) perform more of the upgrade process, + stopping OpenDJ if it is running, + overwriting older files with newer files, + running this utility, + and starting OpenDJ if it was running when you upgraded the package(s). + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_variablelist-ldap-controls.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_variablelist-ldap-controls.adoc new file mode 100644 index 0000000000..d9617e4d31 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_variablelist-ldap-controls.adoc @@ -0,0 +1,51 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +[open] +==== +For some __controloid__ values, you can replace object identifiers with user-friendly strings. The strings are listed here in lower case, but the case is not important. You can use camelCase if you prefer, for example. + +`accountusable`,`accountusability`:: +Account Usability Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.8 + +`authzid`,`authorizationidentity`:: +Authorization Identity Request Control, Object Identifier: 2.16.840.1.113730.3.4.16 + +`effectiverights`,`geteffectiverights`:: +Get Effective Rights Request Control, Object Identifier: 1.3.6.1.4.1.42.2.27.9.5.2 + +`managedsait`:: +Manage DSAIT Request Control, Object Identifier: 2.16.840.1.113730.3.4.2 + +`noop`,`no-op`:: +No-Op Control, Object Identifier: 1.3.6.1.4.1.4203.1.10.2 + +`pwpolicy`,`passwordpolicy`:: +Password Policy Control, Object Identifier: 1.3.6.1.4.1.42.2.27.8.5.1 + +`realattrsonly`,`realattributesonly`:: +Real Attributes Only Request Control, Object Identifier: 2.16.840.1.113730.3.4.17 + +`subtreedelete`,`treedelete`:: +Subtree Delete Request Control, Object Identifier: 1.2.840.113556.1.4.805 + +`virtualattrsonly`,`virtualattributesonly`:: +Virtual Attributes Only Request Control, Object Identifier: 2.16.840.1.113730.3.4.19 + +==== diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-examples.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-examples.adoc new file mode 100644 index 0000000000..57c650850d --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-examples.adoc @@ -0,0 +1,43 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Examples +The following example shows how to verify the `sn` (surname) index for completeness and +for errors. The messages shown are for a backend of type `pdb`. +The output is similar for other backend types: + +[source, console] +---- +$ verify-index -b dc=example,dc=com -i sn --clean --countErrors +[20/05/2015:14:24:18 +0200] category=...PDBStorage seq=0 severity=INFO + msg=The PDB storage for backend 'userRoot' initialized + to use 57528 buffers of 16384 bytes (total 920448kb) +[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=1 severity=INFO + msg=Checked 478 records and found 0 error(s) in 0 seconds + (average rate 3594.0/sec) +[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=2 severity=FINE + msg=Number of records referencing more than one entry: 224 +[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=3 severity=FINE + msg=Number of records that exceed the entry limit: 0 +[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=4 severity=FINE + msg=Average number of entries referenced is 2.00/record +[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=5 severity=FINE + msg=Maximum number of entries referenced by any record is 32 +---- + diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-exit-codes.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-exit-codes.adoc new file mode 100644 index 0000000000..f33e391d3d --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/_verify-index-exit-codes.adoc @@ -0,0 +1,34 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +== Exit Codes +-- + +0:: +The command completed successfully. + +1:: +The command was run in non-interactive mode, but could not complete because confirmation was required to run a long or critical task. ++ +See the error message or the log for details. + +0-255:: +The number of errors in the index, as indicated for the `--countErrors` option. + +-- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-dsjavaproperties.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-dsjavaproperties.adoc new file mode 100644 index 0000000000..9dfbf4362b --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-dsjavaproperties.adoc @@ -0,0 +1,98 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +[#dsjavaproperties-1] += dsjavaproperties(1) + +:doctype: manpage +:manmanual: Directory Server Tools +:mansource: OpenDJ + +== Name +dsjavaproperties — apply OpenDJ Java home and JVM settings + +== Synopsis +`dsjavaproperties` + +[#dsjavaproperties-description] +== Description +This utility can be used to change the java arguments and java home that are used by the different server commands. + +Before launching the command, edit the properties file located in /path/to/opendj/config/java.properties to specify the java arguments and java home. When you have edited the properties file, run this command for the changes to be taken into account. + +Note that the changes will only apply to this server installation. No modifications will be made to your environment variables. + +[#dsjavaproperties-options] +== Options +The `dsjavaproperties` command takes the following options: +-- +Utility input/output options: + +`-Q | --quiet`:: +Use quiet mode. + ++ +Default: false + +-- +-- +General options: + +`-V | --version`:: +Display Directory Server version information. + ++ +Default: false + +-- +-- + +`-H | --help`:: +Display this usage information. + ++ +Default: false + +-- + +== Files +This command depends on the content of the `config/java.properties` file. + +[#d1822e3730] +== Exit Codes +-- + +0:: +The command completed successfully. + +> 0:: +An error occurred. + +-- + +== Examples +The following example demonstrates a successful run. + +[source, console] +---- +$ dsjavaproperties +The operation was successful. The server commands will use the java arguments + and java home specified in the properties file located in + /path/to/opendj/config/java.properties +---- \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-makeldif-template.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-makeldif-template.adoc new file mode 100644 index 0000000000..f1f1829af7 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-makeldif-template.adoc @@ -0,0 +1,270 @@ +//// + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2011-2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. +//// + +[#makeldif-template-5] += makeldif-template(5) + +:doctype: manpage +:manmanual: Directory Server Tools +:mansource: OpenDJ + +== Name +makeldif-template — template file for the make-ldif command + +== Synopsis + +[source] +---- +# Comment lines start with #. +# +# Notice that this synopsis includes blank lines after entries. +# In the same way you would use blank lines after entries in normal LDIF, +# leave empty lines after "entries" in template files. + +# Optionally include classes that define custom tags. +# Custom tag classes extend org.opends.server.tools.makeldif.Tag and +# must be on the class path when you run make-ldif. +# +include custom.makeldif.tag.ClassName +... + +# Optionally define constants used in the template. +# To reference constants later, put brackets around the name: [constant-name] +# +define constant-name=value +... + +# Define branches by suffix DN, such as the following: +# +# dc=example,dc=com +# ou=People,dc=example,dc=com +# ou=Groups,dc=example,dc=com +# +# make-ldif generates the necessary object class definitions and RDNs. +# +# A branch can have subordinateTemplates that define templates to use for +# the branch entry. +# +# A branch can have additional attributes generated on the branch entry. See +# the Description below for more information on specifying attribute values. +# +branch: suffix-dn +[subordinateTemplate: template-name:number +...] +[attribute: attr-value +...] + +... + +# Define entries using templates. +# +# A template can extend another template. +# A template defines the RDN attribute(s) used for generated entries. +# A template can have a subordinateTemplate that defines a template to use for +# the generated entries. +# +# A template then defines attributes. See the Description below for more +# information on specifying attribute values. +# +template: template-name +[extends: template-name] +rdnAttr: attribute[+attribute ...] +[subordinateTemplate: template-name:number] +[attribute: attr-value +...] + +... +---- + +== Description +Template files specify how to build LDIF. They allow you to define variables, insert random values from other files, and generally build arbitrarily large LDIF files for testing purposes. You pass template files to the `make-ldif` command when generating LDIF. + +The Synopsis above shows the layout for a `make-ldif` template file. This section focuses on what you can do to specify entry attribute values, called __attr-value__ in the Synopsis section. +.Specifying Attribute Values +-- +When specifying attribute values in `make-ldif` templates, you can use static text and constants that you have defined, enclosing names for constants in brackets, `[myConstant]`. You can use more than one constant per line, as in the following example. + +[source, ldif] +---- +description: Description for [org] under [suffix] +---- +You can also use two kinds of tags when specifying attribute values. One kind of tag gets replaced with the value of another attribute in the generated entry. Such tags are delimited with braces, `{ }`. For example, if your template includes definitions for first name and last name attributes: + +[source, ldif] +---- +givenName: +sn: +---- +Then you can define a mail attribute that uses the values of both attributes, and an initials attribute that takes the first character of each. + +[source, ldif] +---- +mail: {givenName}.{sn}@[myDomain] +initials: {givenName:1}{sn:1} +---- +The other kind of tag is delimited with `<` and `>`, as shown above in the example with `` and ``. Tag names are not case sensitive. Many tags can take arguments separated by colons, `:`, from the tag names within the tag. + +Use backslashes to escape literal start tag characters (`< [ {`) as shown in the following example, and to escape literal end tag characters within tags (`> ] }`). + +[source, ldif] +---- +scimMail: \{"emails": \[\{"value": "{mail}", "type": "work", "primary": true}]} +xml: \{uid}\ +---- +OpenDJ supports the following tags. + +:: +The DN tag gets replaced by the distinguished name of the current entry. An optional integer argument specifies the subcomponents of the DN to generate. For example, if the DN of the entry is `uid=bjensen,ou=People,dc=example,dc=com` `` gets replaced by `uid=bjensen`, and `` gets replaced by `dc=example,dc=com`. + +:: +The File tag gets replaced by a line from a text file you specify. The File tag takes a required argument, the path to the text file, and an optional second argument, either `random` or `sequential`. For the file argument, either you specify an absolute path to the file such as ``, or you specify a path relative to the `/path/to/opendj/config/MakeLDIF/` directory such as ``. For the second argument, if you specify `sequential` then lines from the file are read in sequential order. Otherwise, lines from the file are read in random order. + +:: +The first name tag gets replaced by a random line from `/path/to/opendj/config/MakeLDIF/first.names`. Combinations of generated first and last names are unique, with integers appended to the name strings if not enough combinations are available. + +:: +The GUID tag gets replaced by a 128-bit, type 4 (random) universally unique identifier such as `f47ac10b-58cc-4372-a567-0e02b2c3d479`. + +:: +The IfAbsent tag takes as its first argument the name of another attribute, and optionally as its second argument a value to use. This tag causes the attribute to be generated only if the named attribute is not present on the generated entry. Use this tag when you have used `` to define another attribute that is not always present on generated entries. + +:: +The IfPresent takes as its first argument the name of another attribute, and optionally as its second argument a value to use. This tag causes the attribute to be generated only if the named attribute is also present on the generated entry. Use this tag when you have used `` to define another attribute that is sometimes present on generated entries. + +:: +The last name tag gets replaced by a random line from `/path/to/opendj/config/MakeLDIF/last.names`. Combinations of generated first and last names are unique, with integers appended to the name strings if not enough combinations are available. + +:: +The List tag gets replaced by one of the values from the list of arguments you provide. For example, `` gets replaced with `bronze`, `silver`, or `gold`. + ++ +You can weight arguments to ensure some arguments are selected more often than others. For example, if you want two bronze for one silver and one gold, use ``. + +:: +The ParentDN tag gets replaced by the distinguished name of the parent entry. For example, if the DN of the entry is `uid=bjensen,ou=People,dc=example,dc=com`, `` gets replaced by `ou=People,dc=example,dc=com`. + +:: +The Presence tag takes a percent argument. It does not get replaced by a value itself, but instead results in the attribute being generated on the percentage of entries you specify in the argument. For example, `description: A description` generates `description: A description` on half the entries. + +:: +The Random tag lets you generate a variety of random numbers and strings. The Random tag has the following subtypes, which you include as arguments, that is ``. ++ + +* `alpha:length` + +* `alpha:minlength:maxlength` + +* `numeric:length` + +* `numeric:minvalue:maxvalue` + +* `numeric:minvalue:maxvalue:format`, where __format__ is a link:http://docs.oracle.com/javase/7/docs/api/java/text/DecimalFormat.html[java.text.DecimalFormat, window=\_blank] pattern + +* `alphanumeric:length` + +* `alphanumeric:minlength:maxlength` + +* `chars:characters:length` + +* `chars:characters:minlength:maxlength` + +* `hex:length` + +* `hex:minlength:maxlength` + +* `base64:length` + +* `base64:minlength:maxlength` + +* `month` + +* `month:maxlength` + +* `telephone`, a telephone number starting with the country code `+1` + + +:: +The RDN tag gets replaced with the RDN of the entry. Use this in the template after you have specified `rdnAttr` so that the RDN has already been generated when this tag is replaced. + ++ +An optional integer argument specifies the subcomponents of the RDN to generate. + +:: +The Sequential tag gets replaced by a sequentially increasing generated integer. The first optional integer argument specifies the starting number. The second optional boolean argument specifies whether to start over when generating entries for a new parent entry. For example, `:42:true` starts counting from 42, and starts over when the parent entry changes from `o=Engineering` to `o=Marketing`. + +<_DN>:: +The _DN tag gets replaced by the DN of the current entry with underscores in the place of commas. + +<_ParentDN>:: +The _ParentDN tag gets replaced by the DN the parent entry with underscores in the place of commas. + +-- + +== Examples +The following example generates 10 organization units, each containing 50 entries. + +[source] +---- +define suffix=dc=example,dc=com +define maildomain=example.com +define numusers=50 +define numorgs=10 + +branch: [suffix] + +branch: ou=People,[suffix] +subordinateTemplate: orgunit:[numorgs] +description: This is the People container +telephoneNumber: +33 00010002 + +template: orgunit +subordinateTemplate: person:[numusers] +rdnAttr: ou +ou: Org- +objectClass: top +objectClass: organizationalUnit +description: This is the {ou} organizational unit + +template: person +rdnAttr: uid +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +givenName: +sn: +cn: {givenName} {sn} +initials: {givenName:1}{sn:1} +employeeNumber: +uid: user.{employeeNumber} +mail: {uid}@[maildomain] +userPassword: password +telephoneNumber: +homePhone: +pager: +mobile: +street: Street +l: +st: +postalCode: +postalAddress: {cn}${street}${l}, {st} {postalCode} +description: This is the description for {cn}. +---- + +== See Also + +xref:#make-ldif-1[make-ldif(1)], the OpenDJ directory server template file `/path/to/opendj/config/MakeLDIF/example.template` \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-opendj.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-opendj.adoc new file mode 100644 index 0000000000..04f220e087 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-opendj.adoc @@ -0,0 +1,76 @@ +//// + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2011-2015 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. +//// + +[#opendj-5] += opendj(5) + +:doctype: manpage +:manmanual: OpenDJ +:mansource: OpenDJ + +== Name +OpenDJ - a high-performance, highly-extensible, LDAPv3 compliant directory server + +== Description + +OpenDJ is a high-performance, highly-extensible, pure Java directory server. +The server is fully compliant with the LDAPv3 standard, +and passes all of the compliance, interoperability and security tests suites. +The directory server implements most of the standard +and experimental LDAP extensions defined in the IETF as RFCs or Internet-Drafts, +ensuring maximum interoperability with LDAP client applications. + +OpenDJ software includes a rich set of APIs making the directory server easy to extend. +The directory server supports a loosely consistent multi-master replication model +that guarantees high availability of data for all operations, searches or updates. +While theoretically unlimited with regard to the number of masters, +the directory server has been stressed under heavy and durable load with four masters. + +OpenDJ software includes: + +* A graphical installation tool (`QuickSetup`) that enables you +to have a server configured, and up and running in less than 3 minutes + +* A graphical control panel (`bin/control-panel`) +that displays server status information +and enables you to perform basic directory server administration + +* A rich set of command-line utilities to perform +all online administrative tasks both interactively and with scripts + +* Advanced security and password policies + +* Advanced backup and restore capabilities + +* Extensive user documentation + +== Usage + +See the `Installation Guide` for instructions +on getting started with OpenDJ directory server. + +To install the directory server from IPS packages perform the following steps: + +* As the root user, run the `configure` command +to create an instance of the directory server in a specific location, +running as a specific user. + +* Run the `setup` command as this user +to install and configure the directory server instance. + +* For additional configuration of the directory server, +use the `control-panel` and `dsconfig` commands. \ No newline at end of file diff --git a/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-windows-service.adoc b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-windows-service.adoc new file mode 100644 index 0000000000..a5d9ee2e8a --- /dev/null +++ b/opendj-doc-generated-ref/src/main/asciidoc/man-pages/man-windows-service.adoc @@ -0,0 +1,83 @@ +//// + + The contents of this file are subject to the terms of the Common Development and + Distribution License (the License). You may not use this file except in compliance with the + License. + + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + specific language governing permission and limitations under the License. + + When distributing Covered Software, include this CDDL Header Notice in each file and include + the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + Header, with the fields enclosed by brackets [] replaced by your own identifying + information: "Portions Copyright [year] [name of copyright owner]". + + Copyright 2015-2016 ForgeRock AS. + Portions Copyright 2024 3A Systems LLC. + +//// + +[#windows-service] += windows-service(1) + +:doctype: manpage +:manmanual: Directory Server Tools +:mansource: OpenDJ + +== Name +windows-service — register OpenDJ as a Windows Service + +== Synopsis +`windows-service` {options} + +== Description +This utility can be used to run OpenDJ directory server as a Windows Service. + +== Service Options +-- + +`-c, --cleanupService serviceName`:: +Disable the service and clean up the windows registry information associated with the provided service name + +`-d, --disableService`:: +Disable the server as a Windows service and stop the server + +`-e, --enableService`:: +Enable the server as a Windows service + +`-s, --serviceState`:: +Provide information about the state of the server as a Windows service + +-- + +== General Options +-- + +`-V, --version`:: +Display version information + +`-?, -H, --help`:: +Display usage information + +-- + + +== Exit Codes +-- + +0:: +The command completed successfully. + +> 0:: +An error occurred. + +-- + +== Example +The following command registers OpenDJ directory server as a Windows Service. + +[source, console] +---- +C:\path\to\opendj\bat> windows-service.bat --enableService +---- +After running this command, you can manage the service using Windows administration tools. diff --git a/opendj-doc-generated-ref/src/main/asciidoc/reference/admin-tools-ref.adoc b/opendj-doc-generated-ref/src/main/asciidoc/reference/admin-tools-ref.adoc index efc4be3873..25535a7208 100644 --- a/opendj-doc-generated-ref/src/main/asciidoc/reference/admin-tools-ref.adoc +++ b/opendj-doc-generated-ref/src/main/asciidoc/reference/admin-tools-ref.adoc @@ -2,15 +2,15 @@ The contents of this file are subject to the terms of the Common Development and Distribution License (the License). You may not use this file except in compliance with the License. - + You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the specific language governing permission and limitations under the License. - + When distributing Covered Software, include this CDDL Header Notice in each file and include the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL Header, with the fields enclosed by brackets [] replaced by your own identifying information: "Portions copyright [year] [name of copyright owner]". - + Copyright 2017 ForgeRock AS. Portions Copyright 2024 3A Systems LLC. //// @@ -24,7115 +24,141 @@ == Tools Reference You can find bundle tools under the folder where you installed OpenDJ directory server as listed in xref:../admin-guide/chap-admin-tools.adoc#cli-overview["Command-Line Tools"] in the __Administration Guide__. -[#backendstat-1] -=== backendstat — gather OpenDJ backend debugging information - -==== Synopsis -`backendstat` {subcommand} {options} - -[#backendstat-description] -==== Description -This utility can be used to debug a backend. - -[#backendstat-options] -==== Options -The `backendstat` command takes the following options: --- - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#backendstat-subcommands] -==== Subcommands -The `backendstat` command supports the following subcommands: -[#backendstat-dump-index] -===== backendstat dump-index -Dump records from an index, decoding keys and values. Depending on index size, this subcommand can generate lots of output. -[#backendstat-dump-index-options] -====== Options --- -The `backendstat dump-index` command takes the following options: - -`-n | --backendID {backendName}`:: -The backend ID of the backend. - -`-b | --baseDN {baseDN}`:: -The base DN within the backend. - -`-i | --indexName {indexName}`:: -The name of the index. - -`-q | --statsOnly`:: -Do not display backend data, just statistics. - -+ -Default: false - -`-K | --maxKeyValue {maxKeyValue}`:: -Only show records with keys that should be ordered before the provided value using the comparator for the database container. - -`-k | --minKeyValue {minKeyValue}`:: -Only show records with keys that should be ordered after the provided value using the comparator for the database container. - -`-X | --maxHexKeyValue {maxKeyValue}`:: -Only show records with keys that should be ordered before the provided value using the comparator for the database container. - -`-x | --minHexKeyValue {minKeyValue}`:: -Only show records with keys that should be ordered after the provided value using the comparator for the database container. - -`-S | --maxDataSize {maxDataSize}`:: -Only show records whose data is no larger than the provided value. - -+ -Default: -1 - -`-s | --minDataSize {minDataSize}`:: -Only show records whose data is no smaller than the provided value. - -+ -Default: -1 - -`-p | --skipDecode`:: -Do not try to decode backend data to their appropriate types. - -+ -Default: false - --- - - -[#backendstat-dump-raw-db] -===== backendstat dump-raw-db -Dump the raw records in hexadecimal format for a low-level database within the pluggable backend's storage engine. Depending on index size, this subcommand can generate lots of output. -[#backendstat-dump-raw-db-options] -====== Options --- -The `backendstat dump-raw-db` command takes the following options: - -`-n | --backendID {backendName}`:: -The backend ID of the backend. - -`-d | --dbName {databaseName}`:: -The raw database name. - -`-q | --statsOnly`:: -Do not display backend data, just statistics. - -+ -Default: false - -`-K | --maxKeyValue {maxKeyValue}`:: -Only show records with keys that should be ordered before the provided value using the comparator for the database container. - -`-k | --minKeyValue {minKeyValue}`:: -Only show records with keys that should be ordered after the provided value using the comparator for the database container. - -`-X | --maxHexKeyValue {maxKeyValue}`:: -Only show records with keys that should be ordered before the provided value using the comparator for the database container. - -`-x | --minHexKeyValue {minKeyValue}`:: -Only show records with keys that should be ordered after the provided value using the comparator for the database container. - -`-S | --maxDataSize {maxDataSize}`:: -Only show records whose data is no larger than the provided value. - -+ -Default: -1 - -`-s | --minDataSize {minDataSize}`:: -Only show records whose data is no smaller than the provided value. - -+ -Default: -1 - -`-l | --singleLine`:: -Write hexadecimal data on a single line instead of pretty format. - -+ -Default: false - --- - - -[#backendstat-list-backends] -===== backendstat list-backends -List the pluggable backends. - -[#backendstat-list-base-dns] -===== backendstat list-base-dns -List the base DNs in a backend. -[#backendstat-list-base-dns-options] -====== Options --- -The `backendstat list-base-dns` command takes the following options: - -`-n | --backendID {backendName}`:: -The backend ID of the backend. - --- - - -[#backendstat-list-indexes] -===== backendstat list-indexes -List the indexes associated with a pluggable backend. This subcommand may take a long time to complete depending on the size of the backend. -[#backendstat-list-indexes-options] -====== Options --- -The `backendstat list-indexes` command takes the following options: - -`-n | --backendID {backendName}`:: -The backend ID of the backend. - -`-b | --baseDN {baseDN}`:: -The base DN within the backend. - --- - - -[#backendstat-list-raw-dbs] -===== backendstat list-raw-dbs -List the low-level databases within a pluggable backend's storage engine. This subcommand may take a long time to complete depending on the size of the backend. -[#backendstat-list-raw-dbs-options] -====== Options --- -The `backendstat list-raw-dbs` command takes the following options: - -`-n | --backendID {backendName}`:: -The backend ID of the backend. - -`-u | --useSIUnits`:: -Uses SI Units for printing sizes. - -+ -Default: false - --- - - -[#backendstat-show-index-status] -===== backendstat show-index-status -Shows the status of indexes for a backend base DN. This subcommand can take a long time to complete, as it reads all indexes for all backends. --- -When you run the 'list-index-status' command, the result is a table, followed by a "Total", which is the total number of indexes, followed by a list of indexes with "Over index-entry-limit keys" to show the values for which the number of entries exceeded the index entry limit. The table has the following columns. -Index Name:: -Name of the index, which takes the form __attr.type__ for attribute indexes, and vlv.__name__ for VLV indexes. Some indexes are for OpenDJ directory server's internal use. +:leveloffset: 1" -+ -Example: `givenName.caseIgnoreSubstringsMatch:6` - -Tree Name:: -Name of the backend tree, which reflects how OpenDJ directory server organizes the data in the database. - -+ -Example: `/dc=example,dc=com/givenName.caseIgnoreSubstringsMatch:6` - -Index Valid:: -This is `true` for valid indexes. If this is `false`, the index might be degraded. Verify the index, and rebuild the index if necessary. - -Record Count:: -Number of indexed keys. Use the `backendstat dump-tree` command to see how many entry IDs correspond to each key. - -Over Index Entry Limit:: -Number of keys for which there are too many values to maintain an index, based on the index entry limit. This is recorded as `-` for VLV indexes. - -+ -In other words, with the default index entry limit of 4000, if every user in your large directory has an email address ending in `@example.com`, and a substring index with default substring length of 6 is maintained for `mail`, then OpenDJ directory server does not maintain indexes for keys corresponding to substrings in `@example.com`. - -+ -As a result, an LDAP search with the filter `"(mail=*@example.com)"` becomes an unindexed search even though a substring index exists for the mail attribute. By default OpenDJ directory server does not allow unindexed searches except by privileged users. This is usually exactly the behavior you want in order to prevent client applications from sending searches that return every user in the directory for example. Clients should refine their search filters instead. - -95%, 90%, 85%:: -Number of keys for which the number of values is approaching the index entry limit, having at least the specified percentage. This is a measure of how full the entry ID lists are. - --- -[#backendstat-show-index-status-options] -====== Options --- -The `backendstat show-index-status` command takes the following options: - -`-n | --backendID {backendName}`:: -The backend ID of the backend. - -`-b | --baseDN {baseDN}`:: -The base DN within the backend. - --- - - - -[#d1822e699] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e716] -==== Examples -The following example displays index information. - -[source, console] ----- -$ bin/backendstat dump-index -n userRoot -b dc=example,dc=com -i id2childrencount - - Key (len 2): 1#52 - Value (len 8): 1 - Key (len 2): 2#52 - Value (len 8): 500000 - Key (len 9): Total Children Count - Value (len 8): 500001 - - Total Records: 3 - Total / Average Key Size: 13 bytes / 4 bytes - Total / Average Data Size: 24 bytes / 8 bytes ----- +include::../partials/man-backendstat.adoc[] ''' -[#backup-1] -=== backup — back up OpenDJ directory data - -==== Synopsis -`backup` - -[#backup-description] -==== Description -This utility can be used to back up one or more Directory Server backends. - -[#backup-options] -==== Options -The `backup` command takes the following options: --- -Command options: - -`-a | --backUpAll`:: -Back up all backends in the server. - -+ -Default: false - -`-A | --hash`:: -Generate a hash of the backup contents. - -+ -Default: false - -`-B | --incrementalBaseID {backupID}`:: -Backup ID of the source archive for an incremental backup. - -`-c | --compress`:: -Compress the backup contents. - -+ -Default: false - -`-d | --backupDirectory {backupDir}`:: -Path to the target directory for the backup file(s). - -`-i | --incremental`:: -Perform an incremental backup rather than a full backup. - -+ -Default: false - -`-I | --backupID {backupID}`:: -Use the provided identifier for the backup. - -`-n | --backendID {backendName}`:: -Backend ID for the backend to archive. - -`-s | --signHash`:: -Sign the hash of the backup contents. - -+ -Default: false - -`-y | --encrypt`:: -Encrypt the backup contents. - -+ -Default: false - --- --- -Task Backend Connection Options - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Task Scheduling Options - -`--completionNotify {emailAddress}`:: -Email address of a recipient to be notified when the task completes. This option may be specified more than once. -`--dependency {taskID}`:: -ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution. - -`--errorNotify {emailAddress}`:: -Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once. - -`--failedDependencyAction {action}`:: -Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS,CANCEL,DISABLE. If not specified defaults to CANCEL. - -`--recurringTask {schedulePattern}`:: -Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. - -`-t | --start {startTime}`:: -Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - --- --- -Utility input/output options: - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e1059] -==== Exit Codes --- - -0:: -The command completed successfully. - -1:: -An error occurred. - --- - -[#d1822e1076] -==== Examples -The following example backs up all user data while the server is online. - -[source, console] ----- -$ backup -p 4444 -D "cn=Directory Manager" -w password \ - -a -d /path/to/opendj/bak -t 0 -Backup task 20110613143801866 scheduled to start ... ----- -The following example schedules back up of all user data every night at 2 AM when the server is online, and notifies diradmin@example.com when finished, or on error. - -[source, console] ----- -$ backup -p 4444 -D "cn=Directory Manager" -w password -a \ - -d /path/to/opendj/bak --recurringTask "00 02 * * *" \ - --completionNotify diradmin@example.com --errorNotify diradmin@example.com -Recurring Backup task BackupTask-988d6adf-4d65-44bf-8546-6ea74a2480b0 -scheduled successfully ----- -The following example backs up all user data while the server is offline. - -[source, console] ----- -$ stop-ds -Stopping Server... -... - -$ backup --backupAll --backupDirectory /path/to/opendj/bak -... msg=The backup process completed successfully - -$ start-ds -... The Directory Server has started successfully ----- +include::../partials/man-backup.adoc[] ''' -[#base64-1] -=== base64 — encode and decode base64 strings - -==== Synopsis -`base64` {subcommand} {options} - -[#base64-description] -==== Description -This utility can be used to encode and decode information using base64. - -[#base64-options] -==== Options -The `base64` command takes the following options: --- - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. -+ -Default: false - --- - -[#base64-subcommands] -==== Subcommands -The `base64` command supports the following subcommands: -[#base64-decode] -===== base64 decode -Decode base64-encoded information into raw data. When no options are specified, this subcommand reads from standard input and writes to standard output. -[#base64-decode-options] -====== Options --- -The `base64 decode` command takes the following options: - -`-d | --encodedData {data}`:: -The base64-encoded data to be decoded. - -`-f | --encodedDataFile {path}`:: -The path to a file containing the base64-encoded data to be decoded. - -`-o | --toRawFile {path}`:: -The path to a file to which the raw base64-decoded data should be written. - --- - - -[#base64-encode] -===== base64 encode -Encode raw data using base64. When no options are specified, this subcommand reads from standard input and writes to standard output. -[#base64-encode-options] -====== Options --- -The `base64 encode` command takes the following options: - -`-d | --rawData {data}`:: -The raw data to be base64 encoded. - -`-f | --rawDataFile {path}`:: -The path to a file containing the raw data to be base64 encoded. - -`-o | --toEncodedFile {path}`:: -The path to a file to which the base64-encoded data should be written. - --- - - - -[#d1822e1264] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e1281] -==== Examples -The following command shows the changes from the external change log in human-readable format. - -[source, console] ----- -$ base64 decode -d YWRkOiBkZXNjcmlwdGlvbgpkZXNjcmlwdGlvbjogQSB0aGlyZCBjaGFuZ2UK\ -LQpyZXBsYWNlOiBtb2RpZmllcnNOYW1lCm1vZGlmaWVyc05hbWU6IGNuPURpcmVjdG9yeSBNYW5hZ2V\ -yLGNuPVJvb3QgRE5zLGNuPWNvbmZpZwotCnJlcGxhY2U6IG1vZGlmeVRpbWVzdGFtcAptb2RpZnlUaW\ -1lc3RhbXA6IDIwMTEwNjEzMDcxMjEwWgotCg== -add: description -description: A third change -- -replace: modifiersName -modifiersName: cn=Directory Manager,cn=Root DNs,cn=config -- -replace: modifyTimestamp -modifyTimestamp: 20110613071210Z -- ----- +include::../partials/man-base64.adoc[] ''' -[#control-panel-1] -=== control-panel — start the OpenDJ graphical admin interface - -==== Synopsis -`control-panel` - -[#control-panel-description] -==== Description -This utility can be used to display the Control Panel window which displays basic server information and allows to do some basic administration tasks on the server. - -If no host name or port is provided, the tool will try to connect to the local server. - -[#control-panel-options] -==== Options -The `control-panel` command takes the following options: --- -Command options: - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-r | --remote`:: -Connect to a remote server. - -+ -Default: false - --- --- -LDAP connection options: - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e1434] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e1451] -==== Examples -The following example starts the Control Panel on a remote host. - -[source, console] ----- -$ control-panel -r -h opendj.example.com -p 4444 & ----- +include::../partials/man-control-panel.adoc[] ''' -[#create-rc-script-1] -=== create-rc-script — script to manage OpenDJ as a service on UNIX - -==== Synopsis -`create-rc-script` - -[#create-rc-script-description] -==== Description -Create an RC script that may be used to start, stop, and restart the Directory Server on UNIX-based systems. - -[#create-rc-script-options] -==== Options -The `create-rc-script` command takes the following options: --- -Command options: - -`-f | --outputFile {path}`:: -The path to the output file to create. - -`-j | --javaHome {path}`:: -The path to the Java installation that should be used to run the server. - -`-J | --javaArgs {args}`:: -A set of arguments that should be passed to the JVM when running the server. - -`-u | --userName {userName}`:: -The name of the user account under which the server should run. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false --- +include::../partials/man-create-rc-script.adoc[] -[#d1822e1555] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e1572] -==== Examples -The following example adds a script to start OpenDJ at boot time on a Debian-based system, and then updates the runlevel system to use the script. +''' -[source, console] ----- -$ sudo create-rc-script -f /etc/init.d/opendj -u opendj-user -$ sudo update-rc.d opendj ----- +include::../partials/man-dsconfig.adoc[] ''' -[#dsconfig-1] -=== dsconfig — manage OpenDJ directory server configuration -==== Synopsis -`dsconfig` {subcommand} {options} +include::../partials/man-dsjavaproperties.adoc[] -[#dsconfig-description] -==== Description -This utility can be used to define a base configuration for the Directory Server. -The `dsconfig` command is the primary command-line tool for viewing and editing OpenDJ configuration. When started without arguments, `dsconfig` prompts you for administration connection information, including the host name, administration port number, administrator bind DN and administrator password. The `dsconfig` command then connects securely to the directory server over the administration port. Once connected it presents you with a menu-driven interface to the server configuration. +''' -When you pass connection information, subcommands, and additional options to `dsconfig`, the command runs in script mode and so is not interactive, though it can prompt you to ask whether to apply changes and whether to trust certificates (unless you use the `--no-prompt` and `--trustAll` options, respectively). +include::../partials/man-dsreplication.adoc[] -You can prepare `dsconfig` batch scripts by running the tool with the `--commandFilePath` option in interactive mode, then reading from the batch file with the `--batchFilePath` option in script mode. Batch files can be useful when you have many `dsconfig` commands to run and want to avoid starting the JVM for each command. Alternatively, you can read commands from standard input by using the `--batch` option. +''' -The `dsconfig` command categorizes directory server configuration into __components__, also called __managed objects__. Actual components often inherit from a parent component type. For example, one component is a Connection Handler. An LDAP Connection Handler is a type of Connection Handler. You configure the LDAP Connection Handler component to specify how OpenDJ directory server handles LDAP connections coming from client applications. +include::../partials/man-encode-password.adoc[] -Configuration components have __properties__. For example, the LDAP Connection Handler component has properties such as `listen-port` and `allow-start-tls`. You can set the component's `listen-port` property to `389` to use the default LDAP port number. You can set the component's `allow-start-tls` property to `true` to permit LDAP client applications to use StartTLS. Much of the configuration you do with `dsconfig` involves setting component properties. +''' -[#dsconfig-options] -==== Options -The `dsconfig` command takes the following options: --- -Command options: +include::../partials/man-export-ldif.adoc[] -`--batch`:: -Reads from standard input a set of commands to be executed. +''' -+ -Default: false +include::../partials/man-import-ldif.adoc[] -`--commandFilePath {path}`:: -The full path to the file where the equivalent non-interactive commands will be written when this command is run in interactive mode. +''' -`--displayCommand`:: -Display the equivalent non-interactive argument in the standard output when this command is run in interactive mode. +include::../partials/man-ldapcompare.adoc[] -+ -Default: false +''' -`--help-all`:: -Display all subcommands. +include::../partials/man-ldapdelete.adoc[] -+ -Default: false +''' -`--help-core-server`:: -Display subcommands relating to core server. +include::../partials/man-ldapmodify.adoc[] -+ -Default: false +''' -`--help-database`:: -Display subcommands relating to caching and back-ends. +include::../partials/man-ldappasswordmodify.adoc[] -+ -Default: false +''' -`--help-logging`:: -Display subcommands relating to logging. +include::../partials/man-ldapsearch.adoc[] -+ -Default: false +''' -`--help-replication`:: -Display subcommands relating to replication. +include::../partials/man-ldifdiff.adoc[] -+ -Default: false +''' -`--help-security`:: -Display subcommands relating to authentication and authorization. +include::../partials/man-ldifmodify.adoc[] -+ -Default: false +''' -`--help-user-management`:: -Display subcommands relating to user management. +include::../partials/man-ldifsearch.adoc[] -+ -Default: false +''' --- --- -Configuration Options +include::../partials/man-list-backends.adoc[] -`--advanced`:: -Allows the configuration of advanced components and properties. +''' -+ -Default: false +include::../partials/man-makeldif.adoc[] --- --- -LDAP connection options: +''' -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. +include::../partials/man-makeldif-template.adoc[] -+ -Default: cn=Directory Manager +''' -`-E | --reportAuthzID`:: -Use the authorization identity control. +include::../partials/man-manage-account.adoc[] -+ -Default: false +''' -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. +include::../partials/man-manage-tasks.adoc[] -+ -Default: localhost.localdomain +''' -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. +include::../partials/man-rebuild-index.adoc[] -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. +''' -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. +include::../partials/man-restore.adoc[] -`-o | --saslOption {name=value}`:: -SASL bind options. +''' -`-p | --port {port}`:: -Directory server administration port number. +include::../partials/man-setup.adoc[] -+ -Default: 4444 +''' -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. +include::../partials/man-start-ds.adoc[] -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. +''' -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. +include::../partials/man-status.adoc[] -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. +''' -`--usePasswordPolicyControl`:: -Use the password policy request control. +include::../partials/man-stop-ds.adoc[] -+ -Default: false +''' -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. +include::../partials/man-uninstall.adoc[] -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. +''' -`-X | --trustAll`:: -Trust all server SSL certificates. +include::../partials/man-upgrade.adoc[] -+ -Default: false +''' --- --- -Utility input/output options: +include::../partials/man-verify-index.adoc[] -`-F | --batchFilePath {batchFilePath}`:: -Path to a batch file containing a set of commands to be executed. +''' -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - -`-s | --script-friendly`:: -Use script-friendly mode. - -+ -Default: false - -`-v | --verbose`:: -Use verbose mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#dsconfig-subcommands] -==== Subcommands -The `dsconfig` command provides many subcommands. - -Subcommands let you create, list, and delete entire configuration components, and also let you get and set component properties. Subcommands therefore have names that reflect these five actions. - -* create-__component__ - -* list-__component__s - -* delete-__component__ - -* get-__component__-prop - -* set-__component__-prop - -Here, __component__ names are names of managed object types. Subcommand __component__ names are lower-case, hyphenated versions of the friendly names. When you act on an actual configuration component, you provide the name of the component as an option argument. -For example, the Log Publisher component has these corresponding subcommands. - -* `create-log-publisher` - -* `list-log-publishers` - -* `delete-log-publisher` - -* `get-log-publisher-prop` - -* `set-log-publisher-prop` - -When you create or delete Log Publisher components and when you get and set their configuration properties, you provide the name of the actual log publisher, which you can find by using the `list-log-publishers` subcommand. - -[source, console] ----- -$ dsconfig \ - list-log-publishers \ - --hostname opendj.example.com \ - --port 4444 \ - --bindDN "cn=Directory Manager" \ - --bindPassword password \ - --trustAll - -Log Publisher : Type : enabled -------------------------------:------------------------:-------- -File-Based Access Logger : file-based-access : true -File-Based Audit Logger : file-based-audit : false -File-Based Debug Logger : file-based-debug : false -File-Based Error Logger : file-based-error : true -File-Based HTTP Access Logger : file-based-http-access : false -Replication Repair Logger : file-based-error : true - -$ dsconfig \ - get-log-publisher-prop \ - --publisher-name "File-Based Access Logger" \ - --property rotation-policy \ - --hostname opendj.example.com \ - --port 4444 \ - --bindDN "cn=Directory Manager" \ - --bindPassword password \ - --trustAll -Property : Value(s) -----------------:-------------------------------------------------------------- -rotation-policy : 24 Hours Time Limit Rotation Policy, Size Limit Rotation - : Policy ----- -Many subcommands let you set property values. Notice in the reference for the subcommands below that specific options are available for handling multi-valued properties. Whereas you can assign a single property value by using the `--set` option, you assign multiple values to a multi-valued property by using the `--add` option. You can reset the values of the multi-valued property by using the `--reset` option. -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -Use the following options to view help for subcommands. --- - -`dsconfig --help-all`:: -Display all subcommands - -`dsconfig --help-core-server`:: -Display subcommands relating to core server - -`dsconfig --help-database`:: -Display subcommands relating to caching and back-ends - -`dsconfig --help-logging`:: -Display subcommands relating to logging - -`dsconfig --help-replication`:: -Display subcommands relating to replication - -`dsconfig --help-security`:: -Display subcommands relating to authentication and authorization - -`dsconfig --help-user-management`:: -Display subcommands relating to user management - --- -For help with individual subcommands, either use `dsconfig subcommand --help`, or start `dsconfig` in interactive mode, without specifying a subcommand. - -To view all component properties, use the `dsconfig list-properties` command. -The `dsconfig` command supports the following subcommands: - -* link:../reference/index.html#dsconfig-create-access-log-filtering-criteria[dsconfig create-access-log-filtering-criteria]: Creates Access Log Filtering Criteria - -* link:../reference/index.html#dsconfig-create-account-status-notification-handler[dsconfig create-account-status-notification-handler]: Creates Account Status Notification Handlers - -* link:../reference/index.html#dsconfig-create-alert-handler[dsconfig create-alert-handler]: Creates Alert Handlers - -* link:../reference/index.html#dsconfig-create-attribute-syntax[dsconfig create-attribute-syntax]: Creates Attribute Syntaxes - -* link:../reference/index.html#dsconfig-create-backend[dsconfig create-backend]: Creates Backends - -* link:../reference/index.html#dsconfig-create-backend-index[dsconfig create-backend-index]: Creates Backend Indexes - -* link:../reference/index.html#dsconfig-create-backend-vlv-index[dsconfig create-backend-vlv-index]: Creates Backend VLV Indexes - -* link:../reference/index.html#dsconfig-create-certificate-mapper[dsconfig create-certificate-mapper]: Creates Certificate Mappers - -* link:../reference/index.html#dsconfig-create-connection-handler[dsconfig create-connection-handler]: Creates Connection Handlers - -* link:../reference/index.html#dsconfig-create-debug-target[dsconfig create-debug-target]: Creates Debug Targets - -* link:../reference/index.html#dsconfig-create-entry-cache[dsconfig create-entry-cache]: Creates Entry Caches - -* link:../reference/index.html#dsconfig-create-extended-operation-handler[dsconfig create-extended-operation-handler]: Creates Extended Operation Handlers - -* link:../reference/index.html#dsconfig-create-group-implementation[dsconfig create-group-implementation]: Creates Group Implementations - -* link:../reference/index.html#dsconfig-create-http-authorization-mechanism[dsconfig create-http-authorization-mechanism]: Creates HTTP Authorization Mechanisms - -* link:../reference/index.html#dsconfig-create-http-endpoint[dsconfig create-http-endpoint]: Creates HTTP Endpoints - -* link:../reference/index.html#dsconfig-create-identity-mapper[dsconfig create-identity-mapper]: Creates Identity Mappers - -* link:../reference/index.html#dsconfig-create-key-manager-provider[dsconfig create-key-manager-provider]: Creates Key Manager Providers - -* link:../reference/index.html#dsconfig-create-log-publisher[dsconfig create-log-publisher]: Creates Log Publishers - -* link:../reference/index.html#dsconfig-create-log-retention-policy[dsconfig create-log-retention-policy]: Creates Log Retention Policies - -* link:../reference/index.html#dsconfig-create-log-rotation-policy[dsconfig create-log-rotation-policy]: Creates Log Rotation Policies - -* link:../reference/index.html#dsconfig-create-matching-rule[dsconfig create-matching-rule]: Creates Matching Rules - -* link:../reference/index.html#dsconfig-create-monitor-provider[dsconfig create-monitor-provider]: Creates Monitor Providers - -* link:../reference/index.html#dsconfig-create-password-generator[dsconfig create-password-generator]: Creates Password Generators - -* link:../reference/index.html#dsconfig-create-password-policy[dsconfig create-password-policy]: Creates Authentication Policies - -* link:../reference/index.html#dsconfig-create-password-storage-scheme[dsconfig create-password-storage-scheme]: Creates Password Storage Schemes - -* link:../reference/index.html#dsconfig-create-password-validator[dsconfig create-password-validator]: Creates Password Validators - -* link:../reference/index.html#dsconfig-create-plugin[dsconfig create-plugin]: Creates Plugins - -* link:../reference/index.html#dsconfig-create-replication-domain[dsconfig create-replication-domain]: Creates Replication Domains - -* link:../reference/index.html#dsconfig-create-replication-server[dsconfig create-replication-server]: Creates Replication Servers - -* link:../reference/index.html#dsconfig-create-sasl-mechanism-handler[dsconfig create-sasl-mechanism-handler]: Creates SASL Mechanism Handlers - -* link:../reference/index.html#dsconfig-create-schema-provider[dsconfig create-schema-provider]: Creates Schema Providers - -* link:../reference/index.html#dsconfig-create-synchronization-provider[dsconfig create-synchronization-provider]: Creates Synchronization Providers - -* link:../reference/index.html#dsconfig-create-trust-manager-provider[dsconfig create-trust-manager-provider]: Creates Trust Manager Providers - -* link:../reference/index.html#dsconfig-create-virtual-attribute[dsconfig create-virtual-attribute]: Creates Virtual Attributes - -* link:../reference/index.html#dsconfig-delete-access-log-filtering-criteria[dsconfig delete-access-log-filtering-criteria]: Deletes Access Log Filtering Criteria - -* link:../reference/index.html#dsconfig-delete-account-status-notification-handler[dsconfig delete-account-status-notification-handler]: Deletes Account Status Notification Handlers - -* link:../reference/index.html#dsconfig-delete-alert-handler[dsconfig delete-alert-handler]: Deletes Alert Handlers - -* link:../reference/index.html#dsconfig-delete-attribute-syntax[dsconfig delete-attribute-syntax]: Deletes Attribute Syntaxes - -* link:../reference/index.html#dsconfig-delete-backend[dsconfig delete-backend]: Deletes Backends - -* link:../reference/index.html#dsconfig-delete-backend-index[dsconfig delete-backend-index]: Deletes Backend Indexes - -* link:../reference/index.html#dsconfig-delete-backend-vlv-index[dsconfig delete-backend-vlv-index]: Deletes Backend VLV Indexes - -* link:../reference/index.html#dsconfig-delete-certificate-mapper[dsconfig delete-certificate-mapper]: Deletes Certificate Mappers - -* link:../reference/index.html#dsconfig-delete-connection-handler[dsconfig delete-connection-handler]: Deletes Connection Handlers - -* link:../reference/index.html#dsconfig-delete-debug-target[dsconfig delete-debug-target]: Deletes Debug Targets - -* link:../reference/index.html#dsconfig-delete-entry-cache[dsconfig delete-entry-cache]: Deletes Entry Caches - -* link:../reference/index.html#dsconfig-delete-extended-operation-handler[dsconfig delete-extended-operation-handler]: Deletes Extended Operation Handlers - -* link:../reference/index.html#dsconfig-delete-group-implementation[dsconfig delete-group-implementation]: Deletes Group Implementations - -* link:../reference/index.html#dsconfig-delete-http-authorization-mechanism[dsconfig delete-http-authorization-mechanism]: Deletes HTTP Authorization Mechanisms - -* link:../reference/index.html#dsconfig-delete-http-endpoint[dsconfig delete-http-endpoint]: Deletes HTTP Endpoints - -* link:../reference/index.html#dsconfig-delete-identity-mapper[dsconfig delete-identity-mapper]: Deletes Identity Mappers - -* link:../reference/index.html#dsconfig-delete-key-manager-provider[dsconfig delete-key-manager-provider]: Deletes Key Manager Providers - -* link:../reference/index.html#dsconfig-delete-log-publisher[dsconfig delete-log-publisher]: Deletes Log Publishers - -* link:../reference/index.html#dsconfig-delete-log-retention-policy[dsconfig delete-log-retention-policy]: Deletes Log Retention Policies - -* link:../reference/index.html#dsconfig-delete-log-rotation-policy[dsconfig delete-log-rotation-policy]: Deletes Log Rotation Policies - -* link:../reference/index.html#dsconfig-delete-matching-rule[dsconfig delete-matching-rule]: Deletes Matching Rules - -* link:../reference/index.html#dsconfig-delete-monitor-provider[dsconfig delete-monitor-provider]: Deletes Monitor Providers - -* link:../reference/index.html#dsconfig-delete-password-generator[dsconfig delete-password-generator]: Deletes Password Generators - -* link:../reference/index.html#dsconfig-delete-password-policy[dsconfig delete-password-policy]: Deletes Authentication Policies - -* link:../reference/index.html#dsconfig-delete-password-storage-scheme[dsconfig delete-password-storage-scheme]: Deletes Password Storage Schemes - -* link:../reference/index.html#dsconfig-delete-password-validator[dsconfig delete-password-validator]: Deletes Password Validators - -* link:../reference/index.html#dsconfig-delete-plugin[dsconfig delete-plugin]: Deletes Plugins - -* link:../reference/index.html#dsconfig-delete-replication-domain[dsconfig delete-replication-domain]: Deletes Replication Domains - -* link:../reference/index.html#dsconfig-delete-replication-server[dsconfig delete-replication-server]: Deletes Replication Servers - -* link:../reference/index.html#dsconfig-delete-sasl-mechanism-handler[dsconfig delete-sasl-mechanism-handler]: Deletes SASL Mechanism Handlers - -* link:../reference/index.html#dsconfig-delete-schema-provider[dsconfig delete-schema-provider]: Deletes Schema Providers - -* link:../reference/index.html#dsconfig-delete-synchronization-provider[dsconfig delete-synchronization-provider]: Deletes Synchronization Providers - -* link:../reference/index.html#dsconfig-delete-trust-manager-provider[dsconfig delete-trust-manager-provider]: Deletes Trust Manager Providers - -* link:../reference/index.html#dsconfig-delete-virtual-attribute[dsconfig delete-virtual-attribute]: Deletes Virtual Attributes - -* link:../reference/index.html#dsconfig-get-access-control-handler-prop[dsconfig get-access-control-handler-prop]: Shows Access Control Handler properties - -* link:../reference/index.html#dsconfig-get-access-log-filtering-criteria-prop[dsconfig get-access-log-filtering-criteria-prop]: Shows Access Log Filtering Criteria properties - -* link:../reference/index.html#dsconfig-get-account-status-notification-handler-prop[dsconfig get-account-status-notification-handler-prop]: Shows Account Status Notification Handler properties - -* link:../reference/index.html#dsconfig-get-administration-connector-prop[dsconfig get-administration-connector-prop]: Shows Administration Connector properties - -* link:../reference/index.html#dsconfig-get-alert-handler-prop[dsconfig get-alert-handler-prop]: Shows Alert Handler properties - -* link:../reference/index.html#dsconfig-get-attribute-syntax-prop[dsconfig get-attribute-syntax-prop]: Shows Attribute Syntax properties - -* link:../reference/index.html#dsconfig-get-backend-index-prop[dsconfig get-backend-index-prop]: Shows Backend Index properties - -* link:../reference/index.html#dsconfig-get-backend-prop[dsconfig get-backend-prop]: Shows Backend properties - -* link:../reference/index.html#dsconfig-get-backend-vlv-index-prop[dsconfig get-backend-vlv-index-prop]: Shows Backend VLV Index properties - -* link:../reference/index.html#dsconfig-get-certificate-mapper-prop[dsconfig get-certificate-mapper-prop]: Shows Certificate Mapper properties - -* link:../reference/index.html#dsconfig-get-connection-handler-prop[dsconfig get-connection-handler-prop]: Shows Connection Handler properties - -* link:../reference/index.html#dsconfig-get-crypto-manager-prop[dsconfig get-crypto-manager-prop]: Shows Crypto Manager properties - -* link:../reference/index.html#dsconfig-get-debug-target-prop[dsconfig get-debug-target-prop]: Shows Debug Target properties - -* link:../reference/index.html#dsconfig-get-entry-cache-prop[dsconfig get-entry-cache-prop]: Shows Entry Cache properties - -* link:../reference/index.html#dsconfig-get-extended-operation-handler-prop[dsconfig get-extended-operation-handler-prop]: Shows Extended Operation Handler properties - -* link:../reference/index.html#dsconfig-get-external-changelog-domain-prop[dsconfig get-external-changelog-domain-prop]: Shows External Changelog Domain properties - -* link:../reference/index.html#dsconfig-get-global-configuration-prop[dsconfig get-global-configuration-prop]: Shows Global Configuration properties - -* link:../reference/index.html#dsconfig-get-group-implementation-prop[dsconfig get-group-implementation-prop]: Shows Group Implementation properties - -* link:../reference/index.html#dsconfig-get-http-authorization-mechanism-prop[dsconfig get-http-authorization-mechanism-prop]: Shows HTTP Authorization Mechanism properties - -* link:../reference/index.html#dsconfig-get-http-endpoint-prop[dsconfig get-http-endpoint-prop]: Shows HTTP Endpoint properties - -* link:../reference/index.html#dsconfig-get-identity-mapper-prop[dsconfig get-identity-mapper-prop]: Shows Identity Mapper properties - -* link:../reference/index.html#dsconfig-get-key-manager-provider-prop[dsconfig get-key-manager-provider-prop]: Shows Key Manager Provider properties - -* link:../reference/index.html#dsconfig-get-log-publisher-prop[dsconfig get-log-publisher-prop]: Shows Log Publisher properties - -* link:../reference/index.html#dsconfig-get-log-retention-policy-prop[dsconfig get-log-retention-policy-prop]: Shows Log Retention Policy properties - -* link:../reference/index.html#dsconfig-get-log-rotation-policy-prop[dsconfig get-log-rotation-policy-prop]: Shows Log Rotation Policy properties - -* link:../reference/index.html#dsconfig-get-matching-rule-prop[dsconfig get-matching-rule-prop]: Shows Matching Rule properties - -* link:../reference/index.html#dsconfig-get-monitor-provider-prop[dsconfig get-monitor-provider-prop]: Shows Monitor Provider properties - -* link:../reference/index.html#dsconfig-get-password-generator-prop[dsconfig get-password-generator-prop]: Shows Password Generator properties - -* link:../reference/index.html#dsconfig-get-password-policy-prop[dsconfig get-password-policy-prop]: Shows Authentication Policy properties - -* link:../reference/index.html#dsconfig-get-password-storage-scheme-prop[dsconfig get-password-storage-scheme-prop]: Shows Password Storage Scheme properties - -* link:../reference/index.html#dsconfig-get-password-validator-prop[dsconfig get-password-validator-prop]: Shows Password Validator properties - -* link:../reference/index.html#dsconfig-get-plugin-prop[dsconfig get-plugin-prop]: Shows Plugin properties - -* link:../reference/index.html#dsconfig-get-plugin-root-prop[dsconfig get-plugin-root-prop]: Shows Plugin Root properties - -* link:../reference/index.html#dsconfig-get-replication-domain-prop[dsconfig get-replication-domain-prop]: Shows Replication Domain properties - -* link:../reference/index.html#dsconfig-get-replication-server-prop[dsconfig get-replication-server-prop]: Shows Replication Server properties - -* link:../reference/index.html#dsconfig-get-root-dn-prop[dsconfig get-root-dn-prop]: Shows Root DN properties - -* link:../reference/index.html#dsconfig-get-root-dse-backend-prop[dsconfig get-root-dse-backend-prop]: Shows Root DSE Backend properties - -* link:../reference/index.html#dsconfig-get-sasl-mechanism-handler-prop[dsconfig get-sasl-mechanism-handler-prop]: Shows SASL Mechanism Handler properties - -* link:../reference/index.html#dsconfig-get-schema-provider-prop[dsconfig get-schema-provider-prop]: Shows Schema Provider properties - -* link:../reference/index.html#dsconfig-get-synchronization-provider-prop[dsconfig get-synchronization-provider-prop]: Shows Synchronization Provider properties - -* link:../reference/index.html#dsconfig-get-trust-manager-provider-prop[dsconfig get-trust-manager-provider-prop]: Shows Trust Manager Provider properties - -* link:../reference/index.html#dsconfig-get-virtual-attribute-prop[dsconfig get-virtual-attribute-prop]: Shows Virtual Attribute properties - -* link:../reference/index.html#dsconfig-get-work-queue-prop[dsconfig get-work-queue-prop]: Shows Work Queue properties - -* link:../reference/index.html#dsconfig-list-access-log-filtering-criteria[dsconfig list-access-log-filtering-criteria]: Lists existing Access Log Filtering Criteria - -* link:../reference/index.html#dsconfig-list-account-status-notification-handlers[dsconfig list-account-status-notification-handlers]: Lists existing Account Status Notification Handlers - -* link:../reference/index.html#dsconfig-list-alert-handlers[dsconfig list-alert-handlers]: Lists existing Alert Handlers - -* link:../reference/index.html#dsconfig-list-attribute-syntaxes[dsconfig list-attribute-syntaxes]: Lists existing Attribute Syntaxes - -* link:../reference/index.html#dsconfig-list-backend-indexes[dsconfig list-backend-indexes]: Lists existing Backend Indexes - -* link:../reference/index.html#dsconfig-list-backend-vlv-indexes[dsconfig list-backend-vlv-indexes]: Lists existing Backend VLV Indexes - -* link:../reference/index.html#dsconfig-list-backends[dsconfig list-backends]: Lists existing Backends - -* link:../reference/index.html#dsconfig-list-certificate-mappers[dsconfig list-certificate-mappers]: Lists existing Certificate Mappers - -* link:../reference/index.html#dsconfig-list-connection-handlers[dsconfig list-connection-handlers]: Lists existing Connection Handlers - -* link:../reference/index.html#dsconfig-list-debug-targets[dsconfig list-debug-targets]: Lists existing Debug Targets - -* link:../reference/index.html#dsconfig-list-entry-caches[dsconfig list-entry-caches]: Lists existing Entry Caches - -* link:../reference/index.html#dsconfig-list-extended-operation-handlers[dsconfig list-extended-operation-handlers]: Lists existing Extended Operation Handlers - -* link:../reference/index.html#dsconfig-list-group-implementations[dsconfig list-group-implementations]: Lists existing Group Implementations - -* link:../reference/index.html#dsconfig-list-http-authorization-mechanisms[dsconfig list-http-authorization-mechanisms]: Lists existing HTTP Authorization Mechanisms - -* link:../reference/index.html#dsconfig-list-http-endpoints[dsconfig list-http-endpoints]: Lists existing HTTP Endpoints - -* link:../reference/index.html#dsconfig-list-identity-mappers[dsconfig list-identity-mappers]: Lists existing Identity Mappers - -* link:../reference/index.html#dsconfig-list-key-manager-providers[dsconfig list-key-manager-providers]: Lists existing Key Manager Providers - -* link:../reference/index.html#dsconfig-list-log-publishers[dsconfig list-log-publishers]: Lists existing Log Publishers - -* link:../reference/index.html#dsconfig-list-log-retention-policies[dsconfig list-log-retention-policies]: Lists existing Log Retention Policies - -* link:../reference/index.html#dsconfig-list-log-rotation-policies[dsconfig list-log-rotation-policies]: Lists existing Log Rotation Policies - -* link:../reference/index.html#dsconfig-list-matching-rules[dsconfig list-matching-rules]: Lists existing Matching Rules - -* link:../reference/index.html#dsconfig-list-monitor-providers[dsconfig list-monitor-providers]: Lists existing Monitor Providers - -* link:../reference/index.html#dsconfig-list-password-generators[dsconfig list-password-generators]: Lists existing Password Generators - -* link:../reference/index.html#dsconfig-list-password-policies[dsconfig list-password-policies]: Lists existing Password Policies - -* link:../reference/index.html#dsconfig-list-password-storage-schemes[dsconfig list-password-storage-schemes]: Lists existing Password Storage Schemes - -* link:../reference/index.html#dsconfig-list-password-validators[dsconfig list-password-validators]: Lists existing Password Validators - -* link:../reference/index.html#dsconfig-list-plugins[dsconfig list-plugins]: Lists existing Plugins - -* link:../reference/index.html#dsconfig-list-properties[dsconfig list-properties]: Describes managed objects and their properties - -* link:../reference/index.html#dsconfig-list-replication-domains[dsconfig list-replication-domains]: Lists existing Replication Domains - -* link:../reference/index.html#dsconfig-list-replication-server[dsconfig list-replication-server]: Lists existing Replication Server - -* link:../reference/index.html#dsconfig-list-sasl-mechanism-handlers[dsconfig list-sasl-mechanism-handlers]: Lists existing SASL Mechanism Handlers - -* link:../reference/index.html#dsconfig-list-schema-providers[dsconfig list-schema-providers]: Lists existing Schema Providers - -* link:../reference/index.html#dsconfig-list-synchronization-providers[dsconfig list-synchronization-providers]: Lists existing Synchronization Providers - -* link:../reference/index.html#dsconfig-list-trust-manager-providers[dsconfig list-trust-manager-providers]: Lists existing Trust Manager Providers - -* link:../reference/index.html#dsconfig-list-virtual-attributes[dsconfig list-virtual-attributes]: Lists existing Virtual Attributes - -* link:../reference/index.html#dsconfig-set-access-control-handler-prop[dsconfig set-access-control-handler-prop]: Modifies Access Control Handler properties - -* link:../reference/index.html#dsconfig-set-access-log-filtering-criteria-prop[dsconfig set-access-log-filtering-criteria-prop]: Modifies Access Log Filtering Criteria properties - -* link:../reference/index.html#dsconfig-set-account-status-notification-handler-prop[dsconfig set-account-status-notification-handler-prop]: Modifies Account Status Notification Handler properties - -* link:../reference/index.html#dsconfig-set-administration-connector-prop[dsconfig set-administration-connector-prop]: Modifies Administration Connector properties - -* link:../reference/index.html#dsconfig-set-alert-handler-prop[dsconfig set-alert-handler-prop]: Modifies Alert Handler properties - -* link:../reference/index.html#dsconfig-set-attribute-syntax-prop[dsconfig set-attribute-syntax-prop]: Modifies Attribute Syntax properties - -* link:../reference/index.html#dsconfig-set-backend-index-prop[dsconfig set-backend-index-prop]: Modifies Backend Index properties - -* link:../reference/index.html#dsconfig-set-backend-prop[dsconfig set-backend-prop]: Modifies Backend properties - -* link:../reference/index.html#dsconfig-set-backend-vlv-index-prop[dsconfig set-backend-vlv-index-prop]: Modifies Backend VLV Index properties - -* link:../reference/index.html#dsconfig-set-certificate-mapper-prop[dsconfig set-certificate-mapper-prop]: Modifies Certificate Mapper properties - -* link:../reference/index.html#dsconfig-set-connection-handler-prop[dsconfig set-connection-handler-prop]: Modifies Connection Handler properties - -* link:../reference/index.html#dsconfig-set-crypto-manager-prop[dsconfig set-crypto-manager-prop]: Modifies Crypto Manager properties - -* link:../reference/index.html#dsconfig-set-debug-target-prop[dsconfig set-debug-target-prop]: Modifies Debug Target properties - -* link:../reference/index.html#dsconfig-set-entry-cache-prop[dsconfig set-entry-cache-prop]: Modifies Entry Cache properties - -* link:../reference/index.html#dsconfig-set-extended-operation-handler-prop[dsconfig set-extended-operation-handler-prop]: Modifies Extended Operation Handler properties - -* link:../reference/index.html#dsconfig-set-external-changelog-domain-prop[dsconfig set-external-changelog-domain-prop]: Modifies External Changelog Domain properties - -* link:../reference/index.html#dsconfig-set-global-configuration-prop[dsconfig set-global-configuration-prop]: Modifies Global Configuration properties - -* link:../reference/index.html#dsconfig-set-group-implementation-prop[dsconfig set-group-implementation-prop]: Modifies Group Implementation properties - -* link:../reference/index.html#dsconfig-set-http-authorization-mechanism-prop[dsconfig set-http-authorization-mechanism-prop]: Modifies HTTP Authorization Mechanism properties - -* link:../reference/index.html#dsconfig-set-http-endpoint-prop[dsconfig set-http-endpoint-prop]: Modifies HTTP Endpoint properties - -* link:../reference/index.html#dsconfig-set-identity-mapper-prop[dsconfig set-identity-mapper-prop]: Modifies Identity Mapper properties - -* link:../reference/index.html#dsconfig-set-key-manager-provider-prop[dsconfig set-key-manager-provider-prop]: Modifies Key Manager Provider properties - -* link:../reference/index.html#dsconfig-set-log-publisher-prop[dsconfig set-log-publisher-prop]: Modifies Log Publisher properties - -* link:../reference/index.html#dsconfig-set-log-retention-policy-prop[dsconfig set-log-retention-policy-prop]: Modifies Log Retention Policy properties - -* link:../reference/index.html#dsconfig-set-log-rotation-policy-prop[dsconfig set-log-rotation-policy-prop]: Modifies Log Rotation Policy properties - -* link:../reference/index.html#dsconfig-set-matching-rule-prop[dsconfig set-matching-rule-prop]: Modifies Matching Rule properties - -* link:../reference/index.html#dsconfig-set-monitor-provider-prop[dsconfig set-monitor-provider-prop]: Modifies Monitor Provider properties - -* link:../reference/index.html#dsconfig-set-password-generator-prop[dsconfig set-password-generator-prop]: Modifies Password Generator properties - -* link:../reference/index.html#dsconfig-set-password-policy-prop[dsconfig set-password-policy-prop]: Modifies Authentication Policy properties - -* link:../reference/index.html#dsconfig-set-password-storage-scheme-prop[dsconfig set-password-storage-scheme-prop]: Modifies Password Storage Scheme properties - -* link:../reference/index.html#dsconfig-set-password-validator-prop[dsconfig set-password-validator-prop]: Modifies Password Validator properties - -* link:../reference/index.html#dsconfig-set-plugin-prop[dsconfig set-plugin-prop]: Modifies Plugin properties - -* link:../reference/index.html#dsconfig-set-plugin-root-prop[dsconfig set-plugin-root-prop]: Modifies Plugin Root properties - -* link:../reference/index.html#dsconfig-set-replication-domain-prop[dsconfig set-replication-domain-prop]: Modifies Replication Domain properties - -* link:../reference/index.html#dsconfig-set-replication-server-prop[dsconfig set-replication-server-prop]: Modifies Replication Server properties - -* link:../reference/index.html#dsconfig-set-root-dn-prop[dsconfig set-root-dn-prop]: Modifies Root DN properties - -* link:../reference/index.html#dsconfig-set-root-dse-backend-prop[dsconfig set-root-dse-backend-prop]: Modifies Root DSE Backend properties - -* link:../reference/index.html#dsconfig-set-sasl-mechanism-handler-prop[dsconfig set-sasl-mechanism-handler-prop]: Modifies SASL Mechanism Handler properties - -* link:../reference/index.html#dsconfig-set-schema-provider-prop[dsconfig set-schema-provider-prop]: Modifies Schema Provider properties - -* link:../reference/index.html#dsconfig-set-synchronization-provider-prop[dsconfig set-synchronization-provider-prop]: Modifies Synchronization Provider properties - -* link:../reference/index.html#dsconfig-set-trust-manager-provider-prop[dsconfig set-trust-manager-provider-prop]: Modifies Trust Manager Provider properties - -* link:../reference/index.html#dsconfig-set-virtual-attribute-prop[dsconfig set-virtual-attribute-prop]: Modifies Virtual Attribute properties - -* link:../reference/index.html#dsconfig-set-work-queue-prop[dsconfig set-work-queue-prop]: Modifies Work Queue properties - - -[#d1822e3561] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e3578] -==== Examples -Much of the __OpenDJ Administration Guide__ consists of `dsconfig` examples with text in between. This section therefore remains short. - -The following example starts `dsconfig` in interactive, menu-driven mode on the default port of the current host. - -[source, console] ----- -$ dsconfig -h opendj.example.com -p 4444 -D "cn=Directory Manager" -w password - ->>>> OpenDJ configuration console main menu - -What do you want to configure? - - 1) Access Control Handler 23) Log Publisher - 2) Access Log Filtering Criteria 24) Log Retention Policy - 3) Account Status Notification Handler 25) Log Rotation Policy - 4) Administration Connector 26) Matching Rule - 5) Alert Handler 27) Monitor Provider - 6) Attribute Syntax 28) Password Generator - 7) Backend 29) Password Policy - 8) Backend Index 30) Password Storage Scheme - 9) Backend VLV Index 31) Password Validator - 10) Certificate Mapper 32) Plugin - 11) Connection Handler 33) Plugin Root - 12) Crypto Manager 34) Replication Domain - 13) Debug Target 35) Replication Server - 14) Entry Cache 36) Root DN - 15) Extended Operation Handler 37) Root DSE Backend - 16) External Changelog Domain 38) SASL Mechanism Handler - 17) Global Configuration 39) Schema Provider - 18) Group Implementation 40) Synchronization Provider - 19) HTTP Authorization Mechanism 41) Trust Manager Provider - 20) HTTP Endpoint 42) Virtual Attribute - 21) Identity Mapper 43) Work Queue - 22) Key Manager Provider - - q) quit - -Enter choice: ----- -The following example demonstrates generating a batch file that corresponds to an interactive session enabling the debug log. The example then demonstrates using a modified batch file to disable the debug log. - -[source, console] ----- -$ dsconfig \ - --hostname opendj.example.com \ - --port 4444 \ - --bindDN "cn=Directory Manager" \ - --bindPassword password \ - --commandFilePath ~/enable-debug-log.batch - ... -$ cat ~/enable-debug-log.batch -# dsconfig session start date: 19/Oct/2011:08:52:22 +0000 - -# Session operation number: 1 -# Operation date: 19/Oct/2011:08:55:06 +0000 -dsconfig set-log-publisher-prop \ - --publisher-name File-Based\ Debug\ Logger \ - --set enabled:true \ - --hostname opendj.example.com \ - --port 4444 \ - --trustStorePath /path/to/opendj/config/admin-truststore \ - --bindDN cn=Directory\ Manager \ - --bindPassword ****** \ - --no-prompt - -$ cp ~/enable-debug-log.batch ~/disable-debug-log.batch -$ vi ~/disable-debug-log.batch -$ cat ~/disable-debug-log.batch -set-log-publisher-prop \ - --publisher-name File-Based\ Debug\ Logger \ - --set enabled:false \ - --hostname opendj.example.com \ - --port 4444 \ - --trustStorePath /path/to/opendj/config/admin-truststore \ - --bindDN cn=Directory\ Manager \ - --bindPassword password \ - --no-prompt - -$ dsconfig --batchFilePath ~/disable-debug-log.batch --no-prompt -set-log-publisher-prop ---publisher-name -File-Based Debug Logger ---set -enabled:false ---hostname -opendj.example.com ---port -4444 ---trustStorePath -/path/to/opendj/config/admin-truststore ---bindDN -cn=Directory Manager ---bindPassword -password ---no-prompt - -$ ----- -Notice that the original command file looks like a shell script with the bind password value replaced by asterisks. To pass the content as a batch file to `dsconfig`, strip `dsconfig` itself, and include the bind password for the administrative user or replace that option with an alternative, such as reading the password from a file. - -''' -[#dsjavaproperties-1] -=== dsjavaproperties — apply OpenDJ Java home and JVM settings - -==== Synopsis -`dsjavaproperties` - -[#dsjavaproperties-description] -==== Description -This utility can be used to change the java arguments and java home that are used by the different server commands. - -Before launching the command, edit the properties file located in /path/to/opendj/config/java.properties to specify the java arguments and java home. When you have edited the properties file, run this command for the changes to be taken into account. - -Note that the changes will only apply to this server installation. No modifications will be made to your environment variables. - -[#dsjavaproperties-options] -==== Options -The `dsjavaproperties` command takes the following options: --- -Utility input/output options: - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e3721] -==== Files -This command depends on the content of the `config/java.properties` file. - -[#d1822e3730] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e3747] -==== Examples -The following example demonstrates a successful run. - -[source, console] ----- -$ dsjavaproperties -The operation was successful. The server commands will use the java arguments - and java home specified in the properties file located in - /path/to/opendj/config/java.properties ----- - -''' -[#dsreplication-1] -=== dsreplication — manage OpenDJ directory data replication - -==== Synopsis -`dsreplication` {subcommand} {options} - -[#dsreplication-description] -==== Description -This utility can be used to configure replication between servers so that the data of the servers is synchronized. For replication to work you must first enable replication using the 'enable' subcommand and then initialize the contents of one of the servers with the contents of the other using the 'initialize' subcommand. - -[#dsreplication-options] -==== Options -The `dsreplication` command takes the following options: --- -Command options: - -`-b | --baseDN {baseDN}`:: -Base DN of the data to be replicated, initialized or for which we want to disable replication. Multiple base DNs can be provided by using this option multiple times. - -`--commandFilePath {path}`:: -The full path to the file where the equivalent non-interactive commands will be written when this command is run in interactive mode. - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`--displayCommand`:: -Display the equivalent non-interactive argument in the standard output when this command is run in interactive mode. - -+ -Default: false - -`-j | --adminPasswordFile {bindPasswordFile}`:: -The file containing the password of the global administrator. - -`-w | --adminPassword {bindPassword}`:: -The global administrator password. - --- --- -Configuration Options - -`--advanced`:: -Allows the configuration of advanced components and properties. - -+ -Default: false - --- --- -LDAP connection options: - -`-I | --adminUID {adminUID}`:: -User ID of the Global Administrator to use to bind to the server. For the 'enable' subcommand if no Global Administrator was defined previously for none of the server the Global Administrator will be created using the provided data. - -+ -Default: admin - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Utility input/output options: - -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#dsreplication-subcommands] -==== Subcommands -The `dsreplication` command supports the following subcommands: -[#dsreplication-disable] -===== dsreplication disable -Disables replication on the specified server for the provided base DN and removes references in the other servers with which it is replicating data. -[#dsreplication-disable-options] -====== Options --- -The `dsreplication disable` command takes the following options: - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server where we want to disable replication. This option must be used when no Global Administrator has been defined on the server or if the user does not want to remove references in the other replicated servers. The password provided for the Global Administrator will be used when specifying this option. - -+ -Default: cn=Directory Manager - -`-a | --disableReplicationServer`:: -Disable the replication server. The replication port and change log are disabled on the specified server. - -+ -Default: false - -`--disableAll`:: -Disable the replication configuration on the specified server. The contents of the server are no longer replicated and the replication server (changelog and replication port) is disabled if it is configured. - -+ -Default: false - --- - - -[#dsreplication-enable] -===== dsreplication enable -Updates the configuration of the servers to replicate the data under the specified base DN. If one of the specified servers is already replicating the data under the base DN with other servers, executing this subcommand will update the configuration of all the servers (so it is sufficient to execute the command line once for each server we add to the replication topology). -[#dsreplication-enable-options] -====== Options --- -The `dsreplication enable` command takes the following options: - -`-h | --host1 {host}`:: -Fully qualified host name or IP address of the first server whose contents will be replicated. - -+ -Default: localhost.localdomain - -`-p | --port1 {port}`:: -Directory server administration port number of the first server whose contents will be replicated. - -+ -Default: 4444 - -`-D | --bindDN1 {bindDN}`:: -DN to use to bind to the first server whose contents will be replicated. If not specified the global administrator will be used to bind. - -+ -Default: cn=Directory Manager - -`--bindPassword1 {bindPassword}`:: -Password to use to bind to the first server whose contents will be replicated. If no bind DN was specified for the first server the password of the global administrator will be used to bind. - -`--bindPasswordFile1 {bindPasswordFile}`:: -File containing the password to use to bind to the first server whose contents will be replicated. If no bind DN was specified for the first server the password of the global administrator will be used to bind. - -`-r | --replicationPort1 {port}`:: -Port that will be used by the replication mechanism in the first server to communicate with the other servers. You have to specify this option only if replication was not previously configured in the first server. - -+ -Default: 8989 - -`--secureReplication1`:: -Specifies whether the communication through the replication port of the first server is encrypted or not. This option will only be taken into account the first time replication is configured on the first server. - -+ -Default: false - -`--noReplicationServer1`:: -Do not configure a replication port or change log on the first server. The first server will contain replicated data but will not contain a change log of modifications made to the replicated data. Note that each replicated topology must contain at least two servers with a change log to avoid a single point of failure. - -+ -Default: false - -`--onlyReplicationServer1`:: -Configure only a change log and replication port on the first server. The first server will not contain replicated data, but will contain a change log of the modifications made to the replicated data on other servers. - -+ -Default: false - -`-O | --host2 {host}`:: -Fully qualified host name or IP address of the second server whose contents will be replicated. - -+ -Default: localhost.localdomain - -`--port2 {port}`:: -Directory server administration port number of the second server whose contents will be replicated. - -+ -Default: 4444 - -`--bindDN2 {bindDN}`:: -DN to use to bind to the second server whose contents will be replicated. If not specified the global administrator will be used to bind. - -+ -Default: cn=Directory Manager - -`--bindPassword2 {bindPassword}`:: -Password to use to bind to the second server whose contents will be replicated. If no bind DN was specified for the second server the password of the global administrator will be used to bind. - -`-F | --bindPasswordFile2 {bindPasswordFile}`:: -File containing the password to use to bind to the second server whose contents will be replicated. If no bind DN was specified for the second server the password of the global administrator will be used to bind. - -`-R | --replicationPort2 {port}`:: -Port that will be used by the replication mechanism in the second server to communicate with the other servers. You have to specify this option only if replication was not previously configured in the second server. - -+ -Default: 8989 - -`--secureReplication2`:: -Specifies whether the communication through the replication port of the second server is encrypted or not. This option will only be taken into account the first time replication is configured on the second server. - -+ -Default: false - -`--noReplicationServer2`:: -Do not configure a replication port or change log on the second server. The second server will contain replicated data but will not contain a change log of modifications made to the replicated data. Note that each replicated topology must contain at least two servers with a change log to avoid a single point of failure. - -+ -Default: false - -`--onlyReplicationServer2`:: -Configure only a change log and replication port on the second server. The second server will not contain replicated data, but will contain a change log of the modifications made to the replicated data on other servers. - -+ -Default: false - -`-S | --skipPortCheck`:: -Skip the check to determine whether the specified replication ports are usable. - -+ -Default: false - -`--noSchemaReplication`:: -Do not replicate the schema between the servers. - -+ -Default: false - -`--useSecondServerAsSchemaSource`:: -Use the second server to initialize the schema of the first server. If this option nor option --noSchemaReplication are specified the schema of the first server will be used to initialize the schema of the second server. - -+ -Default: false - --- - - -[#dsreplication-initialize] -===== dsreplication initialize -Initialize the contents of the data under the specified base DN on the destination server with the contents on the source server. This operation is required after enabling replication in order replication to work ('initialize-all' can also be used for this purpose). -[#dsreplication-initialize-options] -====== Options --- -The `dsreplication initialize` command takes the following options: - -`-h | --hostSource {host}`:: -Fully qualified host name or IP address of the source server whose contents will be used to initialize the destination server. - -+ -Default: localhost.localdomain - -`-p | --portSource {port}`:: -Directory server administration port number of the source server whose contents will be used to initialize the destination server. - -+ -Default: 4444 - -`-O | --hostDestination {host}`:: -Fully qualified host name or IP address of the destination server whose contents will be initialized. - -+ -Default: localhost.localdomain - -`--portDestination {port}`:: -Directory server administration port number of the destination server whose contents will be initialized. - -+ -Default: 4444 - --- - - -[#dsreplication-initialize-all] -===== dsreplication initialize-all -Initialize the contents of the data under the specified base DN on all the servers whose contents are being replicated with the contents on the specified server. This operation is required after enabling replication for replication to work ('initialize' applied to each server can also be used for this purpose). -[#dsreplication-initialize-all-options] -====== Options --- -The `dsreplication initialize-all` command takes the following options: - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - --- - - -[#dsreplication-post-external-initialization] -===== dsreplication post-external-initialization -This subcommand must be called after initializing the contents of all the replicated servers using the tool import-ldif or the binary copy method. You must specify the list of base DNs that have been initialized and you must provide the credentials of any of the servers that are being replicated. See the usage of the subcommand 'pre-external-initialization' for more information. -[#dsreplication-post-external-initialization-options] -====== Options --- -The `dsreplication post-external-initialization` command takes the following options: - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - --- - - -[#dsreplication-pre-external-initialization] -===== dsreplication pre-external-initialization -This subcommand must be called before initializing the contents of all the replicated servers using the tool import-ldif or the binary copy method. You must specify the list of base DNs that will be initialized and you must provide the credentials of any of the servers that are being replicated. After calling this subcommand, initialize the contents of all the servers in the topology (use the same LDIF file/binary copy on each of the servers), then call the subcommand 'post-external-initialization'. -[#dsreplication-pre-external-initialization-options] -====== Options --- -The `dsreplication pre-external-initialization` command takes the following options: - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - --- - - -[#dsreplication-purge-historical] -===== dsreplication purge-historical -Launches a purge processing of the historical informations stored in the user entries by replication. Since this processing may take a while, you must specify the maximum duration for this processing. -[#dsreplication-purge-historical-options] -====== Options --- -The `dsreplication purge-historical` command takes the following options: - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`--maximumDuration {maximum duration}`:: -This argument specifies the maximum duration the purge processing must last expressed in seconds. - -+ -Default: 3600 - -`-t | --start {startTime}`:: -Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - -`--recurringTask {schedulePattern}`:: -Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. - -`--completionNotify {emailAddress}`:: -Email address of a recipient to be notified when the task completes. This option may be specified more than once. - -`--errorNotify {emailAddress}`:: -Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once. - -`--dependency {taskID}`:: -ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution. - -`--failedDependencyAction {action}`:: -Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS,CANCEL,DISABLE. If not specified defaults to CANCEL. - --- - - -[#dsreplication-reset-change-number] -===== dsreplication reset-change-number -Re-synchronizes the change-log changenumber on one server with the change-log changenumber of another. -[#dsreplication-reset-change-number-options] -====== Options --- -The `dsreplication reset-change-number` command takes the following options: - -`-h | --hostSource {host}`:: -Fully qualified host name or IP address of the source server whose contents will be used to initialize the destination server. - -+ -Default: localhost.localdomain - -`-p | --portSource {port}`:: -Directory server administration port number of the source server whose contents will be used to initialize the destination server. - -+ -Default: 4444 - -`-O | --hostDestination {host}`:: -Fully qualified host name or IP address of the destination server whose contents will be initialized. - -+ -Default: localhost.localdomain - -`--portDestination {port}`:: -Directory server administration port number of the destination server whose contents will be initialized. - -+ -Default: 4444 - -`--change-number {change number}`:: -The change number to use as the basis for re-synchronization. - --- - - -[#dsreplication-status] -===== dsreplication status -Displays a list with the basic replication configuration of the base DNs of the servers defined in the registration information. If no base DNs are specified as parameter the information for all base DNs is displayed. -[#dsreplication-status-options] -====== Options --- -The `dsreplication status` command takes the following options: - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-s | --script-friendly`:: -Use script-friendly mode. - -+ -Default: false - --- - - - -[#d1822e4589] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e4606] -==== Examples -The following example enables and then initializes replication for a new replica on `opendj2.example.com` from an existing replica on `opendj.example.com`. - -[source, console] ----- -$ dsreplication enable -I admin -w password -X -n -b dc=example,dc=com \ - --host1 opendj.example.com --port1 4444 --bindDN1 "cn=Directory Manager" \ - --bindPassword1 password --replicationPort1 8989 \ - --host2 opendj2.example.com --port2 4444 --bindDN2 "cn=Directory Manager" \ - --bindPassword2 password --replicationPort2 8989 - -Establishing connections ..... Done. -Checking registration information ..... Done. -Updating remote references on server opendj.example.com:4444 ..... Done. -Configuring Replication port on server opendj2.example.com:4444 ..... Done. -Updating replication configuration for baseDN dc=example,dc=com on server - opendj.example.com:4444 ..... Done. -Updating replication configuration for baseDN dc=example,dc=com on server - opendj2.example.com:4444 ..... Done. -Updating registration configuration on server - opendj.example.com:4444 ..... Done. -Updating registration configuration on server - opendj2.example.com:4444 ..... Done. -Updating replication configuration for baseDN cn=schema on server - opendj.example.com:4444 ..... Done. -Updating replication configuration for baseDN cn=schema on server - opendj2.example.com:4444 ..... Done. -Initializing registration information on server opendj2.example.com:4444 with - the contents of server opendj.example.com:4444 ..... Done. -Initializing schema on server opendj2.example.com:4444 with the contents of - server opendj.example.com:4444 ..... Done. - -Replication has been successfully enabled. Note that for replication to - work you must initialize the contents of the base DN's that are being - replicated (use dsreplication initialize to do so). - -See -/var/.../opends-replication-7958637258600693490.log -for a detailed log of this operation. - -$ dsreplication initialize-all -I admin -w password -X -n -b dc=example,dc=com \ - -h opendj.example.com -p 4444 - -Initializing base DN dc=example,dc=com with the contents from - opendj.example.com:4444: 160 entries processed (100 % complete). -Base DN initialized successfully. - -See -/var/.../opends-replication-5020375834904394170.log -for a detailed log of this operation. ----- - -''' -[#encode-password-1] -=== encode-password — encode a password with an OpenDJ storage scheme - -==== Synopsis -`encode-password` - -[#encode-password-description] -==== Description -This utility can be used to encode user passwords with a specified storage scheme, or to determine whether a given clear-text value matches a provided encoded password. - -[#encode-password-options] -==== Options -The `encode-password` command takes the following options: --- -Command options: - -`-a | --authPasswordSyntax`:: -Use the authentication password syntax rather than the user password syntax. - -+ -Default: false - -`-c | --clearPassword {clearPW}`:: -Clear-text password to encode or to compare against an encoded password. - -`-e | --encodedPassword {encodedPW}`:: -Encoded password to compare against the clear-text password. - -`-E | --encodedPasswordFile {file}`:: -Encoded password file. - -`-f | --clearPasswordFile {file}`:: -Clear-text password file. - -`-i | --interactivePassword`:: -The password to encode or to compare against an encoded password is interactively asked to the user. - -+ -Default: false - -`-l | --listSchemes`:: -List available password storage schemes. - -+ -Default: false - -`-r | --useCompareResultCode`:: -Use the LDAP compare result as an exit code for the password comparison. - -+ -Default: false - -`-s | --storageScheme {scheme}`:: -Scheme to use for the encoded password. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e4767] -==== Exit Codes --- - -0:: -The command completed successfully. - -5:: -The `-r` option was used, and the compare did not match. - -6:: -The `-r` option was used, and the compare did match. - -other:: -An error occurred. - --- - -[#d1822e4802] -==== Examples -The following example encodes a password, and also shows comparison of a password with the encoded value. - -[source, console] ----- -$ encode-password -l -3DES -AES -BASE64 -BLOWFISH -CLEAR -CRYPT -MD5 -RC4 -SHA -SMD5 -SSHA -SSHA256 -SSHA384 -SSHA512 - -$ encode-password -c secret12 -s CRYPT -Encoded Password: "{CRYPT}ZulJ6Dy3TFnrE" - -$ encode-password -c secret12 -s CRYPT -e "{CRYPT}ZulJ6Dy3TFnrE" -r -The provided clear-text and encoded passwords match - -$ echo $? -6 ----- - -''' -[#export-ldif-1] -=== export-ldif — export OpenDJ directory data in LDIF - -==== Synopsis -`export-ldif` - -[#export-ldif-description] -==== Description -This utility can be used to export data from a Directory Server backend in LDIF form. - -[#export-ldif-options] -==== Options -The `export-ldif` command takes the following options: --- -Command options: - -`-a | --appendToLDIF`:: -Append an existing LDIF file rather than overwriting it. - -+ -Default: false - -`-b | --includeBranch {branchDN}`:: -Base DN of a branch to include in the LDIF export. - -`-B | --excludeBranch {branchDN}`:: -Base DN of a branch to exclude from the LDIF export. - -`-c | --compress`:: -Compress the LDIF data as it is exported. - -+ -Default: false - -`-e | --excludeAttribute {attribute}`:: -Attribute to exclude from the LDIF export. - -`-E | --excludeFilter {filter}`:: -Filter to identify entries to exclude from the LDIF export. - -`-i | --includeAttribute {attribute}`:: -Attribute to include in the LDIF export. - -`-I | --includeFilter {filter}`:: -Filter to identify entries to include in the LDIF export. - -`-l | --ldifFile {ldifFile}`:: -Path to the LDIF file to be written. - -`-n | --backendID {backendName}`:: -Backend ID for the backend to export. - -`-O | --excludeOperational`:: -Exclude operational attributes from the LDIF export. - -+ -Default: false - -`--wrapColumn {wrapColumn}`:: -Column at which to wrap long lines (0 for no wrapping). - -+ -Default: 0 - --- --- -Task Backend Connection Options - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Task Scheduling Options - -`--completionNotify {emailAddress}`:: -Email address of a recipient to be notified when the task completes. This option may be specified more than once. - -`--dependency {taskID}`:: -ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution. - -`--errorNotify {emailAddress}`:: -Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once. - -`--failedDependencyAction {action}`:: -Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS,CANCEL,DISABLE. If not specified defaults to CANCEL. - -`--recurringTask {schedulePattern}`:: -Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. - -`-t | --start {startTime}`:: -Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - --- --- -Utility input/output options: - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e5173] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e5190] -==== Examples -The following example exports data to a file, `Example.ldif`, with the server offline. - -[source, console] ----- -$ export-ldif -b dc=example,dc=com -n userRoot -l ../ldif/Example.ldif -... category=BACKEND severity=INFORMATION ... -...Exported 160 entries and skipped 0 in 0 seconds (average rate 1428.6/sec) ----- - -''' -[#import-ldif-1] -=== import-ldif — import OpenDJ directory data from LDIF - -==== Synopsis -`import-ldif` - -[#import-ldif-description] -==== Description -This utility can be used to import LDIF data into a Directory Server backend, overwriting existing data. It cannot be used to append data to the backend database. - -[#import-ldif-options] -==== Options -The `import-ldif` command takes the following options: --- -Command options: - -`-A | --templateFile {templateFile}`:: -Path to a MakeLDIF template to use to generate the import data. - -`-b | --includeBranch {branchDN}`:: -Base DN of a branch to include in the LDIF import. - -`-B | --excludeBranch {branchDN}`:: -Base DN of a branch to exclude from the LDIF import. - -`-c | --isCompressed`:: -LDIF file is compressed. - -+ -Default: false - -`--countRejects`:: -Count the number of entries rejected by the server and return that value as the exit code (values > 255 will be reduced to 255 due to exit code restrictions). - -+ -Default: false - -`-e | --excludeAttribute {attribute}`:: -Attribute to exclude from the LDIF import. - -`-E | --excludeFilter {filter}`:: -Filter to identify entries to exclude from the LDIF import. - -`-F | --clearBackend`:: -Remove all entries for all base DNs in the backend before importing. - -+ -Default: false - -`-i | --includeAttribute {attribute}`:: -Attribute to include in the LDIF import. - -`-I | --includeFilter {filter}`:: -Filter to identify entries to include in the LDIF import. - -`-l | --ldifFile {ldifFile}`:: -Path to the LDIF file to be imported. - -`-n | --backendID {backendName}`:: -Backend ID for the backend to import. - -`-O | --overwrite`:: -Overwrite an existing rejects and/or skip file rather than appending to it. - -+ -Default: false - -`-R | --rejectFile {rejectFile}`:: -Write rejected entries to the specified file. - -`-s | --randomSeed {seed}`:: -Seed for the MakeLDIF random number generator. - -+ -Default: 0 - -`-S | --skipSchemaValidation`:: -Skip schema validation during the LDIF import. - -+ -Default: false - -`--skipFile {skipFile}`:: -Write skipped entries to the specified file. - -`--threadCount {count}`:: -Number of threads used to read LDIF file during import. Default value (0) equals: 2 x (number of CPUs). - -+ -Default: 0 - -`--tmpdirectory {directory}`:: -Path to temporary directory for index scratch files during LDIF import. - -+ -Default: import-tmp - --- --- -Task Backend Connection Options - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Task Scheduling Options - -`--completionNotify {emailAddress}`:: -Email address of a recipient to be notified when the task completes. This option may be specified more than once. - -`--dependency {taskID}`:: -ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution. - -`--errorNotify {emailAddress}`:: -Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once. - -`--failedDependencyAction {action}`:: -Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS,CANCEL,DISABLE. If not specified defaults to CANCEL. - -`--recurringTask {schedulePattern}`:: -Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. - -`-t | --start {startTime}`:: -Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - --- --- -Utility input/output options: - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-Q | --quiet`:: -Use quiet mode (no output). - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e5612] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e5629] -==== Examples -The following example exports data to a file, `Example.ldif`, with the server offline. - -[source, console] ----- -$ export-ldif -b dc=example,dc=com -n userRoot -l ../ldif/Example.ldif -... category=BACKEND severity=INFORMATION ... -...Exported 160 entries and skipped 0 in 0 seconds (average rate 1428.6/sec) ----- - -''' -[#ldapcompare-1] -=== ldapcompare — perform LDAP compare operations - -==== Synopsis -`ldapcompare` 'attribute:value' "DN" ... - -[#ldapcompare-description] -==== Description -This utility can be used to perform LDAP compare operations in the Directory Server. - -[#ldapcompare-options] -==== Options -The `ldapcompare` command takes the following options: --- -Command options: - -`--assertionFilter {filter}`:: -Use the LDAP assertion control with the provided filter. - -`-c | --continueOnError`:: -Continue processing even if there are errors. - -+ -Default: false - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-f | --filename {file}`:: -File containing the DNs of the entries to compare. - -`-J | --control {controloid[:criticality[:value|::b64value|: 0:: -An error occurred. - --- - -[#d1822e8293] -==== Examples -The following example demonstrates use of the command. - -[source, console] ----- -$ cat /path/to/newuser.ldif -dn: uid=newuser,ou=People,dc=example,dc=com -uid: newuser -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: top -cn: New User -sn: User -ou: People -mail: newuser@example.com -userPassword: changeme - -$ cat /path/to/newdiff.ldif -dn: uid=newuser,ou=People,dc=example,dc=com -changetype: modify -add: userPassword -userPassword: secret12 -- -delete: userPassword -userPassword: changeme -- -add: description -description: A new description. - -$ ldifmodify -s /path/to/newuser.ldif -m /path/to/newdiff.ldif -t neweruser.ldif - -$ cat neweruser.ldif -dn: uid=newuser,ou=People,dc=example,dc=com -uid: newuser -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: top -cn: New User -sn: User -ou: People -mail: newuser@example.com -userPassword: secret12 -description: A new description. ----- - -''' -[#ldifsearch-1] -=== ldifsearch — search LDIF with LDAP filters - -==== Synopsis -`ldifsearch` [filter] [attributes ...] - -[#ldifsearch-description] -==== Description -This utility can be used to perform search operations against data in an LDIF file. - -[#ldifsearch-options] -==== Options -The `ldifsearch` command takes the following options: --- -Command options: - -`-b | --baseDN {baseDN}`:: -The base DN for the search. Multiple base DNs may be specified by providing the option multiple times. If no base DN is provided, then the root DSE will be used. - -+ -Default: - -`-f | --filterFile {filterFile}`:: -The path to the file containing the search filter(s) to use. If this is not provided, then the filter must be provided on the command line after all configuration options. - -`-l | --ldifFile {ldifFile}`:: -LDIF file containing the data to search. Multiple files may be specified by providing the option multiple times. If no files are provided, the data will be read from standard input. - -`-o | --outputFile {outputFile}`:: -The path to the output file to which the matching entries should be written. If this is not provided, then the data will be written to standard output. - -`-O | --overwriteExisting`:: -Any existing output file should be overwritten rather than appending to it. - -+ -Default: false - -`-s | --searchScope {scope}`:: -The scope for the search. It must be one of 'base', 'one', 'sub', or 'subordinate'. If it is not provided, then 'sub' will be used. - -+ -Default: sub - -`-t | --timeLimit {timeLimit}`:: -Maximum length of time (in seconds) to spend processing. - -+ -Default: 0 - -`-z | --sizeLimit {sizeLimit}`:: -Maximum number of matching entries to return. - -+ -Default: 0 - --- --- -Utility input/output options: - -`-T | --dontWrap`:: -Long lines should not be wrapped. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e8466] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e8483] -==== Examples -The following example demonstrates use of the command. - -[source, console] ----- -$ ldifsearch -b dc=example,dc=com /path/to/Example.ldif uid=bjensen -dn: uid=bjensen,ou=People,dc=example,dc=com -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: posixAccount -objectClass: top -uid: bjensen -userpassword: hifalutin -facsimiletelephonenumber: +1 408 555 1992 -givenname: Barbara -cn: Barbara Jensen -cn: Babs Jensen -telephonenumber: +1 408 555 1862 -sn: Jensen -roomnumber: 0209 -homeDirectory: /home/bjensen -mail: bjensen@example.com -l: San Francisco -ou: Product Development -ou: People -uidNumber: 1076 -gidNumber: 1000 ----- -You can also use `@objectclass` notation in the attribute list to return the attributes of a particular object class. The following example shows how to return attributes of the `posixAccount` object class. - -[source, console] ----- -$ ldifsearch --ldifFile /path/to/Example.ldif \ - --baseDN dc=example,dc=com "(uid=bjensen)" @posixaccount -dn: uid=bjensen,ou=People,dc=example,dc=com -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -objectClass: posixAccount -objectClass: top -uid: bjensen -userpassword: hifalutin -cn: Barbara Jensen -cn: Babs Jensen -homeDirectory: /home/bjensen -uidNumber: 1076 -gidNumber: 1000 ----- - -''' -[#list-backends-1] -=== list-backends — list OpenDJ backends and base DNs - -==== Synopsis -`list-backends` - -[#list-backends-description] -==== Description -This utility can be used to list the backends and base DNs configured in the Directory Server. - -[#list-backends-options] -==== Options -The `list-backends` command takes the following options: --- -Command options: - -`-b | --baseDN {baseDN}`:: -Base DN for which to list the backend ID. - -`-n | --backendID {backendName}`:: -Backend ID of the backend for which to list the base DNs. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e8595] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e8612] -==== Examples -The following example demonstrates a successful run. - -[source, console] ----- -$ list-backends -Backend ID : Base DN --------------------:---------------------- -adminRoot : cn=admin data -ads-truststore : cn=ads-truststore -backup : cn=backups -config : cn=config -monitor : cn=monitor -myCompanyRoot : "dc=myCompany,dc=com" -myOrgRoot : o=myOrg -schema : cn=schema -tasks : cn=tasks -userRoot : "dc=example,dc=com" ----- - -''' -[#make-ldif-1] -=== make-ldif — generate test LDIF - -==== Synopsis -`make-ldif` - -[#make-ldif-description] -==== Description -This utility can be used to generate LDIF data based on a definition in a template file. - -[#make-ldif-options] -==== Options -The `make-ldif` command takes the following options: --- -Command options: - -`-o | --ldifFile {file}`:: -The path to the LDIF file to be written. - -`-s | --randomSeed {seed}`:: -The seed to use to initialize the random number generator. - -+ -Default: 0 - -`-t | --templateFile {file}`:: -The path to the template file with information about the LDIF data to generate. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e8714] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e8731] -==== Examples -The following example uses the default template to generate LDIF. - -[source, console] ----- -$ make-ldif -t ../config/MakeLDIF/example.template -o ../ldif/generated.ldif -Processed 1000 entries -Processed 2000 entries -... -Processed 10000 entries -LDIF processing complete. 10003 entries written ----- - -[#d1822e8746] -==== See Also -xref:#make-ldif-template-5[make-ldif.template(5)] - -''' -[#make-ldif-template-5] -=== make-ldif.template — template file for the make-ldif command - -==== Synopsis - -[source] ----- -# Comment lines start with #. -# -# Notice that this synopsis includes blank lines after entries. -# In the same way you would use blank lines after entries in normal LDIF, -# leave empty lines after "entries" in template files. - -# Optionally include classes that define custom tags. -# Custom tag classes extend org.opends.server.tools.makeldif.Tag and -# must be on the class path when you run make-ldif. -# -include custom.makeldif.tag.ClassName -... - -# Optionally define constants used in the template. -# To reference constants later, put brackets around the name: [constant-name] -# -define constant-name=value -... - -# Define branches by suffix DN, such as the following: -# -# dc=example,dc=com -# ou=People,dc=example,dc=com -# ou=Groups,dc=example,dc=com -# -# make-ldif generates the necessary object class definitions and RDNs. -# -# A branch can have subordinateTemplates that define templates to use for -# the branch entry. -# -# A branch can have additional attributes generated on the branch entry. See -# the Description below for more information on specifying attribute values. -# -branch: suffix-dn -[subordinateTemplate: template-name:number -...] -[attribute: attr-value -...] - -... - -# Define entries using templates. -# -# A template can extend another template. -# A template defines the RDN attribute(s) used for generated entries. -# A template can have a subordinateTemplate that defines a template to use for -# the generated entries. -# -# A template then defines attributes. See the Description below for more -# information on specifying attribute values. -# -template: template-name -[extends: template-name] -rdnAttr: attribute[+attribute ...] -[subordinateTemplate: template-name:number] -[attribute: attr-value -...] - -... ----- - -[#d1822e8826] -==== Description -Template files specify how to build LDIF. They allow you to define variables, insert random values from other files, and generally build arbitrarily large LDIF files for testing purposes. You pass template files to the `make-ldif` command when generating LDIF. - -The Synopsis above shows the layout for a `make-ldif` template file. This section focuses on what you can do to specify entry attribute values, called __attr-value__ in the Synopsis section. -.Specifying Attribute Values --- -When specifying attribute values in `make-ldif` templates, you can use static text and constants that you have defined, enclosing names for constants in brackets, `[myConstant]`. You can use more than one constant per line, as in the following example. - -[source, ldif] ----- -description: Description for [org] under [suffix] ----- -You can also use two kinds of tags when specifying attribute values. One kind of tag gets replaced with the value of another attribute in the generated entry. Such tags are delimited with braces, `{ }`. For example, if your template includes definitions for first name and last name attributes: - -[source, ldif] ----- -givenName: -sn: ----- -Then you can define a mail attribute that uses the values of both attributes, and an initials attribute that takes the first character of each. - -[source, ldif] ----- -mail: {givenName}.{sn}@[myDomain] -initials: {givenName:1}{sn:1} ----- -The other kind of tag is delimited with `<` and `>`, as shown above in the example with `` and ``. Tag names are not case sensitive. Many tags can take arguments separated by colons, `:`, from the tag names within the tag. - -Use backslashes to escape literal start tag characters (`< [ {`) as shown in the following example, and to escape literal end tag characters within tags (`> ] }`). - -[source, ldif] ----- -scimMail: \{"emails": \[\{"value": "{mail}", "type": "work", "primary": true}]} -xml: \{uid}\ ----- -OpenDJ supports the following tags. - -:: -The DN tag gets replaced by the distinguished name of the current entry. An optional integer argument specifies the subcomponents of the DN to generate. For example, if the DN of the entry is `uid=bjensen,ou=People,dc=example,dc=com` `` gets replaced by `uid=bjensen`, and `` gets replaced by `dc=example,dc=com`. - -:: -The File tag gets replaced by a line from a text file you specify. The File tag takes a required argument, the path to the text file, and an optional second argument, either `random` or `sequential`. For the file argument, either you specify an absolute path to the file such as ``, or you specify a path relative to the `/path/to/opendj/config/MakeLDIF/` directory such as ``. For the second argument, if you specify `sequential` then lines from the file are read in sequential order. Otherwise, lines from the file are read in random order. - -:: -The first name tag gets replaced by a random line from `/path/to/opendj/config/MakeLDIF/first.names`. Combinations of generated first and last names are unique, with integers appended to the name strings if not enough combinations are available. - -:: -The GUID tag gets replaced by a 128-bit, type 4 (random) universally unique identifier such as `f47ac10b-58cc-4372-a567-0e02b2c3d479`. - -:: -The IfAbsent tag takes as its first argument the name of another attribute, and optionally as its second argument a value to use. This tag causes the attribute to be generated only if the named attribute is not present on the generated entry. Use this tag when you have used `` to define another attribute that is not always present on generated entries. - -:: -The IfPresent takes as its first argument the name of another attribute, and optionally as its second argument a value to use. This tag causes the attribute to be generated only if the named attribute is also present on the generated entry. Use this tag when you have used `` to define another attribute that is sometimes present on generated entries. - -:: -The last name tag gets replaced by a random line from `/path/to/opendj/config/MakeLDIF/last.names`. Combinations of generated first and last names are unique, with integers appended to the name strings if not enough combinations are available. - -:: -The List tag gets replaced by one of the values from the list of arguments you provide. For example, `` gets replaced with `bronze`, `silver`, or `gold`. - -+ -You can weight arguments to ensure some arguments are selected more often than others. For example, if you want two bronze for one silver and one gold, use ``. - -:: -The ParentDN tag gets replaced by the distinguished name of the parent entry. For example, if the DN of the entry is `uid=bjensen,ou=People,dc=example,dc=com`, `` gets replaced by `ou=People,dc=example,dc=com`. - -:: -The Presence tag takes a percent argument. It does not get replaced by a value itself, but instead results in the attribute being generated on the percentage of entries you specify in the argument. For example, `description: A description` generates `description: A description` on half the entries. - -:: -The Random tag lets you generate a variety of random numbers and strings. The Random tag has the following subtypes, which you include as arguments, that is ``. -+ - -* `alpha:length` - -* `alpha:minlength:maxlength` - -* `numeric:length` - -* `numeric:minvalue:maxvalue` - -* `numeric:minvalue:maxvalue:format`, where __format__ is a link:http://docs.oracle.com/javase/7/docs/api/java/text/DecimalFormat.html[java.text.DecimalFormat, window=\_blank] pattern - -* `alphanumeric:length` - -* `alphanumeric:minlength:maxlength` - -* `chars:characters:length` - -* `chars:characters:minlength:maxlength` - -* `hex:length` - -* `hex:minlength:maxlength` - -* `base64:length` - -* `base64:minlength:maxlength` - -* `month` - -* `month:maxlength` - -* `telephone`, a telephone number starting with the country code `+1` - - -:: -The RDN tag gets replaced with the RDN of the entry. Use this in the template after you have specified `rdnAttr` so that the RDN has already been generated when this tag is replaced. - -+ -An optional integer argument specifies the subcomponents of the RDN to generate. - -:: -The Sequential tag gets replaced by a sequentially increasing generated integer. The first optional integer argument specifies the starting number. The second optional boolean argument specifies whether to start over when generating entries for a new parent entry. For example, `:42:true` starts counting from 42, and starts over when the parent entry changes from `o=Engineering` to `o=Marketing`. - -<_DN>:: -The _DN tag gets replaced by the DN of the current entry with underscores in the place of commas. - -<_ParentDN>:: -The _ParentDN tag gets replaced by the DN the parent entry with underscores in the place of commas. - --- - -[#d1822e9253] -==== Examples -The following example generates 10 organization units, each containing 50 entries. - -[source] ----- -define suffix=dc=example,dc=com -define maildomain=example.com -define numusers=50 -define numorgs=10 - -branch: [suffix] - -branch: ou=People,[suffix] -subordinateTemplate: orgunit:[numorgs] -description: This is the People container -telephoneNumber: +33 00010002 - -template: orgunit -subordinateTemplate: person:[numusers] -rdnAttr: ou -ou: Org- -objectClass: top -objectClass: organizationalUnit -description: This is the {ou} organizational unit - -template: person -rdnAttr: uid -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -givenName: -sn: -cn: {givenName} {sn} -initials: {givenName:1}{sn:1} -employeeNumber: -uid: user.{employeeNumber} -mail: {uid}@[maildomain] -userPassword: password -telephoneNumber: -homePhone: -pager: -mobile: -street: Street -l: -st: -postalCode: -postalAddress: {cn}${street}${l}, {st} {postalCode} -description: This is the description for {cn}. ----- - -[#d1822e9260] -==== See Also -xref:#make-ldif-1[make-ldif(1)], the OpenDJ directory server template file `/path/to/opendj/config/MakeLDIF/example.template` - -''' -[#manage-account-1] -=== manage-account — manage state of OpenDJ server accounts - -==== Synopsis -`manage-account` {subcommand} {options} - -[#manage-account-description] -==== Description -This utility can be used to retrieve and manipulate the values of password policy state variables. - -[#manage-account-options] -==== Options -The `manage-account` command takes the following options: --- -Command options: - -`-b | --targetDN {targetDN}`:: -The DN of the user entry for which to get and set password policy state information. - --- --- -LDAP connection options: - -`-D | --bindDN {bindDN}`:: -The DN to use to bind to the server. - -`-h | --hostname {host}`:: -Directory server hostname or IP address. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -The path to the file containing the bind password. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of certificate for SSL client authentication. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -The password to use to bind to the server. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Utility input/output options: - -`-v | --verbose`:: -Use verbose mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#manage-account-subcommands] -==== Subcommands -The `manage-account` command supports the following subcommands: -[#manage-account-clear-account-is-disabled] -===== manage-account clear-account-is-disabled -Clear account disabled state information from the user account. - -[#manage-account-get-account-expiration-time] -===== manage-account get-account-expiration-time -Display when the user account will expire. - -[#manage-account-get-account-is-disabled] -===== manage-account get-account-is-disabled -Display information about whether the user account has been administratively disabled. - -[#manage-account-get-all] -===== manage-account get-all -Display all password policy state information for the user. - -[#manage-account-get-authentication-failure-times] -===== manage-account get-authentication-failure-times -Display the authentication failure times for the user. - -[#manage-account-get-grace-login-use-times] -===== manage-account get-grace-login-use-times -Display the grace login use times for the user. - -[#manage-account-get-last-login-time] -===== manage-account get-last-login-time -Display the time that the user last authenticated to the server. - -[#manage-account-get-password-changed-by-required-time] -===== manage-account get-password-changed-by-required-time -Display the required password change time with which the user last complied. - -[#manage-account-get-password-changed-time] -===== manage-account get-password-changed-time -Display the time that the user's password was last changed. - -[#manage-account-get-password-expiration-warned-time] -===== manage-account get-password-expiration-warned-time -Display the time that the user first received an expiration warning notice. - -[#manage-account-get-password-history] -===== manage-account get-password-history -Display password history state values for the user. - -[#manage-account-get-password-is-reset] -===== manage-account get-password-is-reset -Display information about whether the user will be required to change his or her password on the next successful authentication. - -[#manage-account-get-password-policy-dn] -===== manage-account get-password-policy-dn -Display the DN of the password policy for the user. - -[#manage-account-get-remaining-authentication-failure-count] -===== manage-account get-remaining-authentication-failure-count -Display the number of remaining authentication failures until the user's account is locked. - -[#manage-account-get-remaining-grace-login-count] -===== manage-account get-remaining-grace-login-count -Display the number of grace logins remaining for the user. - -[#manage-account-get-seconds-until-account-expiration] -===== manage-account get-seconds-until-account-expiration -Display the length of time in seconds until the user account expires. - -[#manage-account-get-seconds-until-authentication-failure-unlock] -===== manage-account get-seconds-until-authentication-failure-unlock -Display the length of time in seconds until the authentication failure lockout expires. - -[#manage-account-get-seconds-until-idle-lockout] -===== manage-account get-seconds-until-idle-lockout -Display the length of time in seconds until user's account is locked because it has remained idle for too long. - -[#manage-account-get-seconds-until-password-expiration] -===== manage-account get-seconds-until-password-expiration -Display length of time in seconds until the user's password expires. - -[#manage-account-get-seconds-until-password-expiration-warning] -===== manage-account get-seconds-until-password-expiration-warning -Display the length of time in seconds until the user should start receiving password expiration warning notices. - -[#manage-account-get-seconds-until-password-reset-lockout] -===== manage-account get-seconds-until-password-reset-lockout -Display the length of time in seconds until user's account is locked because the user failed to change the password in a timely manner after an administrative reset. - -[#manage-account-get-seconds-until-required-change-time] -===== manage-account get-seconds-until-required-change-time -Display the length of time in seconds that the user has remaining to change his or her password before the account becomes locked due to the required change time. - -[#manage-account-set-account-is-disabled] -===== manage-account set-account-is-disabled -Specify whether the user account has been administratively disabled. -[#manage-account-set-account-is-disabled-options] -====== Options --- -The `manage-account set-account-is-disabled` command takes the following options: - -`-O | --operationValue {true|false}`:: -'true' to indicate that the account is disabled, or 'false' to indicate that it is not disabled. - --- - - - -[#d1822e9602] -==== Exit Codes --- - -0:: -The command completed successfully. - -89:: -An error occurred while parsing the command-line arguments. - --- - -[#d1822e9619] -==== Examples -For the following examples the directory admin user, Kirsten Vaughan, has `ds-privilege-name: password-reset` and the following ACI on `ou=People,dc=example,dc=com`. - -[source] ----- -(target="ldap:///ou=People,dc=example,dc=com") (targetattr ="*||+")( - version 3.0;acl "Admins can run amok"; allow(all) groupdn = - "ldap:///cn=Directory Administrators,ou=Groups,dc=example,dc=com";) ----- -The following command locks a user account. - -[source, console] ----- -$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \ - -w bribery set-account-is-disabled -O true \ - -b uid=bjensen,ou=people,dc=example,dc=com -X -Account Is Disabled: true ----- -The following command unlocks a user account. - -[source, console] ----- -$ manage-account -p 4444 -D "uid=kvaughan,ou=people,dc=example,dc=com" \ - -w bribery clear-account-is-disabled \ - -b uid=bjensen,ou=people,dc=example,dc=com -X -Account Is Disabled: false ----- - -''' -[#manage-tasks-1] -=== manage-tasks — manage OpenDJ server administration tasks - -==== Synopsis -`manage-tasks` - -[#manage-tasks-description] -==== Description -This utility can be used to obtain a list of tasks scheduled to run within the Directory Server as well as information about individual tasks. - -[#manage-tasks-options] -==== Options -The `manage-tasks` command takes the following options: --- -Command options: - -`-c | --cancel {taskID}`:: -ID of a particular task to cancel. - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-i | --info {taskID}`:: -ID of a particular task about which this tool will display information. - -`-s | --summary`:: -Print a summary of tasks. - -+ -Default: false - --- --- -LDAP connection options: - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Utility input/output options: - -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e9889] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e9906] -==== Examples -The following example demonstrates use of the command with a server that does daily backups at 2:00 AM. - -[source, console] ----- -$ manage-tasks -p 4444 -h opendj.example.com -D "cn=Directory Manager" \ - -w password -s - - ID Type Status - --------------------------------------------------------------- - example-backup Backup Recurring - example-backup-20110622020000000 Backup Waiting on start time ----- - -''' -[#rebuild-index-1] -=== rebuild-index — rebuild index after configuration change - -==== Synopsis -`rebuild-index` - -[#rebuild-index-description] -==== Description -This utility can be used to rebuild index data within an indexed backend database. - -[#rebuild-index-options] -==== Options -The `rebuild-index` command takes the following options: --- -Command options: - -`-b | --baseDN {baseDN}`:: -Base DN of a backend supporting indexing. Rebuild is performed on indexes within the scope of the given base DN. - -`--clearDegradedState`:: -Indicates that indexes do not need rebuilding because they are known to be empty and forcefully marks them as valid. This is an advanced option which must only be used in cases where a degraded index is known to be empty and does not therefore need rebuilding. This situation typically arises when an index is created for an attribute which has just been added to the schema. - -+ -Default: false - -`-i | --index {index}`:: -Names of index(es) to rebuild. For an attribute index this is simply an attribute name. At least one index must be specified for rebuild. Cannot be used with the "--rebuildAll" option. - -`--rebuildAll`:: -Rebuild all indexes, including any DN2ID, DN2URI, VLV and extensible indexes. Cannot be used with the "-i" option or the "--rebuildDegraded" option. - -+ -Default: false - -`--rebuildDegraded`:: -Rebuild all degraded indexes, including any DN2ID, DN2URI, VLV and extensible indexes. Cannot be used with the "-i" option or the "--rebuildAll" option. - -+ -Default: false - -`--tmpdirectory {directory}`:: -Path to temporary directory for index scratch files during index rebuilding. - -+ -Default: import-tmp - --- --- -Task Backend Connection Options - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Task Scheduling Options - -`--completionNotify {emailAddress}`:: -Email address of a recipient to be notified when the task completes. This option may be specified more than once. - -`--dependency {taskID}`:: -ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution. - -`--errorNotify {emailAddress}`:: -Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once. - -`--failedDependencyAction {action}`:: -Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS,CANCEL,DISABLE. If not specified defaults to CANCEL. - -`--recurringTask {schedulePattern}`:: -Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. - -`-t | --start {startTime}`:: -Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - --- --- -Utility input/output options: - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e10217] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e10234] -==== Examples -The following example schedules a task to start immediately that rebuilds the `cn` (common name) index. - -[source, console] ----- -$ rebuild-index -p 4444 -h opendj.example.com -D "cn=Directory Manager" \ - -w password -b dc=example,dc=com -i cn -t 0 -Rebuild Index task 20110607160349596 scheduled to start Jun 7, 2011 4:03:49 PM ----- - -''' -[#restore-1] -=== restore — restore OpenDJ directory data backups - -==== Synopsis -`restore` - -[#restore-description] -==== Description -This utility can be used to restore a backup of a Directory Server backend. - -[#restore-options] -==== Options -The `restore` command takes the following options: --- -Command options: - -`-d | --backupDirectory {backupDir}`:: -Path to the directory containing the backup file(s). - -`-I | --backupID {backupID}`:: -Backup ID of the backup to restore. - -`-l | --listBackups`:: -List available backups in the backup directory. - -+ -Default: false - -`-n | --dry-run`:: -Verify the contents of the backup but do not restore it. - -+ -Default: false - --- --- -Task Backend Connection Options - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Task Scheduling Options - -`--completionNotify {emailAddress}`:: -Email address of a recipient to be notified when the task completes. This option may be specified more than once. - -`--dependency {taskID}`:: -ID of a task upon which this task depends. A task will not start execution until all its dependencies have completed execution. - -`--errorNotify {emailAddress}`:: -Email address of a recipient to be notified if an error occurs when this task executes. This option may be specified more than once. - -`--failedDependencyAction {action}`:: -Action this task will take should one if its dependent tasks fail. The value must be one of PROCESS,CANCEL,DISABLE. If not specified defaults to CANCEL. - -`--recurringTask {schedulePattern}`:: -Indicates the task is recurring and will be scheduled according to the value argument expressed in crontab(5) compatible time/date pattern. - -`-t | --start {startTime}`:: -Indicates the date/time at which this operation will start when scheduled as a server task expressed in YYYYMMDDhhmmssZ format for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the task to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - --- --- -Utility input/output options: - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e10530] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e10547] -==== Examples -The following example schedules a restore as a task to begin immediately while OpenDJ directory server is online. - -[source, console] ----- -$ restore -p 4444 -D "cn=Directory Manager" -w password - -d /path/to/opendj/bak -I 20110613080032 -t 0 -Restore task 20110613155052932 scheduled to start Jun 13, 2011 3:50:52 PM CEST ----- -The following example restores data while OpenDJ is offline. - -[source, console] ----- -$ stop-ds -Stopping Server... -... - -$ restore --backupDirectory /path/to/opendj/bak/userRoot \ - --listBackups -Backup ID: 20120928102414Z -Backup Date: 28/Sep/2012:12:24:17 +0200 -Is Incremental: false -Is Compressed: false -Is Encrypted: false -Has Unsigned Hash: false -Has Signed Hash: false -Dependent Upon: none - -$ restore --backupDirectory /path/to/opendj/bak/userRoot \ - --backupID 20120928102414Z -[28/Sep/2012:12:26:20 +0200] ... msg=Restored: 00000000.jdb (size 355179) - -$ start-ds -[28/Sep/2012:12:27:29 +0200] ... The Directory Server has started successfully ----- - -''' -[#setup-1] -=== setup — install OpenDJ directory server - -==== Synopsis -`setup` - -[#setup-description] -==== Description -This utility can be used to setup the Directory Server. - -[#setup-options] -==== Options -The `setup` command takes the following options: --- -Command options: - -`-a | --addBaseEntry`:: -Indicates whether to create the base entry in the Directory Server database. - -+ -Default: false - -`--acceptLicense`:: -Automatically accepts the product license (if present). - -+ -Default: false - -`--adminConnectorPort {port}`:: -Port on which the Administration Connector should listen for communication. - -+ -Default: 4444 - -`-b | --baseDN {baseDN}`:: -Base DN for user information in the Directory Server. Multiple base DNs may be provided by using this option multiple times. - -`-d | --sampleData {numEntries}`:: -Specifies that the database should be populated with the specified number of sample entries. - -+ -Default: 0 - -`-D | --rootUserDN {rootUserDN}`:: -DN for the initial root user for the Directory Server. - -+ -Default: cn=Directory Manager - -`--generateSelfSignedCertificate`:: -Generate a self-signed certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -+ -Default: false - -`-h | --hostname {host}`:: -The fully-qualified directory server host name that will be used when generating self-signed certificates for LDAP SSL/StartTLS, the administration connector, and replication. - -+ -Default: localhost.localdomain - -`-i | --cli`:: -Use the command line install. If not specified the graphical interface will be launched. The rest of the options (excluding help and version) will only be taken into account if this option is specified. - -+ -Default: false - -`-j | --rootUserPasswordFile {rootUserPasswordFile}`:: -Path to a file containing the password for the initial root user for the Directory Server. - -`-l | --ldifFile {ldifFile}`:: -Path to an LDIF file containing data that should be added to the Directory Server database. Multiple LDIF files may be provided by using this option multiple times. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-O | --doNotStart`:: -Do not start the server when the configuration is completed. - -+ -Default: false - -`-p | --ldapPort {port}`:: -Port on which the Directory Server should listen for LDAP communication. - -+ -Default: 389 - -`-q | --enableStartTLS`:: -Enable StartTLS to allow secure communication with the server using the LDAP port. - -+ -Default: false - -`-R | --rejectFile {rejectFile}`:: -Write rejected entries to the specified file. - -`-S | --skipPortCheck`:: -Skip the check to determine whether the specified ports are usable. - -+ -Default: false - -`--skipFile {skipFile}`:: -Write skipped entries to the specified file. - -`-t | --backendType {backendType}`:: -The type of the userRoot backend. - -+ -Default: `je` for standard edition, `pdb` for OEM edition. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate (JKS, JCEKS, PKCS#12 or PKCS#11) as server certificate. - -`--useJavaKeystore {keyStorePath}`:: -Path of a Java Key Store (JKS) containing a certificate to be used as the server certificate. This does not apply to the administration connector, which uses its own key store and certificate (default: config/admin-keystore and admin-cert). - -`--useJCEKS {keyStorePath}`:: -Path of a JCEKS containing a certificate to be used as the server certificate. - -`--usePkcs11Keystore`:: -Use a certificate in a PKCS#11 token that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -+ -Default: false - -`--usePkcs12keyStore {keyStorePath}`:: -Path of a PKCS#12 key store containing the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-w | --rootUserPassword {rootUserPassword}`:: -Password for the initial root user for the Directory Server. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate (JKS, JCEKS, PKCS#12 or PKCS#11) as server certificate. - -`-x | --jmxPort {jmxPort}`:: -Port on which the Directory Server should listen for JMX communication. - -+ -Default: 1689 - -`-Z | --ldapsPort {port}`:: -Port on which the Directory Server should listen for LDAPS communication. The LDAPS port will be configured and SSL will be enabled only if this argument is explicitly specified. - -+ -Default: 636 - --- --- -Utility input/output options: - -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - -`-v | --verbose`:: -Use verbose mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e10929] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e10946] -==== Examples -The following command installs OpenDJ directory server, enabling StartTLS and importing 100 example entries without interaction. - -[source, console] ----- -$ /path/to/opendj/setup --cli -b dc=example,dc=com -d 100 \ - -D "cn=Directory Manager" -w password -h opendj.example.com -p 1389 \ - --generateSelfSignedCertificate --enableStartTLS -n - -OpenDJ version - Please wait while the setup program initializes... - -See /var/.../opends-setup-484...561.log for a detailed log of this operation. - -Configuring Directory Server ..... Done. -Configuring Certificates ..... Done. -Importing Automatically-Generated Data (100 Entries) ......... Done. -Starting Directory Server .......... Done. - -To see basic server configuration status and configuration you can launch - /path/to/opendj/bin/status ----- - -''' -[#start-ds-1] -=== start-ds — start OpenDJ directory server - -==== Synopsis -`start-ds` - -[#start-ds-description] -==== Description -This utility can be used to start the Directory Server, as well as to obtain the server version and other forms of general server information. - -[#start-ds-options] -==== Options -The `start-ds` command takes the following options: --- -Command options: - -`-L | --useLastKnownGoodConfig`:: -Attempt to start using the configuration that was in place at the last successful startup (if it is available) rather than using the current active configuration. - -+ -Default: false - -`-N | --nodetach`:: -Do not detach from the terminal and continue running in the foreground. This option cannot be used with the -t, --timeout option. - -+ -Default: false - -`-s | --systemInfo`:: -Display general system information. - -+ -Default: false - -`-t | --timeout {seconds}`:: -Maximum time (in seconds) to wait before the command returns (the server continues the startup process, regardless). A value of '0' indicates an infinite timeout, which means that the command returns only when the server startup is completed. The default value is 60 seconds. This option cannot be used with the -N, --nodetach option. - -+ -Default: 200 - --- --- -Utility input/output options: - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e11076] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e11093] -==== Examples -The following command starts the server without displaying information about the startup process. - -[source, console] ----- -$ start-ds -Q ----- - -''' -[#status-1] -=== status — display basic OpenDJ server information - -==== Synopsis -`status` {options} - -[#status-description] -==== Description -This utility can be used to display basic server information. - -[#status-options] -==== Options -The `status` command takes the following options: --- -Command options: - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - --- --- -LDAP connection options: - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -+ -Default: cn=Directory Manager - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Utility input/output options: - -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-r | --refresh {period}`:: -When this argument is specified, the status command will display its contents periodically. Used to specify the period (in seconds) between two displays of the status. - -`-s | --script-friendly`:: -Use script-friendly mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e11315] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e11332] -==== Examples - -[source, console] ----- -$ status -D "cn=Directory Manager" -w password - - --- Server Status --- -Server Run Status: Started -Open Connections: 1 - - --- Server Details --- -Host Name: localhost.localdomain -Administrative Users: cn=Directory Manager -Installation Path: /path/to/opendj -Version: OpenDJ version -Java Version: version -Administration Connector: Port 4444 (LDAPS) - - --- Connection Handlers --- -Address:Port : Protocol : State --------------:-------------:--------- --- : LDIF : Disabled -8989 : Replication : Enabled -0.0.0.0:161 : SNMP : Disabled -0.0.0.0:636 : LDAPS : Disabled -0.0.0.0:1389 : LDAP : Enabled -0.0.0.0:1689 : JMX : Disabled - - --- Data Sources --- -Base DN: dc=example,dc=com -Backend ID: userRoot -Entries: 160 -Replication: Enabled -Missing Changes: 0 -Age of Oldest Missing Change: - -Base DN: dc=myCompany,dc=com -Backend ID: myCompanyRoot -Entries: 3 -Replication: Disabled - -Base DN: o=myOrg -Backend ID: myOrgRoot -Entries: 3 -Replication: Disabled ----- - -''' -[#stop-ds-1] -=== stop-ds — stop OpenDJ directory server - -==== Synopsis -`stop-ds` - -[#stop-ds-description] -==== Description -This utility can be used to request that the Directory Server stop running or perform a restart. When run without connection options, this utility sends a signal to the OpenDJ process to stop the server. When run with connection options, this utility connects to the OpenDJ administration port and creates a shutdown task to stop the server. - -[#stop-ds-options] -==== Options -The `stop-ds` command takes the following options: --- -Command options: - -`-r | --stopReason {stopReason}`:: -Reason the server is being stopped or restarted. - -`-R | --restart`:: -Attempt to automatically restart the server once it has stopped. - -+ -Default: false - -`-t | --stopTime {stopTime}`:: -Indicates the date/time at which the shutdown operation will begin as a server task expressed in format YYYYMMDDhhmmssZ for UTC time or YYYYMMDDhhmmss for local time. A value of '0' will cause the shutdown to be scheduled for immediate execution. When this option is specified the operation will be scheduled to start at the specified time after which this utility will exit immediately. - -`-Y | --proxyAs {authzID}`:: -Use the proxied authorization control with the given authorization ID. - --- --- -LDAP connection options: - -`-D | --bindDN {bindDN}`:: -DN to use to bind to the server. - -`-h | --hostname {host}`:: -Directory server hostname or IP address. - -+ -Default: localhost.localdomain - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of certificate for SSL client authentication. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-p | --port {port}`:: -Directory server administration port number. - -+ -Default: 4444 - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Utility input/output options: - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e11579] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e11596] -==== Examples -The following example restarts OpenDJ directory server. - -[source, console] ----- -$ stop-ds --restart -Stopping Server... - -...The Directory Server has started successfully ----- - -''' -[#uninstall-1] -=== uninstall — remove OpenDJ directory server software - -==== Synopsis -`uninstall` {options} - -[#uninstall-description] -==== Description -This utility can be used to uninstall the Directory Server. - -[#uninstall-options] -==== Options -The `uninstall` command takes the following options: --- -Command options: - -`-a | --remove-all`:: -Remove all components of the server (this option is not compatible with the rest of remove options). - -+ -Default: false - -`-b | --backup-files`:: -Remove backup files. - -+ -Default: false - -`-c | --configuration-files`:: -Remove configuration files. - -+ -Default: false - -`--connectTimeout {timeout}`:: -Maximum length of time (in milliseconds) that can be taken to establish a connection. Use '0' to specify no time out. - -+ -Default: 30000 - -`-d | --databases`:: -Remove database contents. - -+ -Default: false - -`-e | --ldif-files`:: -Remove LDIF files. - -+ -Default: false - -`-f | --forceOnError`:: -Specifies whether the uninstall should continue if there is an error updating references to this server in remote server instances or not. This option can only be used with the --no-prompt no prompt option. - -+ -Default: false - -`-i | --cli`:: -Use the command line install. If not specified the graphical interface will be launched. The rest of the options (excluding help and version) will only be taken into account if this option is specified. - -+ -Default: false - -`-l | --server-libraries`:: -Remove Server Libraries and Administrative Tools. - -+ -Default: false - -`-L | --log-files`:: -Remove log files. - -+ -Default: false - --- --- -LDAP connection options: - -`-h | --referencedHostName {host}`:: -The name of this host (or IP address) as it is referenced in remote servers for replication. - -+ -Default: localhost.localdomain - -`-I | --adminUID {adminUID}`:: -User ID of the Global Administrator to use to bind to the server. - -+ -Default: admin - -`-j | --bindPasswordFile {bindPasswordFile}`:: -Bind password file. - -`-K | --keyStorePath {keyStorePath}`:: -Certificate key store path. - -`-N | --certNickname {nickname}`:: -Nickname of the certificate that the server should use when accepting SSL-based connections or performing StartTLS negotiation. - -`-o | --saslOption {name=value}`:: -SASL bind options. - -`-P | --trustStorePath {trustStorePath}`:: -Certificate trust store path. - -`-T | --trustStorePassword {trustStorePassword}`:: -Certificate trust store PIN. - -`-u | --keyStorePasswordFile {keyStorePasswordFile}`:: -Certificate key store PIN file. A PIN is required when you specify to use an existing certificate as server certificate. - -`-U | --trustStorePasswordFile {path}`:: -Certificate trust store PIN file. - -`-w | --bindPassword {bindPassword}`:: -Password to use to bind to the server. Use -w - to ensure that the command prompts for the password, rather than entering the password as a command argument. - -`-W | --keyStorePassword {keyStorePassword}`:: -Certificate key store PIN. A PIN is required when you specify to use an existing certificate as server certificate. - -`-X | --trustAll`:: -Trust all server SSL certificates. - -+ -Default: false - --- --- -Utility input/output options: - -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`--noPropertiesFile`:: -No properties file will be used to get default command line argument values. - -+ -Default: false - -`--propertiesFilePath {propertiesFilePath}`:: -Path to the file containing default property values used for command line arguments. - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - -`-v | --verbose`:: -Use verbose mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e11913] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e11930] -==== Examples -The following command removes OpenDJ directory server without interaction. - -[source, console] ----- -$ /path/to/opendj/uninstall -a --cli -I admin -w password -n - -Stopping Directory Server ..... Done. -Deleting Files under the Installation Path ..... Done. - -The Uninstall Completed Successfully. -To complete the uninstallation, you must delete manually the following files -and directories: -/path/to/opendj/lib -See /var/.../opends-uninstall-3...0.log for a detailed log of this operation. - -$ rm -rf /path/to/opendj ----- - -''' -[#upgrade-1] -=== upgrade — upgrade OpenDJ configuration and application data - -==== Synopsis -`upgrade` {options} - -[#upgrade-description] -==== Description -Upgrades OpenDJ configuration and application data so that it is compatible with the installed binaries. - -This tool should be run immediately after upgrading the OpenDJ binaries and before restarting the server. - -NOTE: this tool does not provide backup or restore capabilities. Therefore, it is the responsibility of the OpenDJ administrator to take necessary precautions before performing the upgrade. -This utility thus performs only part of the upgrade process, which includes the following phases for a single server. - -. Get and unpack a newer version of OpenDJ directory server software. - -. Stop the current OpenDJ directory server. - -. Overwrite existing binary and script files with those of the newer version, and then run this utility before restarting OpenDJ. - -. Start the upgraded OpenDJ directory server. - - -[IMPORTANT] -==== -This utility __does not back up OpenDJ before you upgrade, nor does it restore OpenDJ if the utility fails__. In order to revert a failed upgrade, make sure you back up OpenDJ directory server before you overwrite existing binary and script files. -==== -By default this utility requests confirmation before making important configuration changes. You can use the `--no-prompt` option to run the command non-interactively. - -When using the `--no-prompt` option, if this utility cannot complete because it requires confirmation for a potentially very long or critical task, then it exits with an error and a message about how to finish making the changes. You can add the `--force` option to force a non-interactive upgrade to continue in this case, also performing long running and critical tasks. - -After upgrading, see the resulting `upgrade.log` file for a full list of operations performed. - -[#upgrade-options] -==== Options -The `upgrade` command takes the following options: --- -Command options: - -`--acceptLicense`:: -Automatically accepts the product license (if present). - -+ -Default: false - -`--force`:: -Forces a non-interactive upgrade to continue even if it requires user interaction. In particular, long running or critical upgrade tasks, such as re-indexing, which require user confirmation will be skipped. This option may only be used with the 'no-prompt' option. - -+ -Default: false - -`--ignoreErrors`:: -Ignores any errors which occur during the upgrade. This option should be used with caution and may be useful in automated deployments where potential errors are known in advance and resolved after the upgrade has completed. - -+ -Default: false - --- --- -Utility input/output options: - -`-n | --no-prompt`:: -Use non-interactive mode. If data in the command is missing, the user is not prompted and the tool will fail. - -+ -Default: false - -`-Q | --quiet`:: -Use quiet mode. - -+ -Default: false - -`-v | --verbose`:: -Use verbose mode. - -+ -Default: false - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e12119] -==== Exit Codes --- - -0:: -The command completed successfully. - -2:: -The command was run in non-interactive mode, but could not complete because confirmation was required to run a long or critical task. - -+ -See the error message or the log for details. - -other:: -An error occurred. - --- -See the __OpenDJ Installation Guide__ for an example upgrade process for OpenDJ directory server installed from the cross-platform (.zip) delivery. - -Native packages (.deb, .rpm) perform more of the upgrade process, stopping OpenDJ if it is running, overwriting older files with newer files, running this utility, and starting OpenDJ if it was running when you upgraded the package(s). - -''' -[#verify-index-1] -=== verify-index — check index for consistency or errors - -==== Synopsis -`verify-index` - -[#verify-index-description] -==== Description -This utility can be used to ensure that index data is consistent within an indexed backend database. - -[#verify-index-options] -==== Options -The `verify-index` command takes the following options: --- -Command options: - -`-b | --baseDN {baseDN}`:: -Base DN of a backend supporting indexing. Verification is performed on indexes within the scope of the given base DN. - -`-c | --clean`:: -Specifies that a single index should be verified to ensure it is clean. An index is clean if each index value references only entries containing that value. Only one index at a time may be verified in this way. - -+ -Default: false - -`--countErrors`:: -Count the number of errors found during the verification and return that value as the exit code (values > 255 will be reduced to 255 due to exit code restrictions). - -+ -Default: false - -`-i | --index {index}`:: -Name of an index to be verified. For an attribute index this is simply an attribute name. Multiple indexes may be verified for completeness, or all indexes if no indexes are specified. An index is complete if each index value references all entries containing that value. - --- --- -General options: - -`-V | --version`:: -Display Directory Server version information. - -+ -Default: false - --- --- - -`-H | --help`:: -Display this usage information. - -+ -Default: false - --- - -[#d1822e12247] -==== Exit Codes --- - -0:: -The command completed successfully. - -1:: -The command was run in non-interactive mode, but could not complete because confirmation was required to run a long or critical task. - -+ -See the error message or the log for details. - -0-255:: -The number of errors in the index, as indicated for the `--countErrors` option. - --- - -[#d1822e12275] -==== Examples -The following example shows how to verify the `sn` (surname) index for completeness and for errors. The messages shown are for a backend of type `pdb`. The output is similar for other backend types: - -[source, console] ----- -$ verify-index -b dc=example,dc=com -i sn --clean --countErrors -[20/05/2015:14:24:18 +0200] category=...PDBStorage seq=0 severity=INFO - msg=The PDB storage for backend 'userRoot' initialized - to use 57528 buffers of 16384 bytes (total 920448kb) -[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=1 severity=INFO - msg=Checked 478 records and found 0 error(s) in 0 seconds - (average rate 3594.0/sec) -[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=2 severity=FINE - msg=Number of records referencing more than one entry: 224 -[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=3 severity=FINE - msg=Number of records that exceed the entry limit: 0 -[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=4 severity=FINE - msg=Average number of entries referenced is 2.00/record -[20/05/2015:14:24:18 +0200] category=...pluggable.VerifyJob seq=5 severity=FINE - msg=Maximum number of entries referenced by any record is 32 ----- +include::../partials/man-windows-service.adoc[] ''' -[#windows-service] -=== windows-service — register OpenDJ as a Windows Service - -==== Synopsis -`windows-service` {options} - -[#d1822e12323] -==== Description -This utility can be used to run OpenDJ directory server as a Windows Service. - -[#d1822e12328] -==== Service Options --- - -`-c, --cleanupService serviceName`:: -Disable the service and clean up the windows registry information associated with the provided service name - -`-d, --disableService`:: -Disable the server as a Windows service and stop the server - -`-e, --enableService`:: -Enable the server as a Windows service - -`-s, --serviceState`:: -Provide information about the state of the server as a Windows service - --- - -[#d1822e12362] -==== General Options --- - -`-V, --version`:: -Display version information - -`-?, -H, --help`:: -Display usage information - --- - -[#d1822e12380] -==== Exit Codes --- - -0:: -The command completed successfully. - -> 0:: -An error occurred. - --- - -[#d1822e12396] -==== Example -The following command registers OpenDJ directory server as a Windows Service. - -[source, console] ----- -C:\path\to\opendj\bat> windows-service.bat --enableService ----- -After running this command, you can manage the service using Windows administration tools. - - diff --git a/opendj-doc-generated-ref/src/main/asciidoc/reference/dsconfig-subcommands-ref.adoc b/opendj-doc-generated-ref/src/main/asciidoc/reference/dsconfig-subcommands-ref.adoc index e85de9e8b2..5f48b1fbdb 100644 --- a/opendj-doc-generated-ref/src/main/asciidoc/reference/dsconfig-subcommands-ref.adoc +++ b/opendj-doc-generated-ref/src/main/asciidoc/reference/dsconfig-subcommands-ref.adoc @@ -19,206467 +19,4 @@ :example-caption!: :table-caption!: - -[#dsconfig-subcommands-ref] -== dsconfig Subcommands Reference - -This section covers `dsconfig` subcommands. -[#dsconfig-create-access-log-filtering-criteria] -=== dsconfig create-access-log-filtering-criteria — Creates Access Log Filtering Criteria - -==== Synopsis -`dsconfig create-access-log-filtering-criteria` {options} - -[#dsconfig-create-access-log-filtering-criteria-description] -==== Description -Creates Access Log Filtering Criteria. - -[#dsconfig-create-access-log-filtering-criteria-options] -==== Options --- -The `dsconfig create-access-log-filtering-criteria` command takes the following options: - -`--publisher-name {name}`:: -The name of the Access Log Publisher. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--criteria-name {name}`:: -The name of the new Access Log Filtering Criteria. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the `--criteria-name {name}` option. - --- - -[#dsconfig-create-access-log-filtering-criteria-access-log-filtering-criteria] -==== Access Log Filtering Criteria -Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties: --- - -connection-client-address-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-client-address-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-port-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections to any of the specified listener port numbers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-protocol-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx". - -Default Value:: -None - -Allowed Values:: -The protocol name as reported in the access log. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-type:: -[open] -==== - -Description:: -Filters log records based on their type. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -abandon:: -Abandon operations - -add:: -Add operations - -bind:: -Bind operations - -compare:: -Compare operations - -connect:: -Client connections - -delete:: -Delete operations - -disconnect:: -Client disconnections - -extended:: -Extended operations - -modify:: -Modify operations - -rename:: -Rename operations - -search:: -Search operations - -unbind:: -Unbind operations - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-not-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-greater-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-less-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-not-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-is-indexed:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-greater-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-less-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are members of at least one of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-not-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are not members of any of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-account-status-notification-handler] -=== dsconfig create-account-status-notification-handler — Creates Account Status Notification Handlers - -==== Synopsis -`dsconfig create-account-status-notification-handler` {options} - -[#dsconfig-create-account-status-notification-handler-description] -==== Description -Creates Account Status Notification Handlers. - -[#dsconfig-create-account-status-notification-handler-options] -==== Options --- -The `dsconfig create-account-status-notification-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the new Account Status Notification Handler. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {name}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-account-status-notification-handler-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {name}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-account-status-notification-handler-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the `--handler-name {name}` option. - -`-t | --type {type}`:: -The type of Account Status Notification Handler which should be created. The value for TYPE can be one of: custom | error-log | smtp. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {type}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-account-status-notification-handler-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {type}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-account-status-notification-handler-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - --- - -[#dsconfig-create-account-status-notification-handler-error-log-account-status-notification-handler] -==== Error Log Account Status Notification Handler -Account Status Notification Handlers of type error-log-account-status-notification-handler have the following properties: --- - -account-status-notification-type:: -[open] -==== - -Description:: -Indicates which types of event can trigger an account status notification. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -account-disabled:: -Generate a notification whenever a user account has been disabled by an administrator. - -account-enabled:: -Generate a notification whenever a user account has been enabled by an administrator. - -account-expired:: -Generate a notification whenever a user authentication has failed because the account has expired. - -account-idle-locked:: -Generate a notification whenever a user account has been locked because it was idle for too long. - -account-permanently-locked:: -Generate a notification whenever a user account has been permanently locked after too many failed attempts. - -account-reset-locked:: -Generate a notification whenever a user account has been locked, because the password had been reset by an administrator but not changed by the user within the required interval. - -account-temporarily-locked:: -Generate a notification whenever a user account has been temporarily locked after too many failed attempts. - -account-unlocked:: -Generate a notification whenever a user account has been unlocked by an administrator. - -password-changed:: -Generate a notification whenever a user changes his/her own password. - -password-expired:: -Generate a notification whenever a user authentication has failed because the password has expired. - -password-expiring:: -Generate a notification whenever a password expiration warning is encountered for a user password for the first time. - -password-reset:: -Generate a notification whenever a user's password is reset by an administrator. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Error Log Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-account-status-notification-handler-smtp-account-status-notification-handler] -==== SMTP Account Status Notification Handler -Account Status Notification Handlers of type smtp-account-status-notification-handler have the following properties: --- - -email-address-attribute-type:: -[open] -==== - -Description:: -Specifies which attribute in the user's entries may be used to obtain the email address when notifying the end user. You can specify more than one email address as separate values. In this case, the OpenDJ server sends a notification to all email addresses identified. - -Default Value:: -If no email address attribute types are specified, then no attempt is made to send email notification messages to end users. Only those users specified in the set of additional recipient addresses are sent the notification messages. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this account status notification handler. The values for this property should begin with the name of an account status notification type followed by a colon and the subject that should be used for the associated notification message. If an email message is generated for an account status notification type for which no subject is defined, then that message is given a generic subject. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-template-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the message template to generate the email notification messages. The values for this property should begin with the name of an account status notification type followed by a colon and the path to the template file that should be used for that notification type. If an account status notification has a notification type that is not associated with a message template file, then no email message is generated for that notification. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which notification messages are sent, either instead of or in addition to the end user for whom the notification has been generated. This may be used to ensure that server administrators also receive a copy of any notification messages that are generated. - -Default Value:: -If no additional recipient addresses are specified, then only the end users that are the subjects of the account status notifications receive the notification messages. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -send-email-as-html:: -[open] -==== - -Description:: -Indicates whether an email notification message should be sent as HTML. If this value is true, email notification messages are marked as text/html. Otherwise outgoing email messages are assumed to be plaintext and marked as text/plain. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-message-without-end-user-address:: -[open] -==== - -Description:: -Indicates whether an email notification message should be generated and sent to the set of notification recipients even if the user entry does not contain any values for any of the email address attributes (that is, in cases when it is not be possible to notify the end user). This is only applicable if both one or more email address attribute types and one or more additional recipient addresses are specified. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address from which the message is sent. Note that this does not necessarily have to be a legitimate email address. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-alert-handler] -=== dsconfig create-alert-handler — Creates Alert Handlers - -==== Synopsis -`dsconfig create-alert-handler` {options} - -[#dsconfig-create-alert-handler-description] -==== Description -Creates Alert Handlers. - -[#dsconfig-create-alert-handler-options] -==== Options --- -The `dsconfig create-alert-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the new Alert Handler. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {name}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-alert-handler-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {name}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-alert-handler-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Alert Handler properties depend on the Alert Handler type, which depends on the `--handler-name {name}` option. - -`-t | --type {type}`:: -The type of Alert Handler which should be created. The value for TYPE can be one of: custom | jmx | smtp. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {type}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-alert-handler-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {type}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-alert-handler-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - --- - -[#dsconfig-create-alert-handler-jmx-alert-handler] -==== JMX Alert Handler -Alert Handlers of type jmx-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.JMXAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-alert-handler-smtp-alert-handler] -==== SMTP Alert Handler -Alert Handlers of type smtp-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-body:: -[open] -==== - -Description:: -Specifies the body that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which the messages should be sent. Multiple values may be provided if there should be more than one recipient. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender for messages generated by this alert handler. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-attribute-syntax] -=== dsconfig create-attribute-syntax — Creates Attribute Syntaxes - -==== Synopsis -`dsconfig create-attribute-syntax` {options} - -[#dsconfig-create-attribute-syntax-description] -==== Description -Creates Attribute Syntaxes. - -[#dsconfig-create-attribute-syntax-options] -==== Options --- -The `dsconfig create-attribute-syntax` command takes the following options: - -`--syntax-name {name}`:: -The name of the new Attribute Syntax. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {name}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {name}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {name}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {name}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {name}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {name}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the `--syntax-name {name}` option. - -`-t | --type {type}`:: -The type of Attribute Syntax which should be created (Default: generic). The value for TYPE can be one of: attribute-type-description | certificate | country-string | directory-string | generic | jpeg | telephone-number. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {type}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {type}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {type}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {type}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {type}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {type}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-attribute-syntax-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - --- - -[#dsconfig-create-attribute-syntax-attribute-type-description-attribute-syntax] -==== Attribute Type Description Attribute Syntax -Attribute Syntaxes of type attribute-type-description-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Attribute Type Description Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.AttributeTypeSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strip-syntax-min-upper-bound:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-attribute-syntax-certificate-attribute-syntax] -==== Certificate Attribute Syntax -Attribute Syntaxes of type certificate-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Certificate Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CertificateSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether X.509 Certificate values are required to strictly comply with the standard definition for this syntax. When set to false, certificates will not be validated and, as a result any sequence of bytes will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-attribute-syntax-country-string-attribute-syntax] -==== Country String Attribute Syntax -Attribute Syntaxes of type country-string-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Country String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CountryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-attribute-syntax-directory-string-attribute-syntax] -==== Directory String Attribute Syntax -Attribute Syntaxes of type directory-string-attribute-syntax have the following properties: --- - -allow-zero-length-values:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Directory String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.DirectoryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - --- - -[#dsconfig-create-attribute-syntax-jpeg-attribute-syntax] -==== JPEG Attribute Syntax -Attribute Syntaxes of type jpeg-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JPEG Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.JPEGSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require JPEG values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-attribute-syntax-telephone-number-attribute-syntax] -==== Telephone Number Attribute Syntax -Attribute Syntaxes of type telephone-number-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Telephone Number Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.TelephoneNumberSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require telephone number values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-backend] -=== dsconfig create-backend — Creates Backends - -==== Synopsis -`dsconfig create-backend` {options} - -[#dsconfig-create-backend-description] -==== Description -Creates Backends. - -[#dsconfig-create-backend-options] -==== Options --- -The `dsconfig create-backend` command takes the following options: - -`--backend-name {STRING}`:: -The name of the new Backend which will also be used as the value of the "backend-id" property: Specifies a name to identify the associated backend. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {STRING} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {STRING}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {STRING}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {STRING}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {STRING}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {STRING}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {STRING}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {STRING}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {STRING}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {STRING}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {STRING}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Backend properties depend on the Backend type, which depends on the `--backend-name {STRING}` option. - -`-t | --type {type}`:: -The type of Backend which should be created. The value for TYPE can be one of: backup | custom | je | ldif | memory | monitor | null | pdb | schema | task | trust-store. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {type}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {type}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {type}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {type}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {type}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {type}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {type}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {type}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {type}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {type}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-backend-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - --- - -[#dsconfig-create-backend-backup-backend] -==== Backup Backend -Backends of type backup-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -backup-directory:: -[open] -==== - -Description:: -Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.BackupBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-je-backend] -==== JE Backend -Backends of type je-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-bytes-interval:: -[open] -==== - -Description:: -Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero. - -Default Value:: -500mb - -Allowed Values:: -Upper value is 9223372036854775807. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero. - -Default Value:: -30s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 4294 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-cleaner-min-utilization:: -[open] -==== - -Description:: -Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-core-threads:: -[open] -==== - -Description:: -Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-keep-alive:: -[open] -==== - -Description:: -The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -600s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 86400 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-lru-only:: -[open] -==== - -Description:: -Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-max-threads:: -[open] -==== - -Description:: -Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-nodes-per-scan:: -[open] -==== - -Description:: -Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 1000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-file-max:: -[open] -==== - -Description:: -Specifies the maximum size for a database log file. - -Default Value:: -100mb - -Allowed Values:: -Lower value is 1000000.Upper value is 4294967296. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-filecache-size:: -[open] -==== - -Description:: -Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 3. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-file-handler-on:: -[open] -==== - -Description:: -Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-level:: -[open] -==== - -Description:: -Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL. - -Default Value:: -CONFIG - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-cleaner-threads:: -[open] -==== - -Description:: -Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-lock-tables:: -[open] -==== - -Description:: -Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 32767. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-run-cleaner:: -[open] -==== - -Description:: -Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-write-no-sync:: -[open] -==== - -Description:: -Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.jeb.JEBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -je-property:: -[open] -==== - -Description:: -Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-ldif-backend] -==== LDIF Backend -Backends of type ldif-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -is-private-backend:: -[open] -==== - -Description:: -Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.LDIFBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-file:: -[open] -==== - -Description:: -Specifies the path to the LDIF file containing the data for this backend. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-memory-backend] -==== Memory Backend -Backends of type memory-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MemoryBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-monitor-backend] -==== Monitor Backend -Backends of type monitor-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MonitorBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-null-backend] -==== Null Backend -Backends of type null-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.NullBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-pdb-backend] -==== PDB Backend -Backends of type pdb-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time. - -Default Value:: -15s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 10 seconds.Upper limit is 3600 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.pdb.PDBBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-schema-backend] -==== Schema Backend -Backends of type schema-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.SchemaBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -schema-entry-dn:: -[open] -==== - -Description:: -Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. - -Default Value:: -cn=schema - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-task-backend] -==== Task Backend -Backends of type task-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.task.TaskBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -notification-sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution. - -Default Value:: -The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-backing-file:: -[open] -==== - -Description:: -Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-retention-time:: -[open] -==== - -Description:: -Specifies the length of time that task entries should be retained after processing on the associated task has been completed. - -Default Value:: -24 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-backend-trust-store-backend] -==== Trust Store Backend -Backends of type trust-store-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.TrustStoreBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root. - -Default Value:: -config/ads-truststore - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. - -Default Value:: -The JVM default value is used. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect the next time that the key manager is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-backend-index] -=== dsconfig create-backend-index — Creates Backend Indexes - -==== Synopsis -`dsconfig create-backend-index` {options} - -[#dsconfig-create-backend-index-description] -==== Description -Creates Backend Indexes. - -[#dsconfig-create-backend-index-options] -==== Options --- -The `dsconfig create-backend-index` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-backend-index-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--index-name {OID}`:: -The name of the new Backend Index which will also be used as the value of the "attribute" property: Specifies the name of the attribute for which the index is to be maintained. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {OID} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {OID}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-backend-index-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Backend Index properties depend on the Backend Index type, which depends on the `--index-name {OID}` option. - --- - -[#dsconfig-create-backend-index-backend-index] -==== Backend Index -Backend Indexes of type backend-index have the following properties: --- - -attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute for which the index is to be maintained. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Specifies whether contents of the index should be confidential. Setting the flag to true will hash keys for equality type indexes using SHA-1 and encrypt the list of entries matching a substring key for substring indexes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If the index for the attribute must be protected for security purposes and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. The property cannot be set on a backend for which confidentiality is not enabled. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that are allowed to match a given index key before that particular index key is no longer maintained. This is analogous to the ALL IDs threshold in the Sun Java System Directory Server. If this is specified, its value overrides the JE backend-wide configuration. For no limit, use 0 for the value. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If any index keys have already reached this limit, indexes must be rebuilt before they will be allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-extensible-matching-rule:: -[open] -==== - -Description:: -The extensible matching rule in an extensible index. An extensible matching rule must be specified using either LOCALE or OID of the matching rule. - -Default Value:: -No extensible matching rules will be indexed. - -Allowed Values:: -A Locale or an OID. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-type:: -[open] -==== - -Description:: -Specifies the type(s) of indexing that should be performed for the associated attribute. For equality, presence, and substring index types, the associated attribute type must have a corresponding matching rule. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -approximate:: -This index type is used to improve the efficiency of searches using approximate matching search filters. - -equality:: -This index type is used to improve the efficiency of searches using equality search filters. - -extensible:: -This index type is used to improve the efficiency of searches using extensible matching search filters. - -ordering:: -This index type is used to improve the efficiency of searches using "greater than or equal to" or "less then or equal to" search filters. - -presence:: -This index type is used to improve the efficiency of searches using the presence search filters. - -substring:: -This index type is used to improve the efficiency of searches using substring search filters. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -If any new index types are added for an attribute, and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. - -Advanced Property:: -No - -Read-only:: -No - -==== - -substring-length:: -[open] -==== - -Description:: -The length of substrings in a substring index. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 3. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-backend-vlv-index] -=== dsconfig create-backend-vlv-index — Creates Backend VLV Indexes - -==== Synopsis -`dsconfig create-backend-vlv-index` {options} - -[#dsconfig-create-backend-vlv-index-description] -==== Description -Creates Backend VLV Indexes. - -[#dsconfig-create-backend-vlv-index-options] -==== Options --- -The `dsconfig create-backend-vlv-index` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-backend-vlv-index-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--index-name {STRING}`:: -The name of the new Backend VLV Index which will also be used as the value of the "name" property: Specifies a unique name for this VLV index. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {STRING} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {STRING}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-backend-vlv-index-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the `--index-name {STRING}` option. - --- - -[#dsconfig-create-backend-vlv-index-backend-vlv-index] -==== Backend VLV Index -Backend VLV Indexes of type backend-vlv-index have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN used in the search query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the LDAP filter used in the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid LDAP search filter. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -name:: -[open] -==== - -Description:: -Specifies a unique name for this VLV index. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -The VLV index name cannot be altered after the index is created. - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope of the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -sort-order:: -[open] -==== - -Description:: -Specifies the names of the attributes that are used to sort the entries for the query being indexed. Multiple attributes can be used to determine the sort order by listing the attribute names from highest to lowest precedence. Optionally, + or - can be prefixed to the attribute name to sort the attribute in ascending order or descending order respectively. - -Default Value:: -None - -Allowed Values:: -Valid attribute types defined in the schema, separated by a space and optionally prefixed by + or -. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-certificate-mapper] -=== dsconfig create-certificate-mapper — Creates Certificate Mappers - -==== Synopsis -`dsconfig create-certificate-mapper` {options} - -[#dsconfig-create-certificate-mapper-description] -==== Description -Creates Certificate Mappers. - -[#dsconfig-create-certificate-mapper-options] -==== Options --- -The `dsconfig create-certificate-mapper` command takes the following options: - -`--mapper-name {name}`:: -The name of the new Certificate Mapper. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {name}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {name}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {name}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {name}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the `--mapper-name {name}` option. - -`-t | --type {type}`:: -The type of Certificate Mapper which should be created. The value for TYPE can be one of: custom | fingerprint | subject-attribute-to-user-attribute | subject-dn-to-user-attribute | subject-equals-dn. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {type}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {type}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {type}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {type}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-certificate-mapper-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - --- - -[#dsconfig-create-certificate-mapper-fingerprint-certificate-mapper] -==== Fingerprint Certificate Mapper -Certificate Mappers of type fingerprint-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-algorithm:: -[open] -==== - -Description:: -Specifies the name of the digest algorithm to compute the fingerprint of client certificates. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -md5:: -Use the MD5 digest algorithm to compute certificate fingerprints. - -sha1:: -Use the SHA-1 digest algorithm to compute certificate fingerprints. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-attribute:: -[open] -==== - -Description:: -Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.FingerprintCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. - -Default Value:: -The server performs the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-certificate-mapper-subject-attribute-to-user-attribute-certificate-mapper] -==== Subject Attribute To User Attribute Certificate Mapper -Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute-mapping:: -[open] -==== - -Description:: -Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-certificate-mapper-subject-dn-to-user-attribute-certificate-mapper] -==== Subject DN To User Attribute Certificate Mapper -Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-certificate-mapper-subject-equals-dn-certificate-mapper] -==== Subject Equals DN Certificate Mapper -Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectEqualsDNCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-connection-handler] -=== dsconfig create-connection-handler — Creates Connection Handlers - -==== Synopsis -`dsconfig create-connection-handler` {options} - -[#dsconfig-create-connection-handler-description] -==== Description -Creates Connection Handlers. - -[#dsconfig-create-connection-handler-options] -==== Options --- -The `dsconfig create-connection-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the new Connection Handler. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {name}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {name}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {name}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {name}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {name}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Connection Handler properties depend on the Connection Handler type, which depends on the `--handler-name {name}` option. - -`-t | --type {type}`:: -The type of Connection Handler which should be created. The value for TYPE can be one of: custom | http | jmx | ldap | ldif | snmp. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {type}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {type}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {type}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {type}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {type}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-connection-handler-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - --- - -[#dsconfig-create-connection-handler-http-connection-handler] -==== HTTP Connection Handler -Connection Handlers of type http-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.http.HTTPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-concurrent-ops-per-connection:: -[open] -==== - -Description:: -Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-connection-handler-jmx-connection-handler] -==== JMX Connection Handler -Connection Handlers of type jmx-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.jmx.JmxConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this JMX Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -rmi-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-connection-handler-ldap-connection-handler] -==== LDAP Connection Handler -Connection Handlers of type ldap-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-ldap-v2:: -[open] -==== - -Description:: -Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-start-tls:: -[open] -==== - -Description:: -Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.ldap.LDAPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-rejection-notice:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-connection-handler-ldif-connection-handler] -==== LDIF Connection Handler -Connection Handlers of type ldif-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.LDIFConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-directory:: -[open] -==== - -Description:: -Specifies the path to the directory in which the LDIF files should be placed. - -Default Value:: -config/auto-process-ldif - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -poll-interval:: -[open] -==== - -Description:: -Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-connection-handler-snmp-connection-handler] -==== SNMP Connection Handler -Connection Handlers of type snmp-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-manager:: -[open] -==== - -Description:: -Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-user:: -[open] -==== - -Description:: -Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -community:: -[open] -==== - -Description:: -Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. - -Default Value:: -org.opends.server.snmp.SNMPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -opendmk-jarfile:: -[open] -==== - -Description:: -Indicates the OpenDMK runtime jar file location - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -registered-mbean:: -[open] -==== - -Description:: -Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-agent-file:: -[open] -==== - -Description:: -Specifies the USM security configuration to receive authenticated only SNMP requests. - -Default Value:: -config/snmp/security/opendj-snmp.security - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-level:: -[open] -==== - -Description:: -Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. - -Default Value:: -authnopriv - -Allowed Values:: -[open] -====== - -authnopriv:: -Authentication activated with no privacy. - -authpriv:: -Authentication with privacy activated. - -noauthnopriv:: -No security mechanisms activated. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -trap-port:: -[open] -==== - -Description:: -Specifies the port to use to send SNMP Traps. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-community:: -[open] -==== - -Description:: -Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-destination:: -[open] -==== - -Description:: -Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess. - -Default Value:: -If the list is empty, V1 traps are sent to "localhost". - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-debug-target] -=== dsconfig create-debug-target — Creates Debug Targets - -==== Synopsis -`dsconfig create-debug-target` {options} - -[#dsconfig-create-debug-target-description] -==== Description -Creates Debug Targets. - -[#dsconfig-create-debug-target-options] -==== Options --- -The `dsconfig create-debug-target` command takes the following options: - -`--publisher-name {name}`:: -The name of the Debug Log Publisher. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-debug-target-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--target-name {STRING}`:: -The name of the new Debug Target which will also be used as the value of the "debug-scope" property: Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {STRING} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {STRING}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-debug-target-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Debug Target properties depend on the Debug Target type, which depends on the `--target-name {STRING}` option. - --- - -[#dsconfig-create-debug-target-debug-target] -==== Debug Target -Debug Targets of type debug-target have the following properties: --- - -debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -debug-scope:: -[open] -==== - -Description:: -Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). - -Default Value:: -None - -Allowed Values:: -The fully-qualified OpenDJ Java package, class, or method name. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Debug Target is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-throwable-cause:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the cause of exceptions in exception thrown and caught messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-entry-arguments:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include method arguments in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-return-value:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the return value in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -throwable-stack-frames:: -[open] -==== - -Description:: -Specifies the property to indicate the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-entry-cache] -=== dsconfig create-entry-cache — Creates Entry Caches - -==== Synopsis -`dsconfig create-entry-cache` {options} - -[#dsconfig-create-entry-cache-description] -==== Description -Creates Entry Caches. - -[#dsconfig-create-entry-cache-options] -==== Options --- -The `dsconfig create-entry-cache` command takes the following options: - -`--cache-name {name}`:: -The name of the new Entry Cache. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {name}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-entry-cache-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {name}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-entry-cache-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Entry Cache properties depend on the Entry Cache type, which depends on the `--cache-name {name}` option. - -`-t | --type {type}`:: -The type of Entry Cache which should be created. The value for TYPE can be one of: custom | fifo | soft-reference. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {type}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-entry-cache-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {type}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-entry-cache-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - --- - -[#dsconfig-create-entry-cache-fifo-entry-cache] -==== FIFO Entry Cache -Entry Caches of type fifo-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the FIFO Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.FIFOEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time to wait while attempting to acquire a read or write lock. - -Default Value:: -2000.0ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-entries:: -[open] -==== - -Description:: -Specifies the maximum number of entries that we will allow in the cache. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-memory-percent:: -[open] -==== - -Description:: -Specifies the maximum percentage of JVM memory used by the server before the entry caches stops caching and begins purging itself. Very low settings such as 10 or 20 (percent) can prevent this entry cache from having enough space to hold any of the entries to cache, making it appear that the server is ignoring or skipping the entry cache entirely. - -Default Value:: -90 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 100. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-entry-cache-soft-reference-entry-cache] -==== Soft Reference Entry Cache -Entry Caches of type soft-reference-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Soft Reference Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.SoftReferenceEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time in milliseconds to wait while attempting to acquire a read or write lock. - -Default Value:: -3000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-extended-operation-handler] -=== dsconfig create-extended-operation-handler — Creates Extended Operation Handlers - -==== Synopsis -`dsconfig create-extended-operation-handler` {options} - -[#dsconfig-create-extended-operation-handler-description] -==== Description -Creates Extended Operation Handlers. - -[#dsconfig-create-extended-operation-handler-options] -==== Options --- -The `dsconfig create-extended-operation-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the new Extended Operation Handler. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {name}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {name}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {name}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {name}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {name}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {name}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {name}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the `--handler-name {name}` option. - -`-t | --type {type}`:: -The type of Extended Operation Handler which should be created. The value for TYPE can be one of: cancel | custom | get-connection-id | get-symmetric-key | password-modify | password-policy-state | start-tls | who-am-i. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {type}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {type}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {type}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {type}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {type}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {type}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {type}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-extended-operation-handler-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - --- - -[#dsconfig-create-extended-operation-handler-cancel-extended-operation-handler] -==== Cancel Extended Operation Handler -Extended Operation Handlers of type cancel-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Cancel Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.CancelExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-extended-operation-handler-get-connection-id-extended-operation-handler] -==== Get Connection Id Extended Operation Handler -Extended Operation Handlers of type get-connection-id-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Connection Id Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.GetConnectionIDExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-extended-operation-handler-get-symmetric-key-extended-operation-handler] -==== Get Symmetric Key Extended Operation Handler -Extended Operation Handlers of type get-symmetric-key-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Symmetric Key Extended Operation Handler implementation. - -Default Value:: -org.opends.server.crypto.GetSymmetricKeyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-extended-operation-handler-password-modify-extended-operation-handler] -==== Password Modify Extended Operation Handler -Extended Operation Handlers of type password-modify-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that should be used in conjunction with the password modify extended operation. This property is used to identify a user based on an authorization ID in the 'u:' form. Changes to this property take effect immediately. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Password Modify Extended Operation Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Modify Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordModifyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-extended-operation-handler-password-policy-state-extended-operation-handler] -==== Password Policy State Extended Operation Handler -Extended Operation Handlers of type password-policy-state-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Policy State Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordPolicyStateExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-extended-operation-handler-start-tls-extended-operation-handler] -==== Start TLS Extended Operation Handler -Extended Operation Handlers of type start-tls-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Start TLS Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.StartTLSExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-extended-operation-handler-who-am-i-extended-operation-handler] -==== Who Am I Extended Operation Handler -Extended Operation Handlers of type who-am-i-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Who Am I Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.WhoAmIExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-group-implementation] -=== dsconfig create-group-implementation — Creates Group Implementations - -==== Synopsis -`dsconfig create-group-implementation` {options} - -[#dsconfig-create-group-implementation-description] -==== Description -Creates Group Implementations. - -[#dsconfig-create-group-implementation-options] -==== Options --- -The `dsconfig create-group-implementation` command takes the following options: - -`--implementation-name {name}`:: -The name of the new Group Implementation. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {name}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-group-implementation-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {name}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-group-implementation-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {name}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-group-implementation-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Group Implementation properties depend on the Group Implementation type, which depends on the `--implementation-name {name}` option. - -`-t | --type {type}`:: -The type of Group Implementation which should be created. The value for TYPE can be one of: custom | dynamic | static | virtual-static. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {type}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-group-implementation-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {type}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-group-implementation-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {type}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-group-implementation-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - --- - -[#dsconfig-create-group-implementation-dynamic-group-implementation] -==== Dynamic Group Implementation -Group Implementations of type dynamic-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dynamic Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.DynamicGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-group-implementation-static-group-implementation] -==== Static Group Implementation -Group Implementations of type static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.StaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-group-implementation-virtual-static-group-implementation] -==== Virtual Static Group Implementation -Group Implementations of type virtual-static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Virtual Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.VirtualStaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-http-authorization-mechanism] -=== dsconfig create-http-authorization-mechanism — Creates HTTP Authorization Mechanisms - -==== Synopsis -`dsconfig create-http-authorization-mechanism` {options} - -[#dsconfig-create-http-authorization-mechanism-description] -==== Description -Creates HTTP Authorization Mechanisms. - -[#dsconfig-create-http-authorization-mechanism-options] -==== Options --- -The `dsconfig create-http-authorization-mechanism` command takes the following options: - -`--mechanism-name {name}`:: -The name of the new HTTP Authorization Mechanism. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {name}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {name}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {name}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {name}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {name}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {name}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the `--mechanism-name {name}` option. - -`-t | --type {type}`:: -The type of HTTP Authorization Mechanism which should be created. The value for TYPE can be one of: http-anonymous-authorization-mechanism | http-basic-authorization-mechanism | http-oauth2-cts-authorization-mechanism | http-oauth2-file-authorization-mechanism | http-oauth2-openam-authorization-mechanism | http-oauth2-token-introspection-authorization-mechanism. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {type}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {type}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {type}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {type}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {type}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {type}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-authorization-mechanism-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - --- - -[#dsconfig-create-http-authorization-mechanism-http-anonymous-authorization-mechanism] -==== HTTP Anonymous Authorization Mechanism -HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-dn:: -[open] -==== - -Description:: -The authorization DN which will be used for performing anonymous operations. - -Default Value:: -By default, operations will be performed using an anonymously bound connection. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-http-authorization-mechanism-http-basic-authorization-mechanism] -==== HTTP Basic Authorization Mechanism -HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties: --- - -alt-authentication-enabled:: -[open] -==== - -Description:: -Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-password-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's password from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-username-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's name from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-http-authorization-mechanism-http-oauth2-cts-authorization-mechanism] -==== HTTP Oauth2 Cts Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-http-authorization-mechanism-http-oauth2-file-authorization-mechanism] -==== HTTP Oauth2 File Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-directory:: -[open] -==== - -Description:: -Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. - -Default Value:: -oauth2-demo/ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-http-authorization-mechanism-http-oauth2-openam-authorization-mechanism] -==== HTTP Oauth2 Openam Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism . - -Default Value:: -By default the system key manager(s) will be used. - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-info-url:: -[open] -==== - -Description:: -Defines the OpenAM endpoint URL where the access-token resolution request should be sent. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-http-authorization-mechanism-http-oauth2-token-introspection-authorization-mechanism] -==== HTTP Oauth2 Token Introspection Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-id:: -[open] -==== - -Description:: -Client's ID to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-secret:: -[open] -==== - -Description:: -Client's secret to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-introspection-url:: -[open] -==== - -Description:: -Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-http-endpoint] -=== dsconfig create-http-endpoint — Creates HTTP Endpoints - -==== Synopsis -`dsconfig create-http-endpoint` {options} - -[#dsconfig-create-http-endpoint-description] -==== Description -Creates HTTP Endpoints. - -[#dsconfig-create-http-endpoint-options] -==== Options --- -The `dsconfig create-http-endpoint` command takes the following options: - -`--endpoint-name {STRING}`:: -The name of the new HTTP Endpoint which will also be used as the value of the "base-path" property: All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {STRING} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {STRING}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-endpoint-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {STRING}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-endpoint-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the `--endpoint-name {STRING}` option. - -`-t | --type {type}`:: -The type of HTTP Endpoint which should be created (Default: generic). The value for TYPE can be one of: admin-endpoint | generic | rest2ldap-endpoint. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {type}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-endpoint-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {type}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-http-endpoint-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - --- - -[#dsconfig-create-http-endpoint-admin-endpoint] -==== Admin Endpoint -HTTP Endpoints of type admin-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Admin Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.AdminEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-http-endpoint-rest2ldap-endpoint] -==== Rest2ldap Endpoint -HTTP Endpoints of type rest2ldap-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -config-directory:: -[open] -==== - -Description:: -The directory containing the Rest2Ldap configuration file(s) for this specific endpoint. The directory must be readable by the server and may contain multiple configuration files, one for each supported version of the REST endpoint. If a relative path is used then it will be resolved against the server's instance directory. - -Default Value:: -None - -Allowed Values:: -A directory that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Rest2ldap Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-identity-mapper] -=== dsconfig create-identity-mapper — Creates Identity Mappers - -==== Synopsis -`dsconfig create-identity-mapper` {options} - -[#dsconfig-create-identity-mapper-description] -==== Description -Creates Identity Mappers. - -[#dsconfig-create-identity-mapper-options] -==== Options --- -The `dsconfig create-identity-mapper` command takes the following options: - -`--mapper-name {name}`:: -The name of the new Identity Mapper. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {name}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-identity-mapper-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {name}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-identity-mapper-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Identity Mapper properties depend on the Identity Mapper type, which depends on the `--mapper-name {name}` option. - -`-t | --type {type}`:: -The type of Identity Mapper which should be created. The value for TYPE can be one of: custom | exact-match | regular-expression. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {type}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-identity-mapper-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {type}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-identity-mapper-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - --- - -[#dsconfig-create-identity-mapper-exact-match-identity-mapper] -==== Exact Match Identity Mapper -Identity Mappers of type exact-match-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.ExactMatchIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-identity-mapper-regular-expression-identity-mapper] -==== Regular Expression Identity Mapper -Identity Mappers of type regular-expression-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.RegularExpressionIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-pattern:: -[open] -==== - -Description:: -Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. - -Default Value:: -None - -Allowed Values:: -Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replace-pattern:: -[open] -==== - -Description:: -Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. - -Default Value:: -The replace pattern will be the empty string. - -Allowed Values:: -Any valid replacement string that is allowed by the javax.util.regex.Matcher class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-key-manager-provider] -=== dsconfig create-key-manager-provider — Creates Key Manager Providers - -==== Synopsis -`dsconfig create-key-manager-provider` {options} - -[#dsconfig-create-key-manager-provider-description] -==== Description -Creates Key Manager Providers. - -[#dsconfig-create-key-manager-provider-options] -==== Options --- -The `dsconfig create-key-manager-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the new Key Manager Provider. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {name}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-key-manager-provider-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {name}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-key-manager-provider-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the `--provider-name {name}` option. - -`-t | --type {type}`:: -The type of Key Manager Provider which should be created. The value for TYPE can be one of: custom | file-based | pkcs11. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {type}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-key-manager-provider-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {type}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-key-manager-provider-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - --- - -[#dsconfig-create-key-manager-provider-file-based-key-manager-provider] -==== File Based Key Manager Provider -Key Manager Providers of type file-based-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedKeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-key-manager-provider-pkcs11-key-manager-provider] -==== PKCS11 Key Manager Provider -Key Manager Providers of type pkcs11-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.PKCS11KeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-log-publisher] -=== dsconfig create-log-publisher — Creates Log Publishers - -==== Synopsis -`dsconfig create-log-publisher` {options} - -[#dsconfig-create-log-publisher-description] -==== Description -Creates Log Publishers. - -[#dsconfig-create-log-publisher-options] -==== Options --- -The `dsconfig create-log-publisher` command takes the following options: - -`--publisher-name {name}`:: -The name of the new Log Publisher. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {name}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {name}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {name}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {name}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {name}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {name}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {name}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {name}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {name}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Log Publisher properties depend on the Log Publisher type, which depends on the `--publisher-name {name}` option. - -`-t | --type {type}`:: -The type of Log Publisher which should be created. The value for TYPE can be one of: csv-file-access | csv-file-http-access | custom-access | custom-debug | custom-error | custom-http-access | external-access | external-http-access | file-based-access | file-based-audit | file-based-debug | file-based-error | file-based-http-access. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {type}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {type}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {type}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {type}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {type}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {type}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {type}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {type}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {type}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-log-publisher-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - --- - -[#dsconfig-create-log-publisher-csv-file-access-log-publisher] -==== Csv File Access Log Publisher -Log Publishers of type csv-file-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writting in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CsvFileAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when the tamper-evident option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-csv-file-http-access-log-publisher] -==== Csv File HTTP Access Log Publisher -Log Publishers of type csv-file-http-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File HTTP Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File HTTP Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File HTTP Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when secure option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-external-access-log-publisher] -==== External Access Log Publisher -Log Publishers of type external-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.ExternalAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-external-http-access-log-publisher] -==== External HTTP Access Log Publisher -Log Publishers of type external-http-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External HTTP Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-file-based-access-log-publisher] -==== File Based Access Log Publisher -Log Publishers of type file-based-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the access log. - -Default Value:: -multi-line - -Allowed Values:: -[open] -====== - -combined:: -Combine log records for operation requests and responses into a single record. This format should be used when log records are to be filtered based on response criteria (e.g. result code). - -multi-line:: -Outputs separate log records for operation requests and responses. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-file-based-audit-log-publisher] -==== File Based Audit Log Publisher -Log Publishers of type file-based-audit-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Audit Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Audit Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAuditLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Audit Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-file-based-debug-log-publisher] -==== File Based Debug Log Publisher -Log Publishers of type file-based-debug-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Debug Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-include-throwable-cause:: -[open] -==== - -Description:: -Indicates whether to include the cause of exceptions in exception thrown and caught messages logged by default. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-entry-arguments:: -[open] -==== - -Description:: -Indicates whether to include method arguments in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-return-value:: -[open] -==== - -Description:: -Indicates whether to include the return value in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-throwable-stack-frames:: -[open] -==== - -Description:: -Indicates the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Debug Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextDebugLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Debug Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Debug Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Debug Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Debug Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-file-based-error-log-publisher] -==== File Based Error Log Publisher -Log Publishers of type file-based-error-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Error Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer will be flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-severity:: -[open] -==== - -Description:: -Specifies the default severity levels for the logger. - -Default Value:: -error - -+ -warning - -Allowed Values:: -[open] -====== - -all:: -Messages of all severity levels are logged. - -debug:: -The error log severity that is used for messages that provide debugging information triggered during processing. - -error:: -The error log severity that is used for messages that provide information about errors which may force the server to shut down or operate in a significantly degraded state. - -info:: -The error log severity that is used for messages that provide information about significant events within the server that are not warnings or errors. - -none:: -No messages of any severity are logged by default. This value is intended to be used in conjunction with the override-severity property to define an error logger that will publish no error message beside the errors of a given category. - -notice:: -The error log severity that is used for the most important informational messages (i.e., information that should almost always be logged but is not associated with a warning or error condition). - -warning:: -The error log severity that is used for messages that provide information about warnings triggered during processing. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Error Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextErrorLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Error Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Error Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -override-severity:: -[open] -==== - -Description:: -Specifies the override severity levels for the logger based on the category of the messages. Each override severity level should include the category and the severity levels to log for that category, for example, core=error,info,warning. Valid categories are: core, extensions, protocol, config, log, util, schema, plugin, jeb, backend, tools, task, access-control, admin, sync, version, quicksetup, admin-tool, dsconfig, user-defined. Valid severities are: all, error, info, warning, notice, debug. - -Default Value:: -All messages with the default severity levels are logged. - -Allowed Values:: -A string in the form category=severity1,severity2... - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Error Log Publisher . When multiple policies are used, log files will be cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files will never be cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Error Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-publisher-file-based-http-access-log-publisher] -==== File Based HTTP Access Log Publisher -Log Publishers of type file-based-http-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based HTTP Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based HTTP Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the HTTP access log. - -Default Value:: -cs-host c-ip cs-username x-datetime cs-method cs-uri-stem cs-uri-query cs-version sc-status cs(User-Agent) x-connection-id x-etime x-transaction-id - -Allowed Values:: -A space separated list of fields describing the extended log format to be used for logging HTTP accesses. Available values are listed on the W3C working draft http://www.w3.org/TR/WD-logfile.html and Microsoft website http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true OpenDJ supports the following standard fields: "c-ip", "c-port", "cs-host", "cs-method", "cs-uri", "cs-uri-stem", "cs-uri-query", "cs(User-Agent)", "cs-username", "cs-version", "s-computername", "s-ip", "s-port", "sc-status". OpenDJ supports the following application specific field extensions: "x-connection-id" displays the internal connection ID assigned to the HTTP client connection, "x-datetime" displays the completion date and time for the logged HTTP request and its ouput is controlled by the "ds-cfg-log-record-time-format" property, "x-etime" displays the total execution time for the logged HTTP request, "x-transaction-id" displays the transaction id associated to a request - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-log-retention-policy] -=== dsconfig create-log-retention-policy — Creates Log Retention Policies - -==== Synopsis -`dsconfig create-log-retention-policy` {options} - -[#dsconfig-create-log-retention-policy-description] -==== Description -Creates Log Retention Policies. - -[#dsconfig-create-log-retention-policy-options] -==== Options --- -The `dsconfig create-log-retention-policy` command takes the following options: - -`--policy-name {name}`:: -The name of the new Log Retention Policy. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {name}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-retention-policy-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {name}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-retention-policy-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {name}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-retention-policy-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the `--policy-name {name}` option. - -`-t | --type {type}`:: -The type of Log Retention Policy which should be created. The value for TYPE can be one of: custom | file-count | free-disk-space | size-limit. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {type}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-retention-policy-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {type}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-retention-policy-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {type}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-retention-policy-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - --- - -[#dsconfig-create-log-retention-policy-file-count-log-retention-policy] -==== File Count Log Retention Policy -Log Retention Policies of type file-count-log-retention-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the File Count Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FileNumberRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -number-of-files:: -[open] -==== - -Description:: -Specifies the number of archived log files to retain before the oldest ones are cleaned. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-retention-policy-free-disk-space-log-retention-policy] -==== Free Disk Space Log Retention Policy -Log Retention Policies of type free-disk-space-log-retention-policy have the following properties: --- - -free-disk-space:: -[open] -==== - -Description:: -Specifies the minimum amount of free disk space that should be available on the file system on which the archived log files are stored. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Free Disk Space Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FreeDiskSpaceRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-retention-policy-size-limit-log-retention-policy] -==== Size Limit Log Retention Policy -Log Retention Policies of type size-limit-log-retention-policy have the following properties: --- - -disk-space-used:: -[open] -==== - -Description:: -Specifies the maximum total disk space used by the log files. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-log-rotation-policy] -=== dsconfig create-log-rotation-policy — Creates Log Rotation Policies - -==== Synopsis -`dsconfig create-log-rotation-policy` {options} - -[#dsconfig-create-log-rotation-policy-description] -==== Description -Creates Log Rotation Policies. - -[#dsconfig-create-log-rotation-policy-options] -==== Options --- -The `dsconfig create-log-rotation-policy` command takes the following options: - -`--policy-name {name}`:: -The name of the new Log Rotation Policy. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {name}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-rotation-policy-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {name}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-rotation-policy-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {name}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-rotation-policy-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the `--policy-name {name}` option. - -`-t | --type {type}`:: -The type of Log Rotation Policy which should be created. The value for TYPE can be one of: custom | fixed-time | size-limit | time-limit. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {type}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-rotation-policy-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {type}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-rotation-policy-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {type}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-log-rotation-policy-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - --- - -[#dsconfig-create-log-rotation-policy-fixed-time-log-rotation-policy] -==== Fixed Time Log Rotation Policy -Log Rotation Policies of type fixed-time-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fixed Time Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.FixedTimeRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-of-day:: -[open] -==== - -Description:: -Specifies the time of day at which log rotation should occur. - -Default Value:: -None - -Allowed Values:: -24 hour time of day in HHmm format. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-rotation-policy-size-limit-log-rotation-policy] -==== Size Limit Log Rotation Policy -Log Rotation Policies of type size-limit-log-rotation-policy have the following properties: --- - -file-size-limit:: -[open] -==== - -Description:: -Specifies the maximum size that a log file can reach before it is rotated. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-log-rotation-policy-time-limit-log-rotation-policy] -==== Time Limit Log Rotation Policy -Log Rotation Policies of type time-limit-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Time Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.TimeLimitRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -rotation-interval:: -[open] -==== - -Description:: -Specifies the time interval between rotations. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-matching-rule] -=== dsconfig create-matching-rule — Creates Matching Rules - -==== Synopsis -`dsconfig create-matching-rule` {options} - -[#dsconfig-create-matching-rule-description] -==== Description -Creates Matching Rules. - -[#dsconfig-create-matching-rule-options] -==== Options --- -The `dsconfig create-matching-rule` command takes the following options: - -`--rule-name {name}`:: -The name of the new Matching Rule. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {name}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-matching-rule-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Matching Rule properties depend on the Matching Rule type, which depends on the `--rule-name {name}` option. - -`-t | --type {type}`:: -The type of Matching Rule which should be created (Default: generic). The value for TYPE can be one of: collation | generic. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {type}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-matching-rule-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - --- - -[#dsconfig-create-matching-rule-collation-matching-rule] -==== Collation Matching Rule -Matching Rules of type collation-matching-rule have the following properties: --- - -collation:: -[open] -==== - -Description:: -the set of supported locales Collation must be specified using the syntax: LOCALE:OID - -Default Value:: -None - -Allowed Values:: -A Locale followed by a ":" and an OID. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Matching Rule is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Collation Matching Rule implementation. - -Default Value:: -org.opends.server.schema.CollationMatchingRuleFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MatchingRuleFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -matching-rule-type:: -[open] -==== - -Description:: -the types of matching rules that should be supported for each locale - -Default Value:: -None - -Allowed Values:: -[open] -====== - -equality:: -Specifies if equality type collation matching rule needs to be created for each locale. - -greater-than:: -Specifies if greater-than type collation matching rule needs to be created for each locale. - -greater-than-or-equal-to:: -Specifies if greater-than-or-equal-to type collation matching rule needs to be created for each locale. - -less-than:: -Specifies if less-than type collation matching rule needs to be created for each locale. - -less-than-or-equal-to:: -Specifies if less-than-or-equal-to type collation matching rule needs to be created for each locale. - -substring:: -Specifies if substring type collation matching rule needs to be created for each locale. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-monitor-provider] -=== dsconfig create-monitor-provider — Creates Monitor Providers - -==== Synopsis -`dsconfig create-monitor-provider` {options} - -[#dsconfig-create-monitor-provider-description] -==== Description -Creates Monitor Providers. - -[#dsconfig-create-monitor-provider-options] -==== Options --- -The `dsconfig create-monitor-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the new Monitor Provider. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {name}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {name}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {name}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {name}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {name}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {name}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Monitor Provider properties depend on the Monitor Provider type, which depends on the `--provider-name {name}` option. - -`-t | --type {type}`:: -The type of Monitor Provider which should be created. The value for TYPE can be one of: client-connection | custom | entry-cache | memory-usage | stack-trace | system-info | version. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {type}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {type}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {type}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {type}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {type}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {type}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-monitor-provider-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - --- - -[#dsconfig-create-monitor-provider-client-connection-monitor-provider] -==== Client Connection Monitor Provider -Monitor Providers of type client-connection-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Client Connection Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.ClientConnectionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-monitor-provider-entry-cache-monitor-provider] -==== Entry Cache Monitor Provider -Monitor Providers of type entry-cache-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Entry Cache Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.EntryCacheMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-monitor-provider-memory-usage-monitor-provider] -==== Memory Usage Monitor Provider -Monitor Providers of type memory-usage-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Memory Usage Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.MemoryUsageMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-monitor-provider-stack-trace-monitor-provider] -==== Stack Trace Monitor Provider -Monitor Providers of type stack-trace-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Stack Trace Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.StackTraceMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-monitor-provider-system-info-monitor-provider] -==== System Info Monitor Provider -Monitor Providers of type system-info-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the System Info Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.SystemInfoMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-monitor-provider-version-monitor-provider] -==== Version Monitor Provider -Monitor Providers of type version-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Version Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.VersionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-password-generator] -=== dsconfig create-password-generator — Creates Password Generators - -==== Synopsis -`dsconfig create-password-generator` {options} - -[#dsconfig-create-password-generator-description] -==== Description -Creates Password Generators. - -[#dsconfig-create-password-generator-options] -==== Options --- -The `dsconfig create-password-generator` command takes the following options: - -`--generator-name {name}`:: -The name of the new Password Generator. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {name}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-generator-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Password Generator properties depend on the Password Generator type, which depends on the `--generator-name {name}` option. - -`-t | --type {type}`:: -The type of Password Generator which should be created. The value for TYPE can be one of: custom | random. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {type}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-generator-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - --- - -[#dsconfig-create-password-generator-random-password-generator] -==== Random Password Generator -Password Generators of type random-password-generator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Generator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Random Password Generator implementation. - -Default Value:: -org.opends.server.extensions.RandomPasswordGenerator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordGenerator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -password-character-set:: -[open] -==== - -Description:: -Specifies one or more named character sets. This is a multi-valued property, with each value defining a different character set. The format of the character set is the name of the set followed by a colon and the characters that are in that set. For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a character set named "alpha" containing all of the lower-case ASCII alphabetic characters. - -Default Value:: -None - -Allowed Values:: -A character set name (consisting of ASCII letters) followed by a colon and the set of characters that are included in that character set. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-format:: -[open] -==== - -Description:: -Specifies the format to use for the generated password. The value is a comma-delimited list of elements in which each of those elements is comprised of the name of a character set defined in the password-character-set property, a colon, and the number of characters to include from that set. For example, a value of "alpha:3,numeric:2,alpha:3" generates an 8-character password in which the first three characters are from the "alpha" set, the next two are from the "numeric" set, and the final three are from the "alpha" set. - -Default Value:: -None - -Allowed Values:: -A comma-delimited list whose elements comprise a valid character set name, a colon, and a positive integer indicating the number of characters from that set to be included. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-password-policy] -=== dsconfig create-password-policy — Creates Authentication Policies - -==== Synopsis -`dsconfig create-password-policy` {options} - -[#dsconfig-create-password-policy-description] -==== Description -Creates Authentication Policies. - -[#dsconfig-create-password-policy-options] -==== Options --- -The `dsconfig create-password-policy` command takes the following options: - -`--policy-name {name}`:: -The name of the new Authentication Policy. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {name}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-password-policy-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {name}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-password-policy-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Authentication Policy properties depend on the Authentication Policy type, which depends on the `--policy-name {name}` option. - -`-t | --type {type}`:: -The type of Authentication Policy which should be created. The value for TYPE can be one of: ldap-pass-through | password-policy. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {type}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-password-policy-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {type}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-password-policy-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - --- - -[#dsconfig-create-password-policy-ldap-pass-through-authentication-policy] -==== LDAP Pass Through Authentication Policy -Authentication Policies of type ldap-pass-through-authentication-policy have the following properties: --- - -cached-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the name of a password storage scheme which should be used for encoding cached passwords. Changing the password storage scheme will cause all existing cached passwords to be discarded. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cached-password-ttl:: -[open] -==== - -Description:: -Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service. This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service. - -Default Value:: -8 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests. If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. - -Default Value:: -3 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation. - -Default Value:: -org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mapped-attribute:: -[open] -==== - -Description:: -Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-dn:: -[open] -==== - -Description:: -Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -Searches will be performed anonymously. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password:: -[open] -==== - -Description:: -Specifies the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-environment-variable:: -[open] -==== - -Description:: -Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-file:: -[open] -==== - -Description:: -Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-property:: -[open] -==== - -Description:: -Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-filter-template:: -[open] -==== - -Description:: -If defined, overrides the filter used when searching for the user, substituting %s with the value of the local entry's "mapped-attribute". The filter-template may include ZERO or ONE %s substitutions. If multiple mapped-attributes are configured, multiple renditions of this template will be aggregated into one larger filter using an OR (|) operator. An example use-case for this property would be to use a different attribute type on the mapped search. For example, mapped-attribute could be set to "uid" and filter-template to "(samAccountName=%s)". - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapping-policy:: -[open] -==== - -Description:: -Specifies the mapping algorithm for obtaining the bind DN from the user's entry. - -Default Value:: -unmapped - -Allowed Values:: -[open] -====== - -mapped-bind:: -Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used. - -mapped-search:: -Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). - -unmapped:: -Bind to the remote LDAP directory service using the DN of the user's entry in this directory server. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -primary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -secondary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. - -Default Value:: -No secondary LDAP servers. - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-password-caching:: -[open] -==== - -Description:: -Indicates whether passwords should be cached locally within the user's entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Pass Through Authentication Policy should use SSL. If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-policy-password-policy] -==== Password Policy -Authentication Policies of type password-policy have the following properties: --- - -account-status-notification-handler:: -[open] -==== - -Description:: -Specifies the names of the account status notification handlers that are used with the associated password storage scheme. - -Default Value:: -None - -Allowed Values:: -The DN of any Account Status Notification Handler. The referenced account status notification handlers must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-expired-password-changes:: -[open] -==== - -Description:: -Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-multiple-password-values:: -[open] -==== - -Description:: -Indicates whether user entries can have multiple distinct values for the password attribute. This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-pre-encoded-passwords:: -[open] -==== - -Description:: -Indicates whether users can change their passwords by providing a pre-encoded value. This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-user-password-changes:: -[open] -==== - -Description:: -Indicates whether users can change their own passwords. This check is made in addition to access control evaluation. Both must allow the password change for it to occur. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -deprecated-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s). - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -expire-passwords-without-warning:: -[open] -==== - -Description:: -Indicates whether the directory server allows a user's password to expire even if that user has never seen an expiration warning notification. If this property is true, accounts always expire when the expiration time arrives. If this property is false or disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-add:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords upon first authenticating to the directory server after their account has been created. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-reset:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords if they are reset by an administrator. For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -grace-login-count:: -[open] -==== - -Description:: -Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. A value of 0 indicates that no grace logins are allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-lockout-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the Password Policy implementation. - -Default Value:: -org.opends.server.core.PasswordPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -last-login-time-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. This attribute type must be defined in the directory server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate the last login time value for users with the associated password policy. This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-duration:: -[open] -==== - -Description:: -Specifies the length of time that an account is locked after too many authentication failures. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-count:: -[open] -==== - -Description:: -Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. A value of 0 indicates that accounts are never locked out due to failed attempts. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-expiration-interval:: -[open] -==== - -Description:: -Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-reset-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-age:: -[open] -==== - -Description:: -Specifies the minimum length of time after a password change before the user is allowed to change the password again. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-attribute:: -[open] -==== - -Description:: -Specifies the attribute type used to hold user passwords. This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-change-requires-current-password:: -[open] -==== - -Description:: -Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-expiration-warning-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval. - -Default Value:: -5 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-generator:: -[open] -==== - -Description:: -Specifies the name of the password generator that is used with the associated password policy. This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Generator. The referenced password generator must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-count:: -[open] -==== - -Description:: -Specifies the maximum number of former passwords to maintain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds). - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-duration:: -[open] -==== - -Description:: -Specifies the maximum length of time that passwords remain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero). - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-validator:: -[open] -==== - -Description:: -Specifies the names of the password validators that are used with the associated password storage scheme. The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Validator. The referenced password validators must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -previous-last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-change-by-time:: -[open] -==== - -Description:: -Specifies the time by which all users with the associated password policy must change their passwords. The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset. - -Default Value:: -None - -Allowed Values:: -A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-authentication:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to authenticate in a secure manner. This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-password-changes:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -skip-validation-for-administrators:: -[open] -==== - -Description:: -Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -state-update-failure-policy:: -[open] -==== - -Description:: -Specifies how the server deals with the inability to update password policy state information during an authentication attempt. In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled). - -Default Value:: -reactive - -Allowed Values:: -[open] -====== - -ignore:: -If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user. - -proactive:: -Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user's password policy state information. - -reactive:: -Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-password-storage-scheme] -=== dsconfig create-password-storage-scheme — Creates Password Storage Schemes - -==== Synopsis -`dsconfig create-password-storage-scheme` {options} - -[#dsconfig-create-password-storage-scheme-description] -==== Description -Creates Password Storage Schemes. - -[#dsconfig-create-password-storage-scheme-options] -==== Options --- -The `dsconfig create-password-storage-scheme` command takes the following options: - -`--scheme-name {name}`:: -The name of the new Password Storage Scheme. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {name}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {name}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {name}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {name}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {name}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {name}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {name}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {name}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {name}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {name}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {name}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {name}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {name}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {name}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {name}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {name}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {name}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the `--scheme-name {name}` option. - -`-t | --type {type}`:: -The type of Password Storage Scheme which should be created. The value for TYPE can be one of: aes | base64 | bcrypt | blowfish | clear | crypt | custom | md5 | pbkdf2 | pkcs5s2 | rc4 | salted-md5 | salted-sha1 | salted-sha256 | salted-sha384 | salted-sha512 | sha1 | triple-des. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {type}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {type}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {type}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {type}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {type}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {type}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {type}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {type}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {type}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {type}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {type}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {type}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {type}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {type}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {type}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {type}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {type}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-storage-scheme-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - --- - -[#dsconfig-create-password-storage-scheme-aes-password-storage-scheme] -==== AES Password Storage Scheme -Password Storage Schemes of type aes-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the AES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.AESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-base64-password-storage-scheme] -==== Base64 Password Storage Scheme -Password Storage Schemes of type base64-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Base64 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.Base64PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-bcrypt-password-storage-scheme] -==== Bcrypt Password Storage Scheme -Password Storage Schemes of type bcrypt-password-storage-scheme have the following properties: --- - -bcrypt-cost:: -[open] -==== - -Description:: -The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users. - -Default Value:: -12 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 30. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BCryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-blowfish-password-storage-scheme] -==== Blowfish Password Storage Scheme -Password Storage Schemes of type blowfish-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Blowfish Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BlowfishPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-clear-password-storage-scheme] -==== Clear Password Storage Scheme -Password Storage Schemes of type clear-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Clear Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.ClearPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-crypt-password-storage-scheme] -==== Crypt Password Storage Scheme -Password Storage Schemes of type crypt-password-storage-scheme have the following properties: --- - -crypt-password-storage-encryption-algorithm:: -[open] -==== - -Description:: -Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix. - -Default Value:: -unix - -Allowed Values:: -[open] -====== - -md5:: -New passwords are encrypted with the BSD MD5 algorithm. - -sha256:: -New passwords are encrypted with the Unix crypt SHA256 algorithm. - -sha512:: -New passwords are encrypted with the Unix crypt SHA512 algorithm. - -unix:: -New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.CryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-md5-password-storage-scheme] -==== MD5 Password Storage Scheme -Password Storage Schemes of type md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.MD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-pbkdf2-password-storage-scheme] -==== PBKDF2 Password Storage Scheme -Password Storage Schemes of type pbkdf2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PBKDF2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pbkdf2-iterations:: -[open] -==== - -Description:: -The number of algorithm iterations to make. NIST recommends at least 1000. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-pkcs5s2-password-storage-scheme] -==== PKCS5S2 Password Storage Scheme -Password Storage Schemes of type pkcs5s2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PKCS5S2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PKCS5S2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-rc4-password-storage-scheme] -==== RC4 Password Storage Scheme -Password Storage Schemes of type rc4-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the RC4 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.RC4PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-salted-md5-password-storage-scheme] -==== Salted MD5 Password Storage Scheme -Password Storage Schemes of type salted-md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedMD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-salted-sha1-password-storage-scheme] -==== Salted SHA1 Password Storage Scheme -Password Storage Schemes of type salted-sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-salted-sha256-password-storage-scheme] -==== Salted SHA256 Password Storage Scheme -Password Storage Schemes of type salted-sha256-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA256 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA256PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-salted-sha384-password-storage-scheme] -==== Salted SHA384 Password Storage Scheme -Password Storage Schemes of type salted-sha384-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA384 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA384PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-salted-sha512-password-storage-scheme] -==== Salted SHA512 Password Storage Scheme -Password Storage Schemes of type salted-sha512-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA512 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA512PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-sha1-password-storage-scheme] -==== SHA1 Password Storage Scheme -Password Storage Schemes of type sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-storage-scheme-triple-des-password-storage-scheme] -==== Triple DES Password Storage Scheme -Password Storage Schemes of type triple-des-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Triple DES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.TripleDESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-password-validator] -=== dsconfig create-password-validator — Creates Password Validators - -==== Synopsis -`dsconfig create-password-validator` {options} - -[#dsconfig-create-password-validator-description] -==== Description -Creates Password Validators. - -[#dsconfig-create-password-validator-options] -==== Options --- -The `dsconfig create-password-validator` command takes the following options: - -`--validator-name {name}`:: -The name of the new Password Validator. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {name}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {name}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {name}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {name}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {name}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {name}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {name}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Password Validator properties depend on the Password Validator type, which depends on the `--validator-name {name}` option. - -`-t | --type {type}`:: -The type of Password Validator which should be created. The value for TYPE can be one of: attribute-value | character-set | custom | dictionary | length-based | repeated-characters | similarity-based | unique-characters. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {type}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {type}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {type}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {type}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {type}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {type}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {type}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-password-validator-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - --- - -[#dsconfig-create-password-validator-attribute-value-password-validator] -==== Attribute Value Password Validator -Password Validators of type attribute-value-password-validator have the following properties: --- - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.AttributeValuePasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry. - -Default Value:: -All attributes in the user entry will be checked. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-validator-character-set-password-validator] -==== Character Set Password Validator -Password Validators of type character-set-password-validator have the following properties: --- - -allow-unclassified-characters:: -[open] -==== - -Description:: -Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set:: -[open] -==== - -Description:: -Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. - -Default Value:: -If no sets are specified, the validator only uses the defined character ranges. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set-ranges:: -[open] -==== - -Description:: -Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered. - -Default Value:: -If no ranges are specified, the validator only uses the defined character sets. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.CharacterSetPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-character-sets:: -[open] -==== - -Description:: -Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3. - -Default Value:: -The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-validator-dictionary-password-validator] -==== Dictionary Password Validator -Password Validators of type dictionary-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -dictionary-file:: -[open] -==== - -Description:: -Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. - -Default Value:: -For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt - -Allowed Values:: -The path to any text file contained on the system that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.DictionaryPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-validator-length-based-password-validator] -==== Length Based Password Validator -Password Validators of type length-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.LengthBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-password-length:: -[open] -==== - -Description:: -Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-length:: -[open] -==== - -Description:: -Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-validator-repeated-characters-password-validator] -==== Repeated Characters Password Validator -Password Validators of type repeated-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.RepeatedCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-consecutive-length:: -[open] -==== - -Description:: -Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-validator-similarity-based-password-validator] -==== Similarity Based Password Validator -Password Validators of type similarity-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.SimilarityBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-password-difference:: -[open] -==== - -Description:: -Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-password-validator-unique-characters-password-validator] -==== Unique Characters Password Validator -Password Validators of type unique-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.UniqueCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-unique-characters:: -[open] -==== - -Description:: -Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-plugin] -=== dsconfig create-plugin — Creates Plugins - -==== Synopsis -`dsconfig create-plugin` {options} - -[#dsconfig-create-plugin-description] -==== Description -Creates Plugins. - -[#dsconfig-create-plugin-options] -==== Options --- -The `dsconfig create-plugin` command takes the following options: - -`--plugin-name {name}`:: -The name of the new Plugin. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {name}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {name}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {name}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {name}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {name}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {name}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {name}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {name}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {name}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {name}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {name}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {name}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Plugin properties depend on the Plugin type, which depends on the `--plugin-name {name}` option. - -`-t | --type {type}`:: -The type of Plugin which should be created. The value for TYPE can be one of: attribute-cleanup | change-number-control | custom | entry-uuid | fractional-ldif-import | last-mod | ldap-attribute-description-list | password-policy-import | profiler | referential-integrity | samba-password | seven-bit-clean | unique-attribute. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {type}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {type}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {type}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {type}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {type}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {type}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {type}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {type}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {type}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {type}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {type}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {type}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-plugin-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - --- - -[#dsconfig-create-plugin-attribute-cleanup-plugin] -==== Attribute Cleanup Plugin -Plugins of type attribute-cleanup-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.AttributeCleanupPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparseadd - -+ -preparsemodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -remove-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be removed from incoming add or modify requests. - -Default Value:: -No attributes will be removed - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rename-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be renamed in incoming add or modify requests. - -Default Value:: -No attributes will be renamed - -Allowed Values:: -An attribute name mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-change-number-control-plugin] -==== Change Number Control Plugin -Plugins of type change-number-control-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ChangeNumberControlPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postOperationAdd - -+ -postOperationDelete - -+ -postOperationModify - -+ -postOperationModifyDN - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-entry-uuid-plugin] -==== Entry UUID Plugin -Plugins of type entry-uuid-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.EntryUUIDPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preoperationadd - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-fractional-ldif-import-plugin] -==== Fractional LDIF Import Plugin -Plugins of type fractional-ldif-import-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -None - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-last-mod-plugin] -==== Last Mod Plugin -Plugins of type last-mod-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LastModPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-ldap-attribute-description-list-plugin] -==== LDAP Attribute Description List Plugin -Plugins of type ldap-attribute-description-list-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LDAPADListPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparsesearch - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-password-policy-import-plugin] -==== Password Policy Import Plugin -Plugins of type password-policy-import-plugin have the following properties: --- - -default-auth-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. - -Default Value:: -If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-user-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. - -Default Value:: -If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.PasswordPolicyImportPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-profiler-plugin] -==== Profiler Plugin -Plugins of type profiler-plugin have the following properties: --- - -enable-profiling-on-startup:: -[open] -==== - -Description:: -Indicates whether the profiler plug-in is to start collecting data automatically when the directory server is started. This property is read only when the server is started, and any changes take effect on the next restart. This property is typically set to "false" unless startup profiling is required, because otherwise the volume of data that can be collected can cause the server to run out of memory if it is not turned off in a timely manner. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.profiler.ProfilerPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -startup - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -profile-action:: -[open] -==== - -Description:: -Specifies the action that should be taken by the profiler. A value of "start" causes the profiler thread to start collecting data if it is not already active. A value of "stop" causes the profiler thread to stop collecting data and write it to disk, and a value of "cancel" causes the profiler thread to stop collecting data and discard anything that has been captured. These operations occur immediately. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -cancel:: -Stop collecting profile data and discard what has been captured. - -none:: -Do not take any action. - -start:: -Start collecting profile data. - -stop:: -Stop collecting profile data and write what has been captured to a file in the profile directory. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-directory:: -[open] -==== - -Description:: -Specifies the path to the directory where profile information is to be written. This path may be either an absolute path or a path that is relative to the root of the OpenDJ directory server instance. The directory must exist and the directory server must have permission to create new files in it. - -Default Value:: -None - -Allowed Values:: -The path to any directory that exists on the filesystem and that can be read and written by the server user. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-sample-interval:: -[open] -==== - -Description:: -Specifies the sample interval in milliseconds to be used when capturing profiling information in the server. When capturing data, the profiler thread sleeps for this length of time between calls to obtain traces for all threads running in the JVM. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -Changes to this configuration attribute take effect the next time the profiler is started. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-referential-integrity-plugin] -==== Referential Integrity Plugin -Plugins of type referential-integrity-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute types for which referential integrity is to be maintained. At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34). - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN that limits the scope within which referential integrity is maintained. - -Default Value:: -Referential integrity is maintained in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references:: -[open] -==== - -Description:: -Specifies whether reference attributes must refer to existing entries. When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-filter-criteria:: -[open] -==== - -Description:: -Specifies additional filter criteria which will be enforced when checking references. If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter. - -Default Value:: -None - -Allowed Values:: -An attribute-filter mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-scope-criteria:: -[open] -==== - -Description:: -Specifies whether referenced entries must reside within the same naming context as the entry containing the reference. The reference scope will only be enforced when reference checking is enabled. - -Default Value:: -global - -Allowed Values:: -[open] -====== - -global:: -References may refer to existing entries located anywhere in the Directory. - -naming-context:: -References must refer to existing entries located within the same naming context. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ReferentialIntegrityPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -Specifies the log file location where the update records are written when the plug-in is in background-mode processing. The default location is the logs directory of the server instance, using the file name "referint". - -Default Value:: -logs/referint - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postoperationdelete - -+ -postoperationmodifydn - -+ -subordinatemodifydn - -+ -subordinatedelete - -+ -preoperationadd - -+ -preoperationmodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -update-interval:: -[open] -==== - -Description:: -Specifies the interval in seconds when referential integrity updates are made. If this value is 0, then the updates are made synchronously in the foreground. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-samba-password-plugin] -==== Samba Password Plugin -Plugins of type samba-password-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SambaPasswordPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationmodify - -+ -postoperationextended - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pwd-sync-policy:: -[open] -==== - -Description:: -Specifies which Samba passwords should be kept synchronized. - -Default Value:: -sync-nt-password - -Allowed Values:: -[open] -====== - -sync-lm-password:: -Synchronize the LanMan password attribute "sambaLMPassword" - -sync-nt-password:: -Synchronize the NT password attribute "sambaNTPassword" - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -samba-administrator-dn:: -[open] -==== - -Description:: -Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped. - -Default Value:: -Synchronize all updates to user passwords - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-seven-bit-clean-plugin] -==== Seven Bit Clean Plugin -Plugins of type seven-bit-clean-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the name or OID of an attribute type for which values should be checked to ensure that they are 7-bit clean. - -Default Value:: -uid - -+ -mail - -+ -userPassword - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN below which the checking is performed. Any attempt to update a value for one of the configured attributes below this base DN must be 7-bit clean for the operation to be allowed. - -Default Value:: -All entries below all public naming contexts will be checked. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SevenBitCleanPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preparseadd - -+ -preparsemodify - -+ -preparsemodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-plugin-unique-attribute-plugin] -==== Unique Attribute Plugin -Plugins of type unique-attribute-plugin have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies a base DN within which the attribute must be unique. - -Default Value:: -The plug-in uses the server's public naming contexts in the searches. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.UniqueAttributePlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -+ -postoperationadd - -+ -postoperationmodify - -+ -postoperationmodifydn - -+ -postsynchronizationadd - -+ -postsynchronizationmodify - -+ -postsynchronizationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -type:: -[open] -==== - -Description:: -Specifies the type of attributes to check for value uniqueness. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-replication-domain] -=== dsconfig create-replication-domain — Creates Replication Domains - -==== Synopsis -`dsconfig create-replication-domain` {options} - -[#dsconfig-create-replication-domain-description] -==== Description -Creates Replication Domains. - -[#dsconfig-create-replication-domain-options] -==== Options --- -The `dsconfig create-replication-domain` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-replication-domain-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--domain-name {name}`:: -The name of the new Replication Domain. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-replication-domain-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Replication Domain properties depend on the Replication Domain type, which depends on the `--domain-name {name}` option. - --- - -[#dsconfig-create-replication-domain-replication-domain] -==== Replication Domain -Replication Domains of type replication-domain have the following properties: --- - -assured-sd-level:: -[open] -==== - -Description:: -The level of acknowledgment for Safe Data assured sub mode. When assured replication is configured in Safe Data mode, this value defines the number of replication servers (with the same group ID of the local server) that should acknowledge the sent update before the LDAP client call can return. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured replication acknowledgments. Defines the amount of milliseconds the server will wait for assured acknowledgments (in either Safe Data or Safe Read assured replication modes) before returning anyway the LDAP client call. - -Default Value:: -2000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-type:: -[open] -==== - -Description:: -Defines the assured replication mode of the replicated domain. The assured replication can be disabled or enabled. When enabled, two modes are available: Safe Data or Safe Read modes. - -Default Value:: -not-assured - -Allowed Values:: -[open] -====== - -not-assured:: -Assured replication is not enabled. Updates sent for replication (for being replayed on other LDAP servers in the topology) are sent without waiting for any acknowledgment and the LDAP client call returns immediately. - -safe-data:: -Assured replication is enabled in Safe Data mode: updates sent for replication are subject to acknowledgment from the replication servers that have the same group ID as the local server (defined with the group-id property). The number of acknowledgments to expect is defined by the assured-sd-level property. After acknowledgments are received, LDAP client call returns. - -safe-read:: -Assured replication is enabled in Safe Read mode: updates sent for replication are subject to acknowledgments from the LDAP servers in the topology that have the same group ID as the local server (defined with the group-id property). After acknowledgments are received, LDAP client call returns. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN of the replicated data. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -changetime-heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when sending its local change time to the Replication Server. The directory server sends a regular heart-beat to the Replication within the specified interval. The heart-beat indicates the change time of the directory server to the Replication Server. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -conflicts-historical-purge-delay:: -[open] -==== - -Description:: -This delay indicates the time (in minutes) the domain keeps the historical information necessary to solve conflicts.When a change stored in the historical part of the user entry has a date (from its replication ChangeNumber) older than this delay, it is candidate to be purged. The purge is applied on 2 events: modify of the entry, dedicated purge task. - -Default Value:: -1440m - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 minutes. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-exclude:: -[open] -==== - -Description:: -Allows to exclude some attributes to replicate to this server. If fractional-exclude configuration attribute is used, attributes specified in this attribute will be ignored (not added/modified/deleted) when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-include attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be excluded. The object class may be "*" indicating that the attribute type(s) should be excluded regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-include:: -[open] -==== - -Description:: -Allows to include some attributes to replicate to this server. If fractional-include configuration attribute is used, only attributes specified in this attribute will be added/modified/deleted when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-exclude attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be included. The object class may be "*" indicating that the attribute type(s) should be included regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group ID associated with this replicated domain. This value defines the group ID of the replicated domain. The replication system will preferably connect and send updates to replicate to a replication server with the same group ID as its own one (the local server group ID). - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when communicating with Replication Servers. The directory server expects a regular heart-beat coming from the Replication Server within the specified interval. If a heartbeat is not received within the interval, the Directory Server closes its connection and connects to another Replication Server. - -Default Value:: -10000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 100 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -initialization-window-size:: -[open] -==== - -Description:: -Specifies the window size that this directory server may use when communicating with remote Directory Servers for initialization. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -isolation-policy:: -[open] -==== - -Description:: -Specifies the behavior of the directory server if a write operation is attempted on the data within the Replication Domain when none of the configured Replication Servers are available. - -Default Value:: -reject-all-updates - -Allowed Values:: -[open] -====== - -accept-all-updates:: -Indicates that updates should be accepted even though it is not possible to send them to any Replication Server. Best effort is made to re-send those updates to a Replication Servers when one of them is available, however those changes are at risk because they are only available from the historical information. This mode can also introduce high replication latency. - -reject-all-updates:: -Indicates that all updates attempted on this Replication Domain are rejected when no Replication Server is available. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-changenumber:: -[open] -==== - -Description:: -Indicates if this server logs the ChangeNumber in access log. This boolean indicates if the domain should log the ChangeNumber of replicated operations in the access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -referrals-url:: -[open] -==== - -Description:: -The URLs other LDAP servers should use to refer to the local server. URLs used by peer servers in the topology to refer to the local server through LDAP referrals. If this attribute is not defined, every URLs available to access this server will be used. If defined, only URLs specified here will be used. - -Default Value:: -None - -Allowed Values:: -A LDAP URL compliant with RFC 2255. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of the Replication Servers within the Replication Domain to which the directory server should try to connect at startup time. Addresses must be specified using the syntax: hostname:port - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the directory server within the Replication Domain. Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -solve-conflicts:: -[open] -==== - -Description:: -Indicates if this server solves conflict. This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the directory server will use when communicating with Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-replication-server] -=== dsconfig create-replication-server — Creates Replication Servers - -==== Synopsis -`dsconfig create-replication-server` {options} - -[#dsconfig-create-replication-server-description] -==== Description -Creates Replication Servers. - -[#dsconfig-create-replication-server-options] -==== Options --- -The `dsconfig create-replication-server` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {name}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-create-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Replication Server properties depend on the Replication Server type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-create-replication-server-replication-server] -==== Replication Server -Replication Servers of type replication-server have the following properties: --- - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured mode acknowledgments. Defines the number of milliseconds that the replication server will wait for assured acknowledgments (in either Safe Data or Safe Read assured sub modes) before forgetting them and answer to the entity that sent an update and is waiting for acknowledgment. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compute-change-number:: -[open] -==== - -Description:: -Whether the replication server will compute change numbers. This boolean tells the replication server to compute change numbers for each replicated change by maintaining a change number index database. Changenumbers are computed according to http://tools.ietf.org/html/draft-good-ldap-changelog-04. Note this functionality has an impact on CPU, disk accesses and storage. If changenumbers are not required, it is advisable to set this value to false. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the replication change-log should make records readable only by Directory Server. Throughput and disk space are affected by the more expensive operations taking place. Confidentiality is achieved by encrypting records on all domains managed by this replication server. Encrypting the records prevents unauthorized parties from accessing contents of LDAP operations. For complete protection, consider enabling secure communications between servers. Change number indexing is not affected by the setting. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -degraded-status-threshold:: -[open] -==== - -Description:: -The number of pending changes as threshold value for putting a directory server in degraded status. This value represents a number of pending changes a replication server has in queue for sending to a directory server. Once this value is crossed, the matching directory server goes in degraded status. When number of pending changes goes back under this value, the directory server is put back in normal status. 0 means status analyzer is disabled and directory servers are never put in degraded status. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered and the replication server will disconnect from the rest of the replication topology. When the available free space on the disk used by the replication changelog falls below the value specified, this replication server will stop. Connected Directory Servers will fail over to another RS. The replication server will restart again as soon as free space rises above the low threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered. When the available free space on the disk used by the replication changelog falls below the value specified, a warning is sent and logged. Normal operation will continue but administrators are advised to take action to free some disk space. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group id for the replication server. This value defines the group id of the replication server. The replication system of a LDAP server uses the group id of the replicated domain and tries to connect, if possible, to a replication with the same group id. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -monitoring-period:: -[open] -==== - -Description:: -The period between sending of monitoring messages. Defines the duration that the replication server will wait before sending new monitoring messages to its peers (replication servers and directory servers). Larger values increase the length of time it takes for a directory server to detect and switch to a more suitable replication server, whereas smaller values increase the amount of background network traffic. - -Default Value:: -60s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -Specifies the number of changes that are kept in memory for each directory server in the Replication Domain. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -replication-db-directory:: -[open] -==== - -Description:: -The path where the Replication Server stores all persistent information. - -Default Value:: -changelogDb - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -replication-port:: -[open] -==== - -Description:: -The port on which this Replication Server waits for connections from other Replication Servers or Directory Servers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-purge-delay:: -[open] -==== - -Description:: -The time (in seconds) after which the Replication Server erases all persistent information. - -Default Value:: -3 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of other Replication Servers to which this Replication Server tries to connect at startup time. Addresses must be specified using the syntax: "hostname:port". If IPv6 addresses are used as the hostname, they must be specified using the syntax "[IPv6Address]:port". - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the Replication Server. Each Replication Server must have a different server ID. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -weight:: -[open] -==== - -Description:: -The weight of the replication server. The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the Replication Server uses when communicating with other Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-sasl-mechanism-handler] -=== dsconfig create-sasl-mechanism-handler — Creates SASL Mechanism Handlers - -==== Synopsis -`dsconfig create-sasl-mechanism-handler` {options} - -[#dsconfig-create-sasl-mechanism-handler-description] -==== Description -Creates SASL Mechanism Handlers. - -[#dsconfig-create-sasl-mechanism-handler-options] -==== Options --- -The `dsconfig create-sasl-mechanism-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the new SASL Mechanism Handler. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {name}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {name}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {name}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {name}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {name}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {name}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the `--handler-name {name}` option. - -`-t | --type {type}`:: -The type of SASL Mechanism Handler which should be created. The value for TYPE can be one of: anonymous | cram-md5 | custom | digest-md5 | external | gssapi | plain. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {type}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {type}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {type}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {type}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {type}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {type}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-sasl-mechanism-handler-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - --- - -[#dsconfig-create-sasl-mechanism-handler-anonymous-sasl-mechanism-handler] -==== Anonymous SASL Mechanism Handler -SASL Mechanism Handlers of type anonymous-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.AnonymousSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-sasl-mechanism-handler-cram-md5-sasl-mechanism-handler] -==== Cram MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type cram-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper used with this SASL mechanism handler to match the authentication ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Cram MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.CRAMMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-sasl-mechanism-handler-digest-md5-sasl-mechanism-handler] -==== Digest MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.DigestMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Default Value:: -If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Allowed Values:: -Any realm string that does not contain a comma. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically. - -Allowed Values:: -The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-sasl-mechanism-handler-external-sasl-mechanism-handler] -==== External SASL Mechanism Handler -SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties: --- - -certificate-attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. - -Default Value:: -userCertificate - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-mapper:: -[open] -==== - -Description:: -Specifies the name of the certificate mapper that should be used to match client certificates to user entries. - -Default Value:: -None - -Allowed Values:: -The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-validation-policy:: -[open] -==== - -Description:: -Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -always:: -Always require the peer certificate to be present in the user's entry. - -ifpresent:: -If the user's entry contains one or more certificates, require that one of them match the peer certificate. - -never:: -Do not look for the peer certificate to be present in the user's entry. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.ExternalSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-sasl-mechanism-handler-gssapi-sasl-mechanism-handler] -==== GSSAPI SASL Mechanism Handler -SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.GSSAPISASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -kdc-address:: -[open] -==== - -Description:: -Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration. - -Default Value:: -The server attempts to determine the KDC address from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -keytab:: -[open] -==== - -Description:: -Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root. - -Default Value:: -The server attempts to use the system-wide default keytab. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -principal-name:: -[open] -==== - -Description:: -Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/". - -Default Value:: -The server attempts to determine the principal name from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realm to be used for GSSAPI authentication. - -Default Value:: -The server attempts to determine the realm from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the system. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically . - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-sasl-mechanism-handler-plain-sasl-mechanism-handler] -==== Plain SASL Mechanism Handler -SASL Mechanism Handlers of type plain-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Plain SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.PlainSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-schema-provider] -=== dsconfig create-schema-provider — Creates Schema Providers - -==== Synopsis -`dsconfig create-schema-provider` {options} - -[#dsconfig-create-schema-provider-description] -==== Description -Creates Schema Providers. - -[#dsconfig-create-schema-provider-options] -==== Options --- -The `dsconfig create-schema-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the new Schema Provider. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {name}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-schema-provider-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Schema Provider properties depend on the Schema Provider type, which depends on the `--provider-name {name}` option. - -`-t | --type {type}`:: -The type of Schema Provider which should be created (Default: generic). The value for TYPE can be one of: core-schema | generic. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {type}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-schema-provider-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - --- - -[#dsconfig-create-schema-provider-core-schema] -==== Core Schema -Schema Providers of type core-schema have the following properties: --- - -allow-zero-length-values-directory-string:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed for directory string. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disabled-matching-rule:: -[open] -==== - -Description:: -The set of disabled matching rules. Matching rules must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled matching rule. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-syntax:: -[open] -==== - -Description:: -The set of disabled syntaxes. Syntaxes must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled syntax, or NONE - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Schema Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Core Schema implementation. - -Default Value:: -org.opends.server.schema.CoreSchemaProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.schema.SchemaProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strict-format-country-string:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strip-syntax-min-upper-bound-attribute-type-description:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-synchronization-provider] -=== dsconfig create-synchronization-provider — Creates Synchronization Providers - -==== Synopsis -`dsconfig create-synchronization-provider` {options} - -[#dsconfig-create-synchronization-provider-description] -==== Description -Creates Synchronization Providers. - -[#dsconfig-create-synchronization-provider-options] -==== Options --- -The `dsconfig create-synchronization-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the new Synchronization Provider. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {name}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-synchronization-provider-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the `--provider-name {name}` option. - -`-t | --type {type}`:: -The type of Synchronization Provider which should be created. The value for TYPE can be one of: custom | replication. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {type}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-synchronization-provider-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - --- - -[#dsconfig-create-synchronization-provider-replication-synchronization-provider] -==== Replication Synchronization Provider -Synchronization Providers of type replication-synchronization-provider have the following properties: --- - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to peers and when performing SSL negotiation. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Synchronization Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Replication Synchronization Provider implementation. - -Default Value:: -org.opends.server.replication.plugin.MultimasterReplication - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SynchronizationProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-update-replay-threads:: -[open] -==== - -Description:: -Specifies the number of update replay threads. This value is the number of threads created for replaying every updates received for all the replication domains. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-trust-manager-provider] -=== dsconfig create-trust-manager-provider — Creates Trust Manager Providers - -==== Synopsis -`dsconfig create-trust-manager-provider` {options} - -[#dsconfig-create-trust-manager-provider-description] -==== Description -Creates Trust Manager Providers. - -[#dsconfig-create-trust-manager-provider-options] -==== Options --- -The `dsconfig create-trust-manager-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the new Trust Manager Provider. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {name}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-trust-manager-provider-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {name}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-trust-manager-provider-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the `--provider-name {name}` option. - -`-t | --type {type}`:: -The type of Trust Manager Provider which should be created. The value for TYPE can be one of: blind | custom | file-based. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {type}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-trust-manager-provider-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {type}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-trust-manager-provider-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - --- - -[#dsconfig-create-trust-manager-provider-blind-trust-manager-provider] -==== Blind Trust Manager Provider -Trust Manager Providers of type blind-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Blind Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.BlindTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-create-trust-manager-provider-file-based-trust-manager-provider] -==== File Based Trust Manager Provider -Trust Manager Providers of type file-based-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the trust information. It can be an absolute path or a path that is relative to the OpenDJ instance root. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -An absolute path or a path that is relative to the OpenDJ directory server instance root. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the trust store file. Valid values always include 'JKS' and 'PKCS12', but different implementations can allow other values as well. If no value is provided, then the JVM default value is used. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-create-virtual-attribute] -=== dsconfig create-virtual-attribute — Creates Virtual Attributes - -==== Synopsis -`dsconfig create-virtual-attribute` {options} - -[#dsconfig-create-virtual-attribute-description] -==== Description -Creates Virtual Attributes. - -[#dsconfig-create-virtual-attribute-options] -==== Options --- -The `dsconfig create-virtual-attribute` command takes the following options: - -`--name {name}`:: -The name of the new Virtual Attribute. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {name}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {name}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {name}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {name}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {name}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {name}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {name}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {name}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {name}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {name}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {name}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {name}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {name}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {name}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the `--name {name}` option. - -`-t | --type {type}`:: -The type of Virtual Attribute which should be created. The value for TYPE can be one of: collective-attribute-subentries | custom | entity-tag | entry-dn | entry-uuid | governing-structure-rule | has-subordinates | is-member-of | member | num-subordinates | password-expiration-time | password-policy-subentry | structural-object-class | subschema-subentry | user-defined. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {type} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {type}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {type}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {type}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {type}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {type}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {type}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {type}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {type}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {type}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {type}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {type}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {type}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {type}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {type}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-create-virtual-attribute-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - --- - -[#dsconfig-create-virtual-attribute-collective-attribute-subentries-virtual-attribute] -==== Collective Attribute Subentries Virtual Attribute -Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -collectiveAttributeSubentries - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-entity-tag-virtual-attribute] -==== Entity Tag Virtual Attribute -Virtual Attributes of type entity-tag-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -etag - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -checksum-algorithm:: -[open] -==== - -Description:: -The algorithm which should be used for calculating the entity tag checksum value. - -Default Value:: -adler-32 - -Allowed Values:: -[open] -====== - -adler-32:: -The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster. - -crc-32:: -The CRC-32 checksum algorithm. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -excluded-attribute:: -[open] -==== - -Description:: -The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum. - -Default Value:: -ds-sync-hist - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntityTagVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-entry-dn-virtual-attribute] -==== Entry DN Virtual Attribute -Virtual Attributes of type entry-dn-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryDN - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryDNVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-entry-uuid-virtual-attribute] -==== Entry UUID Virtual Attribute -Virtual Attributes of type entry-uuid-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryUUID - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryUUIDVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-governing-structure-rule-virtual-attribute] -==== Governing Structure Rule Virtual Attribute -Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -governingStructureRule - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-has-subordinates-virtual-attribute] -==== Has Subordinates Virtual Attribute -Virtual Attributes of type has-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -hasSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-is-member-of-virtual-attribute] -==== Is Member Of Virtual Attribute -Virtual Attributes of type is-member-of-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -isMemberOf - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.IsMemberOfVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-member-virtual-attribute] -==== Member Virtual Attribute -Virtual Attributes of type member-virtual-attribute have the following properties: --- - -allow-retrieving-membership:: -[open] -==== - -Description:: -Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.MemberVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-num-subordinates-virtual-attribute] -==== Num Subordinates Virtual Attribute -Virtual Attributes of type num-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -numSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-password-expiration-time-virtual-attribute] -==== Password Expiration Time Virtual Attribute -Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -ds-pwp-password-expiration-time - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-password-policy-subentry-virtual-attribute] -==== Password Policy Subentry Virtual Attribute -Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -pwdPolicySubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-structural-object-class-virtual-attribute] -==== Structural Object Class Virtual Attribute -Virtual Attributes of type structural-object-class-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -structuralObjectClass - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-subschema-subentry-virtual-attribute] -==== Subschema Subentry Virtual Attribute -Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -subschemaSubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-create-virtual-attribute-user-defined-virtual-attribute] -==== User Defined Virtual Attribute -Virtual Attributes of type user-defined-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.UserDefinedVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -value:: -[open] -==== - -Description:: -Specifies the values to be included in the virtual attribute. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-access-log-filtering-criteria] -=== dsconfig delete-access-log-filtering-criteria — Deletes Access Log Filtering Criteria - -==== Synopsis -`dsconfig delete-access-log-filtering-criteria` {options} - -[#dsconfig-delete-access-log-filtering-criteria-description] -==== Description -Deletes Access Log Filtering Criteria. - -[#dsconfig-delete-access-log-filtering-criteria-options] -==== Options --- -The `dsconfig delete-access-log-filtering-criteria` command takes the following options: - -`--publisher-name {name}`:: -The name of the Access Log Publisher. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--criteria-name {name}`:: -The name of the Access Log Filtering Criteria. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`-f | --force`:: -Ignore non-existent Access Log Filtering Criteria. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default null: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - --- - -[#dsconfig-delete-access-log-filtering-criteria-access-log-filtering-criteria] -==== Access Log Filtering Criteria -Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties: --- - -connection-client-address-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-client-address-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-port-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections to any of the specified listener port numbers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-protocol-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx". - -Default Value:: -None - -Allowed Values:: -The protocol name as reported in the access log. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-type:: -[open] -==== - -Description:: -Filters log records based on their type. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -abandon:: -Abandon operations - -add:: -Add operations - -bind:: -Bind operations - -compare:: -Compare operations - -connect:: -Client connections - -delete:: -Delete operations - -disconnect:: -Client disconnections - -extended:: -Extended operations - -modify:: -Modify operations - -rename:: -Rename operations - -search:: -Search operations - -unbind:: -Unbind operations - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-not-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-greater-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-less-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-not-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-is-indexed:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-greater-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-less-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are members of at least one of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-not-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are not members of any of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-account-status-notification-handler] -=== dsconfig delete-account-status-notification-handler — Deletes Account Status Notification Handlers - -==== Synopsis -`dsconfig delete-account-status-notification-handler` {options} - -[#dsconfig-delete-account-status-notification-handler-description] -==== Description -Deletes Account Status Notification Handlers. - -[#dsconfig-delete-account-status-notification-handler-options] -==== Options --- -The `dsconfig delete-account-status-notification-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the Account Status Notification Handler. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {name}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-account-status-notification-handler-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {name}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-account-status-notification-handler-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`-f | --force`:: -Ignore non-existent Account Status Notification Handlers. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default null: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-account-status-notification-handler-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default null: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-account-status-notification-handler-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - --- - -[#dsconfig-delete-account-status-notification-handler-error-log-account-status-notification-handler] -==== Error Log Account Status Notification Handler -Account Status Notification Handlers of type error-log-account-status-notification-handler have the following properties: --- - -account-status-notification-type:: -[open] -==== - -Description:: -Indicates which types of event can trigger an account status notification. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -account-disabled:: -Generate a notification whenever a user account has been disabled by an administrator. - -account-enabled:: -Generate a notification whenever a user account has been enabled by an administrator. - -account-expired:: -Generate a notification whenever a user authentication has failed because the account has expired. - -account-idle-locked:: -Generate a notification whenever a user account has been locked because it was idle for too long. - -account-permanently-locked:: -Generate a notification whenever a user account has been permanently locked after too many failed attempts. - -account-reset-locked:: -Generate a notification whenever a user account has been locked, because the password had been reset by an administrator but not changed by the user within the required interval. - -account-temporarily-locked:: -Generate a notification whenever a user account has been temporarily locked after too many failed attempts. - -account-unlocked:: -Generate a notification whenever a user account has been unlocked by an administrator. - -password-changed:: -Generate a notification whenever a user changes his/her own password. - -password-expired:: -Generate a notification whenever a user authentication has failed because the password has expired. - -password-expiring:: -Generate a notification whenever a password expiration warning is encountered for a user password for the first time. - -password-reset:: -Generate a notification whenever a user's password is reset by an administrator. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Error Log Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-account-status-notification-handler-smtp-account-status-notification-handler] -==== SMTP Account Status Notification Handler -Account Status Notification Handlers of type smtp-account-status-notification-handler have the following properties: --- - -email-address-attribute-type:: -[open] -==== - -Description:: -Specifies which attribute in the user's entries may be used to obtain the email address when notifying the end user. You can specify more than one email address as separate values. In this case, the OpenDJ server sends a notification to all email addresses identified. - -Default Value:: -If no email address attribute types are specified, then no attempt is made to send email notification messages to end users. Only those users specified in the set of additional recipient addresses are sent the notification messages. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this account status notification handler. The values for this property should begin with the name of an account status notification type followed by a colon and the subject that should be used for the associated notification message. If an email message is generated for an account status notification type for which no subject is defined, then that message is given a generic subject. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-template-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the message template to generate the email notification messages. The values for this property should begin with the name of an account status notification type followed by a colon and the path to the template file that should be used for that notification type. If an account status notification has a notification type that is not associated with a message template file, then no email message is generated for that notification. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which notification messages are sent, either instead of or in addition to the end user for whom the notification has been generated. This may be used to ensure that server administrators also receive a copy of any notification messages that are generated. - -Default Value:: -If no additional recipient addresses are specified, then only the end users that are the subjects of the account status notifications receive the notification messages. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -send-email-as-html:: -[open] -==== - -Description:: -Indicates whether an email notification message should be sent as HTML. If this value is true, email notification messages are marked as text/html. Otherwise outgoing email messages are assumed to be plaintext and marked as text/plain. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-message-without-end-user-address:: -[open] -==== - -Description:: -Indicates whether an email notification message should be generated and sent to the set of notification recipients even if the user entry does not contain any values for any of the email address attributes (that is, in cases when it is not be possible to notify the end user). This is only applicable if both one or more email address attribute types and one or more additional recipient addresses are specified. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address from which the message is sent. Note that this does not necessarily have to be a legitimate email address. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-alert-handler] -=== dsconfig delete-alert-handler — Deletes Alert Handlers - -==== Synopsis -`dsconfig delete-alert-handler` {options} - -[#dsconfig-delete-alert-handler-description] -==== Description -Deletes Alert Handlers. - -[#dsconfig-delete-alert-handler-options] -==== Options --- -The `dsconfig delete-alert-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the Alert Handler. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {name}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-alert-handler-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {name}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-alert-handler-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`-f | --force`:: -Ignore non-existent Alert Handlers. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default null: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-alert-handler-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default null: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-alert-handler-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - --- - -[#dsconfig-delete-alert-handler-jmx-alert-handler] -==== JMX Alert Handler -Alert Handlers of type jmx-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.JMXAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-alert-handler-smtp-alert-handler] -==== SMTP Alert Handler -Alert Handlers of type smtp-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-body:: -[open] -==== - -Description:: -Specifies the body that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which the messages should be sent. Multiple values may be provided if there should be more than one recipient. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender for messages generated by this alert handler. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-attribute-syntax] -=== dsconfig delete-attribute-syntax — Deletes Attribute Syntaxes - -==== Synopsis -`dsconfig delete-attribute-syntax` {options} - -[#dsconfig-delete-attribute-syntax-description] -==== Description -Deletes Attribute Syntaxes. - -[#dsconfig-delete-attribute-syntax-options] -==== Options --- -The `dsconfig delete-attribute-syntax` command takes the following options: - -`--syntax-name {name}`:: -The name of the Attribute Syntax. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {name}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {name}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {name}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {name}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {name}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {name}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`-f | --force`:: -Ignore non-existent Attribute Syntaxes. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default null: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default null: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default null: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default null: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default null: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default null: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-attribute-syntax-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - --- - -[#dsconfig-delete-attribute-syntax-attribute-type-description-attribute-syntax] -==== Attribute Type Description Attribute Syntax -Attribute Syntaxes of type attribute-type-description-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Attribute Type Description Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.AttributeTypeSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strip-syntax-min-upper-bound:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-attribute-syntax-certificate-attribute-syntax] -==== Certificate Attribute Syntax -Attribute Syntaxes of type certificate-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Certificate Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CertificateSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether X.509 Certificate values are required to strictly comply with the standard definition for this syntax. When set to false, certificates will not be validated and, as a result any sequence of bytes will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-attribute-syntax-country-string-attribute-syntax] -==== Country String Attribute Syntax -Attribute Syntaxes of type country-string-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Country String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CountryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-attribute-syntax-directory-string-attribute-syntax] -==== Directory String Attribute Syntax -Attribute Syntaxes of type directory-string-attribute-syntax have the following properties: --- - -allow-zero-length-values:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Directory String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.DirectoryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - --- - -[#dsconfig-delete-attribute-syntax-jpeg-attribute-syntax] -==== JPEG Attribute Syntax -Attribute Syntaxes of type jpeg-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JPEG Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.JPEGSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require JPEG values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-attribute-syntax-telephone-number-attribute-syntax] -==== Telephone Number Attribute Syntax -Attribute Syntaxes of type telephone-number-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Telephone Number Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.TelephoneNumberSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require telephone number values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-backend] -=== dsconfig delete-backend — Deletes Backends - -==== Synopsis -`dsconfig delete-backend` {options} - -[#dsconfig-delete-backend-description] -==== Description -Deletes Backends. - -[#dsconfig-delete-backend-options] -==== Options --- -The `dsconfig delete-backend` command takes the following options: - -`--backend-name {name}`:: -The name of the Backend. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {name}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {name}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {name}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {name}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {name}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {name}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {name}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {name}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {name}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {name}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`-f | --force`:: -Ignore non-existent Backends. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default null: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default null: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default null: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default null: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default null: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default null: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default null: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default null: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default null: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default null: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-backend-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - --- - -[#dsconfig-delete-backend-backup-backend] -==== Backup Backend -Backends of type backup-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -backup-directory:: -[open] -==== - -Description:: -Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.BackupBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-je-backend] -==== JE Backend -Backends of type je-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-bytes-interval:: -[open] -==== - -Description:: -Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero. - -Default Value:: -500mb - -Allowed Values:: -Upper value is 9223372036854775807. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero. - -Default Value:: -30s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 4294 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-cleaner-min-utilization:: -[open] -==== - -Description:: -Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-core-threads:: -[open] -==== - -Description:: -Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-keep-alive:: -[open] -==== - -Description:: -The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -600s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 86400 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-lru-only:: -[open] -==== - -Description:: -Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-max-threads:: -[open] -==== - -Description:: -Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-nodes-per-scan:: -[open] -==== - -Description:: -Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 1000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-file-max:: -[open] -==== - -Description:: -Specifies the maximum size for a database log file. - -Default Value:: -100mb - -Allowed Values:: -Lower value is 1000000.Upper value is 4294967296. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-filecache-size:: -[open] -==== - -Description:: -Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 3. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-file-handler-on:: -[open] -==== - -Description:: -Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-level:: -[open] -==== - -Description:: -Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL. - -Default Value:: -CONFIG - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-cleaner-threads:: -[open] -==== - -Description:: -Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-lock-tables:: -[open] -==== - -Description:: -Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 32767. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-run-cleaner:: -[open] -==== - -Description:: -Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-write-no-sync:: -[open] -==== - -Description:: -Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.jeb.JEBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -je-property:: -[open] -==== - -Description:: -Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-ldif-backend] -==== LDIF Backend -Backends of type ldif-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -is-private-backend:: -[open] -==== - -Description:: -Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.LDIFBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-file:: -[open] -==== - -Description:: -Specifies the path to the LDIF file containing the data for this backend. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-memory-backend] -==== Memory Backend -Backends of type memory-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MemoryBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-monitor-backend] -==== Monitor Backend -Backends of type monitor-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MonitorBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-null-backend] -==== Null Backend -Backends of type null-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.NullBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-pdb-backend] -==== PDB Backend -Backends of type pdb-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time. - -Default Value:: -15s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 10 seconds.Upper limit is 3600 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.pdb.PDBBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-schema-backend] -==== Schema Backend -Backends of type schema-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.SchemaBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -schema-entry-dn:: -[open] -==== - -Description:: -Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. - -Default Value:: -cn=schema - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-task-backend] -==== Task Backend -Backends of type task-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.task.TaskBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -notification-sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution. - -Default Value:: -The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-backing-file:: -[open] -==== - -Description:: -Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-retention-time:: -[open] -==== - -Description:: -Specifies the length of time that task entries should be retained after processing on the associated task has been completed. - -Default Value:: -24 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-backend-trust-store-backend] -==== Trust Store Backend -Backends of type trust-store-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.TrustStoreBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root. - -Default Value:: -config/ads-truststore - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. - -Default Value:: -The JVM default value is used. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect the next time that the key manager is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-backend-index] -=== dsconfig delete-backend-index — Deletes Backend Indexes - -==== Synopsis -`dsconfig delete-backend-index` {options} - -[#dsconfig-delete-backend-index-description] -==== Description -Deletes Backend Indexes. - -[#dsconfig-delete-backend-index-options] -==== Options --- -The `dsconfig delete-backend-index` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-backend-index-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--index-name {name}`:: -The name of the Backend Index. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-backend-index-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`-f | --force`:: -Ignore non-existent Backend Indexes. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default null: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-backend-index-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - --- - -[#dsconfig-delete-backend-index-backend-index] -==== Backend Index -Backend Indexes of type backend-index have the following properties: --- - -attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute for which the index is to be maintained. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Specifies whether contents of the index should be confidential. Setting the flag to true will hash keys for equality type indexes using SHA-1 and encrypt the list of entries matching a substring key for substring indexes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If the index for the attribute must be protected for security purposes and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. The property cannot be set on a backend for which confidentiality is not enabled. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that are allowed to match a given index key before that particular index key is no longer maintained. This is analogous to the ALL IDs threshold in the Sun Java System Directory Server. If this is specified, its value overrides the JE backend-wide configuration. For no limit, use 0 for the value. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If any index keys have already reached this limit, indexes must be rebuilt before they will be allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-extensible-matching-rule:: -[open] -==== - -Description:: -The extensible matching rule in an extensible index. An extensible matching rule must be specified using either LOCALE or OID of the matching rule. - -Default Value:: -No extensible matching rules will be indexed. - -Allowed Values:: -A Locale or an OID. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-type:: -[open] -==== - -Description:: -Specifies the type(s) of indexing that should be performed for the associated attribute. For equality, presence, and substring index types, the associated attribute type must have a corresponding matching rule. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -approximate:: -This index type is used to improve the efficiency of searches using approximate matching search filters. - -equality:: -This index type is used to improve the efficiency of searches using equality search filters. - -extensible:: -This index type is used to improve the efficiency of searches using extensible matching search filters. - -ordering:: -This index type is used to improve the efficiency of searches using "greater than or equal to" or "less then or equal to" search filters. - -presence:: -This index type is used to improve the efficiency of searches using the presence search filters. - -substring:: -This index type is used to improve the efficiency of searches using substring search filters. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -If any new index types are added for an attribute, and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. - -Advanced Property:: -No - -Read-only:: -No - -==== - -substring-length:: -[open] -==== - -Description:: -The length of substrings in a substring index. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 3. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-backend-vlv-index] -=== dsconfig delete-backend-vlv-index — Deletes Backend VLV Indexes - -==== Synopsis -`dsconfig delete-backend-vlv-index` {options} - -[#dsconfig-delete-backend-vlv-index-description] -==== Description -Deletes Backend VLV Indexes. - -[#dsconfig-delete-backend-vlv-index-options] -==== Options --- -The `dsconfig delete-backend-vlv-index` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-backend-vlv-index-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--index-name {name}`:: -The name of the Backend VLV Index. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-backend-vlv-index-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`-f | --force`:: -Ignore non-existent Backend VLV Indexes. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default null: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-backend-vlv-index-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - --- - -[#dsconfig-delete-backend-vlv-index-backend-vlv-index] -==== Backend VLV Index -Backend VLV Indexes of type backend-vlv-index have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN used in the search query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the LDAP filter used in the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid LDAP search filter. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -name:: -[open] -==== - -Description:: -Specifies a unique name for this VLV index. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -The VLV index name cannot be altered after the index is created. - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope of the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -sort-order:: -[open] -==== - -Description:: -Specifies the names of the attributes that are used to sort the entries for the query being indexed. Multiple attributes can be used to determine the sort order by listing the attribute names from highest to lowest precedence. Optionally, + or - can be prefixed to the attribute name to sort the attribute in ascending order or descending order respectively. - -Default Value:: -None - -Allowed Values:: -Valid attribute types defined in the schema, separated by a space and optionally prefixed by + or -. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-certificate-mapper] -=== dsconfig delete-certificate-mapper — Deletes Certificate Mappers - -==== Synopsis -`dsconfig delete-certificate-mapper` {options} - -[#dsconfig-delete-certificate-mapper-description] -==== Description -Deletes Certificate Mappers. - -[#dsconfig-delete-certificate-mapper-options] -==== Options --- -The `dsconfig delete-certificate-mapper` command takes the following options: - -`--mapper-name {name}`:: -The name of the Certificate Mapper. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {name}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {name}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {name}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {name}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`-f | --force`:: -Ignore non-existent Certificate Mappers. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default null: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default null: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default null: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default null: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-certificate-mapper-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - --- - -[#dsconfig-delete-certificate-mapper-fingerprint-certificate-mapper] -==== Fingerprint Certificate Mapper -Certificate Mappers of type fingerprint-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-algorithm:: -[open] -==== - -Description:: -Specifies the name of the digest algorithm to compute the fingerprint of client certificates. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -md5:: -Use the MD5 digest algorithm to compute certificate fingerprints. - -sha1:: -Use the SHA-1 digest algorithm to compute certificate fingerprints. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-attribute:: -[open] -==== - -Description:: -Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.FingerprintCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. - -Default Value:: -The server performs the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-certificate-mapper-subject-attribute-to-user-attribute-certificate-mapper] -==== Subject Attribute To User Attribute Certificate Mapper -Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute-mapping:: -[open] -==== - -Description:: -Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-certificate-mapper-subject-dn-to-user-attribute-certificate-mapper] -==== Subject DN To User Attribute Certificate Mapper -Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-certificate-mapper-subject-equals-dn-certificate-mapper] -==== Subject Equals DN Certificate Mapper -Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectEqualsDNCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-connection-handler] -=== dsconfig delete-connection-handler — Deletes Connection Handlers - -==== Synopsis -`dsconfig delete-connection-handler` {options} - -[#dsconfig-delete-connection-handler-description] -==== Description -Deletes Connection Handlers. - -[#dsconfig-delete-connection-handler-options] -==== Options --- -The `dsconfig delete-connection-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the Connection Handler. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {name}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {name}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {name}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {name}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {name}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`-f | --force`:: -Ignore non-existent Connection Handlers. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default null: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default null: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default null: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default null: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default null: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-connection-handler-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - --- - -[#dsconfig-delete-connection-handler-http-connection-handler] -==== HTTP Connection Handler -Connection Handlers of type http-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.http.HTTPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-concurrent-ops-per-connection:: -[open] -==== - -Description:: -Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-connection-handler-jmx-connection-handler] -==== JMX Connection Handler -Connection Handlers of type jmx-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.jmx.JmxConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this JMX Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -rmi-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-connection-handler-ldap-connection-handler] -==== LDAP Connection Handler -Connection Handlers of type ldap-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-ldap-v2:: -[open] -==== - -Description:: -Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-start-tls:: -[open] -==== - -Description:: -Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.ldap.LDAPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-rejection-notice:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-connection-handler-ldif-connection-handler] -==== LDIF Connection Handler -Connection Handlers of type ldif-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.LDIFConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-directory:: -[open] -==== - -Description:: -Specifies the path to the directory in which the LDIF files should be placed. - -Default Value:: -config/auto-process-ldif - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -poll-interval:: -[open] -==== - -Description:: -Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-connection-handler-snmp-connection-handler] -==== SNMP Connection Handler -Connection Handlers of type snmp-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-manager:: -[open] -==== - -Description:: -Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-user:: -[open] -==== - -Description:: -Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -community:: -[open] -==== - -Description:: -Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. - -Default Value:: -org.opends.server.snmp.SNMPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -opendmk-jarfile:: -[open] -==== - -Description:: -Indicates the OpenDMK runtime jar file location - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -registered-mbean:: -[open] -==== - -Description:: -Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-agent-file:: -[open] -==== - -Description:: -Specifies the USM security configuration to receive authenticated only SNMP requests. - -Default Value:: -config/snmp/security/opendj-snmp.security - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-level:: -[open] -==== - -Description:: -Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. - -Default Value:: -authnopriv - -Allowed Values:: -[open] -====== - -authnopriv:: -Authentication activated with no privacy. - -authpriv:: -Authentication with privacy activated. - -noauthnopriv:: -No security mechanisms activated. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -trap-port:: -[open] -==== - -Description:: -Specifies the port to use to send SNMP Traps. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-community:: -[open] -==== - -Description:: -Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-destination:: -[open] -==== - -Description:: -Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess. - -Default Value:: -If the list is empty, V1 traps are sent to "localhost". - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-debug-target] -=== dsconfig delete-debug-target — Deletes Debug Targets - -==== Synopsis -`dsconfig delete-debug-target` {options} - -[#dsconfig-delete-debug-target-description] -==== Description -Deletes Debug Targets. - -[#dsconfig-delete-debug-target-options] -==== Options --- -The `dsconfig delete-debug-target` command takes the following options: - -`--publisher-name {name}`:: -The name of the Debug Log Publisher. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-debug-target-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--target-name {name}`:: -The name of the Debug Target. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-debug-target-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`-f | --force`:: -Ignore non-existent Debug Targets. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default null: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-debug-target-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - --- - -[#dsconfig-delete-debug-target-debug-target] -==== Debug Target -Debug Targets of type debug-target have the following properties: --- - -debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -debug-scope:: -[open] -==== - -Description:: -Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). - -Default Value:: -None - -Allowed Values:: -The fully-qualified OpenDJ Java package, class, or method name. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Debug Target is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-throwable-cause:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the cause of exceptions in exception thrown and caught messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-entry-arguments:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include method arguments in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-return-value:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the return value in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -throwable-stack-frames:: -[open] -==== - -Description:: -Specifies the property to indicate the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-entry-cache] -=== dsconfig delete-entry-cache — Deletes Entry Caches - -==== Synopsis -`dsconfig delete-entry-cache` {options} - -[#dsconfig-delete-entry-cache-description] -==== Description -Deletes Entry Caches. - -[#dsconfig-delete-entry-cache-options] -==== Options --- -The `dsconfig delete-entry-cache` command takes the following options: - -`--cache-name {name}`:: -The name of the Entry Cache. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {name}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-entry-cache-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {name}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-entry-cache-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`-f | --force`:: -Ignore non-existent Entry Caches. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default null: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-entry-cache-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default null: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-entry-cache-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - --- - -[#dsconfig-delete-entry-cache-fifo-entry-cache] -==== FIFO Entry Cache -Entry Caches of type fifo-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the FIFO Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.FIFOEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time to wait while attempting to acquire a read or write lock. - -Default Value:: -2000.0ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-entries:: -[open] -==== - -Description:: -Specifies the maximum number of entries that we will allow in the cache. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-memory-percent:: -[open] -==== - -Description:: -Specifies the maximum percentage of JVM memory used by the server before the entry caches stops caching and begins purging itself. Very low settings such as 10 or 20 (percent) can prevent this entry cache from having enough space to hold any of the entries to cache, making it appear that the server is ignoring or skipping the entry cache entirely. - -Default Value:: -90 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 100. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-entry-cache-soft-reference-entry-cache] -==== Soft Reference Entry Cache -Entry Caches of type soft-reference-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Soft Reference Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.SoftReferenceEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time in milliseconds to wait while attempting to acquire a read or write lock. - -Default Value:: -3000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-extended-operation-handler] -=== dsconfig delete-extended-operation-handler — Deletes Extended Operation Handlers - -==== Synopsis -`dsconfig delete-extended-operation-handler` {options} - -[#dsconfig-delete-extended-operation-handler-description] -==== Description -Deletes Extended Operation Handlers. - -[#dsconfig-delete-extended-operation-handler-options] -==== Options --- -The `dsconfig delete-extended-operation-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the Extended Operation Handler. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {name}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {name}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {name}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {name}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {name}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {name}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {name}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`-f | --force`:: -Ignore non-existent Extended Operation Handlers. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default null: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default null: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default null: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default null: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default null: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default null: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default null: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-extended-operation-handler-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - --- - -[#dsconfig-delete-extended-operation-handler-cancel-extended-operation-handler] -==== Cancel Extended Operation Handler -Extended Operation Handlers of type cancel-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Cancel Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.CancelExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-extended-operation-handler-get-connection-id-extended-operation-handler] -==== Get Connection Id Extended Operation Handler -Extended Operation Handlers of type get-connection-id-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Connection Id Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.GetConnectionIDExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-extended-operation-handler-get-symmetric-key-extended-operation-handler] -==== Get Symmetric Key Extended Operation Handler -Extended Operation Handlers of type get-symmetric-key-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Symmetric Key Extended Operation Handler implementation. - -Default Value:: -org.opends.server.crypto.GetSymmetricKeyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-extended-operation-handler-password-modify-extended-operation-handler] -==== Password Modify Extended Operation Handler -Extended Operation Handlers of type password-modify-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that should be used in conjunction with the password modify extended operation. This property is used to identify a user based on an authorization ID in the 'u:' form. Changes to this property take effect immediately. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Password Modify Extended Operation Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Modify Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordModifyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-extended-operation-handler-password-policy-state-extended-operation-handler] -==== Password Policy State Extended Operation Handler -Extended Operation Handlers of type password-policy-state-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Policy State Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordPolicyStateExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-extended-operation-handler-start-tls-extended-operation-handler] -==== Start TLS Extended Operation Handler -Extended Operation Handlers of type start-tls-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Start TLS Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.StartTLSExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-extended-operation-handler-who-am-i-extended-operation-handler] -==== Who Am I Extended Operation Handler -Extended Operation Handlers of type who-am-i-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Who Am I Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.WhoAmIExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-group-implementation] -=== dsconfig delete-group-implementation — Deletes Group Implementations - -==== Synopsis -`dsconfig delete-group-implementation` {options} - -[#dsconfig-delete-group-implementation-description] -==== Description -Deletes Group Implementations. - -[#dsconfig-delete-group-implementation-options] -==== Options --- -The `dsconfig delete-group-implementation` command takes the following options: - -`--implementation-name {name}`:: -The name of the Group Implementation. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {name}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-group-implementation-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {name}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-group-implementation-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {name}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-group-implementation-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`-f | --force`:: -Ignore non-existent Group Implementations. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default null: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-group-implementation-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default null: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-group-implementation-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default null: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-group-implementation-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - --- - -[#dsconfig-delete-group-implementation-dynamic-group-implementation] -==== Dynamic Group Implementation -Group Implementations of type dynamic-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dynamic Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.DynamicGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-group-implementation-static-group-implementation] -==== Static Group Implementation -Group Implementations of type static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.StaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-group-implementation-virtual-static-group-implementation] -==== Virtual Static Group Implementation -Group Implementations of type virtual-static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Virtual Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.VirtualStaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-http-authorization-mechanism] -=== dsconfig delete-http-authorization-mechanism — Deletes HTTP Authorization Mechanisms - -==== Synopsis -`dsconfig delete-http-authorization-mechanism` {options} - -[#dsconfig-delete-http-authorization-mechanism-description] -==== Description -Deletes HTTP Authorization Mechanisms. - -[#dsconfig-delete-http-authorization-mechanism-options] -==== Options --- -The `dsconfig delete-http-authorization-mechanism` command takes the following options: - -`--mechanism-name {name}`:: -The name of the HTTP Authorization Mechanism. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {name}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {name}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {name}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {name}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {name}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {name}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`-f | --force`:: -Ignore non-existent HTTP Authorization Mechanisms. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default null: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default null: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default null: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default null: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default null: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default null: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-authorization-mechanism-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - --- - -[#dsconfig-delete-http-authorization-mechanism-http-anonymous-authorization-mechanism] -==== HTTP Anonymous Authorization Mechanism -HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-dn:: -[open] -==== - -Description:: -The authorization DN which will be used for performing anonymous operations. - -Default Value:: -By default, operations will be performed using an anonymously bound connection. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-http-authorization-mechanism-http-basic-authorization-mechanism] -==== HTTP Basic Authorization Mechanism -HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties: --- - -alt-authentication-enabled:: -[open] -==== - -Description:: -Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-password-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's password from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-username-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's name from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-http-authorization-mechanism-http-oauth2-cts-authorization-mechanism] -==== HTTP Oauth2 Cts Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-http-authorization-mechanism-http-oauth2-file-authorization-mechanism] -==== HTTP Oauth2 File Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-directory:: -[open] -==== - -Description:: -Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. - -Default Value:: -oauth2-demo/ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-http-authorization-mechanism-http-oauth2-openam-authorization-mechanism] -==== HTTP Oauth2 Openam Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism . - -Default Value:: -By default the system key manager(s) will be used. - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-info-url:: -[open] -==== - -Description:: -Defines the OpenAM endpoint URL where the access-token resolution request should be sent. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-http-authorization-mechanism-http-oauth2-token-introspection-authorization-mechanism] -==== HTTP Oauth2 Token Introspection Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-id:: -[open] -==== - -Description:: -Client's ID to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-secret:: -[open] -==== - -Description:: -Client's secret to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-introspection-url:: -[open] -==== - -Description:: -Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-http-endpoint] -=== dsconfig delete-http-endpoint — Deletes HTTP Endpoints - -==== Synopsis -`dsconfig delete-http-endpoint` {options} - -[#dsconfig-delete-http-endpoint-description] -==== Description -Deletes HTTP Endpoints. - -[#dsconfig-delete-http-endpoint-options] -==== Options --- -The `dsconfig delete-http-endpoint` command takes the following options: - -`--endpoint-name {name}`:: -The name of the HTTP Endpoint. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {name}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-endpoint-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {name}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-endpoint-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`-f | --force`:: -Ignore non-existent HTTP Endpoints. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default null: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-endpoint-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default null: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-http-endpoint-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - --- - -[#dsconfig-delete-http-endpoint-admin-endpoint] -==== Admin Endpoint -HTTP Endpoints of type admin-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Admin Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.AdminEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-http-endpoint-rest2ldap-endpoint] -==== Rest2ldap Endpoint -HTTP Endpoints of type rest2ldap-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -config-directory:: -[open] -==== - -Description:: -The directory containing the Rest2Ldap configuration file(s) for this specific endpoint. The directory must be readable by the server and may contain multiple configuration files, one for each supported version of the REST endpoint. If a relative path is used then it will be resolved against the server's instance directory. - -Default Value:: -None - -Allowed Values:: -A directory that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Rest2ldap Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-identity-mapper] -=== dsconfig delete-identity-mapper — Deletes Identity Mappers - -==== Synopsis -`dsconfig delete-identity-mapper` {options} - -[#dsconfig-delete-identity-mapper-description] -==== Description -Deletes Identity Mappers. - -[#dsconfig-delete-identity-mapper-options] -==== Options --- -The `dsconfig delete-identity-mapper` command takes the following options: - -`--mapper-name {name}`:: -The name of the Identity Mapper. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {name}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-identity-mapper-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {name}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-identity-mapper-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`-f | --force`:: -Ignore non-existent Identity Mappers. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default null: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-identity-mapper-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default null: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-identity-mapper-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - --- - -[#dsconfig-delete-identity-mapper-exact-match-identity-mapper] -==== Exact Match Identity Mapper -Identity Mappers of type exact-match-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.ExactMatchIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-identity-mapper-regular-expression-identity-mapper] -==== Regular Expression Identity Mapper -Identity Mappers of type regular-expression-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.RegularExpressionIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-pattern:: -[open] -==== - -Description:: -Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. - -Default Value:: -None - -Allowed Values:: -Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replace-pattern:: -[open] -==== - -Description:: -Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. - -Default Value:: -The replace pattern will be the empty string. - -Allowed Values:: -Any valid replacement string that is allowed by the javax.util.regex.Matcher class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-key-manager-provider] -=== dsconfig delete-key-manager-provider — Deletes Key Manager Providers - -==== Synopsis -`dsconfig delete-key-manager-provider` {options} - -[#dsconfig-delete-key-manager-provider-description] -==== Description -Deletes Key Manager Providers. - -[#dsconfig-delete-key-manager-provider-options] -==== Options --- -The `dsconfig delete-key-manager-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the Key Manager Provider. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {name}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-key-manager-provider-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {name}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-key-manager-provider-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`-f | --force`:: -Ignore non-existent Key Manager Providers. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default null: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-key-manager-provider-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default null: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-key-manager-provider-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - --- - -[#dsconfig-delete-key-manager-provider-file-based-key-manager-provider] -==== File Based Key Manager Provider -Key Manager Providers of type file-based-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedKeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-key-manager-provider-pkcs11-key-manager-provider] -==== PKCS11 Key Manager Provider -Key Manager Providers of type pkcs11-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.PKCS11KeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-log-publisher] -=== dsconfig delete-log-publisher — Deletes Log Publishers - -==== Synopsis -`dsconfig delete-log-publisher` {options} - -[#dsconfig-delete-log-publisher-description] -==== Description -Deletes Log Publishers. - -[#dsconfig-delete-log-publisher-options] -==== Options --- -The `dsconfig delete-log-publisher` command takes the following options: - -`--publisher-name {name}`:: -The name of the Log Publisher. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {name}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {name}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {name}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {name}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {name}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {name}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {name}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {name}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {name}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`-f | --force`:: -Ignore non-existent Log Publishers. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default null: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default null: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default null: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default null: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default null: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default null: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default null: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default null: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default null: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-log-publisher-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - --- - -[#dsconfig-delete-log-publisher-csv-file-access-log-publisher] -==== Csv File Access Log Publisher -Log Publishers of type csv-file-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writting in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CsvFileAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when the tamper-evident option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-csv-file-http-access-log-publisher] -==== Csv File HTTP Access Log Publisher -Log Publishers of type csv-file-http-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File HTTP Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File HTTP Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File HTTP Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when secure option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-external-access-log-publisher] -==== External Access Log Publisher -Log Publishers of type external-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.ExternalAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-external-http-access-log-publisher] -==== External HTTP Access Log Publisher -Log Publishers of type external-http-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External HTTP Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-file-based-access-log-publisher] -==== File Based Access Log Publisher -Log Publishers of type file-based-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the access log. - -Default Value:: -multi-line - -Allowed Values:: -[open] -====== - -combined:: -Combine log records for operation requests and responses into a single record. This format should be used when log records are to be filtered based on response criteria (e.g. result code). - -multi-line:: -Outputs separate log records for operation requests and responses. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-file-based-audit-log-publisher] -==== File Based Audit Log Publisher -Log Publishers of type file-based-audit-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Audit Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Audit Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAuditLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Audit Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-file-based-debug-log-publisher] -==== File Based Debug Log Publisher -Log Publishers of type file-based-debug-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Debug Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-include-throwable-cause:: -[open] -==== - -Description:: -Indicates whether to include the cause of exceptions in exception thrown and caught messages logged by default. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-entry-arguments:: -[open] -==== - -Description:: -Indicates whether to include method arguments in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-return-value:: -[open] -==== - -Description:: -Indicates whether to include the return value in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-throwable-stack-frames:: -[open] -==== - -Description:: -Indicates the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Debug Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextDebugLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Debug Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Debug Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Debug Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Debug Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-file-based-error-log-publisher] -==== File Based Error Log Publisher -Log Publishers of type file-based-error-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Error Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer will be flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-severity:: -[open] -==== - -Description:: -Specifies the default severity levels for the logger. - -Default Value:: -error - -+ -warning - -Allowed Values:: -[open] -====== - -all:: -Messages of all severity levels are logged. - -debug:: -The error log severity that is used for messages that provide debugging information triggered during processing. - -error:: -The error log severity that is used for messages that provide information about errors which may force the server to shut down or operate in a significantly degraded state. - -info:: -The error log severity that is used for messages that provide information about significant events within the server that are not warnings or errors. - -none:: -No messages of any severity are logged by default. This value is intended to be used in conjunction with the override-severity property to define an error logger that will publish no error message beside the errors of a given category. - -notice:: -The error log severity that is used for the most important informational messages (i.e., information that should almost always be logged but is not associated with a warning or error condition). - -warning:: -The error log severity that is used for messages that provide information about warnings triggered during processing. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Error Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextErrorLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Error Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Error Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -override-severity:: -[open] -==== - -Description:: -Specifies the override severity levels for the logger based on the category of the messages. Each override severity level should include the category and the severity levels to log for that category, for example, core=error,info,warning. Valid categories are: core, extensions, protocol, config, log, util, schema, plugin, jeb, backend, tools, task, access-control, admin, sync, version, quicksetup, admin-tool, dsconfig, user-defined. Valid severities are: all, error, info, warning, notice, debug. - -Default Value:: -All messages with the default severity levels are logged. - -Allowed Values:: -A string in the form category=severity1,severity2... - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Error Log Publisher . When multiple policies are used, log files will be cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files will never be cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Error Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-publisher-file-based-http-access-log-publisher] -==== File Based HTTP Access Log Publisher -Log Publishers of type file-based-http-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based HTTP Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based HTTP Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the HTTP access log. - -Default Value:: -cs-host c-ip cs-username x-datetime cs-method cs-uri-stem cs-uri-query cs-version sc-status cs(User-Agent) x-connection-id x-etime x-transaction-id - -Allowed Values:: -A space separated list of fields describing the extended log format to be used for logging HTTP accesses. Available values are listed on the W3C working draft http://www.w3.org/TR/WD-logfile.html and Microsoft website http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true OpenDJ supports the following standard fields: "c-ip", "c-port", "cs-host", "cs-method", "cs-uri", "cs-uri-stem", "cs-uri-query", "cs(User-Agent)", "cs-username", "cs-version", "s-computername", "s-ip", "s-port", "sc-status". OpenDJ supports the following application specific field extensions: "x-connection-id" displays the internal connection ID assigned to the HTTP client connection, "x-datetime" displays the completion date and time for the logged HTTP request and its ouput is controlled by the "ds-cfg-log-record-time-format" property, "x-etime" displays the total execution time for the logged HTTP request, "x-transaction-id" displays the transaction id associated to a request - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-log-retention-policy] -=== dsconfig delete-log-retention-policy — Deletes Log Retention Policies - -==== Synopsis -`dsconfig delete-log-retention-policy` {options} - -[#dsconfig-delete-log-retention-policy-description] -==== Description -Deletes Log Retention Policies. - -[#dsconfig-delete-log-retention-policy-options] -==== Options --- -The `dsconfig delete-log-retention-policy` command takes the following options: - -`--policy-name {name}`:: -The name of the Log Retention Policy. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {name}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-retention-policy-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {name}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-retention-policy-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {name}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-retention-policy-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`-f | --force`:: -Ignore non-existent Log Retention Policies. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default null: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-retention-policy-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default null: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-retention-policy-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default null: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-retention-policy-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - --- - -[#dsconfig-delete-log-retention-policy-file-count-log-retention-policy] -==== File Count Log Retention Policy -Log Retention Policies of type file-count-log-retention-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the File Count Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FileNumberRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -number-of-files:: -[open] -==== - -Description:: -Specifies the number of archived log files to retain before the oldest ones are cleaned. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-retention-policy-free-disk-space-log-retention-policy] -==== Free Disk Space Log Retention Policy -Log Retention Policies of type free-disk-space-log-retention-policy have the following properties: --- - -free-disk-space:: -[open] -==== - -Description:: -Specifies the minimum amount of free disk space that should be available on the file system on which the archived log files are stored. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Free Disk Space Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FreeDiskSpaceRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-retention-policy-size-limit-log-retention-policy] -==== Size Limit Log Retention Policy -Log Retention Policies of type size-limit-log-retention-policy have the following properties: --- - -disk-space-used:: -[open] -==== - -Description:: -Specifies the maximum total disk space used by the log files. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-log-rotation-policy] -=== dsconfig delete-log-rotation-policy — Deletes Log Rotation Policies - -==== Synopsis -`dsconfig delete-log-rotation-policy` {options} - -[#dsconfig-delete-log-rotation-policy-description] -==== Description -Deletes Log Rotation Policies. - -[#dsconfig-delete-log-rotation-policy-options] -==== Options --- -The `dsconfig delete-log-rotation-policy` command takes the following options: - -`--policy-name {name}`:: -The name of the Log Rotation Policy. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {name}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-rotation-policy-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {name}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-rotation-policy-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {name}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-rotation-policy-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`-f | --force`:: -Ignore non-existent Log Rotation Policies. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default null: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-rotation-policy-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default null: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-rotation-policy-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default null: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-log-rotation-policy-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - --- - -[#dsconfig-delete-log-rotation-policy-fixed-time-log-rotation-policy] -==== Fixed Time Log Rotation Policy -Log Rotation Policies of type fixed-time-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fixed Time Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.FixedTimeRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-of-day:: -[open] -==== - -Description:: -Specifies the time of day at which log rotation should occur. - -Default Value:: -None - -Allowed Values:: -24 hour time of day in HHmm format. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-rotation-policy-size-limit-log-rotation-policy] -==== Size Limit Log Rotation Policy -Log Rotation Policies of type size-limit-log-rotation-policy have the following properties: --- - -file-size-limit:: -[open] -==== - -Description:: -Specifies the maximum size that a log file can reach before it is rotated. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-log-rotation-policy-time-limit-log-rotation-policy] -==== Time Limit Log Rotation Policy -Log Rotation Policies of type time-limit-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Time Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.TimeLimitRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -rotation-interval:: -[open] -==== - -Description:: -Specifies the time interval between rotations. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-matching-rule] -=== dsconfig delete-matching-rule — Deletes Matching Rules - -==== Synopsis -`dsconfig delete-matching-rule` {options} - -[#dsconfig-delete-matching-rule-description] -==== Description -Deletes Matching Rules. - -[#dsconfig-delete-matching-rule-options] -==== Options --- -The `dsconfig delete-matching-rule` command takes the following options: - -`--rule-name {name}`:: -The name of the Matching Rule. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {name}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-matching-rule-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`-f | --force`:: -Ignore non-existent Matching Rules. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default null: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-matching-rule-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - --- - -[#dsconfig-delete-matching-rule-collation-matching-rule] -==== Collation Matching Rule -Matching Rules of type collation-matching-rule have the following properties: --- - -collation:: -[open] -==== - -Description:: -the set of supported locales Collation must be specified using the syntax: LOCALE:OID - -Default Value:: -None - -Allowed Values:: -A Locale followed by a ":" and an OID. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Matching Rule is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Collation Matching Rule implementation. - -Default Value:: -org.opends.server.schema.CollationMatchingRuleFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MatchingRuleFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -matching-rule-type:: -[open] -==== - -Description:: -the types of matching rules that should be supported for each locale - -Default Value:: -None - -Allowed Values:: -[open] -====== - -equality:: -Specifies if equality type collation matching rule needs to be created for each locale. - -greater-than:: -Specifies if greater-than type collation matching rule needs to be created for each locale. - -greater-than-or-equal-to:: -Specifies if greater-than-or-equal-to type collation matching rule needs to be created for each locale. - -less-than:: -Specifies if less-than type collation matching rule needs to be created for each locale. - -less-than-or-equal-to:: -Specifies if less-than-or-equal-to type collation matching rule needs to be created for each locale. - -substring:: -Specifies if substring type collation matching rule needs to be created for each locale. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-monitor-provider] -=== dsconfig delete-monitor-provider — Deletes Monitor Providers - -==== Synopsis -`dsconfig delete-monitor-provider` {options} - -[#dsconfig-delete-monitor-provider-description] -==== Description -Deletes Monitor Providers. - -[#dsconfig-delete-monitor-provider-options] -==== Options --- -The `dsconfig delete-monitor-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the Monitor Provider. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {name}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {name}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {name}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {name}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {name}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {name}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`-f | --force`:: -Ignore non-existent Monitor Providers. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default null: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default null: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default null: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default null: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default null: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default null: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-monitor-provider-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - --- - -[#dsconfig-delete-monitor-provider-client-connection-monitor-provider] -==== Client Connection Monitor Provider -Monitor Providers of type client-connection-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Client Connection Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.ClientConnectionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-monitor-provider-entry-cache-monitor-provider] -==== Entry Cache Monitor Provider -Monitor Providers of type entry-cache-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Entry Cache Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.EntryCacheMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-monitor-provider-memory-usage-monitor-provider] -==== Memory Usage Monitor Provider -Monitor Providers of type memory-usage-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Memory Usage Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.MemoryUsageMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-monitor-provider-stack-trace-monitor-provider] -==== Stack Trace Monitor Provider -Monitor Providers of type stack-trace-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Stack Trace Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.StackTraceMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-monitor-provider-system-info-monitor-provider] -==== System Info Monitor Provider -Monitor Providers of type system-info-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the System Info Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.SystemInfoMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-monitor-provider-version-monitor-provider] -==== Version Monitor Provider -Monitor Providers of type version-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Version Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.VersionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-password-generator] -=== dsconfig delete-password-generator — Deletes Password Generators - -==== Synopsis -`dsconfig delete-password-generator` {options} - -[#dsconfig-delete-password-generator-description] -==== Description -Deletes Password Generators. - -[#dsconfig-delete-password-generator-options] -==== Options --- -The `dsconfig delete-password-generator` command takes the following options: - -`--generator-name {name}`:: -The name of the Password Generator. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {name}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-generator-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`-f | --force`:: -Ignore non-existent Password Generators. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default null: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-generator-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - --- - -[#dsconfig-delete-password-generator-random-password-generator] -==== Random Password Generator -Password Generators of type random-password-generator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Generator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Random Password Generator implementation. - -Default Value:: -org.opends.server.extensions.RandomPasswordGenerator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordGenerator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -password-character-set:: -[open] -==== - -Description:: -Specifies one or more named character sets. This is a multi-valued property, with each value defining a different character set. The format of the character set is the name of the set followed by a colon and the characters that are in that set. For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a character set named "alpha" containing all of the lower-case ASCII alphabetic characters. - -Default Value:: -None - -Allowed Values:: -A character set name (consisting of ASCII letters) followed by a colon and the set of characters that are included in that character set. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-format:: -[open] -==== - -Description:: -Specifies the format to use for the generated password. The value is a comma-delimited list of elements in which each of those elements is comprised of the name of a character set defined in the password-character-set property, a colon, and the number of characters to include from that set. For example, a value of "alpha:3,numeric:2,alpha:3" generates an 8-character password in which the first three characters are from the "alpha" set, the next two are from the "numeric" set, and the final three are from the "alpha" set. - -Default Value:: -None - -Allowed Values:: -A comma-delimited list whose elements comprise a valid character set name, a colon, and a positive integer indicating the number of characters from that set to be included. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-password-policy] -=== dsconfig delete-password-policy — Deletes Authentication Policies - -==== Synopsis -`dsconfig delete-password-policy` {options} - -[#dsconfig-delete-password-policy-description] -==== Description -Deletes Authentication Policies. - -[#dsconfig-delete-password-policy-options] -==== Options --- -The `dsconfig delete-password-policy` command takes the following options: - -`--policy-name {name}`:: -The name of the Authentication Policy. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {name}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-password-policy-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {name}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-password-policy-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`-f | --force`:: -Ignore non-existent Authentication Policies. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default null: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-password-policy-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default null: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-password-policy-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - --- - -[#dsconfig-delete-password-policy-ldap-pass-through-authentication-policy] -==== LDAP Pass Through Authentication Policy -Authentication Policies of type ldap-pass-through-authentication-policy have the following properties: --- - -cached-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the name of a password storage scheme which should be used for encoding cached passwords. Changing the password storage scheme will cause all existing cached passwords to be discarded. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cached-password-ttl:: -[open] -==== - -Description:: -Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service. This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service. - -Default Value:: -8 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests. If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. - -Default Value:: -3 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation. - -Default Value:: -org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mapped-attribute:: -[open] -==== - -Description:: -Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-dn:: -[open] -==== - -Description:: -Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -Searches will be performed anonymously. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password:: -[open] -==== - -Description:: -Specifies the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-environment-variable:: -[open] -==== - -Description:: -Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-file:: -[open] -==== - -Description:: -Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-property:: -[open] -==== - -Description:: -Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-filter-template:: -[open] -==== - -Description:: -If defined, overrides the filter used when searching for the user, substituting %s with the value of the local entry's "mapped-attribute". The filter-template may include ZERO or ONE %s substitutions. If multiple mapped-attributes are configured, multiple renditions of this template will be aggregated into one larger filter using an OR (|) operator. An example use-case for this property would be to use a different attribute type on the mapped search. For example, mapped-attribute could be set to "uid" and filter-template to "(samAccountName=%s)". - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapping-policy:: -[open] -==== - -Description:: -Specifies the mapping algorithm for obtaining the bind DN from the user's entry. - -Default Value:: -unmapped - -Allowed Values:: -[open] -====== - -mapped-bind:: -Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used. - -mapped-search:: -Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). - -unmapped:: -Bind to the remote LDAP directory service using the DN of the user's entry in this directory server. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -primary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -secondary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. - -Default Value:: -No secondary LDAP servers. - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-password-caching:: -[open] -==== - -Description:: -Indicates whether passwords should be cached locally within the user's entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Pass Through Authentication Policy should use SSL. If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-policy-password-policy] -==== Password Policy -Authentication Policies of type password-policy have the following properties: --- - -account-status-notification-handler:: -[open] -==== - -Description:: -Specifies the names of the account status notification handlers that are used with the associated password storage scheme. - -Default Value:: -None - -Allowed Values:: -The DN of any Account Status Notification Handler. The referenced account status notification handlers must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-expired-password-changes:: -[open] -==== - -Description:: -Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-multiple-password-values:: -[open] -==== - -Description:: -Indicates whether user entries can have multiple distinct values for the password attribute. This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-pre-encoded-passwords:: -[open] -==== - -Description:: -Indicates whether users can change their passwords by providing a pre-encoded value. This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-user-password-changes:: -[open] -==== - -Description:: -Indicates whether users can change their own passwords. This check is made in addition to access control evaluation. Both must allow the password change for it to occur. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -deprecated-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s). - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -expire-passwords-without-warning:: -[open] -==== - -Description:: -Indicates whether the directory server allows a user's password to expire even if that user has never seen an expiration warning notification. If this property is true, accounts always expire when the expiration time arrives. If this property is false or disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-add:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords upon first authenticating to the directory server after their account has been created. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-reset:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords if they are reset by an administrator. For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -grace-login-count:: -[open] -==== - -Description:: -Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. A value of 0 indicates that no grace logins are allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-lockout-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the Password Policy implementation. - -Default Value:: -org.opends.server.core.PasswordPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -last-login-time-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. This attribute type must be defined in the directory server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate the last login time value for users with the associated password policy. This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-duration:: -[open] -==== - -Description:: -Specifies the length of time that an account is locked after too many authentication failures. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-count:: -[open] -==== - -Description:: -Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. A value of 0 indicates that accounts are never locked out due to failed attempts. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-expiration-interval:: -[open] -==== - -Description:: -Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-reset-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-age:: -[open] -==== - -Description:: -Specifies the minimum length of time after a password change before the user is allowed to change the password again. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-attribute:: -[open] -==== - -Description:: -Specifies the attribute type used to hold user passwords. This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-change-requires-current-password:: -[open] -==== - -Description:: -Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-expiration-warning-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval. - -Default Value:: -5 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-generator:: -[open] -==== - -Description:: -Specifies the name of the password generator that is used with the associated password policy. This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Generator. The referenced password generator must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-count:: -[open] -==== - -Description:: -Specifies the maximum number of former passwords to maintain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds). - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-duration:: -[open] -==== - -Description:: -Specifies the maximum length of time that passwords remain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero). - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-validator:: -[open] -==== - -Description:: -Specifies the names of the password validators that are used with the associated password storage scheme. The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Validator. The referenced password validators must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -previous-last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-change-by-time:: -[open] -==== - -Description:: -Specifies the time by which all users with the associated password policy must change their passwords. The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset. - -Default Value:: -None - -Allowed Values:: -A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-authentication:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to authenticate in a secure manner. This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-password-changes:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -skip-validation-for-administrators:: -[open] -==== - -Description:: -Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -state-update-failure-policy:: -[open] -==== - -Description:: -Specifies how the server deals with the inability to update password policy state information during an authentication attempt. In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled). - -Default Value:: -reactive - -Allowed Values:: -[open] -====== - -ignore:: -If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user. - -proactive:: -Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user's password policy state information. - -reactive:: -Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-password-storage-scheme] -=== dsconfig delete-password-storage-scheme — Deletes Password Storage Schemes - -==== Synopsis -`dsconfig delete-password-storage-scheme` {options} - -[#dsconfig-delete-password-storage-scheme-description] -==== Description -Deletes Password Storage Schemes. - -[#dsconfig-delete-password-storage-scheme-options] -==== Options --- -The `dsconfig delete-password-storage-scheme` command takes the following options: - -`--scheme-name {name}`:: -The name of the Password Storage Scheme. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {name}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {name}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {name}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {name}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {name}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {name}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {name}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {name}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {name}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {name}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {name}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {name}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {name}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {name}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {name}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {name}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {name}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`-f | --force`:: -Ignore non-existent Password Storage Schemes. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default null: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default null: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default null: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default null: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default null: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default null: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default null: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default null: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default null: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default null: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default null: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default null: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default null: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default null: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default null: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default null: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default null: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-storage-scheme-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - --- - -[#dsconfig-delete-password-storage-scheme-aes-password-storage-scheme] -==== AES Password Storage Scheme -Password Storage Schemes of type aes-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the AES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.AESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-base64-password-storage-scheme] -==== Base64 Password Storage Scheme -Password Storage Schemes of type base64-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Base64 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.Base64PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-bcrypt-password-storage-scheme] -==== Bcrypt Password Storage Scheme -Password Storage Schemes of type bcrypt-password-storage-scheme have the following properties: --- - -bcrypt-cost:: -[open] -==== - -Description:: -The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users. - -Default Value:: -12 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 30. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BCryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-blowfish-password-storage-scheme] -==== Blowfish Password Storage Scheme -Password Storage Schemes of type blowfish-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Blowfish Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BlowfishPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-clear-password-storage-scheme] -==== Clear Password Storage Scheme -Password Storage Schemes of type clear-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Clear Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.ClearPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-crypt-password-storage-scheme] -==== Crypt Password Storage Scheme -Password Storage Schemes of type crypt-password-storage-scheme have the following properties: --- - -crypt-password-storage-encryption-algorithm:: -[open] -==== - -Description:: -Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix. - -Default Value:: -unix - -Allowed Values:: -[open] -====== - -md5:: -New passwords are encrypted with the BSD MD5 algorithm. - -sha256:: -New passwords are encrypted with the Unix crypt SHA256 algorithm. - -sha512:: -New passwords are encrypted with the Unix crypt SHA512 algorithm. - -unix:: -New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.CryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-md5-password-storage-scheme] -==== MD5 Password Storage Scheme -Password Storage Schemes of type md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.MD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-pbkdf2-password-storage-scheme] -==== PBKDF2 Password Storage Scheme -Password Storage Schemes of type pbkdf2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PBKDF2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pbkdf2-iterations:: -[open] -==== - -Description:: -The number of algorithm iterations to make. NIST recommends at least 1000. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-pkcs5s2-password-storage-scheme] -==== PKCS5S2 Password Storage Scheme -Password Storage Schemes of type pkcs5s2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PKCS5S2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PKCS5S2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-rc4-password-storage-scheme] -==== RC4 Password Storage Scheme -Password Storage Schemes of type rc4-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the RC4 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.RC4PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-salted-md5-password-storage-scheme] -==== Salted MD5 Password Storage Scheme -Password Storage Schemes of type salted-md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedMD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-salted-sha1-password-storage-scheme] -==== Salted SHA1 Password Storage Scheme -Password Storage Schemes of type salted-sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-salted-sha256-password-storage-scheme] -==== Salted SHA256 Password Storage Scheme -Password Storage Schemes of type salted-sha256-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA256 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA256PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-salted-sha384-password-storage-scheme] -==== Salted SHA384 Password Storage Scheme -Password Storage Schemes of type salted-sha384-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA384 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA384PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-salted-sha512-password-storage-scheme] -==== Salted SHA512 Password Storage Scheme -Password Storage Schemes of type salted-sha512-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA512 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA512PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-sha1-password-storage-scheme] -==== SHA1 Password Storage Scheme -Password Storage Schemes of type sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-storage-scheme-triple-des-password-storage-scheme] -==== Triple DES Password Storage Scheme -Password Storage Schemes of type triple-des-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Triple DES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.TripleDESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-password-validator] -=== dsconfig delete-password-validator — Deletes Password Validators - -==== Synopsis -`dsconfig delete-password-validator` {options} - -[#dsconfig-delete-password-validator-description] -==== Description -Deletes Password Validators. - -[#dsconfig-delete-password-validator-options] -==== Options --- -The `dsconfig delete-password-validator` command takes the following options: - -`--validator-name {name}`:: -The name of the Password Validator. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {name}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {name}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {name}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {name}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {name}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {name}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {name}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`-f | --force`:: -Ignore non-existent Password Validators. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default null: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default null: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default null: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default null: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default null: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default null: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default null: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-password-validator-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - --- - -[#dsconfig-delete-password-validator-attribute-value-password-validator] -==== Attribute Value Password Validator -Password Validators of type attribute-value-password-validator have the following properties: --- - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.AttributeValuePasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry. - -Default Value:: -All attributes in the user entry will be checked. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-validator-character-set-password-validator] -==== Character Set Password Validator -Password Validators of type character-set-password-validator have the following properties: --- - -allow-unclassified-characters:: -[open] -==== - -Description:: -Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set:: -[open] -==== - -Description:: -Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. - -Default Value:: -If no sets are specified, the validator only uses the defined character ranges. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set-ranges:: -[open] -==== - -Description:: -Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered. - -Default Value:: -If no ranges are specified, the validator only uses the defined character sets. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.CharacterSetPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-character-sets:: -[open] -==== - -Description:: -Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3. - -Default Value:: -The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-validator-dictionary-password-validator] -==== Dictionary Password Validator -Password Validators of type dictionary-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -dictionary-file:: -[open] -==== - -Description:: -Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. - -Default Value:: -For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt - -Allowed Values:: -The path to any text file contained on the system that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.DictionaryPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-validator-length-based-password-validator] -==== Length Based Password Validator -Password Validators of type length-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.LengthBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-password-length:: -[open] -==== - -Description:: -Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-length:: -[open] -==== - -Description:: -Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-validator-repeated-characters-password-validator] -==== Repeated Characters Password Validator -Password Validators of type repeated-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.RepeatedCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-consecutive-length:: -[open] -==== - -Description:: -Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-validator-similarity-based-password-validator] -==== Similarity Based Password Validator -Password Validators of type similarity-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.SimilarityBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-password-difference:: -[open] -==== - -Description:: -Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-password-validator-unique-characters-password-validator] -==== Unique Characters Password Validator -Password Validators of type unique-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.UniqueCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-unique-characters:: -[open] -==== - -Description:: -Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-plugin] -=== dsconfig delete-plugin — Deletes Plugins - -==== Synopsis -`dsconfig delete-plugin` {options} - -[#dsconfig-delete-plugin-description] -==== Description -Deletes Plugins. - -[#dsconfig-delete-plugin-options] -==== Options --- -The `dsconfig delete-plugin` command takes the following options: - -`--plugin-name {name}`:: -The name of the Plugin. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {name}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {name}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {name}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {name}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {name}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {name}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {name}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {name}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {name}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {name}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {name}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {name}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`-f | --force`:: -Ignore non-existent Plugins. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default null: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default null: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default null: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default null: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default null: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default null: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default null: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default null: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default null: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default null: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default null: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default null: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-plugin-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - --- - -[#dsconfig-delete-plugin-attribute-cleanup-plugin] -==== Attribute Cleanup Plugin -Plugins of type attribute-cleanup-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.AttributeCleanupPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparseadd - -+ -preparsemodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -remove-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be removed from incoming add or modify requests. - -Default Value:: -No attributes will be removed - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rename-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be renamed in incoming add or modify requests. - -Default Value:: -No attributes will be renamed - -Allowed Values:: -An attribute name mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-change-number-control-plugin] -==== Change Number Control Plugin -Plugins of type change-number-control-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ChangeNumberControlPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postOperationAdd - -+ -postOperationDelete - -+ -postOperationModify - -+ -postOperationModifyDN - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-entry-uuid-plugin] -==== Entry UUID Plugin -Plugins of type entry-uuid-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.EntryUUIDPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preoperationadd - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-fractional-ldif-import-plugin] -==== Fractional LDIF Import Plugin -Plugins of type fractional-ldif-import-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -None - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-last-mod-plugin] -==== Last Mod Plugin -Plugins of type last-mod-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LastModPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-ldap-attribute-description-list-plugin] -==== LDAP Attribute Description List Plugin -Plugins of type ldap-attribute-description-list-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LDAPADListPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparsesearch - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-password-policy-import-plugin] -==== Password Policy Import Plugin -Plugins of type password-policy-import-plugin have the following properties: --- - -default-auth-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. - -Default Value:: -If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-user-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. - -Default Value:: -If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.PasswordPolicyImportPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-profiler-plugin] -==== Profiler Plugin -Plugins of type profiler-plugin have the following properties: --- - -enable-profiling-on-startup:: -[open] -==== - -Description:: -Indicates whether the profiler plug-in is to start collecting data automatically when the directory server is started. This property is read only when the server is started, and any changes take effect on the next restart. This property is typically set to "false" unless startup profiling is required, because otherwise the volume of data that can be collected can cause the server to run out of memory if it is not turned off in a timely manner. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.profiler.ProfilerPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -startup - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -profile-action:: -[open] -==== - -Description:: -Specifies the action that should be taken by the profiler. A value of "start" causes the profiler thread to start collecting data if it is not already active. A value of "stop" causes the profiler thread to stop collecting data and write it to disk, and a value of "cancel" causes the profiler thread to stop collecting data and discard anything that has been captured. These operations occur immediately. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -cancel:: -Stop collecting profile data and discard what has been captured. - -none:: -Do not take any action. - -start:: -Start collecting profile data. - -stop:: -Stop collecting profile data and write what has been captured to a file in the profile directory. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-directory:: -[open] -==== - -Description:: -Specifies the path to the directory where profile information is to be written. This path may be either an absolute path or a path that is relative to the root of the OpenDJ directory server instance. The directory must exist and the directory server must have permission to create new files in it. - -Default Value:: -None - -Allowed Values:: -The path to any directory that exists on the filesystem and that can be read and written by the server user. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-sample-interval:: -[open] -==== - -Description:: -Specifies the sample interval in milliseconds to be used when capturing profiling information in the server. When capturing data, the profiler thread sleeps for this length of time between calls to obtain traces for all threads running in the JVM. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -Changes to this configuration attribute take effect the next time the profiler is started. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-referential-integrity-plugin] -==== Referential Integrity Plugin -Plugins of type referential-integrity-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute types for which referential integrity is to be maintained. At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34). - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN that limits the scope within which referential integrity is maintained. - -Default Value:: -Referential integrity is maintained in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references:: -[open] -==== - -Description:: -Specifies whether reference attributes must refer to existing entries. When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-filter-criteria:: -[open] -==== - -Description:: -Specifies additional filter criteria which will be enforced when checking references. If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter. - -Default Value:: -None - -Allowed Values:: -An attribute-filter mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-scope-criteria:: -[open] -==== - -Description:: -Specifies whether referenced entries must reside within the same naming context as the entry containing the reference. The reference scope will only be enforced when reference checking is enabled. - -Default Value:: -global - -Allowed Values:: -[open] -====== - -global:: -References may refer to existing entries located anywhere in the Directory. - -naming-context:: -References must refer to existing entries located within the same naming context. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ReferentialIntegrityPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -Specifies the log file location where the update records are written when the plug-in is in background-mode processing. The default location is the logs directory of the server instance, using the file name "referint". - -Default Value:: -logs/referint - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postoperationdelete - -+ -postoperationmodifydn - -+ -subordinatemodifydn - -+ -subordinatedelete - -+ -preoperationadd - -+ -preoperationmodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -update-interval:: -[open] -==== - -Description:: -Specifies the interval in seconds when referential integrity updates are made. If this value is 0, then the updates are made synchronously in the foreground. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-samba-password-plugin] -==== Samba Password Plugin -Plugins of type samba-password-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SambaPasswordPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationmodify - -+ -postoperationextended - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pwd-sync-policy:: -[open] -==== - -Description:: -Specifies which Samba passwords should be kept synchronized. - -Default Value:: -sync-nt-password - -Allowed Values:: -[open] -====== - -sync-lm-password:: -Synchronize the LanMan password attribute "sambaLMPassword" - -sync-nt-password:: -Synchronize the NT password attribute "sambaNTPassword" - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -samba-administrator-dn:: -[open] -==== - -Description:: -Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped. - -Default Value:: -Synchronize all updates to user passwords - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-seven-bit-clean-plugin] -==== Seven Bit Clean Plugin -Plugins of type seven-bit-clean-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the name or OID of an attribute type for which values should be checked to ensure that they are 7-bit clean. - -Default Value:: -uid - -+ -mail - -+ -userPassword - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN below which the checking is performed. Any attempt to update a value for one of the configured attributes below this base DN must be 7-bit clean for the operation to be allowed. - -Default Value:: -All entries below all public naming contexts will be checked. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SevenBitCleanPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preparseadd - -+ -preparsemodify - -+ -preparsemodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-plugin-unique-attribute-plugin] -==== Unique Attribute Plugin -Plugins of type unique-attribute-plugin have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies a base DN within which the attribute must be unique. - -Default Value:: -The plug-in uses the server's public naming contexts in the searches. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.UniqueAttributePlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -+ -postoperationadd - -+ -postoperationmodify - -+ -postoperationmodifydn - -+ -postsynchronizationadd - -+ -postsynchronizationmodify - -+ -postsynchronizationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -type:: -[open] -==== - -Description:: -Specifies the type of attributes to check for value uniqueness. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-replication-domain] -=== dsconfig delete-replication-domain — Deletes Replication Domains - -==== Synopsis -`dsconfig delete-replication-domain` {options} - -[#dsconfig-delete-replication-domain-description] -==== Description -Deletes Replication Domains. - -[#dsconfig-delete-replication-domain-options] -==== Options --- -The `dsconfig delete-replication-domain` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-replication-domain-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--domain-name {name}`:: -The name of the Replication Domain. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-replication-domain-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`-f | --force`:: -Ignore non-existent Replication Domains. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default null: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-replication-domain-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - --- - -[#dsconfig-delete-replication-domain-replication-domain] -==== Replication Domain -Replication Domains of type replication-domain have the following properties: --- - -assured-sd-level:: -[open] -==== - -Description:: -The level of acknowledgment for Safe Data assured sub mode. When assured replication is configured in Safe Data mode, this value defines the number of replication servers (with the same group ID of the local server) that should acknowledge the sent update before the LDAP client call can return. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured replication acknowledgments. Defines the amount of milliseconds the server will wait for assured acknowledgments (in either Safe Data or Safe Read assured replication modes) before returning anyway the LDAP client call. - -Default Value:: -2000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-type:: -[open] -==== - -Description:: -Defines the assured replication mode of the replicated domain. The assured replication can be disabled or enabled. When enabled, two modes are available: Safe Data or Safe Read modes. - -Default Value:: -not-assured - -Allowed Values:: -[open] -====== - -not-assured:: -Assured replication is not enabled. Updates sent for replication (for being replayed on other LDAP servers in the topology) are sent without waiting for any acknowledgment and the LDAP client call returns immediately. - -safe-data:: -Assured replication is enabled in Safe Data mode: updates sent for replication are subject to acknowledgment from the replication servers that have the same group ID as the local server (defined with the group-id property). The number of acknowledgments to expect is defined by the assured-sd-level property. After acknowledgments are received, LDAP client call returns. - -safe-read:: -Assured replication is enabled in Safe Read mode: updates sent for replication are subject to acknowledgments from the LDAP servers in the topology that have the same group ID as the local server (defined with the group-id property). After acknowledgments are received, LDAP client call returns. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN of the replicated data. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -changetime-heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when sending its local change time to the Replication Server. The directory server sends a regular heart-beat to the Replication within the specified interval. The heart-beat indicates the change time of the directory server to the Replication Server. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -conflicts-historical-purge-delay:: -[open] -==== - -Description:: -This delay indicates the time (in minutes) the domain keeps the historical information necessary to solve conflicts.When a change stored in the historical part of the user entry has a date (from its replication ChangeNumber) older than this delay, it is candidate to be purged. The purge is applied on 2 events: modify of the entry, dedicated purge task. - -Default Value:: -1440m - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 minutes. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-exclude:: -[open] -==== - -Description:: -Allows to exclude some attributes to replicate to this server. If fractional-exclude configuration attribute is used, attributes specified in this attribute will be ignored (not added/modified/deleted) when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-include attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be excluded. The object class may be "*" indicating that the attribute type(s) should be excluded regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-include:: -[open] -==== - -Description:: -Allows to include some attributes to replicate to this server. If fractional-include configuration attribute is used, only attributes specified in this attribute will be added/modified/deleted when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-exclude attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be included. The object class may be "*" indicating that the attribute type(s) should be included regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group ID associated with this replicated domain. This value defines the group ID of the replicated domain. The replication system will preferably connect and send updates to replicate to a replication server with the same group ID as its own one (the local server group ID). - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when communicating with Replication Servers. The directory server expects a regular heart-beat coming from the Replication Server within the specified interval. If a heartbeat is not received within the interval, the Directory Server closes its connection and connects to another Replication Server. - -Default Value:: -10000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 100 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -initialization-window-size:: -[open] -==== - -Description:: -Specifies the window size that this directory server may use when communicating with remote Directory Servers for initialization. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -isolation-policy:: -[open] -==== - -Description:: -Specifies the behavior of the directory server if a write operation is attempted on the data within the Replication Domain when none of the configured Replication Servers are available. - -Default Value:: -reject-all-updates - -Allowed Values:: -[open] -====== - -accept-all-updates:: -Indicates that updates should be accepted even though it is not possible to send them to any Replication Server. Best effort is made to re-send those updates to a Replication Servers when one of them is available, however those changes are at risk because they are only available from the historical information. This mode can also introduce high replication latency. - -reject-all-updates:: -Indicates that all updates attempted on this Replication Domain are rejected when no Replication Server is available. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-changenumber:: -[open] -==== - -Description:: -Indicates if this server logs the ChangeNumber in access log. This boolean indicates if the domain should log the ChangeNumber of replicated operations in the access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -referrals-url:: -[open] -==== - -Description:: -The URLs other LDAP servers should use to refer to the local server. URLs used by peer servers in the topology to refer to the local server through LDAP referrals. If this attribute is not defined, every URLs available to access this server will be used. If defined, only URLs specified here will be used. - -Default Value:: -None - -Allowed Values:: -A LDAP URL compliant with RFC 2255. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of the Replication Servers within the Replication Domain to which the directory server should try to connect at startup time. Addresses must be specified using the syntax: hostname:port - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the directory server within the Replication Domain. Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -solve-conflicts:: -[open] -==== - -Description:: -Indicates if this server solves conflict. This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the directory server will use when communicating with Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-replication-server] -=== dsconfig delete-replication-server — Deletes Replication Servers - -==== Synopsis -`dsconfig delete-replication-server` {options} - -[#dsconfig-delete-replication-server-description] -==== Description -Deletes Replication Servers. - -[#dsconfig-delete-replication-server-options] -==== Options --- -The `dsconfig delete-replication-server` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {name}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`-f | --force`:: -Ignore non-existent Replication Servers. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default null: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-delete-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - --- - -[#dsconfig-delete-replication-server-replication-server] -==== Replication Server -Replication Servers of type replication-server have the following properties: --- - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured mode acknowledgments. Defines the number of milliseconds that the replication server will wait for assured acknowledgments (in either Safe Data or Safe Read assured sub modes) before forgetting them and answer to the entity that sent an update and is waiting for acknowledgment. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compute-change-number:: -[open] -==== - -Description:: -Whether the replication server will compute change numbers. This boolean tells the replication server to compute change numbers for each replicated change by maintaining a change number index database. Changenumbers are computed according to http://tools.ietf.org/html/draft-good-ldap-changelog-04. Note this functionality has an impact on CPU, disk accesses and storage. If changenumbers are not required, it is advisable to set this value to false. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the replication change-log should make records readable only by Directory Server. Throughput and disk space are affected by the more expensive operations taking place. Confidentiality is achieved by encrypting records on all domains managed by this replication server. Encrypting the records prevents unauthorized parties from accessing contents of LDAP operations. For complete protection, consider enabling secure communications between servers. Change number indexing is not affected by the setting. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -degraded-status-threshold:: -[open] -==== - -Description:: -The number of pending changes as threshold value for putting a directory server in degraded status. This value represents a number of pending changes a replication server has in queue for sending to a directory server. Once this value is crossed, the matching directory server goes in degraded status. When number of pending changes goes back under this value, the directory server is put back in normal status. 0 means status analyzer is disabled and directory servers are never put in degraded status. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered and the replication server will disconnect from the rest of the replication topology. When the available free space on the disk used by the replication changelog falls below the value specified, this replication server will stop. Connected Directory Servers will fail over to another RS. The replication server will restart again as soon as free space rises above the low threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered. When the available free space on the disk used by the replication changelog falls below the value specified, a warning is sent and logged. Normal operation will continue but administrators are advised to take action to free some disk space. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group id for the replication server. This value defines the group id of the replication server. The replication system of a LDAP server uses the group id of the replicated domain and tries to connect, if possible, to a replication with the same group id. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -monitoring-period:: -[open] -==== - -Description:: -The period between sending of monitoring messages. Defines the duration that the replication server will wait before sending new monitoring messages to its peers (replication servers and directory servers). Larger values increase the length of time it takes for a directory server to detect and switch to a more suitable replication server, whereas smaller values increase the amount of background network traffic. - -Default Value:: -60s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -Specifies the number of changes that are kept in memory for each directory server in the Replication Domain. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -replication-db-directory:: -[open] -==== - -Description:: -The path where the Replication Server stores all persistent information. - -Default Value:: -changelogDb - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -replication-port:: -[open] -==== - -Description:: -The port on which this Replication Server waits for connections from other Replication Servers or Directory Servers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-purge-delay:: -[open] -==== - -Description:: -The time (in seconds) after which the Replication Server erases all persistent information. - -Default Value:: -3 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of other Replication Servers to which this Replication Server tries to connect at startup time. Addresses must be specified using the syntax: "hostname:port". If IPv6 addresses are used as the hostname, they must be specified using the syntax "[IPv6Address]:port". - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the Replication Server. Each Replication Server must have a different server ID. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -weight:: -[open] -==== - -Description:: -The weight of the replication server. The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the Replication Server uses when communicating with other Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-sasl-mechanism-handler] -=== dsconfig delete-sasl-mechanism-handler — Deletes SASL Mechanism Handlers - -==== Synopsis -`dsconfig delete-sasl-mechanism-handler` {options} - -[#dsconfig-delete-sasl-mechanism-handler-description] -==== Description -Deletes SASL Mechanism Handlers. - -[#dsconfig-delete-sasl-mechanism-handler-options] -==== Options --- -The `dsconfig delete-sasl-mechanism-handler` command takes the following options: - -`--handler-name {name}`:: -The name of the SASL Mechanism Handler. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {name}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {name}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {name}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {name}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {name}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {name}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`-f | --force`:: -Ignore non-existent SASL Mechanism Handlers. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default null: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default null: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default null: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default null: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default null: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default null: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-sasl-mechanism-handler-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - --- - -[#dsconfig-delete-sasl-mechanism-handler-anonymous-sasl-mechanism-handler] -==== Anonymous SASL Mechanism Handler -SASL Mechanism Handlers of type anonymous-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.AnonymousSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-sasl-mechanism-handler-cram-md5-sasl-mechanism-handler] -==== Cram MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type cram-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper used with this SASL mechanism handler to match the authentication ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Cram MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.CRAMMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-sasl-mechanism-handler-digest-md5-sasl-mechanism-handler] -==== Digest MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.DigestMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Default Value:: -If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Allowed Values:: -Any realm string that does not contain a comma. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically. - -Allowed Values:: -The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-sasl-mechanism-handler-external-sasl-mechanism-handler] -==== External SASL Mechanism Handler -SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties: --- - -certificate-attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. - -Default Value:: -userCertificate - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-mapper:: -[open] -==== - -Description:: -Specifies the name of the certificate mapper that should be used to match client certificates to user entries. - -Default Value:: -None - -Allowed Values:: -The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-validation-policy:: -[open] -==== - -Description:: -Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -always:: -Always require the peer certificate to be present in the user's entry. - -ifpresent:: -If the user's entry contains one or more certificates, require that one of them match the peer certificate. - -never:: -Do not look for the peer certificate to be present in the user's entry. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.ExternalSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-sasl-mechanism-handler-gssapi-sasl-mechanism-handler] -==== GSSAPI SASL Mechanism Handler -SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.GSSAPISASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -kdc-address:: -[open] -==== - -Description:: -Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration. - -Default Value:: -The server attempts to determine the KDC address from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -keytab:: -[open] -==== - -Description:: -Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root. - -Default Value:: -The server attempts to use the system-wide default keytab. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -principal-name:: -[open] -==== - -Description:: -Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/". - -Default Value:: -The server attempts to determine the principal name from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realm to be used for GSSAPI authentication. - -Default Value:: -The server attempts to determine the realm from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the system. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically . - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-sasl-mechanism-handler-plain-sasl-mechanism-handler] -==== Plain SASL Mechanism Handler -SASL Mechanism Handlers of type plain-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Plain SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.PlainSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-schema-provider] -=== dsconfig delete-schema-provider — Deletes Schema Providers - -==== Synopsis -`dsconfig delete-schema-provider` {options} - -[#dsconfig-delete-schema-provider-description] -==== Description -Deletes Schema Providers. - -[#dsconfig-delete-schema-provider-options] -==== Options --- -The `dsconfig delete-schema-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the Schema Provider. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {name}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-schema-provider-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`-f | --force`:: -Ignore non-existent Schema Providers. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default null: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-schema-provider-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - --- - -[#dsconfig-delete-schema-provider-core-schema] -==== Core Schema -Schema Providers of type core-schema have the following properties: --- - -allow-zero-length-values-directory-string:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed for directory string. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disabled-matching-rule:: -[open] -==== - -Description:: -The set of disabled matching rules. Matching rules must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled matching rule. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-syntax:: -[open] -==== - -Description:: -The set of disabled syntaxes. Syntaxes must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled syntax, or NONE - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Schema Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Core Schema implementation. - -Default Value:: -org.opends.server.schema.CoreSchemaProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.schema.SchemaProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strict-format-country-string:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strip-syntax-min-upper-bound-attribute-type-description:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-synchronization-provider] -=== dsconfig delete-synchronization-provider — Deletes Synchronization Providers - -==== Synopsis -`dsconfig delete-synchronization-provider` {options} - -[#dsconfig-delete-synchronization-provider-description] -==== Description -Deletes Synchronization Providers. - -[#dsconfig-delete-synchronization-provider-options] -==== Options --- -The `dsconfig delete-synchronization-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the Synchronization Provider. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {name}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-synchronization-provider-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`-f | --force`:: -Ignore non-existent Synchronization Providers. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default null: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-synchronization-provider-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - --- - -[#dsconfig-delete-synchronization-provider-replication-synchronization-provider] -==== Replication Synchronization Provider -Synchronization Providers of type replication-synchronization-provider have the following properties: --- - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to peers and when performing SSL negotiation. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Synchronization Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Replication Synchronization Provider implementation. - -Default Value:: -org.opends.server.replication.plugin.MultimasterReplication - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SynchronizationProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-update-replay-threads:: -[open] -==== - -Description:: -Specifies the number of update replay threads. This value is the number of threads created for replaying every updates received for all the replication domains. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-trust-manager-provider] -=== dsconfig delete-trust-manager-provider — Deletes Trust Manager Providers - -==== Synopsis -`dsconfig delete-trust-manager-provider` {options} - -[#dsconfig-delete-trust-manager-provider-description] -==== Description -Deletes Trust Manager Providers. - -[#dsconfig-delete-trust-manager-provider-options] -==== Options --- -The `dsconfig delete-trust-manager-provider` command takes the following options: - -`--provider-name {name}`:: -The name of the Trust Manager Provider. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {name}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-trust-manager-provider-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {name}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-trust-manager-provider-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`-f | --force`:: -Ignore non-existent Trust Manager Providers. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default null: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-trust-manager-provider-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default null: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-trust-manager-provider-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - --- - -[#dsconfig-delete-trust-manager-provider-blind-trust-manager-provider] -==== Blind Trust Manager Provider -Trust Manager Providers of type blind-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Blind Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.BlindTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-trust-manager-provider-file-based-trust-manager-provider] -==== File Based Trust Manager Provider -Trust Manager Providers of type file-based-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the trust information. It can be an absolute path or a path that is relative to the OpenDJ instance root. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -An absolute path or a path that is relative to the OpenDJ directory server instance root. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the trust store file. Valid values always include 'JKS' and 'PKCS12', but different implementations can allow other values as well. If no value is provided, then the JVM default value is used. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-delete-virtual-attribute] -=== dsconfig delete-virtual-attribute — Deletes Virtual Attributes - -==== Synopsis -`dsconfig delete-virtual-attribute` {options} - -[#dsconfig-delete-virtual-attribute-description] -==== Description -Deletes Virtual Attributes. - -[#dsconfig-delete-virtual-attribute-options] -==== Options --- -The `dsconfig delete-virtual-attribute` command takes the following options: - -`--name {name}`:: -The name of the Virtual Attribute. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {name}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {name}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {name}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {name}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {name}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {name}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {name}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {name}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {name}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {name}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {name}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {name}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {name}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {name}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`-f | --force`:: -Ignore non-existent Virtual Attributes. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default null: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default null: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default null: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default null: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default null: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default null: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default null: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default null: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default null: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default null: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default null: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default null: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default null: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default null: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-delete-virtual-attribute-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - --- - -[#dsconfig-delete-virtual-attribute-collective-attribute-subentries-virtual-attribute] -==== Collective Attribute Subentries Virtual Attribute -Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -collectiveAttributeSubentries - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-entity-tag-virtual-attribute] -==== Entity Tag Virtual Attribute -Virtual Attributes of type entity-tag-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -etag - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -checksum-algorithm:: -[open] -==== - -Description:: -The algorithm which should be used for calculating the entity tag checksum value. - -Default Value:: -adler-32 - -Allowed Values:: -[open] -====== - -adler-32:: -The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster. - -crc-32:: -The CRC-32 checksum algorithm. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -excluded-attribute:: -[open] -==== - -Description:: -The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum. - -Default Value:: -ds-sync-hist - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntityTagVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-entry-dn-virtual-attribute] -==== Entry DN Virtual Attribute -Virtual Attributes of type entry-dn-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryDN - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryDNVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-entry-uuid-virtual-attribute] -==== Entry UUID Virtual Attribute -Virtual Attributes of type entry-uuid-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryUUID - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryUUIDVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-governing-structure-rule-virtual-attribute] -==== Governing Structure Rule Virtual Attribute -Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -governingStructureRule - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-has-subordinates-virtual-attribute] -==== Has Subordinates Virtual Attribute -Virtual Attributes of type has-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -hasSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-is-member-of-virtual-attribute] -==== Is Member Of Virtual Attribute -Virtual Attributes of type is-member-of-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -isMemberOf - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.IsMemberOfVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-member-virtual-attribute] -==== Member Virtual Attribute -Virtual Attributes of type member-virtual-attribute have the following properties: --- - -allow-retrieving-membership:: -[open] -==== - -Description:: -Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.MemberVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-num-subordinates-virtual-attribute] -==== Num Subordinates Virtual Attribute -Virtual Attributes of type num-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -numSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-password-expiration-time-virtual-attribute] -==== Password Expiration Time Virtual Attribute -Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -ds-pwp-password-expiration-time - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-password-policy-subentry-virtual-attribute] -==== Password Policy Subentry Virtual Attribute -Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -pwdPolicySubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-structural-object-class-virtual-attribute] -==== Structural Object Class Virtual Attribute -Virtual Attributes of type structural-object-class-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -structuralObjectClass - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-subschema-subentry-virtual-attribute] -==== Subschema Subentry Virtual Attribute -Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -subschemaSubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-delete-virtual-attribute-user-defined-virtual-attribute] -==== User Defined Virtual Attribute -Virtual Attributes of type user-defined-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.UserDefinedVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -value:: -[open] -==== - -Description:: -Specifies the values to be included in the virtual attribute. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-access-control-handler-prop] -=== dsconfig get-access-control-handler-prop — Shows Access Control Handler properties - -==== Synopsis -`dsconfig get-access-control-handler-prop` {options} - -[#dsconfig-get-access-control-handler-prop-description] -==== Description -Shows Access Control Handler properties. - -[#dsconfig-get-access-control-handler-prop-options] -==== Options --- -The `dsconfig get-access-control-handler-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Access Control Handler properties depend on the Access Control Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Access Control Handler types: - -dsee-compat-access-control-handler:: -Default {property}: Dsee Compat Access Control Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-access-control-handler-prop-dsee-compat-access-control-handler["Dsee Compat Access Control Handler"] for the properties of this Access Control Handler type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Access Control Handler properties depend on the Access Control Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Access Control Handler types: - -dsee-compat-access-control-handler:: -Default null: Dsee Compat Access Control Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-access-control-handler-prop-dsee-compat-access-control-handler["Dsee Compat Access Control Handler"] for the properties of this Access Control Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Access Control Handler properties depend on the Access Control Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Access Control Handler types: - -dsee-compat-access-control-handler:: -Default {unit}: Dsee Compat Access Control Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-access-control-handler-prop-dsee-compat-access-control-handler["Dsee Compat Access Control Handler"] for the properties of this Access Control Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Access Control Handler properties depend on the Access Control Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Access Control Handler types: - -dsee-compat-access-control-handler:: -Default {unit}: Dsee Compat Access Control Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-access-control-handler-prop-dsee-compat-access-control-handler["Dsee Compat Access Control Handler"] for the properties of this Access Control Handler type. - -==== - --- - -[#dsconfig-get-access-control-handler-prop-dsee-compat-access-control-handler] -==== Dsee Compat Access Control Handler -Access Control Handlers of type dsee-compat-access-control-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Access Control Handler is enabled. If set to FALSE, then no access control is enforced, and any client (including unauthenticated or anonymous clients) could be allowed to perform any operation if not subject to other restrictions, such as those enforced by the privilege subsystem. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -global-aci:: -[open] -==== - -Description:: -Defines global access control rules. Global access control rules apply to all entries anywhere in the data managed by the OpenDJ directory server. The global access control rules may be overridden by more specific access control rules placed in the data. - -Default Value:: -No global access control rules are defined, which means that no access is allowed for any data in the server unless specifically granted by access control rules in the data. - -Allowed Values:: -xref:../admin-guide/chap-privileges-acis.adoc#about-acis["About Access Control Instructions"] in the __Administration Guide__ - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dsee Compat Access Control Handler implementation. - -Default Value:: -org.opends.server.authorization.dseecompat.AciHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccessControlHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Access Control Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-access-log-filtering-criteria-prop] -=== dsconfig get-access-log-filtering-criteria-prop — Shows Access Log Filtering Criteria properties - -==== Synopsis -`dsconfig get-access-log-filtering-criteria-prop` {options} - -[#dsconfig-get-access-log-filtering-criteria-prop-description] -==== Description -Shows Access Log Filtering Criteria properties. - -[#dsconfig-get-access-log-filtering-criteria-prop-options] -==== Options --- -The `dsconfig get-access-log-filtering-criteria-prop` command takes the following options: - -`--publisher-name {name}`:: -The name of the Access Log Publisher. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--criteria-name {name}`:: -The name of the Access Log Filtering Criteria. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {property}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default null: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {unit}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {unit}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - --- - -[#dsconfig-get-access-log-filtering-criteria-prop-access-log-filtering-criteria] -==== Access Log Filtering Criteria -Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties: --- - -connection-client-address-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-client-address-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-port-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections to any of the specified listener port numbers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-protocol-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx". - -Default Value:: -None - -Allowed Values:: -The protocol name as reported in the access log. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-type:: -[open] -==== - -Description:: -Filters log records based on their type. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -abandon:: -Abandon operations - -add:: -Add operations - -bind:: -Bind operations - -compare:: -Compare operations - -connect:: -Client connections - -delete:: -Delete operations - -disconnect:: -Client disconnections - -extended:: -Extended operations - -modify:: -Modify operations - -rename:: -Rename operations - -search:: -Search operations - -unbind:: -Unbind operations - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-not-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-greater-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-less-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-not-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-is-indexed:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-greater-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-less-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are members of at least one of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-not-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are not members of any of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-account-status-notification-handler-prop] -=== dsconfig get-account-status-notification-handler-prop — Shows Account Status Notification Handler properties - -==== Synopsis -`dsconfig get-account-status-notification-handler-prop` {options} - -[#dsconfig-get-account-status-notification-handler-prop-description] -==== Description -Shows Account Status Notification Handler properties. - -[#dsconfig-get-account-status-notification-handler-prop-options] -==== Options --- -The `dsconfig get-account-status-notification-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Account Status Notification Handler. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {name}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {name}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {property}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {property}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default null: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default null: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {unit}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {unit}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {unit}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {unit}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-account-status-notification-handler-prop-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - --- - -[#dsconfig-get-account-status-notification-handler-prop-error-log-account-status-notification-handler] -==== Error Log Account Status Notification Handler -Account Status Notification Handlers of type error-log-account-status-notification-handler have the following properties: --- - -account-status-notification-type:: -[open] -==== - -Description:: -Indicates which types of event can trigger an account status notification. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -account-disabled:: -Generate a notification whenever a user account has been disabled by an administrator. - -account-enabled:: -Generate a notification whenever a user account has been enabled by an administrator. - -account-expired:: -Generate a notification whenever a user authentication has failed because the account has expired. - -account-idle-locked:: -Generate a notification whenever a user account has been locked because it was idle for too long. - -account-permanently-locked:: -Generate a notification whenever a user account has been permanently locked after too many failed attempts. - -account-reset-locked:: -Generate a notification whenever a user account has been locked, because the password had been reset by an administrator but not changed by the user within the required interval. - -account-temporarily-locked:: -Generate a notification whenever a user account has been temporarily locked after too many failed attempts. - -account-unlocked:: -Generate a notification whenever a user account has been unlocked by an administrator. - -password-changed:: -Generate a notification whenever a user changes his/her own password. - -password-expired:: -Generate a notification whenever a user authentication has failed because the password has expired. - -password-expiring:: -Generate a notification whenever a password expiration warning is encountered for a user password for the first time. - -password-reset:: -Generate a notification whenever a user's password is reset by an administrator. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Error Log Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-account-status-notification-handler-prop-smtp-account-status-notification-handler] -==== SMTP Account Status Notification Handler -Account Status Notification Handlers of type smtp-account-status-notification-handler have the following properties: --- - -email-address-attribute-type:: -[open] -==== - -Description:: -Specifies which attribute in the user's entries may be used to obtain the email address when notifying the end user. You can specify more than one email address as separate values. In this case, the OpenDJ server sends a notification to all email addresses identified. - -Default Value:: -If no email address attribute types are specified, then no attempt is made to send email notification messages to end users. Only those users specified in the set of additional recipient addresses are sent the notification messages. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this account status notification handler. The values for this property should begin with the name of an account status notification type followed by a colon and the subject that should be used for the associated notification message. If an email message is generated for an account status notification type for which no subject is defined, then that message is given a generic subject. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-template-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the message template to generate the email notification messages. The values for this property should begin with the name of an account status notification type followed by a colon and the path to the template file that should be used for that notification type. If an account status notification has a notification type that is not associated with a message template file, then no email message is generated for that notification. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which notification messages are sent, either instead of or in addition to the end user for whom the notification has been generated. This may be used to ensure that server administrators also receive a copy of any notification messages that are generated. - -Default Value:: -If no additional recipient addresses are specified, then only the end users that are the subjects of the account status notifications receive the notification messages. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -send-email-as-html:: -[open] -==== - -Description:: -Indicates whether an email notification message should be sent as HTML. If this value is true, email notification messages are marked as text/html. Otherwise outgoing email messages are assumed to be plaintext and marked as text/plain. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-message-without-end-user-address:: -[open] -==== - -Description:: -Indicates whether an email notification message should be generated and sent to the set of notification recipients even if the user entry does not contain any values for any of the email address attributes (that is, in cases when it is not be possible to notify the end user). This is only applicable if both one or more email address attribute types and one or more additional recipient addresses are specified. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address from which the message is sent. Note that this does not necessarily have to be a legitimate email address. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-administration-connector-prop] -=== dsconfig get-administration-connector-prop — Shows Administration Connector properties - -==== Synopsis -`dsconfig get-administration-connector-prop` {options} - -[#dsconfig-get-administration-connector-prop-description] -==== Description -Shows Administration Connector properties. - -[#dsconfig-get-administration-connector-prop-options] -==== Options --- -The `dsconfig get-administration-connector-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Administration Connector properties depend on the Administration Connector type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Administration Connector types: - -administration-connector:: -Default {property}: Administration Connector - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-administration-connector-prop-administration-connector["Administration Connector"] for the properties of this Administration Connector type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Administration Connector properties depend on the Administration Connector type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Administration Connector types: - -administration-connector:: -Default null: Administration Connector - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-administration-connector-prop-administration-connector["Administration Connector"] for the properties of this Administration Connector type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Administration Connector properties depend on the Administration Connector type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Administration Connector types: - -administration-connector:: -Default {unit}: Administration Connector - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-administration-connector-prop-administration-connector["Administration Connector"] for the properties of this Administration Connector type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Administration Connector properties depend on the Administration Connector type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Administration Connector types: - -administration-connector:: -Default {unit}: Administration Connector - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-administration-connector-prop-administration-connector["Administration Connector"] for the properties of this Administration Connector type. - -==== - --- - -[#dsconfig-get-administration-connector-prop-administration-connector] -==== Administration Connector -Administration Connectors of type administration-connector have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Administration Connector. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Administration Connector. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that is used with the Administration Connector . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this Administration Connector should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the Administration Connector listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the Administration Connector will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Administration Connector must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that is used with the Administration Connector . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-alert-handler-prop] -=== dsconfig get-alert-handler-prop — Shows Alert Handler properties - -==== Synopsis -`dsconfig get-alert-handler-prop` {options} - -[#dsconfig-get-alert-handler-prop-description] -==== Description -Shows Alert Handler properties. - -[#dsconfig-get-alert-handler-prop-options] -==== Options --- -The `dsconfig get-alert-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Alert Handler. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {name}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {name}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {property}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {property}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default null: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default null: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {unit}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {unit}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {unit}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {unit}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-alert-handler-prop-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - --- - -[#dsconfig-get-alert-handler-prop-jmx-alert-handler] -==== JMX Alert Handler -Alert Handlers of type jmx-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.JMXAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-alert-handler-prop-smtp-alert-handler] -==== SMTP Alert Handler -Alert Handlers of type smtp-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-body:: -[open] -==== - -Description:: -Specifies the body that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which the messages should be sent. Multiple values may be provided if there should be more than one recipient. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender for messages generated by this alert handler. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-attribute-syntax-prop] -=== dsconfig get-attribute-syntax-prop — Shows Attribute Syntax properties - -==== Synopsis -`dsconfig get-attribute-syntax-prop` {options} - -[#dsconfig-get-attribute-syntax-prop-description] -==== Description -Shows Attribute Syntax properties. - -[#dsconfig-get-attribute-syntax-prop-options] -==== Options --- -The `dsconfig get-attribute-syntax-prop` command takes the following options: - -`--syntax-name {name}`:: -The name of the Attribute Syntax. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {name}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {name}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {name}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {name}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {name}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {name}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {property}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {property}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {property}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {property}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {property}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {property}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default null: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default null: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default null: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default null: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default null: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default null: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {unit}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {unit}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {unit}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {unit}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {unit}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {unit}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {unit}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {unit}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {unit}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {unit}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {unit}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {unit}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-attribute-syntax-prop-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - --- - -[#dsconfig-get-attribute-syntax-prop-attribute-type-description-attribute-syntax] -==== Attribute Type Description Attribute Syntax -Attribute Syntaxes of type attribute-type-description-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Attribute Type Description Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.AttributeTypeSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strip-syntax-min-upper-bound:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-attribute-syntax-prop-certificate-attribute-syntax] -==== Certificate Attribute Syntax -Attribute Syntaxes of type certificate-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Certificate Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CertificateSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether X.509 Certificate values are required to strictly comply with the standard definition for this syntax. When set to false, certificates will not be validated and, as a result any sequence of bytes will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-attribute-syntax-prop-country-string-attribute-syntax] -==== Country String Attribute Syntax -Attribute Syntaxes of type country-string-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Country String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CountryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-attribute-syntax-prop-directory-string-attribute-syntax] -==== Directory String Attribute Syntax -Attribute Syntaxes of type directory-string-attribute-syntax have the following properties: --- - -allow-zero-length-values:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Directory String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.DirectoryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - --- - -[#dsconfig-get-attribute-syntax-prop-jpeg-attribute-syntax] -==== JPEG Attribute Syntax -Attribute Syntaxes of type jpeg-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JPEG Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.JPEGSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require JPEG values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-attribute-syntax-prop-telephone-number-attribute-syntax] -==== Telephone Number Attribute Syntax -Attribute Syntaxes of type telephone-number-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Telephone Number Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.TelephoneNumberSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require telephone number values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-backend-index-prop] -=== dsconfig get-backend-index-prop — Shows Backend Index properties - -==== Synopsis -`dsconfig get-backend-index-prop` {options} - -[#dsconfig-get-backend-index-prop-description] -==== Description -Shows Backend Index properties. - -[#dsconfig-get-backend-index-prop-options] -==== Options --- -The `dsconfig get-backend-index-prop` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--index-name {name}`:: -The name of the Backend Index. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {property}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default null: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {unit}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {unit}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - --- - -[#dsconfig-get-backend-index-prop-backend-index] -==== Backend Index -Backend Indexes of type backend-index have the following properties: --- - -attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute for which the index is to be maintained. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Specifies whether contents of the index should be confidential. Setting the flag to true will hash keys for equality type indexes using SHA-1 and encrypt the list of entries matching a substring key for substring indexes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If the index for the attribute must be protected for security purposes and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. The property cannot be set on a backend for which confidentiality is not enabled. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that are allowed to match a given index key before that particular index key is no longer maintained. This is analogous to the ALL IDs threshold in the Sun Java System Directory Server. If this is specified, its value overrides the JE backend-wide configuration. For no limit, use 0 for the value. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If any index keys have already reached this limit, indexes must be rebuilt before they will be allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-extensible-matching-rule:: -[open] -==== - -Description:: -The extensible matching rule in an extensible index. An extensible matching rule must be specified using either LOCALE or OID of the matching rule. - -Default Value:: -No extensible matching rules will be indexed. - -Allowed Values:: -A Locale or an OID. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-type:: -[open] -==== - -Description:: -Specifies the type(s) of indexing that should be performed for the associated attribute. For equality, presence, and substring index types, the associated attribute type must have a corresponding matching rule. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -approximate:: -This index type is used to improve the efficiency of searches using approximate matching search filters. - -equality:: -This index type is used to improve the efficiency of searches using equality search filters. - -extensible:: -This index type is used to improve the efficiency of searches using extensible matching search filters. - -ordering:: -This index type is used to improve the efficiency of searches using "greater than or equal to" or "less then or equal to" search filters. - -presence:: -This index type is used to improve the efficiency of searches using the presence search filters. - -substring:: -This index type is used to improve the efficiency of searches using substring search filters. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -If any new index types are added for an attribute, and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. - -Advanced Property:: -No - -Read-only:: -No - -==== - -substring-length:: -[open] -==== - -Description:: -The length of substrings in a substring index. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 3. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-backend-prop] -=== dsconfig get-backend-prop — Shows Backend properties - -==== Synopsis -`dsconfig get-backend-prop` {options} - -[#dsconfig-get-backend-prop-description] -==== Description -Shows Backend properties. - -[#dsconfig-get-backend-prop-options] -==== Options --- -The `dsconfig get-backend-prop` command takes the following options: - -`--backend-name {name}`:: -The name of the Backend. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {name}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {name}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {name}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {name}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {name}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {name}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {name}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {name}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {name}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {name}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {property}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {property}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {property}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {property}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {property}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {property}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {property}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {property}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {property}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {property}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default null: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default null: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default null: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default null: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default null: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default null: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default null: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default null: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default null: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default null: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {unit}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {unit}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {unit}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {unit}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {unit}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {unit}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {unit}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {unit}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {unit}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {unit}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {unit}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {unit}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {unit}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {unit}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {unit}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {unit}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {unit}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {unit}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {unit}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {unit}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-backend-prop-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - --- - -[#dsconfig-get-backend-prop-backup-backend] -==== Backup Backend -Backends of type backup-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -backup-directory:: -[open] -==== - -Description:: -Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.BackupBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-je-backend] -==== JE Backend -Backends of type je-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-bytes-interval:: -[open] -==== - -Description:: -Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero. - -Default Value:: -500mb - -Allowed Values:: -Upper value is 9223372036854775807. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero. - -Default Value:: -30s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 4294 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-cleaner-min-utilization:: -[open] -==== - -Description:: -Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-core-threads:: -[open] -==== - -Description:: -Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-keep-alive:: -[open] -==== - -Description:: -The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -600s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 86400 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-lru-only:: -[open] -==== - -Description:: -Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-max-threads:: -[open] -==== - -Description:: -Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-nodes-per-scan:: -[open] -==== - -Description:: -Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 1000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-file-max:: -[open] -==== - -Description:: -Specifies the maximum size for a database log file. - -Default Value:: -100mb - -Allowed Values:: -Lower value is 1000000.Upper value is 4294967296. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-filecache-size:: -[open] -==== - -Description:: -Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 3. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-file-handler-on:: -[open] -==== - -Description:: -Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-level:: -[open] -==== - -Description:: -Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL. - -Default Value:: -CONFIG - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-cleaner-threads:: -[open] -==== - -Description:: -Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-lock-tables:: -[open] -==== - -Description:: -Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 32767. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-run-cleaner:: -[open] -==== - -Description:: -Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-write-no-sync:: -[open] -==== - -Description:: -Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.jeb.JEBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -je-property:: -[open] -==== - -Description:: -Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-ldif-backend] -==== LDIF Backend -Backends of type ldif-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -is-private-backend:: -[open] -==== - -Description:: -Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.LDIFBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-file:: -[open] -==== - -Description:: -Specifies the path to the LDIF file containing the data for this backend. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-memory-backend] -==== Memory Backend -Backends of type memory-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MemoryBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-monitor-backend] -==== Monitor Backend -Backends of type monitor-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MonitorBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-null-backend] -==== Null Backend -Backends of type null-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.NullBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-pdb-backend] -==== PDB Backend -Backends of type pdb-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time. - -Default Value:: -15s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 10 seconds.Upper limit is 3600 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.pdb.PDBBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-schema-backend] -==== Schema Backend -Backends of type schema-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.SchemaBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -schema-entry-dn:: -[open] -==== - -Description:: -Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. - -Default Value:: -cn=schema - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-task-backend] -==== Task Backend -Backends of type task-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.task.TaskBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -notification-sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution. - -Default Value:: -The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-backing-file:: -[open] -==== - -Description:: -Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-retention-time:: -[open] -==== - -Description:: -Specifies the length of time that task entries should be retained after processing on the associated task has been completed. - -Default Value:: -24 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-backend-prop-trust-store-backend] -==== Trust Store Backend -Backends of type trust-store-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.TrustStoreBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root. - -Default Value:: -config/ads-truststore - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. - -Default Value:: -The JVM default value is used. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect the next time that the key manager is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-backend-vlv-index-prop] -=== dsconfig get-backend-vlv-index-prop — Shows Backend VLV Index properties - -==== Synopsis -`dsconfig get-backend-vlv-index-prop` {options} - -[#dsconfig-get-backend-vlv-index-prop-description] -==== Description -Shows Backend VLV Index properties. - -[#dsconfig-get-backend-vlv-index-prop-options] -==== Options --- -The `dsconfig get-backend-vlv-index-prop` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--index-name {name}`:: -The name of the Backend VLV Index. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {property}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default null: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {unit}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {unit}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - --- - -[#dsconfig-get-backend-vlv-index-prop-backend-vlv-index] -==== Backend VLV Index -Backend VLV Indexes of type backend-vlv-index have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN used in the search query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the LDAP filter used in the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid LDAP search filter. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -name:: -[open] -==== - -Description:: -Specifies a unique name for this VLV index. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -The VLV index name cannot be altered after the index is created. - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope of the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -sort-order:: -[open] -==== - -Description:: -Specifies the names of the attributes that are used to sort the entries for the query being indexed. Multiple attributes can be used to determine the sort order by listing the attribute names from highest to lowest precedence. Optionally, + or - can be prefixed to the attribute name to sort the attribute in ascending order or descending order respectively. - -Default Value:: -None - -Allowed Values:: -Valid attribute types defined in the schema, separated by a space and optionally prefixed by + or -. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-certificate-mapper-prop] -=== dsconfig get-certificate-mapper-prop — Shows Certificate Mapper properties - -==== Synopsis -`dsconfig get-certificate-mapper-prop` {options} - -[#dsconfig-get-certificate-mapper-prop-description] -==== Description -Shows Certificate Mapper properties. - -[#dsconfig-get-certificate-mapper-prop-options] -==== Options --- -The `dsconfig get-certificate-mapper-prop` command takes the following options: - -`--mapper-name {name}`:: -The name of the Certificate Mapper. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {name}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {name}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {name}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {name}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {property}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {property}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {property}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {property}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default null: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default null: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default null: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default null: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {unit}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {unit}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {unit}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {unit}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {unit}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {unit}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {unit}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {unit}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-certificate-mapper-prop-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - --- - -[#dsconfig-get-certificate-mapper-prop-fingerprint-certificate-mapper] -==== Fingerprint Certificate Mapper -Certificate Mappers of type fingerprint-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-algorithm:: -[open] -==== - -Description:: -Specifies the name of the digest algorithm to compute the fingerprint of client certificates. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -md5:: -Use the MD5 digest algorithm to compute certificate fingerprints. - -sha1:: -Use the SHA-1 digest algorithm to compute certificate fingerprints. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-attribute:: -[open] -==== - -Description:: -Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.FingerprintCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. - -Default Value:: -The server performs the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper] -==== Subject Attribute To User Attribute Certificate Mapper -Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute-mapping:: -[open] -==== - -Description:: -Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper] -==== Subject DN To User Attribute Certificate Mapper -Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-certificate-mapper-prop-subject-equals-dn-certificate-mapper] -==== Subject Equals DN Certificate Mapper -Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectEqualsDNCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-connection-handler-prop] -=== dsconfig get-connection-handler-prop — Shows Connection Handler properties - -==== Synopsis -`dsconfig get-connection-handler-prop` {options} - -[#dsconfig-get-connection-handler-prop-description] -==== Description -Shows Connection Handler properties. - -[#dsconfig-get-connection-handler-prop-options] -==== Options --- -The `dsconfig get-connection-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Connection Handler. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {name}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {name}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {name}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {name}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {name}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {property}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {property}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {property}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {property}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {property}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default null: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default null: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default null: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default null: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default null: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {unit}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {unit}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {unit}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {unit}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {unit}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {unit}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {unit}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {unit}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {unit}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {unit}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-connection-handler-prop-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - --- - -[#dsconfig-get-connection-handler-prop-http-connection-handler] -==== HTTP Connection Handler -Connection Handlers of type http-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.http.HTTPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-concurrent-ops-per-connection:: -[open] -==== - -Description:: -Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-connection-handler-prop-jmx-connection-handler] -==== JMX Connection Handler -Connection Handlers of type jmx-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.jmx.JmxConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this JMX Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -rmi-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-connection-handler-prop-ldap-connection-handler] -==== LDAP Connection Handler -Connection Handlers of type ldap-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-ldap-v2:: -[open] -==== - -Description:: -Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-start-tls:: -[open] -==== - -Description:: -Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.ldap.LDAPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-rejection-notice:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-connection-handler-prop-ldif-connection-handler] -==== LDIF Connection Handler -Connection Handlers of type ldif-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.LDIFConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-directory:: -[open] -==== - -Description:: -Specifies the path to the directory in which the LDIF files should be placed. - -Default Value:: -config/auto-process-ldif - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -poll-interval:: -[open] -==== - -Description:: -Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-connection-handler-prop-snmp-connection-handler] -==== SNMP Connection Handler -Connection Handlers of type snmp-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-manager:: -[open] -==== - -Description:: -Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-user:: -[open] -==== - -Description:: -Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -community:: -[open] -==== - -Description:: -Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. - -Default Value:: -org.opends.server.snmp.SNMPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -opendmk-jarfile:: -[open] -==== - -Description:: -Indicates the OpenDMK runtime jar file location - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -registered-mbean:: -[open] -==== - -Description:: -Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-agent-file:: -[open] -==== - -Description:: -Specifies the USM security configuration to receive authenticated only SNMP requests. - -Default Value:: -config/snmp/security/opendj-snmp.security - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-level:: -[open] -==== - -Description:: -Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. - -Default Value:: -authnopriv - -Allowed Values:: -[open] -====== - -authnopriv:: -Authentication activated with no privacy. - -authpriv:: -Authentication with privacy activated. - -noauthnopriv:: -No security mechanisms activated. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -trap-port:: -[open] -==== - -Description:: -Specifies the port to use to send SNMP Traps. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-community:: -[open] -==== - -Description:: -Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-destination:: -[open] -==== - -Description:: -Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess. - -Default Value:: -If the list is empty, V1 traps are sent to "localhost". - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-crypto-manager-prop] -=== dsconfig get-crypto-manager-prop — Shows Crypto Manager properties - -==== Synopsis -`dsconfig get-crypto-manager-prop` {options} - -[#dsconfig-get-crypto-manager-prop-description] -==== Description -Shows Crypto Manager properties. - -[#dsconfig-get-crypto-manager-prop-options] -==== Options --- -The `dsconfig get-crypto-manager-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Crypto Manager properties depend on the Crypto Manager type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Crypto Manager types: - -crypto-manager:: -Default {property}: Crypto Manager - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-crypto-manager-prop-crypto-manager["Crypto Manager"] for the properties of this Crypto Manager type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Crypto Manager properties depend on the Crypto Manager type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Crypto Manager types: - -crypto-manager:: -Default null: Crypto Manager - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-crypto-manager-prop-crypto-manager["Crypto Manager"] for the properties of this Crypto Manager type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Crypto Manager properties depend on the Crypto Manager type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Crypto Manager types: - -crypto-manager:: -Default {unit}: Crypto Manager - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-crypto-manager-prop-crypto-manager["Crypto Manager"] for the properties of this Crypto Manager type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Crypto Manager properties depend on the Crypto Manager type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Crypto Manager types: - -crypto-manager:: -Default {unit}: Crypto Manager - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-crypto-manager-prop-crypto-manager["Crypto Manager"] for the properties of this Crypto Manager type. - -==== - --- - -[#dsconfig-get-crypto-manager-prop-crypto-manager] -==== Crypto Manager -Crypto Managers of type crypto-manager have the following properties: --- - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server using the syntax algorithm/mode/padding. The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -digest-algorithm:: -[open] -==== - -Description:: -Specifies the preferred message digest algorithm for the directory server. - -Default Value:: -SHA-1 - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-wrapping-transformation:: -[open] -==== - -Description:: -The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology. - -Default Value:: -RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -mac-algorithm:: -[open] -==== - -Description:: -Specifies the preferred MAC algorithm for the directory server. - -Default Value:: -HmacSHA1 - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mac-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred MAC algorithm. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the Crypto Manager should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Crypto Manager is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Crypto Manager must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-encryption:: -[open] -==== - -Description:: -Specifies whether SSL/TLS is used to provide encrypted communication between two OpenDJ server components. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-debug-target-prop] -=== dsconfig get-debug-target-prop — Shows Debug Target properties - -==== Synopsis -`dsconfig get-debug-target-prop` {options} - -[#dsconfig-get-debug-target-prop-description] -==== Description -Shows Debug Target properties. - -[#dsconfig-get-debug-target-prop-options] -==== Options --- -The `dsconfig get-debug-target-prop` command takes the following options: - -`--publisher-name {name}`:: -The name of the Debug Log Publisher. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--target-name {name}`:: -The name of the Debug Target. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {property}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default null: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {unit}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {unit}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - --- - -[#dsconfig-get-debug-target-prop-debug-target] -==== Debug Target -Debug Targets of type debug-target have the following properties: --- - -debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -debug-scope:: -[open] -==== - -Description:: -Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). - -Default Value:: -None - -Allowed Values:: -The fully-qualified OpenDJ Java package, class, or method name. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Debug Target is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-throwable-cause:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the cause of exceptions in exception thrown and caught messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-entry-arguments:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include method arguments in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-return-value:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the return value in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -throwable-stack-frames:: -[open] -==== - -Description:: -Specifies the property to indicate the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-entry-cache-prop] -=== dsconfig get-entry-cache-prop — Shows Entry Cache properties - -==== Synopsis -`dsconfig get-entry-cache-prop` {options} - -[#dsconfig-get-entry-cache-prop-description] -==== Description -Shows Entry Cache properties. - -[#dsconfig-get-entry-cache-prop-options] -==== Options --- -The `dsconfig get-entry-cache-prop` command takes the following options: - -`--cache-name {name}`:: -The name of the Entry Cache. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {name}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {name}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {property}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {property}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default null: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default null: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {unit}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {unit}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {unit}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {unit}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-entry-cache-prop-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - --- - -[#dsconfig-get-entry-cache-prop-fifo-entry-cache] -==== FIFO Entry Cache -Entry Caches of type fifo-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the FIFO Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.FIFOEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time to wait while attempting to acquire a read or write lock. - -Default Value:: -2000.0ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-entries:: -[open] -==== - -Description:: -Specifies the maximum number of entries that we will allow in the cache. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-memory-percent:: -[open] -==== - -Description:: -Specifies the maximum percentage of JVM memory used by the server before the entry caches stops caching and begins purging itself. Very low settings such as 10 or 20 (percent) can prevent this entry cache from having enough space to hold any of the entries to cache, making it appear that the server is ignoring or skipping the entry cache entirely. - -Default Value:: -90 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 100. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-entry-cache-prop-soft-reference-entry-cache] -==== Soft Reference Entry Cache -Entry Caches of type soft-reference-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Soft Reference Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.SoftReferenceEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time in milliseconds to wait while attempting to acquire a read or write lock. - -Default Value:: -3000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-extended-operation-handler-prop] -=== dsconfig get-extended-operation-handler-prop — Shows Extended Operation Handler properties - -==== Synopsis -`dsconfig get-extended-operation-handler-prop` {options} - -[#dsconfig-get-extended-operation-handler-prop-description] -==== Description -Shows Extended Operation Handler properties. - -[#dsconfig-get-extended-operation-handler-prop-options] -==== Options --- -The `dsconfig get-extended-operation-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Extended Operation Handler. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {name}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {name}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {name}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {name}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {name}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {name}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {name}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {property}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {property}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {property}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {property}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {property}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {property}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {property}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default null: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default null: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default null: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default null: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default null: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default null: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default null: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {unit}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {unit}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {unit}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {unit}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {unit}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {unit}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {unit}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {unit}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {unit}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {unit}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {unit}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {unit}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {unit}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {unit}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-extended-operation-handler-prop-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-cancel-extended-operation-handler] -==== Cancel Extended Operation Handler -Extended Operation Handlers of type cancel-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Cancel Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.CancelExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-get-connection-id-extended-operation-handler] -==== Get Connection Id Extended Operation Handler -Extended Operation Handlers of type get-connection-id-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Connection Id Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.GetConnectionIDExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler] -==== Get Symmetric Key Extended Operation Handler -Extended Operation Handlers of type get-symmetric-key-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Symmetric Key Extended Operation Handler implementation. - -Default Value:: -org.opends.server.crypto.GetSymmetricKeyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-password-modify-extended-operation-handler] -==== Password Modify Extended Operation Handler -Extended Operation Handlers of type password-modify-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that should be used in conjunction with the password modify extended operation. This property is used to identify a user based on an authorization ID in the 'u:' form. Changes to this property take effect immediately. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Password Modify Extended Operation Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Modify Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordModifyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-password-policy-state-extended-operation-handler] -==== Password Policy State Extended Operation Handler -Extended Operation Handlers of type password-policy-state-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Policy State Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordPolicyStateExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-start-tls-extended-operation-handler] -==== Start TLS Extended Operation Handler -Extended Operation Handlers of type start-tls-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Start TLS Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.StartTLSExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-extended-operation-handler-prop-who-am-i-extended-operation-handler] -==== Who Am I Extended Operation Handler -Extended Operation Handlers of type who-am-i-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Who Am I Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.WhoAmIExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-external-changelog-domain-prop] -=== dsconfig get-external-changelog-domain-prop — Shows External Changelog Domain properties - -==== Synopsis -`dsconfig get-external-changelog-domain-prop` {options} - -[#dsconfig-get-external-changelog-domain-prop-description] -==== Description -Shows External Changelog Domain properties. - -[#dsconfig-get-external-changelog-domain-prop-options] -==== Options --- -The `dsconfig get-external-changelog-domain-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {name}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`--domain-name {name}`:: -The name of the Replication Domain. -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {name}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {property}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default null: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {unit}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {unit}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - --- - -[#dsconfig-get-external-changelog-domain-prop-external-changelog-domain] -==== External Changelog Domain -External Changelog Domains of type external-changelog-domain have the following properties: --- - -ecl-include:: -[open] -==== - -Description:: -Specifies a list of attributes which should be published with every change log entry, regardless of whether the attribute itself has changed. The list of attributes may include wild cards such as "*" and "+" as well as object class references prefixed with an ampersand, for example "@person". The included attributes will be published using the "includedAttributes" operational attribute as a single LDIF value rather like the "changes" attribute. For modify and modifyDN operations the included attributes will be taken from the entry before any changes were applied. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ecl-include-for-deletes:: -[open] -==== - -Description:: -Specifies a list of attributes which should be published with every delete operation change log entry, in addition to those specified by the "ecl-include" property. This property provides a means for applications to archive entries after they have been deleted. See the description of the "ecl-include" property for further information about how the included attributes are published. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the External Changelog Domain is enabled. To enable computing the change numbers, set the Replication Server's "ds-cfg-compute-change-number" property to true. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-global-configuration-prop] -=== dsconfig get-global-configuration-prop — Shows Global Configuration properties - -==== Synopsis -`dsconfig get-global-configuration-prop` {options} - -[#dsconfig-get-global-configuration-prop-description] -==== Description -Shows Global Configuration properties. - -[#dsconfig-get-global-configuration-prop-options] -==== Options --- -The `dsconfig get-global-configuration-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Global Configuration properties depend on the Global Configuration type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Global Configuration types: - -global:: -Default {property}: Global Configuration - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-global-configuration-prop-global["Global Configuration"] for the properties of this Global Configuration type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Global Configuration properties depend on the Global Configuration type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Global Configuration types: - -global:: -Default null: Global Configuration - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-global-configuration-prop-global["Global Configuration"] for the properties of this Global Configuration type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Global Configuration properties depend on the Global Configuration type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Global Configuration types: - -global:: -Default {unit}: Global Configuration - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-global-configuration-prop-global["Global Configuration"] for the properties of this Global Configuration type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Global Configuration properties depend on the Global Configuration type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Global Configuration types: - -global:: -Default {unit}: Global Configuration - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-global-configuration-prop-global["Global Configuration"] for the properties of this Global Configuration type. - -==== - --- - -[#dsconfig-get-global-configuration-prop-global] -==== Global Configuration -Global Configurations of type global have the following properties: --- - -add-missing-rdn-attributes:: -[open] -==== - -Description:: -Indicates whether the directory server should automatically add any attribute values contained in the entry's RDN into that entry when processing an add request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-attribute-name-exceptions:: -[open] -==== - -Description:: -Indicates whether the directory server should allow underscores in attribute names and allow attribute names to begin with numeric digits (both of which are violations of the LDAP standards). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-task:: -[open] -==== - -Description:: -Specifies the fully-qualified name of a Java class that may be invoked in the server. Any attempt to invoke a task not included in the list of allowed tasks is rejected. - -Default Value:: -If no values are defined, then the server does not allow any tasks to be invoked. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -bind-with-dn-requires-password:: -[open] -==== - -Description:: -Indicates whether the directory server should reject any simple bind request that contains a DN but no password. Although such bind requests are technically allowed by the LDAPv3 specification (and should be treated as anonymous simple authentication), they may introduce security problems in applications that do not verify that the client actually provided a password. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-schema:: -[open] -==== - -Description:: -Indicates whether schema enforcement is active. When schema enforcement is activated, the directory server ensures that all operations result in entries are valid according to the defined server schema. It is strongly recommended that this option be left enabled to prevent the inadvertent addition of invalid data into the server. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-password-policy:: -[open] -==== - -Description:: -Specifies the name of the password policy that is in effect for users whose entries do not specify an alternate password policy (either via a real or virtual attribute). In addition, the default password policy will be used for providing default parameters for sub-entry based password policies when not provided or supported by the sub-entry itself. This property must reference a password policy and no other type of authentication policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Policy. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-privilege:: -[open] -==== - -Description:: -Specifies the name of a privilege that should not be evaluated by the server. If a privilege is disabled, then it is assumed that all clients (including unauthenticated clients) have that privilege. - -Default Value:: -If no values are defined, then the server enforces all privileges. - -Allowed Values:: -[open] -====== - -backend-backup:: -Allows the user to request that the server process backup tasks. - -backend-restore:: -Allows the user to request that the server process restore tasks. - -bypass-acl:: -Allows the associated user to bypass access control checks performed by the server. - -bypass-lockdown:: -Allows the associated user to bypass server lockdown mode. - -cancel-request:: -Allows the user to cancel operations in progress on other client connections. - -changelog-read:: -The privilege that provides the ability to perform read operations on the changelog - -config-read:: -Allows the associated user to read the server configuration. - -config-write:: -Allows the associated user to update the server configuration. The config-read privilege is also required. - -data-sync:: -Allows the user to participate in data synchronization. - -disconnect-client:: -Allows the user to terminate other client connections. - -jmx-notify:: -Allows the associated user to subscribe to receive JMX notifications. - -jmx-read:: -Allows the associated user to perform JMX read operations. - -jmx-write:: -Allows the associated user to perform JMX write operations. - -ldif-export:: -Allows the user to request that the server process LDIF export tasks. - -ldif-import:: -Allows the user to request that the server process LDIF import tasks. - -modify-acl:: -Allows the associated user to modify the server's access control configuration. - -password-reset:: -Allows the user to reset user passwords. - -privilege-change:: -Allows the user to make changes to the set of defined root privileges, as well as to grant and revoke privileges for users. - -proxied-auth:: -Allows the user to use the proxied authorization control, or to perform a bind that specifies an alternate authorization identity. - -server-lockdown:: -Allows the user to place and bring the server of lockdown mode. - -server-restart:: -Allows the user to request that the server perform an in-core restart. - -server-shutdown:: -Allows the user to request that the server shut down. - -subentry-write:: -Allows the associated user to perform LDAP subentry write operations. - -unindexed-search:: -Allows the user to request that the server process a search that cannot be optimized using server indexes. - -update-schema:: -Allows the user to make changes to the server schema. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -etime-resolution:: -[open] -==== - -Description:: -Specifies the resolution to use for operation elapsed processing time (etime) measurements. - -Default Value:: -milliseconds - -Allowed Values:: -[open] -====== - -milliseconds:: -Use millisecond resolution. - -nanoseconds:: -Use nanosecond resolution. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that a client connection may remain established since its last completed operation. A value of "0 seconds" indicates that no idle time limit is enforced. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invalid-attribute-syntax-behavior:: -[open] -==== - -Description:: -Specifies how the directory server should handle operations whenever an attribute value violates the associated attribute syntax. - -Default Value:: -reject - -Allowed Values:: -[open] -====== - -accept:: -The directory server silently accepts attribute values that are invalid according to their associated syntax. Matching operations targeting those values may not behave as expected. - -reject:: -The directory server rejects attribute values that are invalid according to their associated syntax. - -warn:: -The directory server accepts attribute values that are invalid according to their associated syntax, but also logs a warning message to the error log. Matching operations targeting those values may not behave as expected. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lookthrough-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that the directory server should "look through" in the course of processing a search request. This includes any entry that the server must examine in the course of processing the request, regardless of whether it actually matches the search criteria. A value of 0 indicates that no lookthrough limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-lookthrough-limit operational attribute. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-allowed-client-connections:: -[open] -==== - -Description:: -Specifies the maximum number of client connections that may be established at any given time A value of 0 indicates that unlimited client connection is allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-internal-buffer-size:: -[open] -==== - -Description:: -The threshold capacity beyond which internal cached buffers used for encoding and decoding entries and protocol messages will be trimmed after use. Individual buffers may grow very large when encoding and decoding large entries and protocol messages and should be reduced in size when they are no longer needed. This setting specifies the threshold at which a buffer is determined to have grown too big and should be trimmed down after use. - -Default Value:: -32 KB - -Allowed Values:: -Lower value is 512.Upper value is 1000000000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-psearches:: -[open] -==== - -Description:: -Defines the maximum number of concurrent persistent searches that can be performed on directory server The persistent search mechanism provides an active channel through which entries that change, and information about the changes that occur, can be communicated. Because each persistent search operation consumes resources, limiting the number of simultaneous persistent searches keeps the performance impact minimal. A value of -1 indicates that there is no limit on the persistent searches. - -Default Value:: --1 - -Allowed Values:: -An integer value. Lower value is 0. A value of "-1" or "unlimited" for no limit. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -notify-abandoned-operations:: -[open] -==== - -Description:: -Indicates whether the directory server should send a response to any operation that is interrupted via an abandon request. The LDAP specification states that abandoned operations should not receive any response, but this may cause problems with client applications that always expect to receive a response to each request. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -proxied-authorization-identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper to map authorization ID values (using the "u:" form) provided in the proxied authorization control to the corresponding user entry. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -reject-unauthenticated-requests:: -[open] -==== - -Description:: -Indicates whether the directory server should reject any request (other than bind or StartTLS requests) received from a client that has not yet been authenticated, whose last authentication attempt was unsuccessful, or whose last authentication attempt used anonymous authentication. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -return-bind-error-messages:: -[open] -==== - -Description:: -Indicates whether responses for failed bind operations should include a message string providing the reason for the authentication failure. Note that these messages may include information that could potentially be used by an attacker. If this option is disabled, then these messages appears only in the server's access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -save-config-on-successful-startup:: -[open] -==== - -Description:: -Indicates whether the directory server should save a copy of its configuration whenever the startup process completes successfully. This ensures that the server provides a "last known good" configuration, which can be used as a reference (or copied into the active config) if the server fails to start with the current "active" configuration. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-error-result-code:: -[open] -==== - -Description:: -Specifies the numeric value of the result code when request processing fails due to an internal server error. - -Default Value:: -80 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -single-structural-objectclass-behavior:: -[open] -==== - -Description:: -Specifies how the directory server should handle operations an entry does not contain a structural object class or contains multiple structural classes. - -Default Value:: -reject - -Allowed Values:: -[open] -====== - -accept:: -The directory server silently accepts entries that do not contain exactly one structural object class. Certain schema features that depend on the entry's structural class may not behave as expected. - -reject:: -The directory server rejects entries that do not contain exactly one structural object class. - -warn:: -The directory server accepts entries that do not contain exactly one structural object class, but also logs a warning message to the error log. Certain schema features that depend on the entry's structural class may not behave as expected. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -size-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that can be returned to the client during a single search operation. A value of 0 indicates that no size limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-size-limit operational attribute. - -Default Value:: -1000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -smtp-server:: -[open] -==== - -Description:: -Specifies the address (and optional port number) for a mail server that can be used to send email messages via SMTP. It may be an IP address or resolvable hostname, optionally followed by a colon and a port number. - -Default Value:: -If no values are defined, then the server cannot send email via SMTP. - -Allowed Values:: -A hostname, optionally followed by a ":" followed by a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that should be spent processing a single search operation. A value of 0 seconds indicates that no time limit is enforced. Note that this is the default server-wide time limit, but it may be overridden on a per-user basis using the ds-rlim-time-limit operational attribute. - -Default Value:: -60 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-transaction-ids:: -[open] -==== - -Description:: -Indicates whether the directory server should trust the transaction ids that may be received from requests, either through a LDAP control or through a HTTP header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the kinds of write operations the directory server can process. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -The directory server rejects all write operations that are requested of it, regardless of their origin. - -enabled:: -The directory server attempts to process all write operations that are requested of it, regardless of their origin. - -internal-only:: -The directory server attempts to process write operations requested as internal operations or through synchronization, but rejects any such operations requested from external clients. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-group-implementation-prop] -=== dsconfig get-group-implementation-prop — Shows Group Implementation properties - -==== Synopsis -`dsconfig get-group-implementation-prop` {options} - -[#dsconfig-get-group-implementation-prop-description] -==== Description -Shows Group Implementation properties. - -[#dsconfig-get-group-implementation-prop-options] -==== Options --- -The `dsconfig get-group-implementation-prop` command takes the following options: - -`--implementation-name {name}`:: -The name of the Group Implementation. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {name}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {name}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {name}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {property}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {property}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {property}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default null: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default null: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default null: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {unit}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {unit}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {unit}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {unit}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {unit}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {unit}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-group-implementation-prop-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - --- - -[#dsconfig-get-group-implementation-prop-dynamic-group-implementation] -==== Dynamic Group Implementation -Group Implementations of type dynamic-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dynamic Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.DynamicGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-group-implementation-prop-static-group-implementation] -==== Static Group Implementation -Group Implementations of type static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.StaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-group-implementation-prop-virtual-static-group-implementation] -==== Virtual Static Group Implementation -Group Implementations of type virtual-static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Virtual Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.VirtualStaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-http-authorization-mechanism-prop] -=== dsconfig get-http-authorization-mechanism-prop — Shows HTTP Authorization Mechanism properties - -==== Synopsis -`dsconfig get-http-authorization-mechanism-prop` {options} - -[#dsconfig-get-http-authorization-mechanism-prop-description] -==== Description -Shows HTTP Authorization Mechanism properties. - -[#dsconfig-get-http-authorization-mechanism-prop-options] -==== Options --- -The `dsconfig get-http-authorization-mechanism-prop` command takes the following options: - -`--mechanism-name {name}`:: -The name of the HTTP Authorization Mechanism. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {name}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {name}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {name}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {name}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {name}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {name}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {property}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {property}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {property}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {property}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {property}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {property}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default null: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default null: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default null: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default null: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default null: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default null: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {unit}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {unit}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {unit}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {unit}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {unit}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {unit}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - --- - -[#dsconfig-get-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism] -==== HTTP Anonymous Authorization Mechanism -HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-dn:: -[open] -==== - -Description:: -The authorization DN which will be used for performing anonymous operations. - -Default Value:: -By default, operations will be performed using an anonymously bound connection. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-http-authorization-mechanism-prop-http-basic-authorization-mechanism] -==== HTTP Basic Authorization Mechanism -HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties: --- - -alt-authentication-enabled:: -[open] -==== - -Description:: -Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-password-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's password from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-username-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's name from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism] -==== HTTP Oauth2 Cts Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism] -==== HTTP Oauth2 File Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-directory:: -[open] -==== - -Description:: -Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. - -Default Value:: -oauth2-demo/ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism] -==== HTTP Oauth2 Openam Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism . - -Default Value:: -By default the system key manager(s) will be used. - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-info-url:: -[open] -==== - -Description:: -Defines the OpenAM endpoint URL where the access-token resolution request should be sent. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism] -==== HTTP Oauth2 Token Introspection Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-id:: -[open] -==== - -Description:: -Client's ID to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-secret:: -[open] -==== - -Description:: -Client's secret to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-introspection-url:: -[open] -==== - -Description:: -Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-http-endpoint-prop] -=== dsconfig get-http-endpoint-prop — Shows HTTP Endpoint properties - -==== Synopsis -`dsconfig get-http-endpoint-prop` {options} - -[#dsconfig-get-http-endpoint-prop-description] -==== Description -Shows HTTP Endpoint properties. - -[#dsconfig-get-http-endpoint-prop-options] -==== Options --- -The `dsconfig get-http-endpoint-prop` command takes the following options: - -`--endpoint-name {name}`:: -The name of the HTTP Endpoint. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {name}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {name}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {property}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {property}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default null: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default null: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {unit}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {unit}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {unit}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {unit}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-http-endpoint-prop-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - --- - -[#dsconfig-get-http-endpoint-prop-admin-endpoint] -==== Admin Endpoint -HTTP Endpoints of type admin-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Admin Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.AdminEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-http-endpoint-prop-rest2ldap-endpoint] -==== Rest2ldap Endpoint -HTTP Endpoints of type rest2ldap-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -config-directory:: -[open] -==== - -Description:: -The directory containing the Rest2Ldap configuration file(s) for this specific endpoint. The directory must be readable by the server and may contain multiple configuration files, one for each supported version of the REST endpoint. If a relative path is used then it will be resolved against the server's instance directory. - -Default Value:: -None - -Allowed Values:: -A directory that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Rest2ldap Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-identity-mapper-prop] -=== dsconfig get-identity-mapper-prop — Shows Identity Mapper properties - -==== Synopsis -`dsconfig get-identity-mapper-prop` {options} - -[#dsconfig-get-identity-mapper-prop-description] -==== Description -Shows Identity Mapper properties. - -[#dsconfig-get-identity-mapper-prop-options] -==== Options --- -The `dsconfig get-identity-mapper-prop` command takes the following options: - -`--mapper-name {name}`:: -The name of the Identity Mapper. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {name}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {name}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {property}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {property}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default null: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default null: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {unit}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {unit}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {unit}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {unit}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-identity-mapper-prop-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - --- - -[#dsconfig-get-identity-mapper-prop-exact-match-identity-mapper] -==== Exact Match Identity Mapper -Identity Mappers of type exact-match-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.ExactMatchIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-identity-mapper-prop-regular-expression-identity-mapper] -==== Regular Expression Identity Mapper -Identity Mappers of type regular-expression-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.RegularExpressionIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-pattern:: -[open] -==== - -Description:: -Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. - -Default Value:: -None - -Allowed Values:: -Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replace-pattern:: -[open] -==== - -Description:: -Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. - -Default Value:: -The replace pattern will be the empty string. - -Allowed Values:: -Any valid replacement string that is allowed by the javax.util.regex.Matcher class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-key-manager-provider-prop] -=== dsconfig get-key-manager-provider-prop — Shows Key Manager Provider properties - -==== Synopsis -`dsconfig get-key-manager-provider-prop` {options} - -[#dsconfig-get-key-manager-provider-prop-description] -==== Description -Shows Key Manager Provider properties. - -[#dsconfig-get-key-manager-provider-prop-options] -==== Options --- -The `dsconfig get-key-manager-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Key Manager Provider. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {name}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {name}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {property}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {property}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default null: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default null: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {unit}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {unit}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {unit}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {unit}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-key-manager-provider-prop-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - --- - -[#dsconfig-get-key-manager-provider-prop-file-based-key-manager-provider] -==== File Based Key Manager Provider -Key Manager Providers of type file-based-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedKeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-key-manager-provider-prop-pkcs11-key-manager-provider] -==== PKCS11 Key Manager Provider -Key Manager Providers of type pkcs11-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.PKCS11KeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-log-publisher-prop] -=== dsconfig get-log-publisher-prop — Shows Log Publisher properties - -==== Synopsis -`dsconfig get-log-publisher-prop` {options} - -[#dsconfig-get-log-publisher-prop-description] -==== Description -Shows Log Publisher properties. - -[#dsconfig-get-log-publisher-prop-options] -==== Options --- -The `dsconfig get-log-publisher-prop` command takes the following options: - -`--publisher-name {name}`:: -The name of the Log Publisher. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {name}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {name}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {name}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {name}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {name}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {name}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {name}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {name}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {name}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {property}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {property}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {property}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {property}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {property}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {property}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {property}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {property}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {property}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default null: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default null: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default null: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default null: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default null: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default null: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default null: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default null: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default null: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {unit}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {unit}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {unit}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {unit}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {unit}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {unit}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {unit}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {unit}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {unit}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {unit}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {unit}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {unit}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {unit}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {unit}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {unit}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {unit}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {unit}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {unit}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-log-publisher-prop-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - --- - -[#dsconfig-get-log-publisher-prop-csv-file-access-log-publisher] -==== Csv File Access Log Publisher -Log Publishers of type csv-file-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writting in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CsvFileAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when the tamper-evident option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-csv-file-http-access-log-publisher] -==== Csv File HTTP Access Log Publisher -Log Publishers of type csv-file-http-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File HTTP Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File HTTP Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File HTTP Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when secure option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-external-access-log-publisher] -==== External Access Log Publisher -Log Publishers of type external-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.ExternalAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-external-http-access-log-publisher] -==== External HTTP Access Log Publisher -Log Publishers of type external-http-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External HTTP Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-file-based-access-log-publisher] -==== File Based Access Log Publisher -Log Publishers of type file-based-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the access log. - -Default Value:: -multi-line - -Allowed Values:: -[open] -====== - -combined:: -Combine log records for operation requests and responses into a single record. This format should be used when log records are to be filtered based on response criteria (e.g. result code). - -multi-line:: -Outputs separate log records for operation requests and responses. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-file-based-audit-log-publisher] -==== File Based Audit Log Publisher -Log Publishers of type file-based-audit-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Audit Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Audit Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAuditLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Audit Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-file-based-debug-log-publisher] -==== File Based Debug Log Publisher -Log Publishers of type file-based-debug-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Debug Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-include-throwable-cause:: -[open] -==== - -Description:: -Indicates whether to include the cause of exceptions in exception thrown and caught messages logged by default. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-entry-arguments:: -[open] -==== - -Description:: -Indicates whether to include method arguments in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-return-value:: -[open] -==== - -Description:: -Indicates whether to include the return value in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-throwable-stack-frames:: -[open] -==== - -Description:: -Indicates the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Debug Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextDebugLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Debug Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Debug Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Debug Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Debug Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-file-based-error-log-publisher] -==== File Based Error Log Publisher -Log Publishers of type file-based-error-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Error Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer will be flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-severity:: -[open] -==== - -Description:: -Specifies the default severity levels for the logger. - -Default Value:: -error - -+ -warning - -Allowed Values:: -[open] -====== - -all:: -Messages of all severity levels are logged. - -debug:: -The error log severity that is used for messages that provide debugging information triggered during processing. - -error:: -The error log severity that is used for messages that provide information about errors which may force the server to shut down or operate in a significantly degraded state. - -info:: -The error log severity that is used for messages that provide information about significant events within the server that are not warnings or errors. - -none:: -No messages of any severity are logged by default. This value is intended to be used in conjunction with the override-severity property to define an error logger that will publish no error message beside the errors of a given category. - -notice:: -The error log severity that is used for the most important informational messages (i.e., information that should almost always be logged but is not associated with a warning or error condition). - -warning:: -The error log severity that is used for messages that provide information about warnings triggered during processing. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Error Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextErrorLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Error Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Error Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -override-severity:: -[open] -==== - -Description:: -Specifies the override severity levels for the logger based on the category of the messages. Each override severity level should include the category and the severity levels to log for that category, for example, core=error,info,warning. Valid categories are: core, extensions, protocol, config, log, util, schema, plugin, jeb, backend, tools, task, access-control, admin, sync, version, quicksetup, admin-tool, dsconfig, user-defined. Valid severities are: all, error, info, warning, notice, debug. - -Default Value:: -All messages with the default severity levels are logged. - -Allowed Values:: -A string in the form category=severity1,severity2... - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Error Log Publisher . When multiple policies are used, log files will be cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files will never be cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Error Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-publisher-prop-file-based-http-access-log-publisher] -==== File Based HTTP Access Log Publisher -Log Publishers of type file-based-http-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based HTTP Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based HTTP Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the HTTP access log. - -Default Value:: -cs-host c-ip cs-username x-datetime cs-method cs-uri-stem cs-uri-query cs-version sc-status cs(User-Agent) x-connection-id x-etime x-transaction-id - -Allowed Values:: -A space separated list of fields describing the extended log format to be used for logging HTTP accesses. Available values are listed on the W3C working draft http://www.w3.org/TR/WD-logfile.html and Microsoft website http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true OpenDJ supports the following standard fields: "c-ip", "c-port", "cs-host", "cs-method", "cs-uri", "cs-uri-stem", "cs-uri-query", "cs(User-Agent)", "cs-username", "cs-version", "s-computername", "s-ip", "s-port", "sc-status". OpenDJ supports the following application specific field extensions: "x-connection-id" displays the internal connection ID assigned to the HTTP client connection, "x-datetime" displays the completion date and time for the logged HTTP request and its ouput is controlled by the "ds-cfg-log-record-time-format" property, "x-etime" displays the total execution time for the logged HTTP request, "x-transaction-id" displays the transaction id associated to a request - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-log-retention-policy-prop] -=== dsconfig get-log-retention-policy-prop — Shows Log Retention Policy properties - -==== Synopsis -`dsconfig get-log-retention-policy-prop` {options} - -[#dsconfig-get-log-retention-policy-prop-description] -==== Description -Shows Log Retention Policy properties. - -[#dsconfig-get-log-retention-policy-prop-options] -==== Options --- -The `dsconfig get-log-retention-policy-prop` command takes the following options: - -`--policy-name {name}`:: -The name of the Log Retention Policy. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {name}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {name}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {name}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {property}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {property}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {property}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default null: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default null: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default null: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {unit}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {unit}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {unit}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {unit}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {unit}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {unit}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-retention-policy-prop-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - --- - -[#dsconfig-get-log-retention-policy-prop-file-count-log-retention-policy] -==== File Count Log Retention Policy -Log Retention Policies of type file-count-log-retention-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the File Count Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FileNumberRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -number-of-files:: -[open] -==== - -Description:: -Specifies the number of archived log files to retain before the oldest ones are cleaned. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-retention-policy-prop-free-disk-space-log-retention-policy] -==== Free Disk Space Log Retention Policy -Log Retention Policies of type free-disk-space-log-retention-policy have the following properties: --- - -free-disk-space:: -[open] -==== - -Description:: -Specifies the minimum amount of free disk space that should be available on the file system on which the archived log files are stored. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Free Disk Space Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FreeDiskSpaceRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-retention-policy-prop-size-limit-log-retention-policy] -==== Size Limit Log Retention Policy -Log Retention Policies of type size-limit-log-retention-policy have the following properties: --- - -disk-space-used:: -[open] -==== - -Description:: -Specifies the maximum total disk space used by the log files. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-log-rotation-policy-prop] -=== dsconfig get-log-rotation-policy-prop — Shows Log Rotation Policy properties - -==== Synopsis -`dsconfig get-log-rotation-policy-prop` {options} - -[#dsconfig-get-log-rotation-policy-prop-description] -==== Description -Shows Log Rotation Policy properties. - -[#dsconfig-get-log-rotation-policy-prop-options] -==== Options --- -The `dsconfig get-log-rotation-policy-prop` command takes the following options: - -`--policy-name {name}`:: -The name of the Log Rotation Policy. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {name}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {name}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {name}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {property}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {property}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {property}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default null: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default null: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default null: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {unit}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {unit}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {unit}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {unit}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {unit}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {unit}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-log-rotation-policy-prop-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - --- - -[#dsconfig-get-log-rotation-policy-prop-fixed-time-log-rotation-policy] -==== Fixed Time Log Rotation Policy -Log Rotation Policies of type fixed-time-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fixed Time Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.FixedTimeRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-of-day:: -[open] -==== - -Description:: -Specifies the time of day at which log rotation should occur. - -Default Value:: -None - -Allowed Values:: -24 hour time of day in HHmm format. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-rotation-policy-prop-size-limit-log-rotation-policy] -==== Size Limit Log Rotation Policy -Log Rotation Policies of type size-limit-log-rotation-policy have the following properties: --- - -file-size-limit:: -[open] -==== - -Description:: -Specifies the maximum size that a log file can reach before it is rotated. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-log-rotation-policy-prop-time-limit-log-rotation-policy] -==== Time Limit Log Rotation Policy -Log Rotation Policies of type time-limit-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Time Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.TimeLimitRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -rotation-interval:: -[open] -==== - -Description:: -Specifies the time interval between rotations. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-matching-rule-prop] -=== dsconfig get-matching-rule-prop — Shows Matching Rule properties - -==== Synopsis -`dsconfig get-matching-rule-prop` {options} - -[#dsconfig-get-matching-rule-prop-description] -==== Description -Shows Matching Rule properties. - -[#dsconfig-get-matching-rule-prop-options] -==== Options --- -The `dsconfig get-matching-rule-prop` command takes the following options: - -`--rule-name {name}`:: -The name of the Matching Rule. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {name}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-matching-rule-prop-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {property}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-matching-rule-prop-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default null: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-matching-rule-prop-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {unit}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-matching-rule-prop-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {unit}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-matching-rule-prop-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - --- - -[#dsconfig-get-matching-rule-prop-collation-matching-rule] -==== Collation Matching Rule -Matching Rules of type collation-matching-rule have the following properties: --- - -collation:: -[open] -==== - -Description:: -the set of supported locales Collation must be specified using the syntax: LOCALE:OID - -Default Value:: -None - -Allowed Values:: -A Locale followed by a ":" and an OID. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Matching Rule is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Collation Matching Rule implementation. - -Default Value:: -org.opends.server.schema.CollationMatchingRuleFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MatchingRuleFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -matching-rule-type:: -[open] -==== - -Description:: -the types of matching rules that should be supported for each locale - -Default Value:: -None - -Allowed Values:: -[open] -====== - -equality:: -Specifies if equality type collation matching rule needs to be created for each locale. - -greater-than:: -Specifies if greater-than type collation matching rule needs to be created for each locale. - -greater-than-or-equal-to:: -Specifies if greater-than-or-equal-to type collation matching rule needs to be created for each locale. - -less-than:: -Specifies if less-than type collation matching rule needs to be created for each locale. - -less-than-or-equal-to:: -Specifies if less-than-or-equal-to type collation matching rule needs to be created for each locale. - -substring:: -Specifies if substring type collation matching rule needs to be created for each locale. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-monitor-provider-prop] -=== dsconfig get-monitor-provider-prop — Shows Monitor Provider properties - -==== Synopsis -`dsconfig get-monitor-provider-prop` {options} - -[#dsconfig-get-monitor-provider-prop-description] -==== Description -Shows Monitor Provider properties. - -[#dsconfig-get-monitor-provider-prop-options] -==== Options --- -The `dsconfig get-monitor-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Monitor Provider. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {name}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {name}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {name}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {name}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {name}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {name}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {property}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {property}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {property}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {property}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {property}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {property}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default null: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default null: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default null: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default null: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default null: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default null: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {unit}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {unit}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {unit}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {unit}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {unit}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {unit}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {unit}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {unit}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {unit}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {unit}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {unit}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {unit}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-monitor-provider-prop-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - --- - -[#dsconfig-get-monitor-provider-prop-client-connection-monitor-provider] -==== Client Connection Monitor Provider -Monitor Providers of type client-connection-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Client Connection Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.ClientConnectionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-monitor-provider-prop-entry-cache-monitor-provider] -==== Entry Cache Monitor Provider -Monitor Providers of type entry-cache-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Entry Cache Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.EntryCacheMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-monitor-provider-prop-memory-usage-monitor-provider] -==== Memory Usage Monitor Provider -Monitor Providers of type memory-usage-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Memory Usage Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.MemoryUsageMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-monitor-provider-prop-stack-trace-monitor-provider] -==== Stack Trace Monitor Provider -Monitor Providers of type stack-trace-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Stack Trace Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.StackTraceMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-monitor-provider-prop-system-info-monitor-provider] -==== System Info Monitor Provider -Monitor Providers of type system-info-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the System Info Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.SystemInfoMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-monitor-provider-prop-version-monitor-provider] -==== Version Monitor Provider -Monitor Providers of type version-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Version Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.VersionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-password-generator-prop] -=== dsconfig get-password-generator-prop — Shows Password Generator properties - -==== Synopsis -`dsconfig get-password-generator-prop` {options} - -[#dsconfig-get-password-generator-prop-description] -==== Description -Shows Password Generator properties. - -[#dsconfig-get-password-generator-prop-options] -==== Options --- -The `dsconfig get-password-generator-prop` command takes the following options: - -`--generator-name {name}`:: -The name of the Password Generator. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {name}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-generator-prop-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {property}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-generator-prop-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default null: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-generator-prop-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {unit}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-generator-prop-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {unit}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-generator-prop-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - --- - -[#dsconfig-get-password-generator-prop-random-password-generator] -==== Random Password Generator -Password Generators of type random-password-generator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Generator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Random Password Generator implementation. - -Default Value:: -org.opends.server.extensions.RandomPasswordGenerator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordGenerator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -password-character-set:: -[open] -==== - -Description:: -Specifies one or more named character sets. This is a multi-valued property, with each value defining a different character set. The format of the character set is the name of the set followed by a colon and the characters that are in that set. For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a character set named "alpha" containing all of the lower-case ASCII alphabetic characters. - -Default Value:: -None - -Allowed Values:: -A character set name (consisting of ASCII letters) followed by a colon and the set of characters that are included in that character set. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-format:: -[open] -==== - -Description:: -Specifies the format to use for the generated password. The value is a comma-delimited list of elements in which each of those elements is comprised of the name of a character set defined in the password-character-set property, a colon, and the number of characters to include from that set. For example, a value of "alpha:3,numeric:2,alpha:3" generates an 8-character password in which the first three characters are from the "alpha" set, the next two are from the "numeric" set, and the final three are from the "alpha" set. - -Default Value:: -None - -Allowed Values:: -A comma-delimited list whose elements comprise a valid character set name, a colon, and a positive integer indicating the number of characters from that set to be included. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-password-policy-prop] -=== dsconfig get-password-policy-prop — Shows Authentication Policy properties - -==== Synopsis -`dsconfig get-password-policy-prop` {options} - -[#dsconfig-get-password-policy-prop-description] -==== Description -Shows Authentication Policy properties. - -[#dsconfig-get-password-policy-prop-options] -==== Options --- -The `dsconfig get-password-policy-prop` command takes the following options: - -`--policy-name {name}`:: -The name of the Authentication Policy. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {name}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {name}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {property}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {property}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default null: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default null: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {unit}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {unit}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {unit}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {unit}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-password-policy-prop-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - --- - -[#dsconfig-get-password-policy-prop-ldap-pass-through-authentication-policy] -==== LDAP Pass Through Authentication Policy -Authentication Policies of type ldap-pass-through-authentication-policy have the following properties: --- - -cached-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the name of a password storage scheme which should be used for encoding cached passwords. Changing the password storage scheme will cause all existing cached passwords to be discarded. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cached-password-ttl:: -[open] -==== - -Description:: -Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service. This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service. - -Default Value:: -8 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests. If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. - -Default Value:: -3 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation. - -Default Value:: -org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mapped-attribute:: -[open] -==== - -Description:: -Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-dn:: -[open] -==== - -Description:: -Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -Searches will be performed anonymously. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password:: -[open] -==== - -Description:: -Specifies the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-environment-variable:: -[open] -==== - -Description:: -Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-file:: -[open] -==== - -Description:: -Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-property:: -[open] -==== - -Description:: -Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-filter-template:: -[open] -==== - -Description:: -If defined, overrides the filter used when searching for the user, substituting %s with the value of the local entry's "mapped-attribute". The filter-template may include ZERO or ONE %s substitutions. If multiple mapped-attributes are configured, multiple renditions of this template will be aggregated into one larger filter using an OR (|) operator. An example use-case for this property would be to use a different attribute type on the mapped search. For example, mapped-attribute could be set to "uid" and filter-template to "(samAccountName=%s)". - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapping-policy:: -[open] -==== - -Description:: -Specifies the mapping algorithm for obtaining the bind DN from the user's entry. - -Default Value:: -unmapped - -Allowed Values:: -[open] -====== - -mapped-bind:: -Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used. - -mapped-search:: -Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). - -unmapped:: -Bind to the remote LDAP directory service using the DN of the user's entry in this directory server. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -primary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -secondary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. - -Default Value:: -No secondary LDAP servers. - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-password-caching:: -[open] -==== - -Description:: -Indicates whether passwords should be cached locally within the user's entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Pass Through Authentication Policy should use SSL. If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-policy-prop-password-policy] -==== Password Policy -Authentication Policies of type password-policy have the following properties: --- - -account-status-notification-handler:: -[open] -==== - -Description:: -Specifies the names of the account status notification handlers that are used with the associated password storage scheme. - -Default Value:: -None - -Allowed Values:: -The DN of any Account Status Notification Handler. The referenced account status notification handlers must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-expired-password-changes:: -[open] -==== - -Description:: -Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-multiple-password-values:: -[open] -==== - -Description:: -Indicates whether user entries can have multiple distinct values for the password attribute. This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-pre-encoded-passwords:: -[open] -==== - -Description:: -Indicates whether users can change their passwords by providing a pre-encoded value. This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-user-password-changes:: -[open] -==== - -Description:: -Indicates whether users can change their own passwords. This check is made in addition to access control evaluation. Both must allow the password change for it to occur. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -deprecated-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s). - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -expire-passwords-without-warning:: -[open] -==== - -Description:: -Indicates whether the directory server allows a user's password to expire even if that user has never seen an expiration warning notification. If this property is true, accounts always expire when the expiration time arrives. If this property is false or disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-add:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords upon first authenticating to the directory server after their account has been created. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-reset:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords if they are reset by an administrator. For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -grace-login-count:: -[open] -==== - -Description:: -Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. A value of 0 indicates that no grace logins are allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-lockout-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the Password Policy implementation. - -Default Value:: -org.opends.server.core.PasswordPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -last-login-time-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. This attribute type must be defined in the directory server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate the last login time value for users with the associated password policy. This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-duration:: -[open] -==== - -Description:: -Specifies the length of time that an account is locked after too many authentication failures. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-count:: -[open] -==== - -Description:: -Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. A value of 0 indicates that accounts are never locked out due to failed attempts. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-expiration-interval:: -[open] -==== - -Description:: -Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-reset-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-age:: -[open] -==== - -Description:: -Specifies the minimum length of time after a password change before the user is allowed to change the password again. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-attribute:: -[open] -==== - -Description:: -Specifies the attribute type used to hold user passwords. This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-change-requires-current-password:: -[open] -==== - -Description:: -Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-expiration-warning-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval. - -Default Value:: -5 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-generator:: -[open] -==== - -Description:: -Specifies the name of the password generator that is used with the associated password policy. This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Generator. The referenced password generator must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-count:: -[open] -==== - -Description:: -Specifies the maximum number of former passwords to maintain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds). - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-duration:: -[open] -==== - -Description:: -Specifies the maximum length of time that passwords remain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero). - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-validator:: -[open] -==== - -Description:: -Specifies the names of the password validators that are used with the associated password storage scheme. The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Validator. The referenced password validators must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -previous-last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-change-by-time:: -[open] -==== - -Description:: -Specifies the time by which all users with the associated password policy must change their passwords. The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset. - -Default Value:: -None - -Allowed Values:: -A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-authentication:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to authenticate in a secure manner. This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-password-changes:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -skip-validation-for-administrators:: -[open] -==== - -Description:: -Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -state-update-failure-policy:: -[open] -==== - -Description:: -Specifies how the server deals with the inability to update password policy state information during an authentication attempt. In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled). - -Default Value:: -reactive - -Allowed Values:: -[open] -====== - -ignore:: -If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user. - -proactive:: -Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user's password policy state information. - -reactive:: -Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-password-storage-scheme-prop] -=== dsconfig get-password-storage-scheme-prop — Shows Password Storage Scheme properties - -==== Synopsis -`dsconfig get-password-storage-scheme-prop` {options} - -[#dsconfig-get-password-storage-scheme-prop-description] -==== Description -Shows Password Storage Scheme properties. - -[#dsconfig-get-password-storage-scheme-prop-options] -==== Options --- -The `dsconfig get-password-storage-scheme-prop` command takes the following options: - -`--scheme-name {name}`:: -The name of the Password Storage Scheme. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {name}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {name}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {name}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {name}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {name}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {name}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {name}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {name}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {name}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {name}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {name}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {name}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {name}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {name}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {name}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {name}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {name}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {property}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {property}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {property}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {property}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {property}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {property}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {property}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {property}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {property}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {property}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {property}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {property}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {property}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {property}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {property}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {property}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {property}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default null: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default null: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default null: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default null: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default null: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default null: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default null: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default null: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default null: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default null: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default null: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default null: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default null: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default null: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default null: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default null: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default null: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {unit}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {unit}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {unit}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {unit}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {unit}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {unit}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {unit}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {unit}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {unit}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {unit}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {unit}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {unit}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {unit}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {unit}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {unit}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {unit}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {unit}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {unit}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {unit}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {unit}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {unit}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {unit}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {unit}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {unit}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {unit}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {unit}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {unit}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {unit}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {unit}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {unit}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {unit}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {unit}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {unit}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {unit}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-storage-scheme-prop-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-aes-password-storage-scheme] -==== AES Password Storage Scheme -Password Storage Schemes of type aes-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the AES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.AESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-base64-password-storage-scheme] -==== Base64 Password Storage Scheme -Password Storage Schemes of type base64-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Base64 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.Base64PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-bcrypt-password-storage-scheme] -==== Bcrypt Password Storage Scheme -Password Storage Schemes of type bcrypt-password-storage-scheme have the following properties: --- - -bcrypt-cost:: -[open] -==== - -Description:: -The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users. - -Default Value:: -12 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 30. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BCryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-blowfish-password-storage-scheme] -==== Blowfish Password Storage Scheme -Password Storage Schemes of type blowfish-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Blowfish Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BlowfishPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-clear-password-storage-scheme] -==== Clear Password Storage Scheme -Password Storage Schemes of type clear-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Clear Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.ClearPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-crypt-password-storage-scheme] -==== Crypt Password Storage Scheme -Password Storage Schemes of type crypt-password-storage-scheme have the following properties: --- - -crypt-password-storage-encryption-algorithm:: -[open] -==== - -Description:: -Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix. - -Default Value:: -unix - -Allowed Values:: -[open] -====== - -md5:: -New passwords are encrypted with the BSD MD5 algorithm. - -sha256:: -New passwords are encrypted with the Unix crypt SHA256 algorithm. - -sha512:: -New passwords are encrypted with the Unix crypt SHA512 algorithm. - -unix:: -New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.CryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-md5-password-storage-scheme] -==== MD5 Password Storage Scheme -Password Storage Schemes of type md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.MD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-pbkdf2-password-storage-scheme] -==== PBKDF2 Password Storage Scheme -Password Storage Schemes of type pbkdf2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PBKDF2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pbkdf2-iterations:: -[open] -==== - -Description:: -The number of algorithm iterations to make. NIST recommends at least 1000. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-pkcs5s2-password-storage-scheme] -==== PKCS5S2 Password Storage Scheme -Password Storage Schemes of type pkcs5s2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PKCS5S2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PKCS5S2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-rc4-password-storage-scheme] -==== RC4 Password Storage Scheme -Password Storage Schemes of type rc4-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the RC4 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.RC4PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-salted-md5-password-storage-scheme] -==== Salted MD5 Password Storage Scheme -Password Storage Schemes of type salted-md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedMD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-salted-sha1-password-storage-scheme] -==== Salted SHA1 Password Storage Scheme -Password Storage Schemes of type salted-sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-salted-sha256-password-storage-scheme] -==== Salted SHA256 Password Storage Scheme -Password Storage Schemes of type salted-sha256-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA256 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA256PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-salted-sha384-password-storage-scheme] -==== Salted SHA384 Password Storage Scheme -Password Storage Schemes of type salted-sha384-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA384 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA384PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-salted-sha512-password-storage-scheme] -==== Salted SHA512 Password Storage Scheme -Password Storage Schemes of type salted-sha512-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA512 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA512PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-sha1-password-storage-scheme] -==== SHA1 Password Storage Scheme -Password Storage Schemes of type sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-storage-scheme-prop-triple-des-password-storage-scheme] -==== Triple DES Password Storage Scheme -Password Storage Schemes of type triple-des-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Triple DES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.TripleDESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-password-validator-prop] -=== dsconfig get-password-validator-prop — Shows Password Validator properties - -==== Synopsis -`dsconfig get-password-validator-prop` {options} - -[#dsconfig-get-password-validator-prop-description] -==== Description -Shows Password Validator properties. - -[#dsconfig-get-password-validator-prop-options] -==== Options --- -The `dsconfig get-password-validator-prop` command takes the following options: - -`--validator-name {name}`:: -The name of the Password Validator. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {name}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {name}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {name}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {name}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {name}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {name}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {name}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {property}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {property}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {property}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {property}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {property}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {property}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {property}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default null: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default null: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default null: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default null: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default null: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default null: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default null: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {unit}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {unit}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {unit}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {unit}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {unit}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {unit}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {unit}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {unit}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {unit}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {unit}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {unit}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {unit}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {unit}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {unit}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-password-validator-prop-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - --- - -[#dsconfig-get-password-validator-prop-attribute-value-password-validator] -==== Attribute Value Password Validator -Password Validators of type attribute-value-password-validator have the following properties: --- - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.AttributeValuePasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry. - -Default Value:: -All attributes in the user entry will be checked. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-validator-prop-character-set-password-validator] -==== Character Set Password Validator -Password Validators of type character-set-password-validator have the following properties: --- - -allow-unclassified-characters:: -[open] -==== - -Description:: -Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set:: -[open] -==== - -Description:: -Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. - -Default Value:: -If no sets are specified, the validator only uses the defined character ranges. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set-ranges:: -[open] -==== - -Description:: -Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered. - -Default Value:: -If no ranges are specified, the validator only uses the defined character sets. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.CharacterSetPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-character-sets:: -[open] -==== - -Description:: -Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3. - -Default Value:: -The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-validator-prop-dictionary-password-validator] -==== Dictionary Password Validator -Password Validators of type dictionary-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -dictionary-file:: -[open] -==== - -Description:: -Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. - -Default Value:: -For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt - -Allowed Values:: -The path to any text file contained on the system that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.DictionaryPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-validator-prop-length-based-password-validator] -==== Length Based Password Validator -Password Validators of type length-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.LengthBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-password-length:: -[open] -==== - -Description:: -Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-length:: -[open] -==== - -Description:: -Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-validator-prop-repeated-characters-password-validator] -==== Repeated Characters Password Validator -Password Validators of type repeated-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.RepeatedCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-consecutive-length:: -[open] -==== - -Description:: -Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-validator-prop-similarity-based-password-validator] -==== Similarity Based Password Validator -Password Validators of type similarity-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.SimilarityBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-password-difference:: -[open] -==== - -Description:: -Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-password-validator-prop-unique-characters-password-validator] -==== Unique Characters Password Validator -Password Validators of type unique-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.UniqueCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-unique-characters:: -[open] -==== - -Description:: -Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-plugin-prop] -=== dsconfig get-plugin-prop — Shows Plugin properties - -==== Synopsis -`dsconfig get-plugin-prop` {options} - -[#dsconfig-get-plugin-prop-description] -==== Description -Shows Plugin properties. - -[#dsconfig-get-plugin-prop-options] -==== Options --- -The `dsconfig get-plugin-prop` command takes the following options: - -`--plugin-name {name}`:: -The name of the Plugin. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {name}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {name}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {name}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {name}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {name}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {name}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {name}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {name}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {name}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {name}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {name}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {name}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {property}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {property}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {property}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {property}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {property}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {property}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {property}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {property}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {property}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {property}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {property}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {property}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default null: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default null: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default null: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default null: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default null: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default null: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default null: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default null: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default null: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default null: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default null: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default null: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {unit}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {unit}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {unit}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {unit}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {unit}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {unit}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {unit}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {unit}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {unit}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {unit}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {unit}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {unit}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {unit}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {unit}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {unit}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {unit}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {unit}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {unit}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {unit}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {unit}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {unit}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {unit}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {unit}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {unit}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-plugin-prop-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - --- - -[#dsconfig-get-plugin-prop-attribute-cleanup-plugin] -==== Attribute Cleanup Plugin -Plugins of type attribute-cleanup-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.AttributeCleanupPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparseadd - -+ -preparsemodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -remove-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be removed from incoming add or modify requests. - -Default Value:: -No attributes will be removed - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rename-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be renamed in incoming add or modify requests. - -Default Value:: -No attributes will be renamed - -Allowed Values:: -An attribute name mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-change-number-control-plugin] -==== Change Number Control Plugin -Plugins of type change-number-control-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ChangeNumberControlPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postOperationAdd - -+ -postOperationDelete - -+ -postOperationModify - -+ -postOperationModifyDN - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-entry-uuid-plugin] -==== Entry UUID Plugin -Plugins of type entry-uuid-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.EntryUUIDPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preoperationadd - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-fractional-ldif-import-plugin] -==== Fractional LDIF Import Plugin -Plugins of type fractional-ldif-import-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -None - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-last-mod-plugin] -==== Last Mod Plugin -Plugins of type last-mod-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LastModPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-ldap-attribute-description-list-plugin] -==== LDAP Attribute Description List Plugin -Plugins of type ldap-attribute-description-list-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LDAPADListPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparsesearch - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-password-policy-import-plugin] -==== Password Policy Import Plugin -Plugins of type password-policy-import-plugin have the following properties: --- - -default-auth-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. - -Default Value:: -If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-user-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. - -Default Value:: -If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.PasswordPolicyImportPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-profiler-plugin] -==== Profiler Plugin -Plugins of type profiler-plugin have the following properties: --- - -enable-profiling-on-startup:: -[open] -==== - -Description:: -Indicates whether the profiler plug-in is to start collecting data automatically when the directory server is started. This property is read only when the server is started, and any changes take effect on the next restart. This property is typically set to "false" unless startup profiling is required, because otherwise the volume of data that can be collected can cause the server to run out of memory if it is not turned off in a timely manner. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.profiler.ProfilerPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -startup - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -profile-action:: -[open] -==== - -Description:: -Specifies the action that should be taken by the profiler. A value of "start" causes the profiler thread to start collecting data if it is not already active. A value of "stop" causes the profiler thread to stop collecting data and write it to disk, and a value of "cancel" causes the profiler thread to stop collecting data and discard anything that has been captured. These operations occur immediately. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -cancel:: -Stop collecting profile data and discard what has been captured. - -none:: -Do not take any action. - -start:: -Start collecting profile data. - -stop:: -Stop collecting profile data and write what has been captured to a file in the profile directory. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-directory:: -[open] -==== - -Description:: -Specifies the path to the directory where profile information is to be written. This path may be either an absolute path or a path that is relative to the root of the OpenDJ directory server instance. The directory must exist and the directory server must have permission to create new files in it. - -Default Value:: -None - -Allowed Values:: -The path to any directory that exists on the filesystem and that can be read and written by the server user. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-sample-interval:: -[open] -==== - -Description:: -Specifies the sample interval in milliseconds to be used when capturing profiling information in the server. When capturing data, the profiler thread sleeps for this length of time between calls to obtain traces for all threads running in the JVM. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -Changes to this configuration attribute take effect the next time the profiler is started. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-referential-integrity-plugin] -==== Referential Integrity Plugin -Plugins of type referential-integrity-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute types for which referential integrity is to be maintained. At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34). - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN that limits the scope within which referential integrity is maintained. - -Default Value:: -Referential integrity is maintained in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references:: -[open] -==== - -Description:: -Specifies whether reference attributes must refer to existing entries. When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-filter-criteria:: -[open] -==== - -Description:: -Specifies additional filter criteria which will be enforced when checking references. If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter. - -Default Value:: -None - -Allowed Values:: -An attribute-filter mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-scope-criteria:: -[open] -==== - -Description:: -Specifies whether referenced entries must reside within the same naming context as the entry containing the reference. The reference scope will only be enforced when reference checking is enabled. - -Default Value:: -global - -Allowed Values:: -[open] -====== - -global:: -References may refer to existing entries located anywhere in the Directory. - -naming-context:: -References must refer to existing entries located within the same naming context. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ReferentialIntegrityPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -Specifies the log file location where the update records are written when the plug-in is in background-mode processing. The default location is the logs directory of the server instance, using the file name "referint". - -Default Value:: -logs/referint - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postoperationdelete - -+ -postoperationmodifydn - -+ -subordinatemodifydn - -+ -subordinatedelete - -+ -preoperationadd - -+ -preoperationmodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -update-interval:: -[open] -==== - -Description:: -Specifies the interval in seconds when referential integrity updates are made. If this value is 0, then the updates are made synchronously in the foreground. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-samba-password-plugin] -==== Samba Password Plugin -Plugins of type samba-password-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SambaPasswordPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationmodify - -+ -postoperationextended - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pwd-sync-policy:: -[open] -==== - -Description:: -Specifies which Samba passwords should be kept synchronized. - -Default Value:: -sync-nt-password - -Allowed Values:: -[open] -====== - -sync-lm-password:: -Synchronize the LanMan password attribute "sambaLMPassword" - -sync-nt-password:: -Synchronize the NT password attribute "sambaNTPassword" - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -samba-administrator-dn:: -[open] -==== - -Description:: -Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped. - -Default Value:: -Synchronize all updates to user passwords - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-seven-bit-clean-plugin] -==== Seven Bit Clean Plugin -Plugins of type seven-bit-clean-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the name or OID of an attribute type for which values should be checked to ensure that they are 7-bit clean. - -Default Value:: -uid - -+ -mail - -+ -userPassword - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN below which the checking is performed. Any attempt to update a value for one of the configured attributes below this base DN must be 7-bit clean for the operation to be allowed. - -Default Value:: -All entries below all public naming contexts will be checked. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SevenBitCleanPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preparseadd - -+ -preparsemodify - -+ -preparsemodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-plugin-prop-unique-attribute-plugin] -==== Unique Attribute Plugin -Plugins of type unique-attribute-plugin have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies a base DN within which the attribute must be unique. - -Default Value:: -The plug-in uses the server's public naming contexts in the searches. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.UniqueAttributePlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -+ -postoperationadd - -+ -postoperationmodify - -+ -postoperationmodifydn - -+ -postsynchronizationadd - -+ -postsynchronizationmodify - -+ -postsynchronizationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -type:: -[open] -==== - -Description:: -Specifies the type of attributes to check for value uniqueness. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-plugin-root-prop] -=== dsconfig get-plugin-root-prop — Shows Plugin Root properties - -==== Synopsis -`dsconfig get-plugin-root-prop` {options} - -[#dsconfig-get-plugin-root-prop-description] -==== Description -Shows Plugin Root properties. - -[#dsconfig-get-plugin-root-prop-options] -==== Options --- -The `dsconfig get-plugin-root-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Plugin Root properties depend on the Plugin Root type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Plugin Root types: - -plugin-root:: -Default {property}: Plugin Root - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-plugin-root-prop-plugin-root["Plugin Root"] for the properties of this Plugin Root type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Plugin Root properties depend on the Plugin Root type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Plugin Root types: - -plugin-root:: -Default null: Plugin Root - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-plugin-root-prop-plugin-root["Plugin Root"] for the properties of this Plugin Root type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Plugin Root properties depend on the Plugin Root type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Plugin Root types: - -plugin-root:: -Default {unit}: Plugin Root - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-plugin-root-prop-plugin-root["Plugin Root"] for the properties of this Plugin Root type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Plugin Root properties depend on the Plugin Root type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Plugin Root types: - -plugin-root:: -Default {unit}: Plugin Root - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-plugin-root-prop-plugin-root["Plugin Root"] for the properties of this Plugin Root type. - -==== - --- - -[#dsconfig-get-plugin-root-prop-plugin-root] -==== Plugin Root -Plugin Roots of type plugin-root have the following properties: --- - -plugin-order-intermediate-response:: -[open] -==== - -Description:: -Specifies the order in which intermediate response plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which intermediate response plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-export:: -[open] -==== - -Description:: -Specifies the order in which LDIF export plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF export plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-import:: -[open] -==== - -Description:: -Specifies the order in which LDIF import plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF import plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-import-begin:: -[open] -==== - -Description:: -Specifies the order in which LDIF import begin plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF import begin plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-import-end:: -[open] -==== - -Description:: -Specifies the order in which LDIF import end plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF import end plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-connect:: -[open] -==== - -Description:: -Specifies the order in which post-connect plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-connect plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-disconnect:: -[open] -==== - -Description:: -Specifies the order in which post-disconnect plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-disconnect plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-abandon:: -[open] -==== - -Description:: -Specifies the order in which post-operation abandon plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation abandon plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-add:: -[open] -==== - -Description:: -Specifies the order in which post-operation add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-bind:: -[open] -==== - -Description:: -Specifies the order in which post-operation bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-compare:: -[open] -==== - -Description:: -Specifies the order in which post-operation compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-delete:: -[open] -==== - -Description:: -Specifies the order in which post-operation delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-extended:: -[open] -==== - -Description:: -Specifies the order in which post-operation extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-modify:: -[open] -==== - -Description:: -Specifies the order in which post-operation modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which post-operation modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-search:: -[open] -==== - -Description:: -Specifies the order in which post-operation search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation search plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-unbind:: -[open] -==== - -Description:: -Specifies the order in which post-operation unbind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation unbind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-add:: -[open] -==== - -Description:: -Specifies the order in which post-response add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-bind:: -[open] -==== - -Description:: -Specifies the order in which post-response bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-compare:: -[open] -==== - -Description:: -Specifies the order in which post-response compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-delete:: -[open] -==== - -Description:: -Specifies the order in which post-response delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-extended:: -[open] -==== - -Description:: -Specifies the order in which post-response extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-modify:: -[open] -==== - -Description:: -Specifies the order in which post-response modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which post-response modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-search:: -[open] -==== - -Description:: -Specifies the order in which post-response search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response search plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-add:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-delete:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-modify:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-add:: -[open] -==== - -Description:: -Specifies the order in which pre-operation add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-bind:: -[open] -==== - -Description:: -Specifies the order in which pre-operation bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-compare:: -[open] -==== - -Description:: -Specifies the order in which pre-operation compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-delete:: -[open] -==== - -Description:: -Specifies the order in which pre-operation delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-extended:: -[open] -==== - -Description:: -Specifies the order in which pre-operation extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-modify:: -[open] -==== - -Description:: -Specifies the order in which pre-operation modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which pre-operation modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-search:: -[open] -==== - -Description:: -Specifies the order in which pre-operation search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation searc plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-abandon:: -[open] -==== - -Description:: -Specifies the order in which pre-parse abandon plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse abandon plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-add:: -[open] -==== - -Description:: -Specifies the order in which pre-parse add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-bind:: -[open] -==== - -Description:: -Specifies the order in which pre-parse bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-compare:: -[open] -==== - -Description:: -Specifies the order in which pre-parse compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-delete:: -[open] -==== - -Description:: -Specifies the order in which pre-parse delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-extended:: -[open] -==== - -Description:: -Specifies the order in which pre-parse extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-modify:: -[open] -==== - -Description:: -Specifies the order in which pre-parse modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which pre-parse modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-search:: -[open] -==== - -Description:: -Specifies the order in which pre-parse search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse search plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-unbind:: -[open] -==== - -Description:: -Specifies the order in which pre-parse unbind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse unbind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-search-result-entry:: -[open] -==== - -Description:: -Specifies the order in which search result entry plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which search result entry plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-search-result-reference:: -[open] -==== - -Description:: -Specifies the order in which search result reference plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which search result reference plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-shutdown:: -[open] -==== - -Description:: -Specifies the order in which shutdown plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which shutdown plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-startup:: -[open] -==== - -Description:: -Specifies the order in which startup plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which startup plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-subordinate-delete:: -[open] -==== - -Description:: -Specifies the order in which subordinate delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which subordinate delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-subordinate-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which subordinate modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which subordinate modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-replication-domain-prop] -=== dsconfig get-replication-domain-prop — Shows Replication Domain properties - -==== Synopsis -`dsconfig get-replication-domain-prop` {options} - -[#dsconfig-get-replication-domain-prop-description] -==== Description -Shows Replication Domain properties. - -[#dsconfig-get-replication-domain-prop-options] -==== Options --- -The `dsconfig get-replication-domain-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--domain-name {name}`:: -The name of the Replication Domain. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {property}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default null: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {unit}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {unit}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - --- - -[#dsconfig-get-replication-domain-prop-replication-domain] -==== Replication Domain -Replication Domains of type replication-domain have the following properties: --- - -assured-sd-level:: -[open] -==== - -Description:: -The level of acknowledgment for Safe Data assured sub mode. When assured replication is configured in Safe Data mode, this value defines the number of replication servers (with the same group ID of the local server) that should acknowledge the sent update before the LDAP client call can return. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured replication acknowledgments. Defines the amount of milliseconds the server will wait for assured acknowledgments (in either Safe Data or Safe Read assured replication modes) before returning anyway the LDAP client call. - -Default Value:: -2000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-type:: -[open] -==== - -Description:: -Defines the assured replication mode of the replicated domain. The assured replication can be disabled or enabled. When enabled, two modes are available: Safe Data or Safe Read modes. - -Default Value:: -not-assured - -Allowed Values:: -[open] -====== - -not-assured:: -Assured replication is not enabled. Updates sent for replication (for being replayed on other LDAP servers in the topology) are sent without waiting for any acknowledgment and the LDAP client call returns immediately. - -safe-data:: -Assured replication is enabled in Safe Data mode: updates sent for replication are subject to acknowledgment from the replication servers that have the same group ID as the local server (defined with the group-id property). The number of acknowledgments to expect is defined by the assured-sd-level property. After acknowledgments are received, LDAP client call returns. - -safe-read:: -Assured replication is enabled in Safe Read mode: updates sent for replication are subject to acknowledgments from the LDAP servers in the topology that have the same group ID as the local server (defined with the group-id property). After acknowledgments are received, LDAP client call returns. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN of the replicated data. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -changetime-heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when sending its local change time to the Replication Server. The directory server sends a regular heart-beat to the Replication within the specified interval. The heart-beat indicates the change time of the directory server to the Replication Server. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -conflicts-historical-purge-delay:: -[open] -==== - -Description:: -This delay indicates the time (in minutes) the domain keeps the historical information necessary to solve conflicts.When a change stored in the historical part of the user entry has a date (from its replication ChangeNumber) older than this delay, it is candidate to be purged. The purge is applied on 2 events: modify of the entry, dedicated purge task. - -Default Value:: -1440m - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 minutes. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-exclude:: -[open] -==== - -Description:: -Allows to exclude some attributes to replicate to this server. If fractional-exclude configuration attribute is used, attributes specified in this attribute will be ignored (not added/modified/deleted) when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-include attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be excluded. The object class may be "*" indicating that the attribute type(s) should be excluded regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-include:: -[open] -==== - -Description:: -Allows to include some attributes to replicate to this server. If fractional-include configuration attribute is used, only attributes specified in this attribute will be added/modified/deleted when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-exclude attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be included. The object class may be "*" indicating that the attribute type(s) should be included regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group ID associated with this replicated domain. This value defines the group ID of the replicated domain. The replication system will preferably connect and send updates to replicate to a replication server with the same group ID as its own one (the local server group ID). - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when communicating with Replication Servers. The directory server expects a regular heart-beat coming from the Replication Server within the specified interval. If a heartbeat is not received within the interval, the Directory Server closes its connection and connects to another Replication Server. - -Default Value:: -10000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 100 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -initialization-window-size:: -[open] -==== - -Description:: -Specifies the window size that this directory server may use when communicating with remote Directory Servers for initialization. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -isolation-policy:: -[open] -==== - -Description:: -Specifies the behavior of the directory server if a write operation is attempted on the data within the Replication Domain when none of the configured Replication Servers are available. - -Default Value:: -reject-all-updates - -Allowed Values:: -[open] -====== - -accept-all-updates:: -Indicates that updates should be accepted even though it is not possible to send them to any Replication Server. Best effort is made to re-send those updates to a Replication Servers when one of them is available, however those changes are at risk because they are only available from the historical information. This mode can also introduce high replication latency. - -reject-all-updates:: -Indicates that all updates attempted on this Replication Domain are rejected when no Replication Server is available. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-changenumber:: -[open] -==== - -Description:: -Indicates if this server logs the ChangeNumber in access log. This boolean indicates if the domain should log the ChangeNumber of replicated operations in the access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -referrals-url:: -[open] -==== - -Description:: -The URLs other LDAP servers should use to refer to the local server. URLs used by peer servers in the topology to refer to the local server through LDAP referrals. If this attribute is not defined, every URLs available to access this server will be used. If defined, only URLs specified here will be used. - -Default Value:: -None - -Allowed Values:: -A LDAP URL compliant with RFC 2255. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of the Replication Servers within the Replication Domain to which the directory server should try to connect at startup time. Addresses must be specified using the syntax: hostname:port - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the directory server within the Replication Domain. Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -solve-conflicts:: -[open] -==== - -Description:: -Indicates if this server solves conflict. This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the directory server will use when communicating with Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-replication-server-prop] -=== dsconfig get-replication-server-prop — Shows Replication Server properties - -==== Synopsis -`dsconfig get-replication-server-prop` {options} - -[#dsconfig-get-replication-server-prop-description] -==== Description -Shows Replication Server properties. - -[#dsconfig-get-replication-server-prop-options] -==== Options --- -The `dsconfig get-replication-server-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {name}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-server-prop-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {property}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-server-prop-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default null: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-server-prop-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {unit}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-server-prop-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {unit}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-replication-server-prop-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - --- - -[#dsconfig-get-replication-server-prop-replication-server] -==== Replication Server -Replication Servers of type replication-server have the following properties: --- - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured mode acknowledgments. Defines the number of milliseconds that the replication server will wait for assured acknowledgments (in either Safe Data or Safe Read assured sub modes) before forgetting them and answer to the entity that sent an update and is waiting for acknowledgment. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compute-change-number:: -[open] -==== - -Description:: -Whether the replication server will compute change numbers. This boolean tells the replication server to compute change numbers for each replicated change by maintaining a change number index database. Changenumbers are computed according to http://tools.ietf.org/html/draft-good-ldap-changelog-04. Note this functionality has an impact on CPU, disk accesses and storage. If changenumbers are not required, it is advisable to set this value to false. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the replication change-log should make records readable only by Directory Server. Throughput and disk space are affected by the more expensive operations taking place. Confidentiality is achieved by encrypting records on all domains managed by this replication server. Encrypting the records prevents unauthorized parties from accessing contents of LDAP operations. For complete protection, consider enabling secure communications between servers. Change number indexing is not affected by the setting. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -degraded-status-threshold:: -[open] -==== - -Description:: -The number of pending changes as threshold value for putting a directory server in degraded status. This value represents a number of pending changes a replication server has in queue for sending to a directory server. Once this value is crossed, the matching directory server goes in degraded status. When number of pending changes goes back under this value, the directory server is put back in normal status. 0 means status analyzer is disabled and directory servers are never put in degraded status. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered and the replication server will disconnect from the rest of the replication topology. When the available free space on the disk used by the replication changelog falls below the value specified, this replication server will stop. Connected Directory Servers will fail over to another RS. The replication server will restart again as soon as free space rises above the low threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered. When the available free space on the disk used by the replication changelog falls below the value specified, a warning is sent and logged. Normal operation will continue but administrators are advised to take action to free some disk space. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group id for the replication server. This value defines the group id of the replication server. The replication system of a LDAP server uses the group id of the replicated domain and tries to connect, if possible, to a replication with the same group id. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -monitoring-period:: -[open] -==== - -Description:: -The period between sending of monitoring messages. Defines the duration that the replication server will wait before sending new monitoring messages to its peers (replication servers and directory servers). Larger values increase the length of time it takes for a directory server to detect and switch to a more suitable replication server, whereas smaller values increase the amount of background network traffic. - -Default Value:: -60s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -Specifies the number of changes that are kept in memory for each directory server in the Replication Domain. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -replication-db-directory:: -[open] -==== - -Description:: -The path where the Replication Server stores all persistent information. - -Default Value:: -changelogDb - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -replication-port:: -[open] -==== - -Description:: -The port on which this Replication Server waits for connections from other Replication Servers or Directory Servers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-purge-delay:: -[open] -==== - -Description:: -The time (in seconds) after which the Replication Server erases all persistent information. - -Default Value:: -3 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of other Replication Servers to which this Replication Server tries to connect at startup time. Addresses must be specified using the syntax: "hostname:port". If IPv6 addresses are used as the hostname, they must be specified using the syntax "[IPv6Address]:port". - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the Replication Server. Each Replication Server must have a different server ID. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -weight:: -[open] -==== - -Description:: -The weight of the replication server. The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the Replication Server uses when communicating with other Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-root-dn-prop] -=== dsconfig get-root-dn-prop — Shows Root DN properties - -==== Synopsis -`dsconfig get-root-dn-prop` {options} - -[#dsconfig-get-root-dn-prop-description] -==== Description -Shows Root DN properties. - -[#dsconfig-get-root-dn-prop-options] -==== Options --- -The `dsconfig get-root-dn-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Root DN properties depend on the Root DN type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Root DN types: - -root-dn:: -Default {property}: Root DN - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dn-prop-root-dn["Root DN"] for the properties of this Root DN type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Root DN properties depend on the Root DN type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Root DN types: - -root-dn:: -Default null: Root DN - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dn-prop-root-dn["Root DN"] for the properties of this Root DN type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Root DN properties depend on the Root DN type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Root DN types: - -root-dn:: -Default {unit}: Root DN - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dn-prop-root-dn["Root DN"] for the properties of this Root DN type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Root DN properties depend on the Root DN type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Root DN types: - -root-dn:: -Default {unit}: Root DN - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dn-prop-root-dn["Root DN"] for the properties of this Root DN type. - -==== - --- - -[#dsconfig-get-root-dn-prop-root-dn] -==== Root DN -Root Dns of type root-dn have the following properties: --- - -default-root-privilege-name:: -[open] -==== - -Description:: -Specifies the names of the privileges that root users will be granted by default. - -Default Value:: -bypass-lockdown - -+ -bypass-acl - -+ -modify-acl - -+ -config-read - -+ -config-write - -+ -ldif-import - -+ -ldif-export - -+ -backend-backup - -+ -backend-restore - -+ -server-lockdown - -+ -server-shutdown - -+ -server-restart - -+ -disconnect-client - -+ -cancel-request - -+ -password-reset - -+ -update-schema - -+ -privilege-change - -+ -unindexed-search - -+ -subentry-write - -+ -changelog-read - -Allowed Values:: -[open] -====== - -backend-backup:: -Allows the user to request that the server process backup tasks. - -backend-restore:: -Allows the user to request that the server process restore tasks. - -bypass-acl:: -Allows the associated user to bypass access control checks performed by the server. - -bypass-lockdown:: -Allows the associated user to bypass server lockdown mode. - -cancel-request:: -Allows the user to cancel operations in progress on other client connections. - -changelog-read:: -Allows the user to perform read operations on the changelog - -config-read:: -Allows the associated user to read the server configuration. - -config-write:: -Allows the associated user to update the server configuration. The config-read privilege is also required. - -data-sync:: -Allows the user to participate in data synchronization. - -disconnect-client:: -Allows the user to terminate other client connections. - -jmx-notify:: -Allows the associated user to subscribe to receive JMX notifications. - -jmx-read:: -Allows the associated user to perform JMX read operations. - -jmx-write:: -Allows the associated user to perform JMX write operations. - -ldif-export:: -Allows the user to request that the server process LDIF export tasks. - -ldif-import:: -Allows the user to request that the server process LDIF import tasks. - -modify-acl:: -Allows the associated user to modify the server's access control configuration. - -password-reset:: -Allows the user to reset user passwords. - -privilege-change:: -Allows the user to make changes to the set of defined root privileges, as well as to grant and revoke privileges for users. - -proxied-auth:: -Allows the user to use the proxied authorization control, or to perform a bind that specifies an alternate authorization identity. - -server-lockdown:: -Allows the user to place and bring the server of lockdown mode. - -server-restart:: -Allows the user to request that the server perform an in-core restart. - -server-shutdown:: -Allows the user to request that the server shut down. - -subentry-write:: -Allows the associated user to perform LDAP subentry write operations. - -unindexed-search:: -Allows the user to request that the server process a search that cannot be optimized using server indexes. - -update-schema:: -Allows the user to make changes to the server schema. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-root-dse-backend-prop] -=== dsconfig get-root-dse-backend-prop — Shows Root DSE Backend properties - -==== Synopsis -`dsconfig get-root-dse-backend-prop` {options} - -[#dsconfig-get-root-dse-backend-prop-description] -==== Description -Shows Root DSE Backend properties. - -[#dsconfig-get-root-dse-backend-prop-options] -==== Options --- -The `dsconfig get-root-dse-backend-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Root DSE Backend types: - -root-dse-backend:: -Default {property}: Root DSE Backend - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dse-backend-prop-root-dse-backend["Root DSE Backend"] for the properties of this Root DSE Backend type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Root DSE Backend types: - -root-dse-backend:: -Default null: Root DSE Backend - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dse-backend-prop-root-dse-backend["Root DSE Backend"] for the properties of this Root DSE Backend type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Root DSE Backend types: - -root-dse-backend:: -Default {unit}: Root DSE Backend - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dse-backend-prop-root-dse-backend["Root DSE Backend"] for the properties of this Root DSE Backend type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Root DSE Backend types: - -root-dse-backend:: -Default {unit}: Root DSE Backend - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-root-dse-backend-prop-root-dse-backend["Root DSE Backend"] for the properties of this Root DSE Backend type. - -==== - --- - -[#dsconfig-get-root-dse-backend-prop-root-dse-backend] -==== Root DSE Backend -Root DSE Backends of type root-dse-backend have the following properties: --- - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether all attributes in the root DSE are to be treated like user attributes (and therefore returned to clients by default) regardless of the directory server schema configuration. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -show-subordinate-naming-contexts:: -[open] -==== - -Description:: -Indicates whether subordinate naming contexts should be visible in the namingContexts attribute of the RootDSE. By default only top level naming contexts are visible - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -subordinate-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs used for singleLevel, wholeSubtree, and subordinateSubtree searches based at the root DSE. - -Default Value:: -The set of all user-defined suffixes is used. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-sasl-mechanism-handler-prop] -=== dsconfig get-sasl-mechanism-handler-prop — Shows SASL Mechanism Handler properties - -==== Synopsis -`dsconfig get-sasl-mechanism-handler-prop` {options} - -[#dsconfig-get-sasl-mechanism-handler-prop-description] -==== Description -Shows SASL Mechanism Handler properties. - -[#dsconfig-get-sasl-mechanism-handler-prop-options] -==== Options --- -The `dsconfig get-sasl-mechanism-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the SASL Mechanism Handler. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {name}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {name}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {name}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {name}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {name}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {name}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {property}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {property}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {property}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {property}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {property}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {property}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default null: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default null: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default null: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default null: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default null: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default null: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {unit}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {unit}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {unit}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {unit}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {unit}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {unit}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {unit}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {unit}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {unit}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {unit}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {unit}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {unit}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - --- - -[#dsconfig-get-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler] -==== Anonymous SASL Mechanism Handler -SASL Mechanism Handlers of type anonymous-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.AnonymousSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler] -==== Cram MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type cram-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper used with this SASL mechanism handler to match the authentication ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Cram MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.CRAMMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler] -==== Digest MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.DigestMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Default Value:: -If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Allowed Values:: -Any realm string that does not contain a comma. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically. - -Allowed Values:: -The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-sasl-mechanism-handler-prop-external-sasl-mechanism-handler] -==== External SASL Mechanism Handler -SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties: --- - -certificate-attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. - -Default Value:: -userCertificate - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-mapper:: -[open] -==== - -Description:: -Specifies the name of the certificate mapper that should be used to match client certificates to user entries. - -Default Value:: -None - -Allowed Values:: -The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-validation-policy:: -[open] -==== - -Description:: -Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -always:: -Always require the peer certificate to be present in the user's entry. - -ifpresent:: -If the user's entry contains one or more certificates, require that one of them match the peer certificate. - -never:: -Do not look for the peer certificate to be present in the user's entry. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.ExternalSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler] -==== GSSAPI SASL Mechanism Handler -SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.GSSAPISASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -kdc-address:: -[open] -==== - -Description:: -Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration. - -Default Value:: -The server attempts to determine the KDC address from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -keytab:: -[open] -==== - -Description:: -Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root. - -Default Value:: -The server attempts to use the system-wide default keytab. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -principal-name:: -[open] -==== - -Description:: -Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/". - -Default Value:: -The server attempts to determine the principal name from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realm to be used for GSSAPI authentication. - -Default Value:: -The server attempts to determine the realm from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the system. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically . - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler] -==== Plain SASL Mechanism Handler -SASL Mechanism Handlers of type plain-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Plain SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.PlainSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-schema-provider-prop] -=== dsconfig get-schema-provider-prop — Shows Schema Provider properties - -==== Synopsis -`dsconfig get-schema-provider-prop` {options} - -[#dsconfig-get-schema-provider-prop-description] -==== Description -Shows Schema Provider properties. - -[#dsconfig-get-schema-provider-prop-options] -==== Options --- -The `dsconfig get-schema-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Schema Provider. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {name}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-schema-provider-prop-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {property}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-schema-provider-prop-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default null: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-schema-provider-prop-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {unit}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-schema-provider-prop-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {unit}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-schema-provider-prop-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - --- - -[#dsconfig-get-schema-provider-prop-core-schema] -==== Core Schema -Schema Providers of type core-schema have the following properties: --- - -allow-zero-length-values-directory-string:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed for directory string. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disabled-matching-rule:: -[open] -==== - -Description:: -The set of disabled matching rules. Matching rules must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled matching rule. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-syntax:: -[open] -==== - -Description:: -The set of disabled syntaxes. Syntaxes must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled syntax, or NONE - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Schema Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Core Schema implementation. - -Default Value:: -org.opends.server.schema.CoreSchemaProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.schema.SchemaProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strict-format-country-string:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strip-syntax-min-upper-bound-attribute-type-description:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-synchronization-provider-prop] -=== dsconfig get-synchronization-provider-prop — Shows Synchronization Provider properties - -==== Synopsis -`dsconfig get-synchronization-provider-prop` {options} - -[#dsconfig-get-synchronization-provider-prop-description] -==== Description -Shows Synchronization Provider properties. - -[#dsconfig-get-synchronization-provider-prop-options] -==== Options --- -The `dsconfig get-synchronization-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Synchronization Provider. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {name}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-synchronization-provider-prop-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {property}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-synchronization-provider-prop-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default null: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-synchronization-provider-prop-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {unit}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-synchronization-provider-prop-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {unit}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-synchronization-provider-prop-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - --- - -[#dsconfig-get-synchronization-provider-prop-replication-synchronization-provider] -==== Replication Synchronization Provider -Synchronization Providers of type replication-synchronization-provider have the following properties: --- - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to peers and when performing SSL negotiation. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Synchronization Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Replication Synchronization Provider implementation. - -Default Value:: -org.opends.server.replication.plugin.MultimasterReplication - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SynchronizationProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-update-replay-threads:: -[open] -==== - -Description:: -Specifies the number of update replay threads. This value is the number of threads created for replaying every updates received for all the replication domains. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-trust-manager-provider-prop] -=== dsconfig get-trust-manager-provider-prop — Shows Trust Manager Provider properties - -==== Synopsis -`dsconfig get-trust-manager-provider-prop` {options} - -[#dsconfig-get-trust-manager-provider-prop-description] -==== Description -Shows Trust Manager Provider properties. - -[#dsconfig-get-trust-manager-provider-prop-options] -==== Options --- -The `dsconfig get-trust-manager-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Trust Manager Provider. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {name}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {name}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {property}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {property}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default null: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default null: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {unit}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {unit}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {unit}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {unit}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-trust-manager-provider-prop-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - --- - -[#dsconfig-get-trust-manager-provider-prop-blind-trust-manager-provider] -==== Blind Trust Manager Provider -Trust Manager Providers of type blind-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Blind Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.BlindTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-get-trust-manager-provider-prop-file-based-trust-manager-provider] -==== File Based Trust Manager Provider -Trust Manager Providers of type file-based-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the trust information. It can be an absolute path or a path that is relative to the OpenDJ instance root. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -An absolute path or a path that is relative to the OpenDJ directory server instance root. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the trust store file. Valid values always include 'JKS' and 'PKCS12', but different implementations can allow other values as well. If no value is provided, then the JVM default value is used. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-virtual-attribute-prop] -=== dsconfig get-virtual-attribute-prop — Shows Virtual Attribute properties - -==== Synopsis -`dsconfig get-virtual-attribute-prop` {options} - -[#dsconfig-get-virtual-attribute-prop-description] -==== Description -Shows Virtual Attribute properties. - -[#dsconfig-get-virtual-attribute-prop-options] -==== Options --- -The `dsconfig get-virtual-attribute-prop` command takes the following options: - -`--name {name}`:: -The name of the Virtual Attribute. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {name}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {name}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {name}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {name}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {name}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {name}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {name}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {name}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {name}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {name}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {name}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {name}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {name}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {name}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {property}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {property}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {property}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {property}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {property}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {property}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {property}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {property}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {property}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {property}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {property}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {property}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {property}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {property}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default null: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default null: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default null: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default null: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default null: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default null: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default null: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default null: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default null: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default null: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default null: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default null: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default null: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default null: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {unit}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {unit}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {unit}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {unit}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {unit}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {unit}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {unit}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {unit}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {unit}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {unit}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {unit}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {unit}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {unit}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {unit}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {unit}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {unit}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {unit}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {unit}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {unit}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {unit}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {unit}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {unit}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {unit}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {unit}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {unit}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {unit}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {unit}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {unit}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-get-virtual-attribute-prop-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute] -==== Collective Attribute Subentries Virtual Attribute -Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -collectiveAttributeSubentries - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-entity-tag-virtual-attribute] -==== Entity Tag Virtual Attribute -Virtual Attributes of type entity-tag-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -etag - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -checksum-algorithm:: -[open] -==== - -Description:: -The algorithm which should be used for calculating the entity tag checksum value. - -Default Value:: -adler-32 - -Allowed Values:: -[open] -====== - -adler-32:: -The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster. - -crc-32:: -The CRC-32 checksum algorithm. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -excluded-attribute:: -[open] -==== - -Description:: -The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum. - -Default Value:: -ds-sync-hist - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntityTagVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-entry-dn-virtual-attribute] -==== Entry DN Virtual Attribute -Virtual Attributes of type entry-dn-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryDN - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryDNVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-entry-uuid-virtual-attribute] -==== Entry UUID Virtual Attribute -Virtual Attributes of type entry-uuid-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryUUID - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryUUIDVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-governing-structure-rule-virtual-attribute] -==== Governing Structure Rule Virtual Attribute -Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -governingStructureRule - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-has-subordinates-virtual-attribute] -==== Has Subordinates Virtual Attribute -Virtual Attributes of type has-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -hasSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-is-member-of-virtual-attribute] -==== Is Member Of Virtual Attribute -Virtual Attributes of type is-member-of-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -isMemberOf - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.IsMemberOfVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-member-virtual-attribute] -==== Member Virtual Attribute -Virtual Attributes of type member-virtual-attribute have the following properties: --- - -allow-retrieving-membership:: -[open] -==== - -Description:: -Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.MemberVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-num-subordinates-virtual-attribute] -==== Num Subordinates Virtual Attribute -Virtual Attributes of type num-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -numSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-password-expiration-time-virtual-attribute] -==== Password Expiration Time Virtual Attribute -Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -ds-pwp-password-expiration-time - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-password-policy-subentry-virtual-attribute] -==== Password Policy Subentry Virtual Attribute -Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -pwdPolicySubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-structural-object-class-virtual-attribute] -==== Structural Object Class Virtual Attribute -Virtual Attributes of type structural-object-class-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -structuralObjectClass - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-subschema-subentry-virtual-attribute] -==== Subschema Subentry Virtual Attribute -Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -subschemaSubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-virtual-attribute-prop-user-defined-virtual-attribute] -==== User Defined Virtual Attribute -Virtual Attributes of type user-defined-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.UserDefinedVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -value:: -[open] -==== - -Description:: -Specifies the values to be included in the virtual attribute. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-get-work-queue-prop] -=== dsconfig get-work-queue-prop — Shows Work Queue properties - -==== Synopsis -`dsconfig get-work-queue-prop` {options} - -[#dsconfig-get-work-queue-prop-description] -==== Description -Shows Work Queue properties. - -[#dsconfig-get-work-queue-prop-options] -==== Options --- -The `dsconfig get-work-queue-prop` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Work Queue properties depend on the Work Queue type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Work Queue types: - -parallel-work-queue:: -Default {property}: Parallel Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-parallel-work-queue["Parallel Work Queue"] for the properties of this Work Queue type. - -traditional-work-queue:: -Default {property}: Traditional Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-traditional-work-queue["Traditional Work Queue"] for the properties of this Work Queue type. - -==== - -`-E | --record`:: -Modifies the display output to show one property value per line. -+ -[open] -==== -Work Queue properties depend on the Work Queue type, which depends on the null you provide. - -By default, OpenDJ directory server supports the following Work Queue types: - -parallel-work-queue:: -Default null: Parallel Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-parallel-work-queue["Parallel Work Queue"] for the properties of this Work Queue type. - -traditional-work-queue:: -Default null: Traditional Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-traditional-work-queue["Traditional Work Queue"] for the properties of this Work Queue type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Work Queue properties depend on the Work Queue type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Work Queue types: - -parallel-work-queue:: -Default {unit}: Parallel Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-parallel-work-queue["Parallel Work Queue"] for the properties of this Work Queue type. - -traditional-work-queue:: -Default {unit}: Traditional Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-traditional-work-queue["Traditional Work Queue"] for the properties of this Work Queue type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Work Queue properties depend on the Work Queue type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Work Queue types: - -parallel-work-queue:: -Default {unit}: Parallel Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-parallel-work-queue["Parallel Work Queue"] for the properties of this Work Queue type. - -traditional-work-queue:: -Default {unit}: Traditional Work Queue - -+ -Enabled by default: false - -+ -See xref:#dsconfig-get-work-queue-prop-traditional-work-queue["Traditional Work Queue"] for the properties of this Work Queue type. - -==== - --- - -[#dsconfig-get-work-queue-prop-parallel-work-queue] -==== Parallel Work Queue -Work Queues of type parallel-work-queue have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Parallel Work Queue implementation. - -Default Value:: -org.opends.server.extensions.ParallelWorkQueue - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.WorkQueue - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-worker-threads:: -[open] -==== - -Description:: -Specifies the number of worker threads to be used for processing operations placed in the queue. If the value is increased, the additional worker threads are created immediately. If the value is reduced, the appropriate number of threads are destroyed as operations complete processing. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-get-work-queue-prop-traditional-work-queue] -==== Traditional Work Queue -Work Queues of type traditional-work-queue have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Traditional Work Queue implementation. - -Default Value:: -org.opends.server.extensions.TraditionalWorkQueue - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.WorkQueue - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-work-queue-capacity:: -[open] -==== - -Description:: -Specifies the maximum number of queued operations that can be in the work queue at any given time. If the work queue is already full and additional requests are received by the server, then the server front end, and possibly the client, will be blocked until the work queue has available capacity. - -Default Value:: -1000 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -num-worker-threads:: -[open] -==== - -Description:: -Specifies the number of worker threads to be used for processing operations placed in the queue. If the value is increased, the additional worker threads are created immediately. If the value is reduced, the appropriate number of threads are destroyed as operations complete processing. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-access-log-filtering-criteria] -=== dsconfig list-access-log-filtering-criteria — Lists existing Access Log Filtering Criteria - -==== Synopsis -`dsconfig list-access-log-filtering-criteria` {options} - -[#dsconfig-list-access-log-filtering-criteria-description] -==== Description -Lists existing Access Log Filtering Criteria. - -[#dsconfig-list-access-log-filtering-criteria-options] -==== Options --- -The `dsconfig list-access-log-filtering-criteria` command takes the following options: - -`--publisher-name {name}`:: -The name of the Access Log Publisher. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {property}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {unit}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {unit}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-access-log-filtering-criteria-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - --- - -[#dsconfig-list-access-log-filtering-criteria-access-log-filtering-criteria] -==== Access Log Filtering Criteria -Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties: --- - -connection-client-address-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-client-address-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-port-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections to any of the specified listener port numbers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-protocol-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx". - -Default Value:: -None - -Allowed Values:: -The protocol name as reported in the access log. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-type:: -[open] -==== - -Description:: -Filters log records based on their type. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -abandon:: -Abandon operations - -add:: -Add operations - -bind:: -Bind operations - -compare:: -Compare operations - -connect:: -Client connections - -delete:: -Delete operations - -disconnect:: -Client disconnections - -extended:: -Extended operations - -modify:: -Modify operations - -rename:: -Rename operations - -search:: -Search operations - -unbind:: -Unbind operations - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-not-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-greater-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-less-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-not-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-is-indexed:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-greater-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-less-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are members of at least one of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-not-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are not members of any of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-account-status-notification-handlers] -=== dsconfig list-account-status-notification-handlers — Lists existing Account Status Notification Handlers - -==== Synopsis -`dsconfig list-account-status-notification-handlers` {options} - -[#dsconfig-list-account-status-notification-handlers-description] -==== Description -Lists existing Account Status Notification Handlers. - -[#dsconfig-list-account-status-notification-handlers-options] -==== Options --- -The `dsconfig list-account-status-notification-handlers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {property}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-account-status-notification-handlers-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {property}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-account-status-notification-handlers-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {unit}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-account-status-notification-handlers-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {unit}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-account-status-notification-handlers-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {unit}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-account-status-notification-handlers-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {unit}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-account-status-notification-handlers-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - --- - -[#dsconfig-list-account-status-notification-handlers-error-log-account-status-notification-handler] -==== Error Log Account Status Notification Handler -Account Status Notification Handlers of type error-log-account-status-notification-handler have the following properties: --- - -account-status-notification-type:: -[open] -==== - -Description:: -Indicates which types of event can trigger an account status notification. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -account-disabled:: -Generate a notification whenever a user account has been disabled by an administrator. - -account-enabled:: -Generate a notification whenever a user account has been enabled by an administrator. - -account-expired:: -Generate a notification whenever a user authentication has failed because the account has expired. - -account-idle-locked:: -Generate a notification whenever a user account has been locked because it was idle for too long. - -account-permanently-locked:: -Generate a notification whenever a user account has been permanently locked after too many failed attempts. - -account-reset-locked:: -Generate a notification whenever a user account has been locked, because the password had been reset by an administrator but not changed by the user within the required interval. - -account-temporarily-locked:: -Generate a notification whenever a user account has been temporarily locked after too many failed attempts. - -account-unlocked:: -Generate a notification whenever a user account has been unlocked by an administrator. - -password-changed:: -Generate a notification whenever a user changes his/her own password. - -password-expired:: -Generate a notification whenever a user authentication has failed because the password has expired. - -password-expiring:: -Generate a notification whenever a password expiration warning is encountered for a user password for the first time. - -password-reset:: -Generate a notification whenever a user's password is reset by an administrator. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Error Log Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-account-status-notification-handlers-smtp-account-status-notification-handler] -==== SMTP Account Status Notification Handler -Account Status Notification Handlers of type smtp-account-status-notification-handler have the following properties: --- - -email-address-attribute-type:: -[open] -==== - -Description:: -Specifies which attribute in the user's entries may be used to obtain the email address when notifying the end user. You can specify more than one email address as separate values. In this case, the OpenDJ server sends a notification to all email addresses identified. - -Default Value:: -If no email address attribute types are specified, then no attempt is made to send email notification messages to end users. Only those users specified in the set of additional recipient addresses are sent the notification messages. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this account status notification handler. The values for this property should begin with the name of an account status notification type followed by a colon and the subject that should be used for the associated notification message. If an email message is generated for an account status notification type for which no subject is defined, then that message is given a generic subject. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-template-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the message template to generate the email notification messages. The values for this property should begin with the name of an account status notification type followed by a colon and the path to the template file that should be used for that notification type. If an account status notification has a notification type that is not associated with a message template file, then no email message is generated for that notification. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which notification messages are sent, either instead of or in addition to the end user for whom the notification has been generated. This may be used to ensure that server administrators also receive a copy of any notification messages that are generated. - -Default Value:: -If no additional recipient addresses are specified, then only the end users that are the subjects of the account status notifications receive the notification messages. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -send-email-as-html:: -[open] -==== - -Description:: -Indicates whether an email notification message should be sent as HTML. If this value is true, email notification messages are marked as text/html. Otherwise outgoing email messages are assumed to be plaintext and marked as text/plain. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-message-without-end-user-address:: -[open] -==== - -Description:: -Indicates whether an email notification message should be generated and sent to the set of notification recipients even if the user entry does not contain any values for any of the email address attributes (that is, in cases when it is not be possible to notify the end user). This is only applicable if both one or more email address attribute types and one or more additional recipient addresses are specified. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address from which the message is sent. Note that this does not necessarily have to be a legitimate email address. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-alert-handlers] -=== dsconfig list-alert-handlers — Lists existing Alert Handlers - -==== Synopsis -`dsconfig list-alert-handlers` {options} - -[#dsconfig-list-alert-handlers-description] -==== Description -Lists existing Alert Handlers. - -[#dsconfig-list-alert-handlers-options] -==== Options --- -The `dsconfig list-alert-handlers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {property}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-alert-handlers-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {property}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-alert-handlers-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {unit}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-alert-handlers-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {unit}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-alert-handlers-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {unit}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-alert-handlers-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {unit}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-alert-handlers-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - --- - -[#dsconfig-list-alert-handlers-jmx-alert-handler] -==== JMX Alert Handler -Alert Handlers of type jmx-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.JMXAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-alert-handlers-smtp-alert-handler] -==== SMTP Alert Handler -Alert Handlers of type smtp-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-body:: -[open] -==== - -Description:: -Specifies the body that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which the messages should be sent. Multiple values may be provided if there should be more than one recipient. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender for messages generated by this alert handler. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-attribute-syntaxes] -=== dsconfig list-attribute-syntaxes — Lists existing Attribute Syntaxes - -==== Synopsis -`dsconfig list-attribute-syntaxes` {options} - -[#dsconfig-list-attribute-syntaxes-description] -==== Description -Lists existing Attribute Syntaxes. - -[#dsconfig-list-attribute-syntaxes-options] -==== Options --- -The `dsconfig list-attribute-syntaxes` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {property}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {property}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {property}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {property}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {property}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {property}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {unit}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {unit}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {unit}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {unit}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {unit}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {unit}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {unit}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {unit}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {unit}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {unit}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {unit}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {unit}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-attribute-syntaxes-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - --- - -[#dsconfig-list-attribute-syntaxes-attribute-type-description-attribute-syntax] -==== Attribute Type Description Attribute Syntax -Attribute Syntaxes of type attribute-type-description-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Attribute Type Description Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.AttributeTypeSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strip-syntax-min-upper-bound:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-attribute-syntaxes-certificate-attribute-syntax] -==== Certificate Attribute Syntax -Attribute Syntaxes of type certificate-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Certificate Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CertificateSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether X.509 Certificate values are required to strictly comply with the standard definition for this syntax. When set to false, certificates will not be validated and, as a result any sequence of bytes will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-attribute-syntaxes-country-string-attribute-syntax] -==== Country String Attribute Syntax -Attribute Syntaxes of type country-string-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Country String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CountryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-attribute-syntaxes-directory-string-attribute-syntax] -==== Directory String Attribute Syntax -Attribute Syntaxes of type directory-string-attribute-syntax have the following properties: --- - -allow-zero-length-values:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Directory String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.DirectoryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - --- - -[#dsconfig-list-attribute-syntaxes-jpeg-attribute-syntax] -==== JPEG Attribute Syntax -Attribute Syntaxes of type jpeg-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JPEG Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.JPEGSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require JPEG values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-attribute-syntaxes-telephone-number-attribute-syntax] -==== Telephone Number Attribute Syntax -Attribute Syntaxes of type telephone-number-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Telephone Number Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.TelephoneNumberSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require telephone number values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-backend-indexes] -=== dsconfig list-backend-indexes — Lists existing Backend Indexes - -==== Synopsis -`dsconfig list-backend-indexes` {options} - -[#dsconfig-list-backend-indexes-description] -==== Description -Lists existing Backend Indexes. - -[#dsconfig-list-backend-indexes-options] -==== Options --- -The `dsconfig list-backend-indexes` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-indexes-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {property}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-indexes-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {unit}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-indexes-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {unit}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-indexes-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - --- - -[#dsconfig-list-backend-indexes-backend-index] -==== Backend Index -Backend Indexes of type backend-index have the following properties: --- - -attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute for which the index is to be maintained. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Specifies whether contents of the index should be confidential. Setting the flag to true will hash keys for equality type indexes using SHA-1 and encrypt the list of entries matching a substring key for substring indexes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If the index for the attribute must be protected for security purposes and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. The property cannot be set on a backend for which confidentiality is not enabled. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that are allowed to match a given index key before that particular index key is no longer maintained. This is analogous to the ALL IDs threshold in the Sun Java System Directory Server. If this is specified, its value overrides the JE backend-wide configuration. For no limit, use 0 for the value. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If any index keys have already reached this limit, indexes must be rebuilt before they will be allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-extensible-matching-rule:: -[open] -==== - -Description:: -The extensible matching rule in an extensible index. An extensible matching rule must be specified using either LOCALE or OID of the matching rule. - -Default Value:: -No extensible matching rules will be indexed. - -Allowed Values:: -A Locale or an OID. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-type:: -[open] -==== - -Description:: -Specifies the type(s) of indexing that should be performed for the associated attribute. For equality, presence, and substring index types, the associated attribute type must have a corresponding matching rule. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -approximate:: -This index type is used to improve the efficiency of searches using approximate matching search filters. - -equality:: -This index type is used to improve the efficiency of searches using equality search filters. - -extensible:: -This index type is used to improve the efficiency of searches using extensible matching search filters. - -ordering:: -This index type is used to improve the efficiency of searches using "greater than or equal to" or "less then or equal to" search filters. - -presence:: -This index type is used to improve the efficiency of searches using the presence search filters. - -substring:: -This index type is used to improve the efficiency of searches using substring search filters. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -If any new index types are added for an attribute, and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. - -Advanced Property:: -No - -Read-only:: -No - -==== - -substring-length:: -[open] -==== - -Description:: -The length of substrings in a substring index. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 3. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-backend-vlv-indexes] -=== dsconfig list-backend-vlv-indexes — Lists existing Backend VLV Indexes - -==== Synopsis -`dsconfig list-backend-vlv-indexes` {options} - -[#dsconfig-list-backend-vlv-indexes-description] -==== Description -Lists existing Backend VLV Indexes. - -[#dsconfig-list-backend-vlv-indexes-options] -==== Options --- -The `dsconfig list-backend-vlv-indexes` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-vlv-indexes-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {property}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-vlv-indexes-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {unit}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-vlv-indexes-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {unit}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-backend-vlv-indexes-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - --- - -[#dsconfig-list-backend-vlv-indexes-backend-vlv-index] -==== Backend VLV Index -Backend VLV Indexes of type backend-vlv-index have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN used in the search query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the LDAP filter used in the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid LDAP search filter. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -name:: -[open] -==== - -Description:: -Specifies a unique name for this VLV index. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -The VLV index name cannot be altered after the index is created. - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope of the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -sort-order:: -[open] -==== - -Description:: -Specifies the names of the attributes that are used to sort the entries for the query being indexed. Multiple attributes can be used to determine the sort order by listing the attribute names from highest to lowest precedence. Optionally, + or - can be prefixed to the attribute name to sort the attribute in ascending order or descending order respectively. - -Default Value:: -None - -Allowed Values:: -Valid attribute types defined in the schema, separated by a space and optionally prefixed by + or -. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-backends] -=== dsconfig list-backends — Lists existing Backends - -==== Synopsis -`dsconfig list-backends` {options} - -[#dsconfig-list-backends-description] -==== Description -Lists existing Backends. - -[#dsconfig-list-backends-options] -==== Options --- -The `dsconfig list-backends` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {property}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {property}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {property}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {property}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {property}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {property}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {property}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {property}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {property}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {property}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {unit}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {unit}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {unit}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {unit}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {unit}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {unit}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {unit}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {unit}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {unit}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {unit}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {unit}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {unit}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {unit}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {unit}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {unit}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {unit}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {unit}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {unit}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {unit}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {unit}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-backends-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - --- - -[#dsconfig-list-backends-backup-backend] -==== Backup Backend -Backends of type backup-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -backup-directory:: -[open] -==== - -Description:: -Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.BackupBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-je-backend] -==== JE Backend -Backends of type je-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-bytes-interval:: -[open] -==== - -Description:: -Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero. - -Default Value:: -500mb - -Allowed Values:: -Upper value is 9223372036854775807. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero. - -Default Value:: -30s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 4294 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-cleaner-min-utilization:: -[open] -==== - -Description:: -Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-core-threads:: -[open] -==== - -Description:: -Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-keep-alive:: -[open] -==== - -Description:: -The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -600s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 86400 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-lru-only:: -[open] -==== - -Description:: -Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-max-threads:: -[open] -==== - -Description:: -Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-nodes-per-scan:: -[open] -==== - -Description:: -Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 1000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-file-max:: -[open] -==== - -Description:: -Specifies the maximum size for a database log file. - -Default Value:: -100mb - -Allowed Values:: -Lower value is 1000000.Upper value is 4294967296. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-filecache-size:: -[open] -==== - -Description:: -Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 3. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-file-handler-on:: -[open] -==== - -Description:: -Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-level:: -[open] -==== - -Description:: -Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL. - -Default Value:: -CONFIG - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-cleaner-threads:: -[open] -==== - -Description:: -Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-lock-tables:: -[open] -==== - -Description:: -Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 32767. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-run-cleaner:: -[open] -==== - -Description:: -Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-write-no-sync:: -[open] -==== - -Description:: -Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.jeb.JEBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -je-property:: -[open] -==== - -Description:: -Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-ldif-backend] -==== LDIF Backend -Backends of type ldif-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -is-private-backend:: -[open] -==== - -Description:: -Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.LDIFBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-file:: -[open] -==== - -Description:: -Specifies the path to the LDIF file containing the data for this backend. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-memory-backend] -==== Memory Backend -Backends of type memory-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MemoryBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-monitor-backend] -==== Monitor Backend -Backends of type monitor-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MonitorBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-null-backend] -==== Null Backend -Backends of type null-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.NullBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-pdb-backend] -==== PDB Backend -Backends of type pdb-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time. - -Default Value:: -15s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 10 seconds.Upper limit is 3600 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.pdb.PDBBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-schema-backend] -==== Schema Backend -Backends of type schema-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.SchemaBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -schema-entry-dn:: -[open] -==== - -Description:: -Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. - -Default Value:: -cn=schema - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-task-backend] -==== Task Backend -Backends of type task-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.task.TaskBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -notification-sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution. - -Default Value:: -The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-backing-file:: -[open] -==== - -Description:: -Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-retention-time:: -[open] -==== - -Description:: -Specifies the length of time that task entries should be retained after processing on the associated task has been completed. - -Default Value:: -24 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-backends-trust-store-backend] -==== Trust Store Backend -Backends of type trust-store-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.TrustStoreBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root. - -Default Value:: -config/ads-truststore - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. - -Default Value:: -The JVM default value is used. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect the next time that the key manager is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-certificate-mappers] -=== dsconfig list-certificate-mappers — Lists existing Certificate Mappers - -==== Synopsis -`dsconfig list-certificate-mappers` {options} - -[#dsconfig-list-certificate-mappers-description] -==== Description -Lists existing Certificate Mappers. - -[#dsconfig-list-certificate-mappers-options] -==== Options --- -The `dsconfig list-certificate-mappers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {property}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {property}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {property}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {property}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {unit}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {unit}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {unit}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {unit}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {unit}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {unit}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {unit}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {unit}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-certificate-mappers-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - --- - -[#dsconfig-list-certificate-mappers-fingerprint-certificate-mapper] -==== Fingerprint Certificate Mapper -Certificate Mappers of type fingerprint-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-algorithm:: -[open] -==== - -Description:: -Specifies the name of the digest algorithm to compute the fingerprint of client certificates. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -md5:: -Use the MD5 digest algorithm to compute certificate fingerprints. - -sha1:: -Use the SHA-1 digest algorithm to compute certificate fingerprints. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-attribute:: -[open] -==== - -Description:: -Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.FingerprintCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. - -Default Value:: -The server performs the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-certificate-mappers-subject-attribute-to-user-attribute-certificate-mapper] -==== Subject Attribute To User Attribute Certificate Mapper -Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute-mapping:: -[open] -==== - -Description:: -Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-certificate-mappers-subject-dn-to-user-attribute-certificate-mapper] -==== Subject DN To User Attribute Certificate Mapper -Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-certificate-mappers-subject-equals-dn-certificate-mapper] -==== Subject Equals DN Certificate Mapper -Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectEqualsDNCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-connection-handlers] -=== dsconfig list-connection-handlers — Lists existing Connection Handlers - -==== Synopsis -`dsconfig list-connection-handlers` {options} - -[#dsconfig-list-connection-handlers-description] -==== Description -Lists existing Connection Handlers. - -[#dsconfig-list-connection-handlers-options] -==== Options --- -The `dsconfig list-connection-handlers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {property}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {property}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {property}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {property}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {property}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {unit}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {unit}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {unit}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {unit}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {unit}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {unit}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {unit}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {unit}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {unit}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {unit}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-connection-handlers-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - --- - -[#dsconfig-list-connection-handlers-http-connection-handler] -==== HTTP Connection Handler -Connection Handlers of type http-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.http.HTTPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-concurrent-ops-per-connection:: -[open] -==== - -Description:: -Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-connection-handlers-jmx-connection-handler] -==== JMX Connection Handler -Connection Handlers of type jmx-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.jmx.JmxConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this JMX Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -rmi-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-connection-handlers-ldap-connection-handler] -==== LDAP Connection Handler -Connection Handlers of type ldap-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-ldap-v2:: -[open] -==== - -Description:: -Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-start-tls:: -[open] -==== - -Description:: -Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.ldap.LDAPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-rejection-notice:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-connection-handlers-ldif-connection-handler] -==== LDIF Connection Handler -Connection Handlers of type ldif-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.LDIFConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-directory:: -[open] -==== - -Description:: -Specifies the path to the directory in which the LDIF files should be placed. - -Default Value:: -config/auto-process-ldif - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -poll-interval:: -[open] -==== - -Description:: -Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-connection-handlers-snmp-connection-handler] -==== SNMP Connection Handler -Connection Handlers of type snmp-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-manager:: -[open] -==== - -Description:: -Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-user:: -[open] -==== - -Description:: -Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -community:: -[open] -==== - -Description:: -Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. - -Default Value:: -org.opends.server.snmp.SNMPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -opendmk-jarfile:: -[open] -==== - -Description:: -Indicates the OpenDMK runtime jar file location - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -registered-mbean:: -[open] -==== - -Description:: -Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-agent-file:: -[open] -==== - -Description:: -Specifies the USM security configuration to receive authenticated only SNMP requests. - -Default Value:: -config/snmp/security/opendj-snmp.security - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-level:: -[open] -==== - -Description:: -Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. - -Default Value:: -authnopriv - -Allowed Values:: -[open] -====== - -authnopriv:: -Authentication activated with no privacy. - -authpriv:: -Authentication with privacy activated. - -noauthnopriv:: -No security mechanisms activated. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -trap-port:: -[open] -==== - -Description:: -Specifies the port to use to send SNMP Traps. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-community:: -[open] -==== - -Description:: -Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-destination:: -[open] -==== - -Description:: -Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess. - -Default Value:: -If the list is empty, V1 traps are sent to "localhost". - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-debug-targets] -=== dsconfig list-debug-targets — Lists existing Debug Targets - -==== Synopsis -`dsconfig list-debug-targets` {options} - -[#dsconfig-list-debug-targets-description] -==== Description -Lists existing Debug Targets. - -[#dsconfig-list-debug-targets-options] -==== Options --- -The `dsconfig list-debug-targets` command takes the following options: - -`--publisher-name {name}`:: -The name of the Debug Log Publisher. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-debug-targets-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {property}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-debug-targets-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {unit}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-debug-targets-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {unit}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-debug-targets-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - --- - -[#dsconfig-list-debug-targets-debug-target] -==== Debug Target -Debug Targets of type debug-target have the following properties: --- - -debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -debug-scope:: -[open] -==== - -Description:: -Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). - -Default Value:: -None - -Allowed Values:: -The fully-qualified OpenDJ Java package, class, or method name. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Debug Target is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-throwable-cause:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the cause of exceptions in exception thrown and caught messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-entry-arguments:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include method arguments in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-return-value:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the return value in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -throwable-stack-frames:: -[open] -==== - -Description:: -Specifies the property to indicate the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-entry-caches] -=== dsconfig list-entry-caches — Lists existing Entry Caches - -==== Synopsis -`dsconfig list-entry-caches` {options} - -[#dsconfig-list-entry-caches-description] -==== Description -Lists existing Entry Caches. - -[#dsconfig-list-entry-caches-options] -==== Options --- -The `dsconfig list-entry-caches` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {property}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-entry-caches-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {property}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-entry-caches-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {unit}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-entry-caches-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {unit}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-entry-caches-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {unit}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-entry-caches-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {unit}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-entry-caches-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - --- - -[#dsconfig-list-entry-caches-fifo-entry-cache] -==== FIFO Entry Cache -Entry Caches of type fifo-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the FIFO Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.FIFOEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time to wait while attempting to acquire a read or write lock. - -Default Value:: -2000.0ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-entries:: -[open] -==== - -Description:: -Specifies the maximum number of entries that we will allow in the cache. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-memory-percent:: -[open] -==== - -Description:: -Specifies the maximum percentage of JVM memory used by the server before the entry caches stops caching and begins purging itself. Very low settings such as 10 or 20 (percent) can prevent this entry cache from having enough space to hold any of the entries to cache, making it appear that the server is ignoring or skipping the entry cache entirely. - -Default Value:: -90 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 100. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-entry-caches-soft-reference-entry-cache] -==== Soft Reference Entry Cache -Entry Caches of type soft-reference-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Soft Reference Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.SoftReferenceEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time in milliseconds to wait while attempting to acquire a read or write lock. - -Default Value:: -3000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-extended-operation-handlers] -=== dsconfig list-extended-operation-handlers — Lists existing Extended Operation Handlers - -==== Synopsis -`dsconfig list-extended-operation-handlers` {options} - -[#dsconfig-list-extended-operation-handlers-description] -==== Description -Lists existing Extended Operation Handlers. - -[#dsconfig-list-extended-operation-handlers-options] -==== Options --- -The `dsconfig list-extended-operation-handlers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {property}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {property}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {property}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {property}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {property}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {property}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {property}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {unit}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {unit}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {unit}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {unit}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {unit}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {unit}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {unit}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {unit}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {unit}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {unit}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {unit}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {unit}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {unit}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {unit}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-extended-operation-handlers-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - --- - -[#dsconfig-list-extended-operation-handlers-cancel-extended-operation-handler] -==== Cancel Extended Operation Handler -Extended Operation Handlers of type cancel-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Cancel Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.CancelExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-extended-operation-handlers-get-connection-id-extended-operation-handler] -==== Get Connection Id Extended Operation Handler -Extended Operation Handlers of type get-connection-id-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Connection Id Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.GetConnectionIDExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-extended-operation-handlers-get-symmetric-key-extended-operation-handler] -==== Get Symmetric Key Extended Operation Handler -Extended Operation Handlers of type get-symmetric-key-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Symmetric Key Extended Operation Handler implementation. - -Default Value:: -org.opends.server.crypto.GetSymmetricKeyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-extended-operation-handlers-password-modify-extended-operation-handler] -==== Password Modify Extended Operation Handler -Extended Operation Handlers of type password-modify-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that should be used in conjunction with the password modify extended operation. This property is used to identify a user based on an authorization ID in the 'u:' form. Changes to this property take effect immediately. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Password Modify Extended Operation Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Modify Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordModifyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-extended-operation-handlers-password-policy-state-extended-operation-handler] -==== Password Policy State Extended Operation Handler -Extended Operation Handlers of type password-policy-state-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Policy State Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordPolicyStateExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-extended-operation-handlers-start-tls-extended-operation-handler] -==== Start TLS Extended Operation Handler -Extended Operation Handlers of type start-tls-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Start TLS Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.StartTLSExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-extended-operation-handlers-who-am-i-extended-operation-handler] -==== Who Am I Extended Operation Handler -Extended Operation Handlers of type who-am-i-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Who Am I Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.WhoAmIExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-group-implementations] -=== dsconfig list-group-implementations — Lists existing Group Implementations - -==== Synopsis -`dsconfig list-group-implementations` {options} - -[#dsconfig-list-group-implementations-description] -==== Description -Lists existing Group Implementations. - -[#dsconfig-list-group-implementations-options] -==== Options --- -The `dsconfig list-group-implementations` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {property}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {property}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {property}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {unit}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {unit}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {unit}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {unit}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {unit}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {unit}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-group-implementations-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - --- - -[#dsconfig-list-group-implementations-dynamic-group-implementation] -==== Dynamic Group Implementation -Group Implementations of type dynamic-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dynamic Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.DynamicGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-group-implementations-static-group-implementation] -==== Static Group Implementation -Group Implementations of type static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.StaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-group-implementations-virtual-static-group-implementation] -==== Virtual Static Group Implementation -Group Implementations of type virtual-static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Virtual Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.VirtualStaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-http-authorization-mechanisms] -=== dsconfig list-http-authorization-mechanisms — Lists existing HTTP Authorization Mechanisms - -==== Synopsis -`dsconfig list-http-authorization-mechanisms` {options} - -[#dsconfig-list-http-authorization-mechanisms-description] -==== Description -Lists existing HTTP Authorization Mechanisms. - -[#dsconfig-list-http-authorization-mechanisms-options] -==== Options --- -The `dsconfig list-http-authorization-mechanisms` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {property}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {property}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {property}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {property}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {property}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {property}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {unit}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {unit}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {unit}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {unit}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {unit}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {unit}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {unit}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-authorization-mechanisms-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - --- - -[#dsconfig-list-http-authorization-mechanisms-http-anonymous-authorization-mechanism] -==== HTTP Anonymous Authorization Mechanism -HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-dn:: -[open] -==== - -Description:: -The authorization DN which will be used for performing anonymous operations. - -Default Value:: -By default, operations will be performed using an anonymously bound connection. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-http-authorization-mechanisms-http-basic-authorization-mechanism] -==== HTTP Basic Authorization Mechanism -HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties: --- - -alt-authentication-enabled:: -[open] -==== - -Description:: -Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-password-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's password from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-username-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's name from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-http-authorization-mechanisms-http-oauth2-cts-authorization-mechanism] -==== HTTP Oauth2 Cts Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-http-authorization-mechanisms-http-oauth2-file-authorization-mechanism] -==== HTTP Oauth2 File Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-directory:: -[open] -==== - -Description:: -Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. - -Default Value:: -oauth2-demo/ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-http-authorization-mechanisms-http-oauth2-openam-authorization-mechanism] -==== HTTP Oauth2 Openam Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism . - -Default Value:: -By default the system key manager(s) will be used. - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-info-url:: -[open] -==== - -Description:: -Defines the OpenAM endpoint URL where the access-token resolution request should be sent. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-http-authorization-mechanisms-http-oauth2-token-introspection-authorization-mechanism] -==== HTTP Oauth2 Token Introspection Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-id:: -[open] -==== - -Description:: -Client's ID to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-secret:: -[open] -==== - -Description:: -Client's secret to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-introspection-url:: -[open] -==== - -Description:: -Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-http-endpoints] -=== dsconfig list-http-endpoints — Lists existing HTTP Endpoints - -==== Synopsis -`dsconfig list-http-endpoints` {options} - -[#dsconfig-list-http-endpoints-description] -==== Description -Lists existing HTTP Endpoints. - -[#dsconfig-list-http-endpoints-options] -==== Options --- -The `dsconfig list-http-endpoints` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {property}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-endpoints-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {property}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-endpoints-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {unit}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-endpoints-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {unit}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-endpoints-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {unit}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-endpoints-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {unit}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-http-endpoints-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - --- - -[#dsconfig-list-http-endpoints-admin-endpoint] -==== Admin Endpoint -HTTP Endpoints of type admin-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Admin Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.AdminEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-http-endpoints-rest2ldap-endpoint] -==== Rest2ldap Endpoint -HTTP Endpoints of type rest2ldap-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -config-directory:: -[open] -==== - -Description:: -The directory containing the Rest2Ldap configuration file(s) for this specific endpoint. The directory must be readable by the server and may contain multiple configuration files, one for each supported version of the REST endpoint. If a relative path is used then it will be resolved against the server's instance directory. - -Default Value:: -None - -Allowed Values:: -A directory that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Rest2ldap Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-identity-mappers] -=== dsconfig list-identity-mappers — Lists existing Identity Mappers - -==== Synopsis -`dsconfig list-identity-mappers` {options} - -[#dsconfig-list-identity-mappers-description] -==== Description -Lists existing Identity Mappers. - -[#dsconfig-list-identity-mappers-options] -==== Options --- -The `dsconfig list-identity-mappers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {property}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-identity-mappers-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {property}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-identity-mappers-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {unit}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-identity-mappers-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {unit}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-identity-mappers-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {unit}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-identity-mappers-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {unit}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-identity-mappers-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - --- - -[#dsconfig-list-identity-mappers-exact-match-identity-mapper] -==== Exact Match Identity Mapper -Identity Mappers of type exact-match-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.ExactMatchIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-identity-mappers-regular-expression-identity-mapper] -==== Regular Expression Identity Mapper -Identity Mappers of type regular-expression-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.RegularExpressionIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-pattern:: -[open] -==== - -Description:: -Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. - -Default Value:: -None - -Allowed Values:: -Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replace-pattern:: -[open] -==== - -Description:: -Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. - -Default Value:: -The replace pattern will be the empty string. - -Allowed Values:: -Any valid replacement string that is allowed by the javax.util.regex.Matcher class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-key-manager-providers] -=== dsconfig list-key-manager-providers — Lists existing Key Manager Providers - -==== Synopsis -`dsconfig list-key-manager-providers` {options} - -[#dsconfig-list-key-manager-providers-description] -==== Description -Lists existing Key Manager Providers. - -[#dsconfig-list-key-manager-providers-options] -==== Options --- -The `dsconfig list-key-manager-providers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {property}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-key-manager-providers-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {property}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-key-manager-providers-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {unit}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-key-manager-providers-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {unit}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-key-manager-providers-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {unit}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-key-manager-providers-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {unit}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-key-manager-providers-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - --- - -[#dsconfig-list-key-manager-providers-file-based-key-manager-provider] -==== File Based Key Manager Provider -Key Manager Providers of type file-based-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedKeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-key-manager-providers-pkcs11-key-manager-provider] -==== PKCS11 Key Manager Provider -Key Manager Providers of type pkcs11-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.PKCS11KeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-log-publishers] -=== dsconfig list-log-publishers — Lists existing Log Publishers - -==== Synopsis -`dsconfig list-log-publishers` {options} - -[#dsconfig-list-log-publishers-description] -==== Description -Lists existing Log Publishers. - -[#dsconfig-list-log-publishers-options] -==== Options --- -The `dsconfig list-log-publishers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {property}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {property}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {property}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {property}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {property}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {property}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {property}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {property}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {property}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {unit}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {unit}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {unit}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {unit}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {unit}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {unit}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {unit}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {unit}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {unit}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {unit}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {unit}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {unit}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {unit}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {unit}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {unit}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {unit}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {unit}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {unit}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-log-publishers-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - --- - -[#dsconfig-list-log-publishers-csv-file-access-log-publisher] -==== Csv File Access Log Publisher -Log Publishers of type csv-file-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writting in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CsvFileAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when the tamper-evident option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-csv-file-http-access-log-publisher] -==== Csv File HTTP Access Log Publisher -Log Publishers of type csv-file-http-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File HTTP Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File HTTP Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File HTTP Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when secure option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-external-access-log-publisher] -==== External Access Log Publisher -Log Publishers of type external-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.ExternalAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-external-http-access-log-publisher] -==== External HTTP Access Log Publisher -Log Publishers of type external-http-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External HTTP Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-file-based-access-log-publisher] -==== File Based Access Log Publisher -Log Publishers of type file-based-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the access log. - -Default Value:: -multi-line - -Allowed Values:: -[open] -====== - -combined:: -Combine log records for operation requests and responses into a single record. This format should be used when log records are to be filtered based on response criteria (e.g. result code). - -multi-line:: -Outputs separate log records for operation requests and responses. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-file-based-audit-log-publisher] -==== File Based Audit Log Publisher -Log Publishers of type file-based-audit-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Audit Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Audit Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAuditLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Audit Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-file-based-debug-log-publisher] -==== File Based Debug Log Publisher -Log Publishers of type file-based-debug-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Debug Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-include-throwable-cause:: -[open] -==== - -Description:: -Indicates whether to include the cause of exceptions in exception thrown and caught messages logged by default. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-entry-arguments:: -[open] -==== - -Description:: -Indicates whether to include method arguments in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-return-value:: -[open] -==== - -Description:: -Indicates whether to include the return value in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-throwable-stack-frames:: -[open] -==== - -Description:: -Indicates the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Debug Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextDebugLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Debug Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Debug Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Debug Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Debug Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-file-based-error-log-publisher] -==== File Based Error Log Publisher -Log Publishers of type file-based-error-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Error Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer will be flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-severity:: -[open] -==== - -Description:: -Specifies the default severity levels for the logger. - -Default Value:: -error - -+ -warning - -Allowed Values:: -[open] -====== - -all:: -Messages of all severity levels are logged. - -debug:: -The error log severity that is used for messages that provide debugging information triggered during processing. - -error:: -The error log severity that is used for messages that provide information about errors which may force the server to shut down or operate in a significantly degraded state. - -info:: -The error log severity that is used for messages that provide information about significant events within the server that are not warnings or errors. - -none:: -No messages of any severity are logged by default. This value is intended to be used in conjunction with the override-severity property to define an error logger that will publish no error message beside the errors of a given category. - -notice:: -The error log severity that is used for the most important informational messages (i.e., information that should almost always be logged but is not associated with a warning or error condition). - -warning:: -The error log severity that is used for messages that provide information about warnings triggered during processing. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Error Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextErrorLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Error Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Error Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -override-severity:: -[open] -==== - -Description:: -Specifies the override severity levels for the logger based on the category of the messages. Each override severity level should include the category and the severity levels to log for that category, for example, core=error,info,warning. Valid categories are: core, extensions, protocol, config, log, util, schema, plugin, jeb, backend, tools, task, access-control, admin, sync, version, quicksetup, admin-tool, dsconfig, user-defined. Valid severities are: all, error, info, warning, notice, debug. - -Default Value:: -All messages with the default severity levels are logged. - -Allowed Values:: -A string in the form category=severity1,severity2... - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Error Log Publisher . When multiple policies are used, log files will be cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files will never be cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Error Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-publishers-file-based-http-access-log-publisher] -==== File Based HTTP Access Log Publisher -Log Publishers of type file-based-http-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based HTTP Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based HTTP Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the HTTP access log. - -Default Value:: -cs-host c-ip cs-username x-datetime cs-method cs-uri-stem cs-uri-query cs-version sc-status cs(User-Agent) x-connection-id x-etime x-transaction-id - -Allowed Values:: -A space separated list of fields describing the extended log format to be used for logging HTTP accesses. Available values are listed on the W3C working draft http://www.w3.org/TR/WD-logfile.html and Microsoft website http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true OpenDJ supports the following standard fields: "c-ip", "c-port", "cs-host", "cs-method", "cs-uri", "cs-uri-stem", "cs-uri-query", "cs(User-Agent)", "cs-username", "cs-version", "s-computername", "s-ip", "s-port", "sc-status". OpenDJ supports the following application specific field extensions: "x-connection-id" displays the internal connection ID assigned to the HTTP client connection, "x-datetime" displays the completion date and time for the logged HTTP request and its ouput is controlled by the "ds-cfg-log-record-time-format" property, "x-etime" displays the total execution time for the logged HTTP request, "x-transaction-id" displays the transaction id associated to a request - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-log-retention-policies] -=== dsconfig list-log-retention-policies — Lists existing Log Retention Policies - -==== Synopsis -`dsconfig list-log-retention-policies` {options} - -[#dsconfig-list-log-retention-policies-description] -==== Description -Lists existing Log Retention Policies. - -[#dsconfig-list-log-retention-policies-options] -==== Options --- -The `dsconfig list-log-retention-policies` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {property}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {property}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {property}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {unit}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {unit}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {unit}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {unit}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {unit}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {unit}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-retention-policies-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - --- - -[#dsconfig-list-log-retention-policies-file-count-log-retention-policy] -==== File Count Log Retention Policy -Log Retention Policies of type file-count-log-retention-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the File Count Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FileNumberRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -number-of-files:: -[open] -==== - -Description:: -Specifies the number of archived log files to retain before the oldest ones are cleaned. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-retention-policies-free-disk-space-log-retention-policy] -==== Free Disk Space Log Retention Policy -Log Retention Policies of type free-disk-space-log-retention-policy have the following properties: --- - -free-disk-space:: -[open] -==== - -Description:: -Specifies the minimum amount of free disk space that should be available on the file system on which the archived log files are stored. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Free Disk Space Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FreeDiskSpaceRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-retention-policies-size-limit-log-retention-policy] -==== Size Limit Log Retention Policy -Log Retention Policies of type size-limit-log-retention-policy have the following properties: --- - -disk-space-used:: -[open] -==== - -Description:: -Specifies the maximum total disk space used by the log files. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-log-rotation-policies] -=== dsconfig list-log-rotation-policies — Lists existing Log Rotation Policies - -==== Synopsis -`dsconfig list-log-rotation-policies` {options} - -[#dsconfig-list-log-rotation-policies-description] -==== Description -Lists existing Log Rotation Policies. - -[#dsconfig-list-log-rotation-policies-options] -==== Options --- -The `dsconfig list-log-rotation-policies` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {property}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {property}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {property}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {unit}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {unit}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {unit}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {unit}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {unit}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {unit}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-log-rotation-policies-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - --- - -[#dsconfig-list-log-rotation-policies-fixed-time-log-rotation-policy] -==== Fixed Time Log Rotation Policy -Log Rotation Policies of type fixed-time-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fixed Time Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.FixedTimeRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-of-day:: -[open] -==== - -Description:: -Specifies the time of day at which log rotation should occur. - -Default Value:: -None - -Allowed Values:: -24 hour time of day in HHmm format. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-rotation-policies-size-limit-log-rotation-policy] -==== Size Limit Log Rotation Policy -Log Rotation Policies of type size-limit-log-rotation-policy have the following properties: --- - -file-size-limit:: -[open] -==== - -Description:: -Specifies the maximum size that a log file can reach before it is rotated. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-log-rotation-policies-time-limit-log-rotation-policy] -==== Time Limit Log Rotation Policy -Log Rotation Policies of type time-limit-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Time Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.TimeLimitRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -rotation-interval:: -[open] -==== - -Description:: -Specifies the time interval between rotations. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-matching-rules] -=== dsconfig list-matching-rules — Lists existing Matching Rules - -==== Synopsis -`dsconfig list-matching-rules` {options} - -[#dsconfig-list-matching-rules-description] -==== Description -Lists existing Matching Rules. - -[#dsconfig-list-matching-rules-options] -==== Options --- -The `dsconfig list-matching-rules` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {property}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-matching-rules-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {unit}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-matching-rules-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {unit}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-matching-rules-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - --- - -[#dsconfig-list-matching-rules-collation-matching-rule] -==== Collation Matching Rule -Matching Rules of type collation-matching-rule have the following properties: --- - -collation:: -[open] -==== - -Description:: -the set of supported locales Collation must be specified using the syntax: LOCALE:OID - -Default Value:: -None - -Allowed Values:: -A Locale followed by a ":" and an OID. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Matching Rule is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Collation Matching Rule implementation. - -Default Value:: -org.opends.server.schema.CollationMatchingRuleFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MatchingRuleFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -matching-rule-type:: -[open] -==== - -Description:: -the types of matching rules that should be supported for each locale - -Default Value:: -None - -Allowed Values:: -[open] -====== - -equality:: -Specifies if equality type collation matching rule needs to be created for each locale. - -greater-than:: -Specifies if greater-than type collation matching rule needs to be created for each locale. - -greater-than-or-equal-to:: -Specifies if greater-than-or-equal-to type collation matching rule needs to be created for each locale. - -less-than:: -Specifies if less-than type collation matching rule needs to be created for each locale. - -less-than-or-equal-to:: -Specifies if less-than-or-equal-to type collation matching rule needs to be created for each locale. - -substring:: -Specifies if substring type collation matching rule needs to be created for each locale. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-monitor-providers] -=== dsconfig list-monitor-providers — Lists existing Monitor Providers - -==== Synopsis -`dsconfig list-monitor-providers` {options} - -[#dsconfig-list-monitor-providers-description] -==== Description -Lists existing Monitor Providers. - -[#dsconfig-list-monitor-providers-options] -==== Options --- -The `dsconfig list-monitor-providers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {property}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {property}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {property}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {property}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {property}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {property}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {unit}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {unit}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {unit}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {unit}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {unit}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {unit}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {unit}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {unit}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {unit}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {unit}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {unit}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {unit}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-monitor-providers-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - --- - -[#dsconfig-list-monitor-providers-client-connection-monitor-provider] -==== Client Connection Monitor Provider -Monitor Providers of type client-connection-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Client Connection Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.ClientConnectionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-monitor-providers-entry-cache-monitor-provider] -==== Entry Cache Monitor Provider -Monitor Providers of type entry-cache-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Entry Cache Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.EntryCacheMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-monitor-providers-memory-usage-monitor-provider] -==== Memory Usage Monitor Provider -Monitor Providers of type memory-usage-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Memory Usage Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.MemoryUsageMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-monitor-providers-stack-trace-monitor-provider] -==== Stack Trace Monitor Provider -Monitor Providers of type stack-trace-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Stack Trace Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.StackTraceMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-monitor-providers-system-info-monitor-provider] -==== System Info Monitor Provider -Monitor Providers of type system-info-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the System Info Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.SystemInfoMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-monitor-providers-version-monitor-provider] -==== Version Monitor Provider -Monitor Providers of type version-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Version Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.VersionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-password-generators] -=== dsconfig list-password-generators — Lists existing Password Generators - -==== Synopsis -`dsconfig list-password-generators` {options} - -[#dsconfig-list-password-generators-description] -==== Description -Lists existing Password Generators. - -[#dsconfig-list-password-generators-options] -==== Options --- -The `dsconfig list-password-generators` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {property}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-generators-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {unit}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-generators-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {unit}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-generators-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - --- - -[#dsconfig-list-password-generators-random-password-generator] -==== Random Password Generator -Password Generators of type random-password-generator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Generator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Random Password Generator implementation. - -Default Value:: -org.opends.server.extensions.RandomPasswordGenerator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordGenerator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -password-character-set:: -[open] -==== - -Description:: -Specifies one or more named character sets. This is a multi-valued property, with each value defining a different character set. The format of the character set is the name of the set followed by a colon and the characters that are in that set. For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a character set named "alpha" containing all of the lower-case ASCII alphabetic characters. - -Default Value:: -None - -Allowed Values:: -A character set name (consisting of ASCII letters) followed by a colon and the set of characters that are included in that character set. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-format:: -[open] -==== - -Description:: -Specifies the format to use for the generated password. The value is a comma-delimited list of elements in which each of those elements is comprised of the name of a character set defined in the password-character-set property, a colon, and the number of characters to include from that set. For example, a value of "alpha:3,numeric:2,alpha:3" generates an 8-character password in which the first three characters are from the "alpha" set, the next two are from the "numeric" set, and the final three are from the "alpha" set. - -Default Value:: -None - -Allowed Values:: -A comma-delimited list whose elements comprise a valid character set name, a colon, and a positive integer indicating the number of characters from that set to be included. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-password-policies] -=== dsconfig list-password-policies — Lists existing Password Policies - -==== Synopsis -`dsconfig list-password-policies` {options} - -[#dsconfig-list-password-policies-description] -==== Description -Lists existing Password Policies. - -[#dsconfig-list-password-policies-options] -==== Options --- -The `dsconfig list-password-policies` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {property}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-password-policies-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {property}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-password-policies-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {unit}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-password-policies-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {unit}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-password-policies-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {unit}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-password-policies-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {unit}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-password-policies-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - --- - -[#dsconfig-list-password-policies-ldap-pass-through-authentication-policy] -==== LDAP Pass Through Authentication Policy -Authentication Policies of type ldap-pass-through-authentication-policy have the following properties: --- - -cached-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the name of a password storage scheme which should be used for encoding cached passwords. Changing the password storage scheme will cause all existing cached passwords to be discarded. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cached-password-ttl:: -[open] -==== - -Description:: -Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service. This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service. - -Default Value:: -8 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests. If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. - -Default Value:: -3 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation. - -Default Value:: -org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mapped-attribute:: -[open] -==== - -Description:: -Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-dn:: -[open] -==== - -Description:: -Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -Searches will be performed anonymously. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password:: -[open] -==== - -Description:: -Specifies the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-environment-variable:: -[open] -==== - -Description:: -Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-file:: -[open] -==== - -Description:: -Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-property:: -[open] -==== - -Description:: -Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-filter-template:: -[open] -==== - -Description:: -If defined, overrides the filter used when searching for the user, substituting %s with the value of the local entry's "mapped-attribute". The filter-template may include ZERO or ONE %s substitutions. If multiple mapped-attributes are configured, multiple renditions of this template will be aggregated into one larger filter using an OR (|) operator. An example use-case for this property would be to use a different attribute type on the mapped search. For example, mapped-attribute could be set to "uid" and filter-template to "(samAccountName=%s)". - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapping-policy:: -[open] -==== - -Description:: -Specifies the mapping algorithm for obtaining the bind DN from the user's entry. - -Default Value:: -unmapped - -Allowed Values:: -[open] -====== - -mapped-bind:: -Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used. - -mapped-search:: -Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). - -unmapped:: -Bind to the remote LDAP directory service using the DN of the user's entry in this directory server. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -primary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -secondary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. - -Default Value:: -No secondary LDAP servers. - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-password-caching:: -[open] -==== - -Description:: -Indicates whether passwords should be cached locally within the user's entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Pass Through Authentication Policy should use SSL. If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-policies-password-policy] -==== Password Policy -Authentication Policies of type password-policy have the following properties: --- - -account-status-notification-handler:: -[open] -==== - -Description:: -Specifies the names of the account status notification handlers that are used with the associated password storage scheme. - -Default Value:: -None - -Allowed Values:: -The DN of any Account Status Notification Handler. The referenced account status notification handlers must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-expired-password-changes:: -[open] -==== - -Description:: -Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-multiple-password-values:: -[open] -==== - -Description:: -Indicates whether user entries can have multiple distinct values for the password attribute. This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-pre-encoded-passwords:: -[open] -==== - -Description:: -Indicates whether users can change their passwords by providing a pre-encoded value. This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-user-password-changes:: -[open] -==== - -Description:: -Indicates whether users can change their own passwords. This check is made in addition to access control evaluation. Both must allow the password change for it to occur. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -deprecated-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s). - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -expire-passwords-without-warning:: -[open] -==== - -Description:: -Indicates whether the directory server allows a user's password to expire even if that user has never seen an expiration warning notification. If this property is true, accounts always expire when the expiration time arrives. If this property is false or disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-add:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords upon first authenticating to the directory server after their account has been created. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-reset:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords if they are reset by an administrator. For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -grace-login-count:: -[open] -==== - -Description:: -Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. A value of 0 indicates that no grace logins are allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-lockout-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the Password Policy implementation. - -Default Value:: -org.opends.server.core.PasswordPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -last-login-time-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. This attribute type must be defined in the directory server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate the last login time value for users with the associated password policy. This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-duration:: -[open] -==== - -Description:: -Specifies the length of time that an account is locked after too many authentication failures. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-count:: -[open] -==== - -Description:: -Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. A value of 0 indicates that accounts are never locked out due to failed attempts. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-expiration-interval:: -[open] -==== - -Description:: -Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-reset-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-age:: -[open] -==== - -Description:: -Specifies the minimum length of time after a password change before the user is allowed to change the password again. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-attribute:: -[open] -==== - -Description:: -Specifies the attribute type used to hold user passwords. This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-change-requires-current-password:: -[open] -==== - -Description:: -Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-expiration-warning-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval. - -Default Value:: -5 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-generator:: -[open] -==== - -Description:: -Specifies the name of the password generator that is used with the associated password policy. This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Generator. The referenced password generator must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-count:: -[open] -==== - -Description:: -Specifies the maximum number of former passwords to maintain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds). - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-duration:: -[open] -==== - -Description:: -Specifies the maximum length of time that passwords remain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero). - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-validator:: -[open] -==== - -Description:: -Specifies the names of the password validators that are used with the associated password storage scheme. The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Validator. The referenced password validators must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -previous-last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-change-by-time:: -[open] -==== - -Description:: -Specifies the time by which all users with the associated password policy must change their passwords. The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset. - -Default Value:: -None - -Allowed Values:: -A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-authentication:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to authenticate in a secure manner. This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-password-changes:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -skip-validation-for-administrators:: -[open] -==== - -Description:: -Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -state-update-failure-policy:: -[open] -==== - -Description:: -Specifies how the server deals with the inability to update password policy state information during an authentication attempt. In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled). - -Default Value:: -reactive - -Allowed Values:: -[open] -====== - -ignore:: -If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user. - -proactive:: -Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user's password policy state information. - -reactive:: -Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-password-storage-schemes] -=== dsconfig list-password-storage-schemes — Lists existing Password Storage Schemes - -==== Synopsis -`dsconfig list-password-storage-schemes` {options} - -[#dsconfig-list-password-storage-schemes-description] -==== Description -Lists existing Password Storage Schemes. - -[#dsconfig-list-password-storage-schemes-options] -==== Options --- -The `dsconfig list-password-storage-schemes` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {property}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {property}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {property}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {property}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {property}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {property}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {property}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {property}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {property}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {property}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {property}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {property}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {property}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {property}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {property}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {property}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {property}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {unit}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {unit}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {unit}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {unit}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {unit}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {unit}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {unit}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {unit}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {unit}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {unit}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {unit}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {unit}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {unit}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {unit}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {unit}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {unit}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {unit}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {unit}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {unit}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {unit}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {unit}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {unit}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {unit}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {unit}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {unit}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {unit}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {unit}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {unit}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {unit}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {unit}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {unit}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {unit}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {unit}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {unit}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-storage-schemes-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - --- - -[#dsconfig-list-password-storage-schemes-aes-password-storage-scheme] -==== AES Password Storage Scheme -Password Storage Schemes of type aes-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the AES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.AESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-base64-password-storage-scheme] -==== Base64 Password Storage Scheme -Password Storage Schemes of type base64-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Base64 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.Base64PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-bcrypt-password-storage-scheme] -==== Bcrypt Password Storage Scheme -Password Storage Schemes of type bcrypt-password-storage-scheme have the following properties: --- - -bcrypt-cost:: -[open] -==== - -Description:: -The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users. - -Default Value:: -12 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 30. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BCryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-blowfish-password-storage-scheme] -==== Blowfish Password Storage Scheme -Password Storage Schemes of type blowfish-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Blowfish Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BlowfishPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-clear-password-storage-scheme] -==== Clear Password Storage Scheme -Password Storage Schemes of type clear-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Clear Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.ClearPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-crypt-password-storage-scheme] -==== Crypt Password Storage Scheme -Password Storage Schemes of type crypt-password-storage-scheme have the following properties: --- - -crypt-password-storage-encryption-algorithm:: -[open] -==== - -Description:: -Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix. - -Default Value:: -unix - -Allowed Values:: -[open] -====== - -md5:: -New passwords are encrypted with the BSD MD5 algorithm. - -sha256:: -New passwords are encrypted with the Unix crypt SHA256 algorithm. - -sha512:: -New passwords are encrypted with the Unix crypt SHA512 algorithm. - -unix:: -New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.CryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-md5-password-storage-scheme] -==== MD5 Password Storage Scheme -Password Storage Schemes of type md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.MD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-pbkdf2-password-storage-scheme] -==== PBKDF2 Password Storage Scheme -Password Storage Schemes of type pbkdf2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PBKDF2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pbkdf2-iterations:: -[open] -==== - -Description:: -The number of algorithm iterations to make. NIST recommends at least 1000. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-pkcs5s2-password-storage-scheme] -==== PKCS5S2 Password Storage Scheme -Password Storage Schemes of type pkcs5s2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PKCS5S2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PKCS5S2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-rc4-password-storage-scheme] -==== RC4 Password Storage Scheme -Password Storage Schemes of type rc4-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the RC4 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.RC4PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-salted-md5-password-storage-scheme] -==== Salted MD5 Password Storage Scheme -Password Storage Schemes of type salted-md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedMD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-salted-sha1-password-storage-scheme] -==== Salted SHA1 Password Storage Scheme -Password Storage Schemes of type salted-sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-salted-sha256-password-storage-scheme] -==== Salted SHA256 Password Storage Scheme -Password Storage Schemes of type salted-sha256-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA256 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA256PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-salted-sha384-password-storage-scheme] -==== Salted SHA384 Password Storage Scheme -Password Storage Schemes of type salted-sha384-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA384 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA384PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-salted-sha512-password-storage-scheme] -==== Salted SHA512 Password Storage Scheme -Password Storage Schemes of type salted-sha512-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA512 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA512PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-sha1-password-storage-scheme] -==== SHA1 Password Storage Scheme -Password Storage Schemes of type sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-storage-schemes-triple-des-password-storage-scheme] -==== Triple DES Password Storage Scheme -Password Storage Schemes of type triple-des-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Triple DES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.TripleDESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-password-validators] -=== dsconfig list-password-validators — Lists existing Password Validators - -==== Synopsis -`dsconfig list-password-validators` {options} - -[#dsconfig-list-password-validators-description] -==== Description -Lists existing Password Validators. - -[#dsconfig-list-password-validators-options] -==== Options --- -The `dsconfig list-password-validators` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {property}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {property}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {property}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {property}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {property}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {property}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {property}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {unit}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {unit}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {unit}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {unit}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {unit}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {unit}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {unit}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {unit}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {unit}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {unit}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {unit}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {unit}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {unit}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {unit}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-password-validators-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - --- - -[#dsconfig-list-password-validators-attribute-value-password-validator] -==== Attribute Value Password Validator -Password Validators of type attribute-value-password-validator have the following properties: --- - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.AttributeValuePasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry. - -Default Value:: -All attributes in the user entry will be checked. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-validators-character-set-password-validator] -==== Character Set Password Validator -Password Validators of type character-set-password-validator have the following properties: --- - -allow-unclassified-characters:: -[open] -==== - -Description:: -Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set:: -[open] -==== - -Description:: -Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. - -Default Value:: -If no sets are specified, the validator only uses the defined character ranges. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set-ranges:: -[open] -==== - -Description:: -Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered. - -Default Value:: -If no ranges are specified, the validator only uses the defined character sets. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.CharacterSetPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-character-sets:: -[open] -==== - -Description:: -Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3. - -Default Value:: -The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-validators-dictionary-password-validator] -==== Dictionary Password Validator -Password Validators of type dictionary-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -dictionary-file:: -[open] -==== - -Description:: -Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. - -Default Value:: -For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt - -Allowed Values:: -The path to any text file contained on the system that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.DictionaryPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-validators-length-based-password-validator] -==== Length Based Password Validator -Password Validators of type length-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.LengthBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-password-length:: -[open] -==== - -Description:: -Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-length:: -[open] -==== - -Description:: -Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-validators-repeated-characters-password-validator] -==== Repeated Characters Password Validator -Password Validators of type repeated-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.RepeatedCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-consecutive-length:: -[open] -==== - -Description:: -Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-validators-similarity-based-password-validator] -==== Similarity Based Password Validator -Password Validators of type similarity-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.SimilarityBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-password-difference:: -[open] -==== - -Description:: -Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-password-validators-unique-characters-password-validator] -==== Unique Characters Password Validator -Password Validators of type unique-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.UniqueCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-unique-characters:: -[open] -==== - -Description:: -Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-plugins] -=== dsconfig list-plugins — Lists existing Plugins - -==== Synopsis -`dsconfig list-plugins` {options} - -[#dsconfig-list-plugins-description] -==== Description -Lists existing Plugins. - -[#dsconfig-list-plugins-options] -==== Options --- -The `dsconfig list-plugins` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {property}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {property}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {property}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {property}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {property}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {property}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {property}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {property}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {property}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {property}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {property}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {property}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {unit}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {unit}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {unit}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {unit}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {unit}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {unit}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {unit}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {unit}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {unit}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {unit}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {unit}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {unit}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {unit}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {unit}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {unit}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {unit}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {unit}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {unit}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {unit}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {unit}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {unit}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {unit}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {unit}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {unit}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-plugins-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - --- - -[#dsconfig-list-plugins-attribute-cleanup-plugin] -==== Attribute Cleanup Plugin -Plugins of type attribute-cleanup-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.AttributeCleanupPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparseadd - -+ -preparsemodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -remove-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be removed from incoming add or modify requests. - -Default Value:: -No attributes will be removed - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rename-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be renamed in incoming add or modify requests. - -Default Value:: -No attributes will be renamed - -Allowed Values:: -An attribute name mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-change-number-control-plugin] -==== Change Number Control Plugin -Plugins of type change-number-control-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ChangeNumberControlPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postOperationAdd - -+ -postOperationDelete - -+ -postOperationModify - -+ -postOperationModifyDN - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-entry-uuid-plugin] -==== Entry UUID Plugin -Plugins of type entry-uuid-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.EntryUUIDPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preoperationadd - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-fractional-ldif-import-plugin] -==== Fractional LDIF Import Plugin -Plugins of type fractional-ldif-import-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -None - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-last-mod-plugin] -==== Last Mod Plugin -Plugins of type last-mod-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LastModPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-ldap-attribute-description-list-plugin] -==== LDAP Attribute Description List Plugin -Plugins of type ldap-attribute-description-list-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LDAPADListPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparsesearch - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-password-policy-import-plugin] -==== Password Policy Import Plugin -Plugins of type password-policy-import-plugin have the following properties: --- - -default-auth-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. - -Default Value:: -If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-user-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. - -Default Value:: -If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.PasswordPolicyImportPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-profiler-plugin] -==== Profiler Plugin -Plugins of type profiler-plugin have the following properties: --- - -enable-profiling-on-startup:: -[open] -==== - -Description:: -Indicates whether the profiler plug-in is to start collecting data automatically when the directory server is started. This property is read only when the server is started, and any changes take effect on the next restart. This property is typically set to "false" unless startup profiling is required, because otherwise the volume of data that can be collected can cause the server to run out of memory if it is not turned off in a timely manner. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.profiler.ProfilerPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -startup - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -profile-action:: -[open] -==== - -Description:: -Specifies the action that should be taken by the profiler. A value of "start" causes the profiler thread to start collecting data if it is not already active. A value of "stop" causes the profiler thread to stop collecting data and write it to disk, and a value of "cancel" causes the profiler thread to stop collecting data and discard anything that has been captured. These operations occur immediately. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -cancel:: -Stop collecting profile data and discard what has been captured. - -none:: -Do not take any action. - -start:: -Start collecting profile data. - -stop:: -Stop collecting profile data and write what has been captured to a file in the profile directory. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-directory:: -[open] -==== - -Description:: -Specifies the path to the directory where profile information is to be written. This path may be either an absolute path or a path that is relative to the root of the OpenDJ directory server instance. The directory must exist and the directory server must have permission to create new files in it. - -Default Value:: -None - -Allowed Values:: -The path to any directory that exists on the filesystem and that can be read and written by the server user. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-sample-interval:: -[open] -==== - -Description:: -Specifies the sample interval in milliseconds to be used when capturing profiling information in the server. When capturing data, the profiler thread sleeps for this length of time between calls to obtain traces for all threads running in the JVM. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -Changes to this configuration attribute take effect the next time the profiler is started. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-referential-integrity-plugin] -==== Referential Integrity Plugin -Plugins of type referential-integrity-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute types for which referential integrity is to be maintained. At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34). - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN that limits the scope within which referential integrity is maintained. - -Default Value:: -Referential integrity is maintained in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references:: -[open] -==== - -Description:: -Specifies whether reference attributes must refer to existing entries. When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-filter-criteria:: -[open] -==== - -Description:: -Specifies additional filter criteria which will be enforced when checking references. If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter. - -Default Value:: -None - -Allowed Values:: -An attribute-filter mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-scope-criteria:: -[open] -==== - -Description:: -Specifies whether referenced entries must reside within the same naming context as the entry containing the reference. The reference scope will only be enforced when reference checking is enabled. - -Default Value:: -global - -Allowed Values:: -[open] -====== - -global:: -References may refer to existing entries located anywhere in the Directory. - -naming-context:: -References must refer to existing entries located within the same naming context. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ReferentialIntegrityPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -Specifies the log file location where the update records are written when the plug-in is in background-mode processing. The default location is the logs directory of the server instance, using the file name "referint". - -Default Value:: -logs/referint - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postoperationdelete - -+ -postoperationmodifydn - -+ -subordinatemodifydn - -+ -subordinatedelete - -+ -preoperationadd - -+ -preoperationmodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -update-interval:: -[open] -==== - -Description:: -Specifies the interval in seconds when referential integrity updates are made. If this value is 0, then the updates are made synchronously in the foreground. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-samba-password-plugin] -==== Samba Password Plugin -Plugins of type samba-password-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SambaPasswordPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationmodify - -+ -postoperationextended - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pwd-sync-policy:: -[open] -==== - -Description:: -Specifies which Samba passwords should be kept synchronized. - -Default Value:: -sync-nt-password - -Allowed Values:: -[open] -====== - -sync-lm-password:: -Synchronize the LanMan password attribute "sambaLMPassword" - -sync-nt-password:: -Synchronize the NT password attribute "sambaNTPassword" - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -samba-administrator-dn:: -[open] -==== - -Description:: -Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped. - -Default Value:: -Synchronize all updates to user passwords - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-seven-bit-clean-plugin] -==== Seven Bit Clean Plugin -Plugins of type seven-bit-clean-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the name or OID of an attribute type for which values should be checked to ensure that they are 7-bit clean. - -Default Value:: -uid - -+ -mail - -+ -userPassword - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN below which the checking is performed. Any attempt to update a value for one of the configured attributes below this base DN must be 7-bit clean for the operation to be allowed. - -Default Value:: -All entries below all public naming contexts will be checked. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SevenBitCleanPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preparseadd - -+ -preparsemodify - -+ -preparsemodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-plugins-unique-attribute-plugin] -==== Unique Attribute Plugin -Plugins of type unique-attribute-plugin have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies a base DN within which the attribute must be unique. - -Default Value:: -The plug-in uses the server's public naming contexts in the searches. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.UniqueAttributePlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -+ -postoperationadd - -+ -postoperationmodify - -+ -postoperationmodifydn - -+ -postsynchronizationadd - -+ -postsynchronizationmodify - -+ -postsynchronizationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -type:: -[open] -==== - -Description:: -Specifies the type of attributes to check for value uniqueness. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-properties] -=== dsconfig list-properties — Describes managed objects and their properties - -==== Synopsis -`dsconfig list-properties` {options} - -[#dsconfig-list-properties-description] -==== Description -Describes managed objects and their properties. - -[#dsconfig-list-properties-options] -==== Options --- -The `dsconfig list-properties` command takes the following options: - -`-c | --category {category}`:: -The category of components whose properties should be described. - -`-t | --type {type}`:: -The type of components whose properties should be described. The value for TYPE must be one of the component types associated with the CATEGORY specified using the "--category" option. - -`--inherited`:: -Modifies the display output to show the inherited properties of components. - -`--property {property}`:: -The name of a property to be displayed. - --- - -''' -[#dsconfig-list-replication-domains] -=== dsconfig list-replication-domains — Lists existing Replication Domains - -==== Synopsis -`dsconfig list-replication-domains` {options} - -[#dsconfig-list-replication-domains-description] -==== Description -Lists existing Replication Domains. - -[#dsconfig-list-replication-domains-options] -==== Options --- -The `dsconfig list-replication-domains` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-domains-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {property}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-domains-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {unit}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-domains-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {unit}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-domains-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - --- - -[#dsconfig-list-replication-domains-replication-domain] -==== Replication Domain -Replication Domains of type replication-domain have the following properties: --- - -assured-sd-level:: -[open] -==== - -Description:: -The level of acknowledgment for Safe Data assured sub mode. When assured replication is configured in Safe Data mode, this value defines the number of replication servers (with the same group ID of the local server) that should acknowledge the sent update before the LDAP client call can return. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured replication acknowledgments. Defines the amount of milliseconds the server will wait for assured acknowledgments (in either Safe Data or Safe Read assured replication modes) before returning anyway the LDAP client call. - -Default Value:: -2000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-type:: -[open] -==== - -Description:: -Defines the assured replication mode of the replicated domain. The assured replication can be disabled or enabled. When enabled, two modes are available: Safe Data or Safe Read modes. - -Default Value:: -not-assured - -Allowed Values:: -[open] -====== - -not-assured:: -Assured replication is not enabled. Updates sent for replication (for being replayed on other LDAP servers in the topology) are sent without waiting for any acknowledgment and the LDAP client call returns immediately. - -safe-data:: -Assured replication is enabled in Safe Data mode: updates sent for replication are subject to acknowledgment from the replication servers that have the same group ID as the local server (defined with the group-id property). The number of acknowledgments to expect is defined by the assured-sd-level property. After acknowledgments are received, LDAP client call returns. - -safe-read:: -Assured replication is enabled in Safe Read mode: updates sent for replication are subject to acknowledgments from the LDAP servers in the topology that have the same group ID as the local server (defined with the group-id property). After acknowledgments are received, LDAP client call returns. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN of the replicated data. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -changetime-heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when sending its local change time to the Replication Server. The directory server sends a regular heart-beat to the Replication within the specified interval. The heart-beat indicates the change time of the directory server to the Replication Server. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -conflicts-historical-purge-delay:: -[open] -==== - -Description:: -This delay indicates the time (in minutes) the domain keeps the historical information necessary to solve conflicts.When a change stored in the historical part of the user entry has a date (from its replication ChangeNumber) older than this delay, it is candidate to be purged. The purge is applied on 2 events: modify of the entry, dedicated purge task. - -Default Value:: -1440m - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 minutes. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-exclude:: -[open] -==== - -Description:: -Allows to exclude some attributes to replicate to this server. If fractional-exclude configuration attribute is used, attributes specified in this attribute will be ignored (not added/modified/deleted) when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-include attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be excluded. The object class may be "*" indicating that the attribute type(s) should be excluded regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-include:: -[open] -==== - -Description:: -Allows to include some attributes to replicate to this server. If fractional-include configuration attribute is used, only attributes specified in this attribute will be added/modified/deleted when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-exclude attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be included. The object class may be "*" indicating that the attribute type(s) should be included regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group ID associated with this replicated domain. This value defines the group ID of the replicated domain. The replication system will preferably connect and send updates to replicate to a replication server with the same group ID as its own one (the local server group ID). - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when communicating with Replication Servers. The directory server expects a regular heart-beat coming from the Replication Server within the specified interval. If a heartbeat is not received within the interval, the Directory Server closes its connection and connects to another Replication Server. - -Default Value:: -10000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 100 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -initialization-window-size:: -[open] -==== - -Description:: -Specifies the window size that this directory server may use when communicating with remote Directory Servers for initialization. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -isolation-policy:: -[open] -==== - -Description:: -Specifies the behavior of the directory server if a write operation is attempted on the data within the Replication Domain when none of the configured Replication Servers are available. - -Default Value:: -reject-all-updates - -Allowed Values:: -[open] -====== - -accept-all-updates:: -Indicates that updates should be accepted even though it is not possible to send them to any Replication Server. Best effort is made to re-send those updates to a Replication Servers when one of them is available, however those changes are at risk because they are only available from the historical information. This mode can also introduce high replication latency. - -reject-all-updates:: -Indicates that all updates attempted on this Replication Domain are rejected when no Replication Server is available. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-changenumber:: -[open] -==== - -Description:: -Indicates if this server logs the ChangeNumber in access log. This boolean indicates if the domain should log the ChangeNumber of replicated operations in the access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -referrals-url:: -[open] -==== - -Description:: -The URLs other LDAP servers should use to refer to the local server. URLs used by peer servers in the topology to refer to the local server through LDAP referrals. If this attribute is not defined, every URLs available to access this server will be used. If defined, only URLs specified here will be used. - -Default Value:: -None - -Allowed Values:: -A LDAP URL compliant with RFC 2255. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of the Replication Servers within the Replication Domain to which the directory server should try to connect at startup time. Addresses must be specified using the syntax: hostname:port - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the directory server within the Replication Domain. Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -solve-conflicts:: -[open] -==== - -Description:: -Indicates if this server solves conflict. This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the directory server will use when communicating with Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-replication-server] -=== dsconfig list-replication-server — Lists existing Replication Server - -==== Synopsis -`dsconfig list-replication-server` {options} - -[#dsconfig-list-replication-server-description] -==== Description -Lists existing Replication Server. - -[#dsconfig-list-replication-server-options] -==== Options --- -The `dsconfig list-replication-server` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {name}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {property}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {unit}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {unit}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-list-replication-server-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - --- - -[#dsconfig-list-replication-server-replication-server] -==== Replication Server -Replication Servers of type replication-server have the following properties: --- - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured mode acknowledgments. Defines the number of milliseconds that the replication server will wait for assured acknowledgments (in either Safe Data or Safe Read assured sub modes) before forgetting them and answer to the entity that sent an update and is waiting for acknowledgment. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compute-change-number:: -[open] -==== - -Description:: -Whether the replication server will compute change numbers. This boolean tells the replication server to compute change numbers for each replicated change by maintaining a change number index database. Changenumbers are computed according to http://tools.ietf.org/html/draft-good-ldap-changelog-04. Note this functionality has an impact on CPU, disk accesses and storage. If changenumbers are not required, it is advisable to set this value to false. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the replication change-log should make records readable only by Directory Server. Throughput and disk space are affected by the more expensive operations taking place. Confidentiality is achieved by encrypting records on all domains managed by this replication server. Encrypting the records prevents unauthorized parties from accessing contents of LDAP operations. For complete protection, consider enabling secure communications between servers. Change number indexing is not affected by the setting. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -degraded-status-threshold:: -[open] -==== - -Description:: -The number of pending changes as threshold value for putting a directory server in degraded status. This value represents a number of pending changes a replication server has in queue for sending to a directory server. Once this value is crossed, the matching directory server goes in degraded status. When number of pending changes goes back under this value, the directory server is put back in normal status. 0 means status analyzer is disabled and directory servers are never put in degraded status. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered and the replication server will disconnect from the rest of the replication topology. When the available free space on the disk used by the replication changelog falls below the value specified, this replication server will stop. Connected Directory Servers will fail over to another RS. The replication server will restart again as soon as free space rises above the low threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered. When the available free space on the disk used by the replication changelog falls below the value specified, a warning is sent and logged. Normal operation will continue but administrators are advised to take action to free some disk space. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group id for the replication server. This value defines the group id of the replication server. The replication system of a LDAP server uses the group id of the replicated domain and tries to connect, if possible, to a replication with the same group id. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -monitoring-period:: -[open] -==== - -Description:: -The period between sending of monitoring messages. Defines the duration that the replication server will wait before sending new monitoring messages to its peers (replication servers and directory servers). Larger values increase the length of time it takes for a directory server to detect and switch to a more suitable replication server, whereas smaller values increase the amount of background network traffic. - -Default Value:: -60s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -Specifies the number of changes that are kept in memory for each directory server in the Replication Domain. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -replication-db-directory:: -[open] -==== - -Description:: -The path where the Replication Server stores all persistent information. - -Default Value:: -changelogDb - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -replication-port:: -[open] -==== - -Description:: -The port on which this Replication Server waits for connections from other Replication Servers or Directory Servers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-purge-delay:: -[open] -==== - -Description:: -The time (in seconds) after which the Replication Server erases all persistent information. - -Default Value:: -3 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of other Replication Servers to which this Replication Server tries to connect at startup time. Addresses must be specified using the syntax: "hostname:port". If IPv6 addresses are used as the hostname, they must be specified using the syntax "[IPv6Address]:port". - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the Replication Server. Each Replication Server must have a different server ID. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -weight:: -[open] -==== - -Description:: -The weight of the replication server. The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the Replication Server uses when communicating with other Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-sasl-mechanism-handlers] -=== dsconfig list-sasl-mechanism-handlers — Lists existing SASL Mechanism Handlers - -==== Synopsis -`dsconfig list-sasl-mechanism-handlers` {options} - -[#dsconfig-list-sasl-mechanism-handlers-description] -==== Description -Lists existing SASL Mechanism Handlers. - -[#dsconfig-list-sasl-mechanism-handlers-options] -==== Options --- -The `dsconfig list-sasl-mechanism-handlers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {property}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {property}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {property}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {property}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {property}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {property}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {unit}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {unit}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {unit}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {unit}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {unit}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {unit}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {unit}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {unit}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {unit}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {unit}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {unit}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {unit}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-sasl-mechanism-handlers-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - --- - -[#dsconfig-list-sasl-mechanism-handlers-anonymous-sasl-mechanism-handler] -==== Anonymous SASL Mechanism Handler -SASL Mechanism Handlers of type anonymous-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.AnonymousSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-sasl-mechanism-handlers-cram-md5-sasl-mechanism-handler] -==== Cram MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type cram-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper used with this SASL mechanism handler to match the authentication ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Cram MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.CRAMMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-sasl-mechanism-handlers-digest-md5-sasl-mechanism-handler] -==== Digest MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.DigestMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Default Value:: -If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Allowed Values:: -Any realm string that does not contain a comma. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically. - -Allowed Values:: -The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-sasl-mechanism-handlers-external-sasl-mechanism-handler] -==== External SASL Mechanism Handler -SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties: --- - -certificate-attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. - -Default Value:: -userCertificate - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-mapper:: -[open] -==== - -Description:: -Specifies the name of the certificate mapper that should be used to match client certificates to user entries. - -Default Value:: -None - -Allowed Values:: -The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-validation-policy:: -[open] -==== - -Description:: -Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -always:: -Always require the peer certificate to be present in the user's entry. - -ifpresent:: -If the user's entry contains one or more certificates, require that one of them match the peer certificate. - -never:: -Do not look for the peer certificate to be present in the user's entry. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.ExternalSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-sasl-mechanism-handlers-gssapi-sasl-mechanism-handler] -==== GSSAPI SASL Mechanism Handler -SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.GSSAPISASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -kdc-address:: -[open] -==== - -Description:: -Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration. - -Default Value:: -The server attempts to determine the KDC address from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -keytab:: -[open] -==== - -Description:: -Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root. - -Default Value:: -The server attempts to use the system-wide default keytab. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -principal-name:: -[open] -==== - -Description:: -Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/". - -Default Value:: -The server attempts to determine the principal name from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realm to be used for GSSAPI authentication. - -Default Value:: -The server attempts to determine the realm from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the system. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically . - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-sasl-mechanism-handlers-plain-sasl-mechanism-handler] -==== Plain SASL Mechanism Handler -SASL Mechanism Handlers of type plain-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Plain SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.PlainSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-schema-providers] -=== dsconfig list-schema-providers — Lists existing Schema Providers - -==== Synopsis -`dsconfig list-schema-providers` {options} - -[#dsconfig-list-schema-providers-description] -==== Description -Lists existing Schema Providers. - -[#dsconfig-list-schema-providers-options] -==== Options --- -The `dsconfig list-schema-providers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {property}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-schema-providers-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {unit}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-schema-providers-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {unit}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-schema-providers-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - --- - -[#dsconfig-list-schema-providers-core-schema] -==== Core Schema -Schema Providers of type core-schema have the following properties: --- - -allow-zero-length-values-directory-string:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed for directory string. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disabled-matching-rule:: -[open] -==== - -Description:: -The set of disabled matching rules. Matching rules must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled matching rule. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-syntax:: -[open] -==== - -Description:: -The set of disabled syntaxes. Syntaxes must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled syntax, or NONE - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Schema Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Core Schema implementation. - -Default Value:: -org.opends.server.schema.CoreSchemaProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.schema.SchemaProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strict-format-country-string:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strip-syntax-min-upper-bound-attribute-type-description:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-synchronization-providers] -=== dsconfig list-synchronization-providers — Lists existing Synchronization Providers - -==== Synopsis -`dsconfig list-synchronization-providers` {options} - -[#dsconfig-list-synchronization-providers-description] -==== Description -Lists existing Synchronization Providers. - -[#dsconfig-list-synchronization-providers-options] -==== Options --- -The `dsconfig list-synchronization-providers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {property}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-synchronization-providers-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {unit}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-synchronization-providers-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {unit}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-synchronization-providers-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - --- - -[#dsconfig-list-synchronization-providers-replication-synchronization-provider] -==== Replication Synchronization Provider -Synchronization Providers of type replication-synchronization-provider have the following properties: --- - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to peers and when performing SSL negotiation. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Synchronization Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Replication Synchronization Provider implementation. - -Default Value:: -org.opends.server.replication.plugin.MultimasterReplication - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SynchronizationProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-update-replay-threads:: -[open] -==== - -Description:: -Specifies the number of update replay threads. This value is the number of threads created for replaying every updates received for all the replication domains. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-trust-manager-providers] -=== dsconfig list-trust-manager-providers — Lists existing Trust Manager Providers - -==== Synopsis -`dsconfig list-trust-manager-providers` {options} - -[#dsconfig-list-trust-manager-providers-description] -==== Description -Lists existing Trust Manager Providers. - -[#dsconfig-list-trust-manager-providers-options] -==== Options --- -The `dsconfig list-trust-manager-providers` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {property}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-trust-manager-providers-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {property}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-trust-manager-providers-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {unit}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-trust-manager-providers-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {unit}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-trust-manager-providers-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {unit}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-trust-manager-providers-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {unit}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-trust-manager-providers-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - --- - -[#dsconfig-list-trust-manager-providers-blind-trust-manager-provider] -==== Blind Trust Manager Provider -Trust Manager Providers of type blind-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Blind Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.BlindTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-list-trust-manager-providers-file-based-trust-manager-provider] -==== File Based Trust Manager Provider -Trust Manager Providers of type file-based-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the trust information. It can be an absolute path or a path that is relative to the OpenDJ instance root. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -An absolute path or a path that is relative to the OpenDJ directory server instance root. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the trust store file. Valid values always include 'JKS' and 'PKCS12', but different implementations can allow other values as well. If no value is provided, then the JVM default value is used. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-list-virtual-attributes] -=== dsconfig list-virtual-attributes — Lists existing Virtual Attributes - -==== Synopsis -`dsconfig list-virtual-attributes` {options} - -[#dsconfig-list-virtual-attributes-description] -==== Description -Lists existing Virtual Attributes. - -[#dsconfig-list-virtual-attributes-options] -==== Options --- -The `dsconfig list-virtual-attributes` command takes the following options: - -`--property {property}`:: -The name of a property to be displayed. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {property} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {property}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {property}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {property}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {property}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {property}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {property}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {property}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {property}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {property}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {property}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {property}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {property}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {property}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {property}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`-z | --unit-size {unit}`:: -Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes). -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {unit}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {unit}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {unit}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {unit}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {unit}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {unit}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {unit}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {unit}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {unit}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {unit}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {unit}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {unit}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {unit}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {unit}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`-m | --unit-time {unit}`:: -Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks). -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {unit} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {unit}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {unit}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {unit}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {unit}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {unit}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {unit}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {unit}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {unit}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {unit}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {unit}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {unit}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {unit}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {unit}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {unit}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-list-virtual-attributes-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - --- - -[#dsconfig-list-virtual-attributes-collective-attribute-subentries-virtual-attribute] -==== Collective Attribute Subentries Virtual Attribute -Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -collectiveAttributeSubentries - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-entity-tag-virtual-attribute] -==== Entity Tag Virtual Attribute -Virtual Attributes of type entity-tag-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -etag - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -checksum-algorithm:: -[open] -==== - -Description:: -The algorithm which should be used for calculating the entity tag checksum value. - -Default Value:: -adler-32 - -Allowed Values:: -[open] -====== - -adler-32:: -The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster. - -crc-32:: -The CRC-32 checksum algorithm. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -excluded-attribute:: -[open] -==== - -Description:: -The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum. - -Default Value:: -ds-sync-hist - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntityTagVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-entry-dn-virtual-attribute] -==== Entry DN Virtual Attribute -Virtual Attributes of type entry-dn-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryDN - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryDNVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-entry-uuid-virtual-attribute] -==== Entry UUID Virtual Attribute -Virtual Attributes of type entry-uuid-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryUUID - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryUUIDVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-governing-structure-rule-virtual-attribute] -==== Governing Structure Rule Virtual Attribute -Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -governingStructureRule - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-has-subordinates-virtual-attribute] -==== Has Subordinates Virtual Attribute -Virtual Attributes of type has-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -hasSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-is-member-of-virtual-attribute] -==== Is Member Of Virtual Attribute -Virtual Attributes of type is-member-of-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -isMemberOf - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.IsMemberOfVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-member-virtual-attribute] -==== Member Virtual Attribute -Virtual Attributes of type member-virtual-attribute have the following properties: --- - -allow-retrieving-membership:: -[open] -==== - -Description:: -Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.MemberVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-num-subordinates-virtual-attribute] -==== Num Subordinates Virtual Attribute -Virtual Attributes of type num-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -numSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-password-expiration-time-virtual-attribute] -==== Password Expiration Time Virtual Attribute -Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -ds-pwp-password-expiration-time - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-password-policy-subentry-virtual-attribute] -==== Password Policy Subentry Virtual Attribute -Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -pwdPolicySubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-structural-object-class-virtual-attribute] -==== Structural Object Class Virtual Attribute -Virtual Attributes of type structural-object-class-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -structuralObjectClass - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-subschema-subentry-virtual-attribute] -==== Subschema Subentry Virtual Attribute -Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -subschemaSubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-list-virtual-attributes-user-defined-virtual-attribute] -==== User Defined Virtual Attribute -Virtual Attributes of type user-defined-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.UserDefinedVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -value:: -[open] -==== - -Description:: -Specifies the values to be included in the virtual attribute. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-access-control-handler-prop] -=== dsconfig set-access-control-handler-prop — Modifies Access Control Handler properties - -==== Synopsis -`dsconfig set-access-control-handler-prop` {options} - -[#dsconfig-set-access-control-handler-prop-description] -==== Description -Modifies Access Control Handler properties. - -[#dsconfig-set-access-control-handler-prop-options] -==== Options --- -The `dsconfig set-access-control-handler-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Access Control Handler properties depend on the Access Control Handler type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Access Control Handler properties depend on the Access Control Handler type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Access Control Handler properties depend on the Access Control Handler type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Access Control Handler properties depend on the Access Control Handler type, which depends on the null option. - --- - -[#dsconfig-set-access-control-handler-prop-dsee-compat-access-control-handler] -==== Dsee Compat Access Control Handler -Access Control Handlers of type dsee-compat-access-control-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Access Control Handler is enabled. If set to FALSE, then no access control is enforced, and any client (including unauthenticated or anonymous clients) could be allowed to perform any operation if not subject to other restrictions, such as those enforced by the privilege subsystem. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -global-aci:: -[open] -==== - -Description:: -Defines global access control rules. Global access control rules apply to all entries anywhere in the data managed by the OpenDJ directory server. The global access control rules may be overridden by more specific access control rules placed in the data. - -Default Value:: -No global access control rules are defined, which means that no access is allowed for any data in the server unless specifically granted by access control rules in the data. - -Allowed Values:: -xref:../admin-guide/chap-privileges-acis.adoc#about-acis["About Access Control Instructions"] in the __Administration Guide__ - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dsee Compat Access Control Handler implementation. - -Default Value:: -org.opends.server.authorization.dseecompat.AciHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccessControlHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Access Control Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-access-log-filtering-criteria-prop] -=== dsconfig set-access-log-filtering-criteria-prop — Modifies Access Log Filtering Criteria properties - -==== Synopsis -`dsconfig set-access-log-filtering-criteria-prop` {options} - -[#dsconfig-set-access-log-filtering-criteria-prop-description] -==== Description -Modifies Access Log Filtering Criteria properties. - -[#dsconfig-set-access-log-filtering-criteria-prop-options] -==== Options --- -The `dsconfig set-access-log-filtering-criteria-prop` command takes the following options: - -`--publisher-name {name}`:: -The name of the Access Log Publisher. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--criteria-name {name}`:: -The name of the Access Log Filtering Criteria. -+ -[open] -==== -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: - -access-log-filtering-criteria:: -Default {name}: Access Log Filtering Criteria - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-access-log-filtering-criteria-prop-access-log-filtering-criteria["Access Log Filtering Criteria"] for the properties of this Access Log Filtering Criteria type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the `--criteria-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the `--criteria-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the `--criteria-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the `--criteria-name {name}` option. - --- - -[#dsconfig-set-access-log-filtering-criteria-prop-access-log-filtering-criteria] -==== Access Log Filtering Criteria -Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties: --- - -connection-client-address-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-client-address-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -None - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-port-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections to any of the specified listener port numbers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-protocol-equal-to:: -[open] -==== - -Description:: -Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx". - -Default Value:: -None - -Allowed Values:: -The protocol name as reported in the access log. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-type:: -[open] -==== - -Description:: -Filters log records based on their type. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -abandon:: -Abandon operations - -add:: -Add operations - -bind:: -Bind operations - -compare:: -Compare operations - -connect:: -Client connections - -delete:: -Delete operations - -disconnect:: -Client disconnections - -extended:: -Extended operations - -modify:: -Modify operations - -rename:: -Rename operations - -search:: -Search operations - -unbind:: -Unbind operations - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -request-target-dn-not-equal-to:: -[open] -==== - -Description:: -Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-greater-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-etime-less-than:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -response-result-code-not-equal-to:: -[open] -==== - -Description:: -Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-is-indexed:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-greater-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -search-response-nentries-less-than:: -[open] -==== - -Description:: -Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-dn-not-equal-to:: -[open] -==== - -Description:: -Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard ** replaces one or more RDN components (as in uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are members of at least one of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-is-not-member-of:: -[open] -==== - -Description:: -Filters log records associated with users which are not members of any of the specified groups. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-account-status-notification-handler-prop] -=== dsconfig set-account-status-notification-handler-prop — Modifies Account Status Notification Handler properties - -==== Synopsis -`dsconfig set-account-status-notification-handler-prop` {options} - -[#dsconfig-set-account-status-notification-handler-prop-description] -==== Description -Modifies Account Status Notification Handler properties. - -[#dsconfig-set-account-status-notification-handler-prop-options] -==== Options --- -The `dsconfig set-account-status-notification-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Account Status Notification Handler. -+ -[open] -==== -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Account Status Notification Handler types: - -error-log-account-status-notification-handler:: -Default {name}: Error Log Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-account-status-notification-handler-prop-error-log-account-status-notification-handler["Error Log Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -smtp-account-status-notification-handler:: -Default {name}: SMTP Account Status Notification Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-account-status-notification-handler-prop-smtp-account-status-notification-handler["SMTP Account Status Notification Handler"] for the properties of this Account Status Notification Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the `--handler-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the `--handler-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the `--handler-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the `--handler-name {name}` option. - --- - -[#dsconfig-set-account-status-notification-handler-prop-error-log-account-status-notification-handler] -==== Error Log Account Status Notification Handler -Account Status Notification Handlers of type error-log-account-status-notification-handler have the following properties: --- - -account-status-notification-type:: -[open] -==== - -Description:: -Indicates which types of event can trigger an account status notification. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -account-disabled:: -Generate a notification whenever a user account has been disabled by an administrator. - -account-enabled:: -Generate a notification whenever a user account has been enabled by an administrator. - -account-expired:: -Generate a notification whenever a user authentication has failed because the account has expired. - -account-idle-locked:: -Generate a notification whenever a user account has been locked because it was idle for too long. - -account-permanently-locked:: -Generate a notification whenever a user account has been permanently locked after too many failed attempts. - -account-reset-locked:: -Generate a notification whenever a user account has been locked, because the password had been reset by an administrator but not changed by the user within the required interval. - -account-temporarily-locked:: -Generate a notification whenever a user account has been temporarily locked after too many failed attempts. - -account-unlocked:: -Generate a notification whenever a user account has been unlocked by an administrator. - -password-changed:: -Generate a notification whenever a user changes his/her own password. - -password-expired:: -Generate a notification whenever a user authentication has failed because the password has expired. - -password-expiring:: -Generate a notification whenever a password expiration warning is encountered for a user password for the first time. - -password-reset:: -Generate a notification whenever a user's password is reset by an administrator. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Error Log Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-account-status-notification-handler-prop-smtp-account-status-notification-handler] -==== SMTP Account Status Notification Handler -Account Status Notification Handlers of type smtp-account-status-notification-handler have the following properties: --- - -email-address-attribute-type:: -[open] -==== - -Description:: -Specifies which attribute in the user's entries may be used to obtain the email address when notifying the end user. You can specify more than one email address as separate values. In this case, the OpenDJ server sends a notification to all email addresses identified. - -Default Value:: -If no email address attribute types are specified, then no attempt is made to send email notification messages to end users. Only those users specified in the set of additional recipient addresses are sent the notification messages. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Account Status Notification Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAccountStatusNotificationHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this account status notification handler. The values for this property should begin with the name of an account status notification type followed by a colon and the subject that should be used for the associated notification message. If an email message is generated for an account status notification type for which no subject is defined, then that message is given a generic subject. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-template-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the message template to generate the email notification messages. The values for this property should begin with the name of an account status notification type followed by a colon and the path to the template file that should be used for that notification type. If an account status notification has a notification type that is not associated with a message template file, then no email message is generated for that notification. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which notification messages are sent, either instead of or in addition to the end user for whom the notification has been generated. This may be used to ensure that server administrators also receive a copy of any notification messages that are generated. - -Default Value:: -If no additional recipient addresses are specified, then only the end users that are the subjects of the account status notifications receive the notification messages. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -send-email-as-html:: -[open] -==== - -Description:: -Indicates whether an email notification message should be sent as HTML. If this value is true, email notification messages are marked as text/html. Otherwise outgoing email messages are assumed to be plaintext and marked as text/plain. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-message-without-end-user-address:: -[open] -==== - -Description:: -Indicates whether an email notification message should be generated and sent to the set of notification recipients even if the user entry does not contain any values for any of the email address attributes (that is, in cases when it is not be possible to notify the end user). This is only applicable if both one or more email address attribute types and one or more additional recipient addresses are specified. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address from which the message is sent. Note that this does not necessarily have to be a legitimate email address. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-administration-connector-prop] -=== dsconfig set-administration-connector-prop — Modifies Administration Connector properties - -==== Synopsis -`dsconfig set-administration-connector-prop` {options} - -[#dsconfig-set-administration-connector-prop-description] -==== Description -Modifies Administration Connector properties. - -[#dsconfig-set-administration-connector-prop-options] -==== Options --- -The `dsconfig set-administration-connector-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Administration Connector properties depend on the Administration Connector type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Administration Connector properties depend on the Administration Connector type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Administration Connector properties depend on the Administration Connector type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Administration Connector properties depend on the Administration Connector type, which depends on the null option. - --- - -[#dsconfig-set-administration-connector-prop-administration-connector] -==== Administration Connector -Administration Connectors of type administration-connector have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Administration Connector. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Administration Connector. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that is used with the Administration Connector . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this Administration Connector should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the Administration Connector listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the Administration Connector will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Administration Connector must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that is used with the Administration Connector . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-alert-handler-prop] -=== dsconfig set-alert-handler-prop — Modifies Alert Handler properties - -==== Synopsis -`dsconfig set-alert-handler-prop` {options} - -[#dsconfig-set-alert-handler-prop-description] -==== Description -Modifies Alert Handler properties. - -[#dsconfig-set-alert-handler-prop-options] -==== Options --- -The `dsconfig set-alert-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Alert Handler. -+ -[open] -==== -Alert Handler properties depend on the Alert Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Alert Handler types: - -jmx-alert-handler:: -Default {name}: JMX Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-alert-handler-prop-jmx-alert-handler["JMX Alert Handler"] for the properties of this Alert Handler type. - -smtp-alert-handler:: -Default {name}: SMTP Alert Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-alert-handler-prop-smtp-alert-handler["SMTP Alert Handler"] for the properties of this Alert Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Alert Handler properties depend on the Alert Handler type, which depends on the `--handler-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Alert Handler properties depend on the Alert Handler type, which depends on the `--handler-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Alert Handler properties depend on the Alert Handler type, which depends on the `--handler-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Alert Handler properties depend on the Alert Handler type, which depends on the `--handler-name {name}` option. - --- - -[#dsconfig-set-alert-handler-prop-jmx-alert-handler] -==== JMX Alert Handler -Alert Handlers of type jmx-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.JMXAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-alert-handler-prop-smtp-alert-handler] -==== SMTP Alert Handler -Alert Handlers of type smtp-alert-handler have the following properties: --- - -disabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. - -Default Value:: -If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Alert Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled-alert-type:: -[open] -==== - -Description:: -Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. - -Default Value:: -All alerts with types not included in the set of disabled alert types are allowed. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SMTP Alert Handler implementation. - -Default Value:: -org.opends.server.extensions.SMTPAlertHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Alert Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -message-body:: -[open] -==== - -Description:: -Specifies the body that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -message-subject:: -[open] -==== - -Description:: -Specifies the subject that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -recipient-address:: -[open] -==== - -Description:: -Specifies an email address to which the messages should be sent. Multiple values may be provided if there should be more than one recipient. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender for messages generated by this alert handler. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-attribute-syntax-prop] -=== dsconfig set-attribute-syntax-prop — Modifies Attribute Syntax properties - -==== Synopsis -`dsconfig set-attribute-syntax-prop` {options} - -[#dsconfig-set-attribute-syntax-prop-description] -==== Description -Modifies Attribute Syntax properties. - -[#dsconfig-set-attribute-syntax-prop-options] -==== Options --- -The `dsconfig set-attribute-syntax-prop` command takes the following options: - -`--syntax-name {name}`:: -The name of the Attribute Syntax. -+ -[open] -==== -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Attribute Syntax types: - -attribute-type-description-attribute-syntax:: -Default {name}: Attribute Type Description Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-attribute-syntax-prop-attribute-type-description-attribute-syntax["Attribute Type Description Attribute Syntax"] for the properties of this Attribute Syntax type. - -certificate-attribute-syntax:: -Default {name}: Certificate Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-attribute-syntax-prop-certificate-attribute-syntax["Certificate Attribute Syntax"] for the properties of this Attribute Syntax type. - -country-string-attribute-syntax:: -Default {name}: Country String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-attribute-syntax-prop-country-string-attribute-syntax["Country String Attribute Syntax"] for the properties of this Attribute Syntax type. - -directory-string-attribute-syntax:: -Default {name}: Directory String Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-attribute-syntax-prop-directory-string-attribute-syntax["Directory String Attribute Syntax"] for the properties of this Attribute Syntax type. - -jpeg-attribute-syntax:: -Default {name}: JPEG Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-attribute-syntax-prop-jpeg-attribute-syntax["JPEG Attribute Syntax"] for the properties of this Attribute Syntax type. - -telephone-number-attribute-syntax:: -Default {name}: Telephone Number Attribute Syntax - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-attribute-syntax-prop-telephone-number-attribute-syntax["Telephone Number Attribute Syntax"] for the properties of this Attribute Syntax type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the `--syntax-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the `--syntax-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the `--syntax-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Attribute Syntax properties depend on the Attribute Syntax type, which depends on the `--syntax-name {name}` option. - --- - -[#dsconfig-set-attribute-syntax-prop-attribute-type-description-attribute-syntax] -==== Attribute Type Description Attribute Syntax -Attribute Syntaxes of type attribute-type-description-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Attribute Type Description Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.AttributeTypeSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strip-syntax-min-upper-bound:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-attribute-syntax-prop-certificate-attribute-syntax] -==== Certificate Attribute Syntax -Attribute Syntaxes of type certificate-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Certificate Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CertificateSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether X.509 Certificate values are required to strictly comply with the standard definition for this syntax. When set to false, certificates will not be validated and, as a result any sequence of bytes will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-attribute-syntax-prop-country-string-attribute-syntax] -==== Country String Attribute Syntax -Attribute Syntaxes of type country-string-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Country String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.CountryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-attribute-syntax-prop-directory-string-attribute-syntax] -==== Directory String Attribute Syntax -Attribute Syntaxes of type directory-string-attribute-syntax have the following properties: --- - -allow-zero-length-values:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Directory String Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.DirectoryStringSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - --- - -[#dsconfig-set-attribute-syntax-prop-jpeg-attribute-syntax] -==== JPEG Attribute Syntax -Attribute Syntaxes of type jpeg-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JPEG Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.JPEGSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require JPEG values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-attribute-syntax-prop-telephone-number-attribute-syntax] -==== Telephone Number Attribute Syntax -Attribute Syntaxes of type telephone-number-attribute-syntax have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Attribute Syntax is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Telephone Number Attribute Syntax implementation. - -Default Value:: -org.opends.server.schema.TelephoneNumberSyntax - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AttributeSyntax - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Attribute Syntax must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -Yes - -==== - -strict-format:: -[open] -==== - -Description:: -Indicates whether to require telephone number values to strictly comply with the standard definition for this syntax. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-backend-index-prop] -=== dsconfig set-backend-index-prop — Modifies Backend Index properties - -==== Synopsis -`dsconfig set-backend-index-prop` {options} - -[#dsconfig-set-backend-index-prop-description] -==== Description -Modifies Backend Index properties. - -[#dsconfig-set-backend-index-prop-options] -==== Options --- -The `dsconfig set-backend-index-prop` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--index-name {name}`:: -The name of the Backend Index. -+ -[open] -==== -Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend Index types: - -backend-index:: -Default {name}: Backend Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-backend-index-prop-backend-index["Backend Index"] for the properties of this Backend Index type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Backend Index properties depend on the Backend Index type, which depends on the `--index-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Backend Index properties depend on the Backend Index type, which depends on the `--index-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Backend Index properties depend on the Backend Index type, which depends on the `--index-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Backend Index properties depend on the Backend Index type, which depends on the `--index-name {name}` option. - --- - -[#dsconfig-set-backend-index-prop-backend-index] -==== Backend Index -Backend Indexes of type backend-index have the following properties: --- - -attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute for which the index is to be maintained. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Specifies whether contents of the index should be confidential. Setting the flag to true will hash keys for equality type indexes using SHA-1 and encrypt the list of entries matching a substring key for substring indexes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If the index for the attribute must be protected for security purposes and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. The property cannot be set on a backend for which confidentiality is not enabled. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that are allowed to match a given index key before that particular index key is no longer maintained. This is analogous to the ALL IDs threshold in the Sun Java System Directory Server. If this is specified, its value overrides the JE backend-wide configuration. For no limit, use 0 for the value. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -If any index keys have already reached this limit, indexes must be rebuilt before they will be allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-extensible-matching-rule:: -[open] -==== - -Description:: -The extensible matching rule in an extensible index. An extensible matching rule must be specified using either LOCALE or OID of the matching rule. - -Default Value:: -No extensible matching rules will be indexed. - -Allowed Values:: -A Locale or an OID. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-type:: -[open] -==== - -Description:: -Specifies the type(s) of indexing that should be performed for the associated attribute. For equality, presence, and substring index types, the associated attribute type must have a corresponding matching rule. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -approximate:: -This index type is used to improve the efficiency of searches using approximate matching search filters. - -equality:: -This index type is used to improve the efficiency of searches using equality search filters. - -extensible:: -This index type is used to improve the efficiency of searches using extensible matching search filters. - -ordering:: -This index type is used to improve the efficiency of searches using "greater than or equal to" or "less then or equal to" search filters. - -presence:: -This index type is used to improve the efficiency of searches using the presence search filters. - -substring:: -This index type is used to improve the efficiency of searches using substring search filters. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -If any new index types are added for an attribute, and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. - -Advanced Property:: -No - -Read-only:: -No - -==== - -substring-length:: -[open] -==== - -Description:: -The length of substrings in a substring index. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 3. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The index must be rebuilt before it will reflect the new value. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-backend-prop] -=== dsconfig set-backend-prop — Modifies Backend properties - -==== Synopsis -`dsconfig set-backend-prop` {options} - -[#dsconfig-set-backend-prop-description] -==== Description -Modifies Backend properties. - -[#dsconfig-set-backend-prop-options] -==== Options --- -The `dsconfig set-backend-prop` command takes the following options: - -`--backend-name {name}`:: -The name of the Backend. -+ -[open] -==== -Backend properties depend on the Backend type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend types: - -backup-backend:: -Default {name}: Backup Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-backup-backend["Backup Backend"] for the properties of this Backend type. - -je-backend:: -Default {name}: JE Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-je-backend["JE Backend"] for the properties of this Backend type. - -ldif-backend:: -Default {name}: LDIF Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-ldif-backend["LDIF Backend"] for the properties of this Backend type. - -memory-backend:: -Default {name}: Memory Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-memory-backend["Memory Backend"] for the properties of this Backend type. - -monitor-backend:: -Default {name}: Monitor Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-monitor-backend["Monitor Backend"] for the properties of this Backend type. - -null-backend:: -Default {name}: Null Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-null-backend["Null Backend"] for the properties of this Backend type. - -pdb-backend:: -Default {name}: PDB Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-pdb-backend["PDB Backend"] for the properties of this Backend type. - -schema-backend:: -Default {name}: Schema Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-schema-backend["Schema Backend"] for the properties of this Backend type. - -task-backend:: -Default {name}: Task Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-task-backend["Task Backend"] for the properties of this Backend type. - -trust-store-backend:: -Default {name}: Trust Store Backend - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-backend-prop-trust-store-backend["Trust Store Backend"] for the properties of this Backend type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Backend properties depend on the Backend type, which depends on the `--backend-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Backend properties depend on the Backend type, which depends on the `--backend-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Backend properties depend on the Backend type, which depends on the `--backend-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Backend properties depend on the Backend type, which depends on the `--backend-name {name}` option. - --- - -[#dsconfig-set-backend-prop-backup-backend] -==== Backup Backend -Backends of type backup-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -backup-directory:: -[open] -==== - -Description:: -Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.BackupBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-je-backend] -==== JE Backend -Backends of type je-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-bytes-interval:: -[open] -==== - -Description:: -Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero. - -Default Value:: -500mb - -Allowed Values:: -Upper value is 9223372036854775807. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero. - -Default Value:: -30s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 4294 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-cleaner-min-utilization:: -[open] -==== - -Description:: -Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-core-threads:: -[open] -==== - -Description:: -Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-keep-alive:: -[open] -==== - -Description:: -The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -600s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 seconds.Upper limit is 86400 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-lru-only:: -[open] -==== - -Description:: -Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-max-threads:: -[open] -==== - -Description:: -Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-evictor-nodes-per-scan:: -[open] -==== - -Description:: -Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application. - -Default Value:: -10 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 1000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-file-max:: -[open] -==== - -Description:: -Specifies the maximum size for a database log file. - -Default Value:: -100mb - -Allowed Values:: -Lower value is 1000000.Upper value is 4294967296. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-log-filecache-size:: -[open] -==== - -Description:: -Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 3. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-file-handler-on:: -[open] -==== - -Description:: -Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-logging-level:: -[open] -==== - -Description:: -Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL. - -Default Value:: -CONFIG - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-cleaner-threads:: -[open] -==== - -Description:: -Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-num-lock-tables:: -[open] -==== - -Description:: -Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 32767. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-run-cleaner:: -[open] -==== - -Description:: -Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-write-no-sync:: -[open] -==== - -Description:: -Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.jeb.JEBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -je-property:: -[open] -==== - -Description:: -Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-ldif-backend] -==== LDIF Backend -Backends of type ldif-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -is-private-backend:: -[open] -==== - -Description:: -Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.LDIFBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-file:: -[open] -==== - -Description:: -Specifies the path to the LDIF file containing the data for this backend. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-memory-backend] -==== Memory Backend -Backends of type memory-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MemoryBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-monitor-backend] -==== Monitor Backend -Backends of type monitor-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.MonitorBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -disabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-null-backend] -==== Null Backend -Backends of type null-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.NullBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-pdb-backend] -==== PDB Backend -Backends of type pdb-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compact-encoding:: -[open] -==== - -Description:: -Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-percent:: -[open] -==== - -Description:: -Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. - -Default Value:: -50 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 90. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-cache-size:: -[open] -==== - -Description:: -The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. - -Default Value:: -0 MB - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-checkpointer-wakeup-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time. - -Default Value:: -15s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 10 seconds.Upper limit is 3600 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-directory:: -[open] -==== - -Description:: -Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. - -Default Value:: -db - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -db-directory-permissions:: -[open] -==== - -Description:: -Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. - -Default Value:: -700 - -Allowed Values:: -Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -db-txn-no-sync:: -[open] -==== - -Description:: -Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -entries-compressed:: -[open] -==== - -Description:: -Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -import-offheap-memory-size:: -[open] -==== - -Description:: -Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). - -Default Value:: -Use only heap memory. - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-entry-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. - -Default Value:: -4000 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. - -Advanced Property:: -No - -Read-only:: -No - -==== - -index-filter-analyzer-enabled:: -[open] -==== - -Description:: -Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -index-filter-analyzer-max-filters:: -[open] -==== - -Description:: -The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. - -Default Value:: -25 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.pdb.PDBBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -preload-time-limit:: -[open] -==== - -Description:: -Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. - -Default Value:: -0s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-schema-backend] -==== Schema Backend -Backends of type schema-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.SchemaBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -schema-entry-dn:: -[open] -==== - -Description:: -Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. - -Default Value:: -cn=schema - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-task-backend] -==== Task Backend -Backends of type task-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.task.TaskBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -notification-sender-address:: -[open] -==== - -Description:: -Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution. - -Default Value:: -The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-backing-file:: -[open] -==== - -Description:: -Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -task-retention-time:: -[open] -==== - -Description:: -Specifies the length of time that task entries should be retained after processing on the associated task has been completed. - -Default Value:: -24 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-backend-prop-trust-store-backend] -==== Trust Store Backend -Backends of type trust-store-backend have the following properties: --- - -backend-id:: -[open] -==== - -Description:: -Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -+ -No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the backend implementation. - -Default Value:: -org.opends.server.backends.TrustStoreBackend - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Backend - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Backend must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root. - -Default Value:: -config/ads-truststore - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Trust Store Backend is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. - -Default Value:: -The JVM default value is used. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect the next time that the key manager is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the behavior that the backend should use when processing write operations. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -Causes all write attempts to fail. - -enabled:: -Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). - -internal-only:: -Causes external write attempts to fail but allows writes by replication and internal operations. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-backend-vlv-index-prop] -=== dsconfig set-backend-vlv-index-prop — Modifies Backend VLV Index properties - -==== Synopsis -`dsconfig set-backend-vlv-index-prop` {options} - -[#dsconfig-set-backend-vlv-index-prop-description] -==== Description -Modifies Backend VLV Index properties. - -[#dsconfig-set-backend-vlv-index-prop-options] -==== Options --- -The `dsconfig set-backend-vlv-index-prop` command takes the following options: - -`--backend-name {name}`:: -The name of the Pluggable Backend. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--index-name {name}`:: -The name of the Backend VLV Index. -+ -[open] -==== -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Backend VLV Index types: - -backend-vlv-index:: -Default {name}: Backend VLV Index - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-backend-vlv-index-prop-backend-vlv-index["Backend VLV Index"] for the properties of this Backend VLV Index type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the `--index-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the `--index-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the `--index-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Backend VLV Index properties depend on the Backend VLV Index type, which depends on the `--index-name {name}` option. - --- - -[#dsconfig-set-backend-vlv-index-prop-backend-vlv-index] -==== Backend VLV Index -Backend VLV Indexes of type backend-vlv-index have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN used in the search query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the LDAP filter used in the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -A valid LDAP search filter. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -name:: -[open] -==== - -Description:: -Specifies a unique name for this VLV index. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -The VLV index name cannot be altered after the index is created. - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope of the query that is being indexed. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - -sort-order:: -[open] -==== - -Description:: -Specifies the names of the attributes that are used to sort the entries for the query being indexed. Multiple attributes can be used to determine the sort order by listing the attribute names from highest to lowest precedence. Optionally, + or - can be prefixed to the attribute name to sort the attribute in ascending order or descending order respectively. - -Default Value:: -None - -Allowed Values:: -Valid attribute types defined in the schema, separated by a space and optionally prefixed by + or -. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The index must be rebuilt after modifying this property. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-certificate-mapper-prop] -=== dsconfig set-certificate-mapper-prop — Modifies Certificate Mapper properties - -==== Synopsis -`dsconfig set-certificate-mapper-prop` {options} - -[#dsconfig-set-certificate-mapper-prop-description] -==== Description -Modifies Certificate Mapper properties. - -[#dsconfig-set-certificate-mapper-prop-options] -==== Options --- -The `dsconfig set-certificate-mapper-prop` command takes the following options: - -`--mapper-name {name}`:: -The name of the Certificate Mapper. -+ -[open] -==== -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Certificate Mapper types: - -fingerprint-certificate-mapper:: -Default {name}: Fingerprint Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-certificate-mapper-prop-fingerprint-certificate-mapper["Fingerprint Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-attribute-to-user-attribute-certificate-mapper:: -Default {name}: Subject Attribute To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper["Subject Attribute To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-dn-to-user-attribute-certificate-mapper:: -Default {name}: Subject DN To User Attribute Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper["Subject DN To User Attribute Certificate Mapper"] for the properties of this Certificate Mapper type. - -subject-equals-dn-certificate-mapper:: -Default {name}: Subject Equals DN Certificate Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-certificate-mapper-prop-subject-equals-dn-certificate-mapper["Subject Equals DN Certificate Mapper"] for the properties of this Certificate Mapper type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the `--mapper-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the `--mapper-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the `--mapper-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Certificate Mapper properties depend on the Certificate Mapper type, which depends on the `--mapper-name {name}` option. - --- - -[#dsconfig-set-certificate-mapper-prop-fingerprint-certificate-mapper] -==== Fingerprint Certificate Mapper -Certificate Mappers of type fingerprint-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-algorithm:: -[open] -==== - -Description:: -Specifies the name of the digest algorithm to compute the fingerprint of client certificates. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -md5:: -Use the MD5 digest algorithm to compute certificate fingerprints. - -sha1:: -Use the SHA-1 digest algorithm to compute certificate fingerprints. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fingerprint-attribute:: -[open] -==== - -Description:: -Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.FingerprintCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. - -Default Value:: -The server performs the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-certificate-mapper-prop-subject-attribute-to-user-attribute-certificate-mapper] -==== Subject Attribute To User Attribute Certificate Mapper -Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute-mapping:: -[open] -==== - -Description:: -Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-certificate-mapper-prop-subject-dn-to-user-attribute-certificate-mapper] -==== Subject DN To User Attribute Certificate Mapper -Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -subject-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -user-base-dn:: -[open] -==== - -Description:: -Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. - -Default Value:: -The server will perform the search in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-certificate-mapper-prop-subject-equals-dn-certificate-mapper] -==== Subject Equals DN Certificate Mapper -Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Certificate Mapper is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. - -Default Value:: -org.opends.server.extensions.SubjectEqualsDNCertificateMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-connection-handler-prop] -=== dsconfig set-connection-handler-prop — Modifies Connection Handler properties - -==== Synopsis -`dsconfig set-connection-handler-prop` {options} - -[#dsconfig-set-connection-handler-prop-description] -==== Description -Modifies Connection Handler properties. - -[#dsconfig-set-connection-handler-prop-options] -==== Options --- -The `dsconfig set-connection-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Connection Handler. -+ -[open] -==== -Connection Handler properties depend on the Connection Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Connection Handler types: - -http-connection-handler:: -Default {name}: HTTP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-connection-handler-prop-http-connection-handler["HTTP Connection Handler"] for the properties of this Connection Handler type. - -jmx-connection-handler:: -Default {name}: JMX Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-connection-handler-prop-jmx-connection-handler["JMX Connection Handler"] for the properties of this Connection Handler type. - -ldap-connection-handler:: -Default {name}: LDAP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-connection-handler-prop-ldap-connection-handler["LDAP Connection Handler"] for the properties of this Connection Handler type. - -ldif-connection-handler:: -Default {name}: LDIF Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-connection-handler-prop-ldif-connection-handler["LDIF Connection Handler"] for the properties of this Connection Handler type. - -snmp-connection-handler:: -Default {name}: SNMP Connection Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-connection-handler-prop-snmp-connection-handler["SNMP Connection Handler"] for the properties of this Connection Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Connection Handler properties depend on the Connection Handler type, which depends on the `--handler-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Connection Handler properties depend on the Connection Handler type, which depends on the `--handler-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Connection Handler properties depend on the Connection Handler type, which depends on the `--handler-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Connection Handler properties depend on the Connection Handler type, which depends on the `--handler-name {name}` option. - --- - -[#dsconfig-set-connection-handler-prop-http-connection-handler] -==== HTTP Connection Handler -Connection Handlers of type http-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.http.HTTPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-concurrent-ops-per-connection:: -[open] -==== - -Description:: -Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the HTTP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-connection-handler-prop-jmx-connection-handler] -==== JMX Connection Handler -Connection Handlers of type jmx-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.jmx.JmxConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this JMX Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -rmi-port:: -[open] -==== - -Description:: -Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-connection-handler-prop-ldap-connection-handler] -==== LDAP Connection Handler -Connection Handlers of type ldap-connection-handler have the following properties: --- - -accept-backlog:: -[open] -==== - -Description:: -Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-ldap-v2:: -[open] -==== - -Description:: -Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-start-tls:: -[open] -==== - -Description:: -Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-tcp-reuse-address:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing. - -Default Value:: -4096 bytes - -Allowed Values:: -Lower value is 1.Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.ldap.LDAPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -keep-stats:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-blocked-write-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. - -Default Value:: -2 minutes - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-request-size:: -[open] -==== - -Description:: -Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. - -Default Value:: -5 megabytes - -Allowed Values:: -Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-request-handlers:: -[open] -==== - -Description:: -Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -send-rejection-notice:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-client-auth-policy:: -[open] -==== - -Description:: -Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. - -Default Value:: -optional - -Allowed Values:: -[open] -====== - -disabled:: -Clients must not provide their own certificates when performing SSL negotiation. - -optional:: -Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. - -required:: -Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used with the LDAP Connection Handler . - -Default Value:: -None - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-connection-handler-prop-ldif-connection-handler] -==== LDIF Connection Handler -Connection Handlers of type ldif-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation. - -Default Value:: -org.opends.server.protocols.LDIFConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ldif-directory:: -[open] -==== - -Description:: -Specifies the path to the directory in which the LDIF files should be placed. - -Default Value:: -config/auto-process-ldif - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -poll-interval:: -[open] -==== - -Description:: -Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-connection-handler-prop-snmp-connection-handler] -==== SNMP Connection Handler -Connection Handlers of type snmp-connection-handler have the following properties: --- - -allowed-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. - -Default Value:: -All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-manager:: -[open] -==== - -Description:: -Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -allowed-user:: -[open] -==== - -Description:: -Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. - -Default Value:: -* - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -community:: -[open] -==== - -Description:: -Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -denied-client:: -[open] -==== - -Description:: -Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. - -Default Value:: -If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. - -Allowed Values:: -An IP address mask - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and do not interfere with connections that may have already been established. - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Connection Handler is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. - -Default Value:: -org.opends.server.snmp.SNMPConnectionHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -listen-address:: -[open] -==== - -Description:: -Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. - -Default Value:: -0.0.0.0 - -Allowed Values:: -An IP address - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -Restart the server - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -listen-port:: -[open] -==== - -Description:: -Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -opendmk-jarfile:: -[open] -==== - -Description:: -Indicates the OpenDMK runtime jar file location - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -registered-mbean:: -[open] -==== - -Description:: -Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-agent-file:: -[open] -==== - -Description:: -Specifies the USM security configuration to receive authenticated only SNMP requests. - -Default Value:: -config/snmp/security/opendj-snmp.security - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -security-level:: -[open] -==== - -Description:: -Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. - -Default Value:: -authnopriv - -Allowed Values:: -[open] -====== - -authnopriv:: -Authentication activated with no privacy. - -authpriv:: -Authentication with privacy activated. - -noauthnopriv:: -No security mechanisms activated. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -trap-port:: -[open] -==== - -Description:: -Specifies the port to use to send SNMP Traps. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-community:: -[open] -==== - -Description:: -Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. - -Default Value:: -OpenDJ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -traps-destination:: -[open] -==== - -Description:: -Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess. - -Default Value:: -If the list is empty, V1 traps are sent to "localhost". - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Connection Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-crypto-manager-prop] -=== dsconfig set-crypto-manager-prop — Modifies Crypto Manager properties - -==== Synopsis -`dsconfig set-crypto-manager-prop` {options} - -[#dsconfig-set-crypto-manager-prop-description] -==== Description -Modifies Crypto Manager properties. - -[#dsconfig-set-crypto-manager-prop-options] -==== Options --- -The `dsconfig set-crypto-manager-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Crypto Manager properties depend on the Crypto Manager type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Crypto Manager properties depend on the Crypto Manager type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Crypto Manager properties depend on the Crypto Manager type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Crypto Manager properties depend on the Crypto Manager type, which depends on the null option. - --- - -[#dsconfig-set-crypto-manager-prop-crypto-manager] -==== Crypto Manager -Crypto Managers of type crypto-manager have the following properties: --- - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server using the syntax algorithm/mode/padding. The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -digest-algorithm:: -[open] -==== - -Description:: -Specifies the preferred message digest algorithm for the directory server. - -Default Value:: -SHA-1 - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately and only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-wrapping-transformation:: -[open] -==== - -Description:: -The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology. - -Default Value:: -RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -mac-algorithm:: -[open] -==== - -Description:: -Specifies the preferred MAC algorithm for the directory server. - -Default Value:: -HmacSHA1 - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mac-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred MAC algorithm. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-cert-nickname:: -[open] -==== - -Description:: -Specifies the nicknames (also called the aliases) of the keys or key pairs that the Crypto Manager should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Crypto Manager is configured to use SSL. - -Default Value:: -Let the server decide. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -The Crypto Manager must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-encryption:: -[open] -==== - -Description:: -Specifies whether SSL/TLS is used to provide encrypted communication between two OpenDJ server components. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-debug-target-prop] -=== dsconfig set-debug-target-prop — Modifies Debug Target properties - -==== Synopsis -`dsconfig set-debug-target-prop` {options} - -[#dsconfig-set-debug-target-prop-description] -==== Description -Modifies Debug Target properties. - -[#dsconfig-set-debug-target-prop-options] -==== Options --- -The `dsconfig set-debug-target-prop` command takes the following options: - -`--publisher-name {name}`:: -The name of the Debug Log Publisher. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--target-name {name}`:: -The name of the Debug Target. -+ -[open] -==== -Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Debug Target types: - -debug-target:: -Default {name}: Debug Target - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-debug-target-prop-debug-target["Debug Target"] for the properties of this Debug Target type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Debug Target properties depend on the Debug Target type, which depends on the `--target-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Debug Target properties depend on the Debug Target type, which depends on the `--target-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Debug Target properties depend on the Debug Target type, which depends on the `--target-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Debug Target properties depend on the Debug Target type, which depends on the `--target-name {name}` option. - --- - -[#dsconfig-set-debug-target-prop-debug-target] -==== Debug Target -Debug Targets of type debug-target have the following properties: --- - -debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -debug-scope:: -[open] -==== - -Description:: -Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). - -Default Value:: -None - -Allowed Values:: -The fully-qualified OpenDJ Java package, class, or method name. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Debug Target is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-throwable-cause:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the cause of exceptions in exception thrown and caught messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-entry-arguments:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include method arguments in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -omit-method-return-value:: -[open] -==== - -Description:: -Specifies the property to indicate whether to include the return value in debug messages. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -throwable-stack-frames:: -[open] -==== - -Description:: -Specifies the property to indicate the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-entry-cache-prop] -=== dsconfig set-entry-cache-prop — Modifies Entry Cache properties - -==== Synopsis -`dsconfig set-entry-cache-prop` {options} - -[#dsconfig-set-entry-cache-prop-description] -==== Description -Modifies Entry Cache properties. - -[#dsconfig-set-entry-cache-prop-options] -==== Options --- -The `dsconfig set-entry-cache-prop` command takes the following options: - -`--cache-name {name}`:: -The name of the Entry Cache. -+ -[open] -==== -Entry Cache properties depend on the Entry Cache type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Entry Cache types: - -fifo-entry-cache:: -Default {name}: FIFO Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-entry-cache-prop-fifo-entry-cache["FIFO Entry Cache"] for the properties of this Entry Cache type. - -soft-reference-entry-cache:: -Default {name}: Soft Reference Entry Cache - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-entry-cache-prop-soft-reference-entry-cache["Soft Reference Entry Cache"] for the properties of this Entry Cache type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Entry Cache properties depend on the Entry Cache type, which depends on the `--cache-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Entry Cache properties depend on the Entry Cache type, which depends on the `--cache-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Entry Cache properties depend on the Entry Cache type, which depends on the `--cache-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Entry Cache properties depend on the Entry Cache type, which depends on the `--cache-name {name}` option. - --- - -[#dsconfig-set-entry-cache-prop-fifo-entry-cache] -==== FIFO Entry Cache -Entry Caches of type fifo-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the FIFO Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.FIFOEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time to wait while attempting to acquire a read or write lock. - -Default Value:: -2000.0ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-entries:: -[open] -==== - -Description:: -Specifies the maximum number of entries that we will allow in the cache. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-memory-percent:: -[open] -==== - -Description:: -Specifies the maximum percentage of JVM memory used by the server before the entry caches stops caching and begins purging itself. Very low settings such as 10 or 20 (percent) can prevent this entry cache from having enough space to hold any of the entries to cache, making it appear that the server is ignoring or skipping the entry cache entirely. - -Default Value:: -90 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 100. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-entry-cache-prop-soft-reference-entry-cache] -==== Soft Reference Entry Cache -Entry Caches of type soft-reference-entry-cache have the following properties: --- - -cache-level:: -[open] -==== - -Description:: -Specifies the cache level in the cache order if more than one instance of the cache is configured. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Entry Cache is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -exclude-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be excluded from the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -include-filter:: -[open] -==== - -Description:: -The set of filters that define the entries that should be included in the cache. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Soft Reference Entry Cache implementation. - -Default Value:: -org.opends.server.extensions.SoftReferenceEntryCache - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.EntryCache - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Entry Cache must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lock-timeout:: -[open] -==== - -Description:: -Specifies the length of time in milliseconds to wait while attempting to acquire a read or write lock. - -Default Value:: -3000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-extended-operation-handler-prop] -=== dsconfig set-extended-operation-handler-prop — Modifies Extended Operation Handler properties - -==== Synopsis -`dsconfig set-extended-operation-handler-prop` {options} - -[#dsconfig-set-extended-operation-handler-prop-description] -==== Description -Modifies Extended Operation Handler properties. - -[#dsconfig-set-extended-operation-handler-prop-options] -==== Options --- -The `dsconfig set-extended-operation-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the Extended Operation Handler. -+ -[open] -==== -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Extended Operation Handler types: - -cancel-extended-operation-handler:: -Default {name}: Cancel Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-cancel-extended-operation-handler["Cancel Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-connection-id-extended-operation-handler:: -Default {name}: Get Connection Id Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-get-connection-id-extended-operation-handler["Get Connection Id Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -get-symmetric-key-extended-operation-handler:: -Default {name}: Get Symmetric Key Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler["Get Symmetric Key Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-modify-extended-operation-handler:: -Default {name}: Password Modify Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-password-modify-extended-operation-handler["Password Modify Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -password-policy-state-extended-operation-handler:: -Default {name}: Password Policy State Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-password-policy-state-extended-operation-handler["Password Policy State Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -start-tls-extended-operation-handler:: -Default {name}: Start TLS Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-start-tls-extended-operation-handler["Start TLS Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -who-am-i-extended-operation-handler:: -Default {name}: Who Am I Extended Operation Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-extended-operation-handler-prop-who-am-i-extended-operation-handler["Who Am I Extended Operation Handler"] for the properties of this Extended Operation Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the `--handler-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the `--handler-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the `--handler-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the `--handler-name {name}` option. - --- - -[#dsconfig-set-extended-operation-handler-prop-cancel-extended-operation-handler] -==== Cancel Extended Operation Handler -Extended Operation Handlers of type cancel-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Cancel Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.CancelExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-extended-operation-handler-prop-get-connection-id-extended-operation-handler] -==== Get Connection Id Extended Operation Handler -Extended Operation Handlers of type get-connection-id-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Connection Id Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.GetConnectionIDExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-extended-operation-handler-prop-get-symmetric-key-extended-operation-handler] -==== Get Symmetric Key Extended Operation Handler -Extended Operation Handlers of type get-symmetric-key-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Get Symmetric Key Extended Operation Handler implementation. - -Default Value:: -org.opends.server.crypto.GetSymmetricKeyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-extended-operation-handler-prop-password-modify-extended-operation-handler] -==== Password Modify Extended Operation Handler -Extended Operation Handlers of type password-modify-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that should be used in conjunction with the password modify extended operation. This property is used to identify a user based on an authorization ID in the 'u:' form. Changes to this property take effect immediately. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Password Modify Extended Operation Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Modify Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordModifyExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-extended-operation-handler-prop-password-policy-state-extended-operation-handler] -==== Password Policy State Extended Operation Handler -Extended Operation Handlers of type password-policy-state-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Password Policy State Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.PasswordPolicyStateExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-extended-operation-handler-prop-start-tls-extended-operation-handler] -==== Start TLS Extended Operation Handler -Extended Operation Handlers of type start-tls-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Start TLS Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.StartTLSExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-extended-operation-handler-prop-who-am-i-extended-operation-handler] -==== Who Am I Extended Operation Handler -Extended Operation Handlers of type who-am-i-extended-operation-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Who Am I Extended Operation Handler implementation. - -Default Value:: -org.opends.server.extensions.WhoAmIExtendedOperation - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-external-changelog-domain-prop] -=== dsconfig set-external-changelog-domain-prop — Modifies External Changelog Domain properties - -==== Synopsis -`dsconfig set-external-changelog-domain-prop` {options} - -[#dsconfig-set-external-changelog-domain-prop-description] -==== Description -Modifies External Changelog Domain properties. - -[#dsconfig-set-external-changelog-domain-prop-options] -==== Options --- -The `dsconfig set-external-changelog-domain-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {name}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`--domain-name {name}`:: -The name of the Replication Domain. -+ -[open] -==== -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following External Changelog Domain types: - -external-changelog-domain:: -Default {name}: External Changelog Domain - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-external-changelog-domain-prop-external-changelog-domain["External Changelog Domain"] for the properties of this External Changelog Domain type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the `--domain-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the `--domain-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the `--domain-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -External Changelog Domain properties depend on the External Changelog Domain type, which depends on the `--domain-name {name}` option. - --- - -[#dsconfig-set-external-changelog-domain-prop-external-changelog-domain] -==== External Changelog Domain -External Changelog Domains of type external-changelog-domain have the following properties: --- - -ecl-include:: -[open] -==== - -Description:: -Specifies a list of attributes which should be published with every change log entry, regardless of whether the attribute itself has changed. The list of attributes may include wild cards such as "*" and "+" as well as object class references prefixed with an ampersand, for example "@person". The included attributes will be published using the "includedAttributes" operational attribute as a single LDIF value rather like the "changes" attribute. For modify and modifyDN operations the included attributes will be taken from the entry before any changes were applied. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ecl-include-for-deletes:: -[open] -==== - -Description:: -Specifies a list of attributes which should be published with every delete operation change log entry, in addition to those specified by the "ecl-include" property. This property provides a means for applications to archive entries after they have been deleted. See the description of the "ecl-include" property for further information about how the included attributes are published. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the External Changelog Domain is enabled. To enable computing the change numbers, set the Replication Server's "ds-cfg-compute-change-number" property to true. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-global-configuration-prop] -=== dsconfig set-global-configuration-prop — Modifies Global Configuration properties - -==== Synopsis -`dsconfig set-global-configuration-prop` {options} - -[#dsconfig-set-global-configuration-prop-description] -==== Description -Modifies Global Configuration properties. - -[#dsconfig-set-global-configuration-prop-options] -==== Options --- -The `dsconfig set-global-configuration-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Global Configuration properties depend on the Global Configuration type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Global Configuration properties depend on the Global Configuration type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Global Configuration properties depend on the Global Configuration type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Global Configuration properties depend on the Global Configuration type, which depends on the null option. - --- - -[#dsconfig-set-global-configuration-prop-global] -==== Global Configuration -Global Configurations of type global have the following properties: --- - -add-missing-rdn-attributes:: -[open] -==== - -Description:: -Indicates whether the directory server should automatically add any attribute values contained in the entry's RDN into that entry when processing an add request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-attribute-name-exceptions:: -[open] -==== - -Description:: -Indicates whether the directory server should allow underscores in attribute names and allow attribute names to begin with numeric digits (both of which are violations of the LDAP standards). - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allowed-task:: -[open] -==== - -Description:: -Specifies the fully-qualified name of a Java class that may be invoked in the server. Any attempt to invoke a task not included in the list of allowed tasks is rejected. - -Default Value:: -If no values are defined, then the server does not allow any tasks to be invoked. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -bind-with-dn-requires-password:: -[open] -==== - -Description:: -Indicates whether the directory server should reject any simple bind request that contains a DN but no password. Although such bind requests are technically allowed by the LDAPv3 specification (and should be treated as anonymous simple authentication), they may introduce security problems in applications that do not verify that the client actually provided a password. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-schema:: -[open] -==== - -Description:: -Indicates whether schema enforcement is active. When schema enforcement is activated, the directory server ensures that all operations result in entries are valid according to the defined server schema. It is strongly recommended that this option be left enabled to prevent the inadvertent addition of invalid data into the server. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-password-policy:: -[open] -==== - -Description:: -Specifies the name of the password policy that is in effect for users whose entries do not specify an alternate password policy (either via a real or virtual attribute). In addition, the default password policy will be used for providing default parameters for sub-entry based password policies when not provided or supported by the sub-entry itself. This property must reference a password policy and no other type of authentication policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Policy. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-privilege:: -[open] -==== - -Description:: -Specifies the name of a privilege that should not be evaluated by the server. If a privilege is disabled, then it is assumed that all clients (including unauthenticated clients) have that privilege. - -Default Value:: -If no values are defined, then the server enforces all privileges. - -Allowed Values:: -[open] -====== - -backend-backup:: -Allows the user to request that the server process backup tasks. - -backend-restore:: -Allows the user to request that the server process restore tasks. - -bypass-acl:: -Allows the associated user to bypass access control checks performed by the server. - -bypass-lockdown:: -Allows the associated user to bypass server lockdown mode. - -cancel-request:: -Allows the user to cancel operations in progress on other client connections. - -changelog-read:: -The privilege that provides the ability to perform read operations on the changelog - -config-read:: -Allows the associated user to read the server configuration. - -config-write:: -Allows the associated user to update the server configuration. The config-read privilege is also required. - -data-sync:: -Allows the user to participate in data synchronization. - -disconnect-client:: -Allows the user to terminate other client connections. - -jmx-notify:: -Allows the associated user to subscribe to receive JMX notifications. - -jmx-read:: -Allows the associated user to perform JMX read operations. - -jmx-write:: -Allows the associated user to perform JMX write operations. - -ldif-export:: -Allows the user to request that the server process LDIF export tasks. - -ldif-import:: -Allows the user to request that the server process LDIF import tasks. - -modify-acl:: -Allows the associated user to modify the server's access control configuration. - -password-reset:: -Allows the user to reset user passwords. - -privilege-change:: -Allows the user to make changes to the set of defined root privileges, as well as to grant and revoke privileges for users. - -proxied-auth:: -Allows the user to use the proxied authorization control, or to perform a bind that specifies an alternate authorization identity. - -server-lockdown:: -Allows the user to place and bring the server of lockdown mode. - -server-restart:: -Allows the user to request that the server perform an in-core restart. - -server-shutdown:: -Allows the user to request that the server shut down. - -subentry-write:: -Allows the associated user to perform LDAP subentry write operations. - -unindexed-search:: -Allows the user to request that the server process a search that cannot be optimized using server indexes. - -update-schema:: -Allows the user to make changes to the server schema. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -etime-resolution:: -[open] -==== - -Description:: -Specifies the resolution to use for operation elapsed processing time (etime) measurements. - -Default Value:: -milliseconds - -Allowed Values:: -[open] -====== - -milliseconds:: -Use millisecond resolution. - -nanoseconds:: -Use nanosecond resolution. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that a client connection may remain established since its last completed operation. A value of "0 seconds" indicates that no idle time limit is enforced. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invalid-attribute-syntax-behavior:: -[open] -==== - -Description:: -Specifies how the directory server should handle operations whenever an attribute value violates the associated attribute syntax. - -Default Value:: -reject - -Allowed Values:: -[open] -====== - -accept:: -The directory server silently accepts attribute values that are invalid according to their associated syntax. Matching operations targeting those values may not behave as expected. - -reject:: -The directory server rejects attribute values that are invalid according to their associated syntax. - -warn:: -The directory server accepts attribute values that are invalid according to their associated syntax, but also logs a warning message to the error log. Matching operations targeting those values may not behave as expected. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -lookthrough-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that the directory server should "look through" in the course of processing a search request. This includes any entry that the server must examine in the course of processing the request, regardless of whether it actually matches the search criteria. A value of 0 indicates that no lookthrough limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-lookthrough-limit operational attribute. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-allowed-client-connections:: -[open] -==== - -Description:: -Specifies the maximum number of client connections that may be established at any given time A value of 0 indicates that unlimited client connection is allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-internal-buffer-size:: -[open] -==== - -Description:: -The threshold capacity beyond which internal cached buffers used for encoding and decoding entries and protocol messages will be trimmed after use. Individual buffers may grow very large when encoding and decoding large entries and protocol messages and should be reduced in size when they are no longer needed. This setting specifies the threshold at which a buffer is determined to have grown too big and should be trimmed down after use. - -Default Value:: -32 KB - -Allowed Values:: -Lower value is 512.Upper value is 1000000000. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-psearches:: -[open] -==== - -Description:: -Defines the maximum number of concurrent persistent searches that can be performed on directory server The persistent search mechanism provides an active channel through which entries that change, and information about the changes that occur, can be communicated. Because each persistent search operation consumes resources, limiting the number of simultaneous persistent searches keeps the performance impact minimal. A value of -1 indicates that there is no limit on the persistent searches. - -Default Value:: --1 - -Allowed Values:: -An integer value. Lower value is 0. A value of "-1" or "unlimited" for no limit. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -notify-abandoned-operations:: -[open] -==== - -Description:: -Indicates whether the directory server should send a response to any operation that is interrupted via an abandon request. The LDAP specification states that abandoned operations should not receive any response, but this may cause problems with client applications that always expect to receive a response to each request. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -proxied-authorization-identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper to map authorization ID values (using the "u:" form) provided in the proxied authorization control to the corresponding user entry. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -reject-unauthenticated-requests:: -[open] -==== - -Description:: -Indicates whether the directory server should reject any request (other than bind or StartTLS requests) received from a client that has not yet been authenticated, whose last authentication attempt was unsuccessful, or whose last authentication attempt used anonymous authentication. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -return-bind-error-messages:: -[open] -==== - -Description:: -Indicates whether responses for failed bind operations should include a message string providing the reason for the authentication failure. Note that these messages may include information that could potentially be used by an attacker. If this option is disabled, then these messages appears only in the server's access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -save-config-on-successful-startup:: -[open] -==== - -Description:: -Indicates whether the directory server should save a copy of its configuration whenever the startup process completes successfully. This ensures that the server provides a "last known good" configuration, which can be used as a reference (or copied into the active config) if the server fails to start with the current "active" configuration. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-error-result-code:: -[open] -==== - -Description:: -Specifies the numeric value of the result code when request processing fails due to an internal server error. - -Default Value:: -80 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -single-structural-objectclass-behavior:: -[open] -==== - -Description:: -Specifies how the directory server should handle operations an entry does not contain a structural object class or contains multiple structural classes. - -Default Value:: -reject - -Allowed Values:: -[open] -====== - -accept:: -The directory server silently accepts entries that do not contain exactly one structural object class. Certain schema features that depend on the entry's structural class may not behave as expected. - -reject:: -The directory server rejects entries that do not contain exactly one structural object class. - -warn:: -The directory server accepts entries that do not contain exactly one structural object class, but also logs a warning message to the error log. Certain schema features that depend on the entry's structural class may not behave as expected. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -size-limit:: -[open] -==== - -Description:: -Specifies the maximum number of entries that can be returned to the client during a single search operation. A value of 0 indicates that no size limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-size-limit operational attribute. - -Default Value:: -1000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -smtp-server:: -[open] -==== - -Description:: -Specifies the address (and optional port number) for a mail server that can be used to send email messages via SMTP. It may be an IP address or resolvable hostname, optionally followed by a colon and a port number. - -Default Value:: -If no values are defined, then the server cannot send email via SMTP. - -Allowed Values:: -A hostname, optionally followed by a ":" followed by a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-limit:: -[open] -==== - -Description:: -Specifies the maximum length of time that should be spent processing a single search operation. A value of 0 seconds indicates that no time limit is enforced. Note that this is the default server-wide time limit, but it may be overridden on a per-user basis using the ds-rlim-time-limit operational attribute. - -Default Value:: -60 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-transaction-ids:: -[open] -==== - -Description:: -Indicates whether the directory server should trust the transaction ids that may be received from requests, either through a LDAP control or through a HTTP header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -writability-mode:: -[open] -==== - -Description:: -Specifies the kinds of write operations the directory server can process. - -Default Value:: -enabled - -Allowed Values:: -[open] -====== - -disabled:: -The directory server rejects all write operations that are requested of it, regardless of their origin. - -enabled:: -The directory server attempts to process all write operations that are requested of it, regardless of their origin. - -internal-only:: -The directory server attempts to process write operations requested as internal operations or through synchronization, but rejects any such operations requested from external clients. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-group-implementation-prop] -=== dsconfig set-group-implementation-prop — Modifies Group Implementation properties - -==== Synopsis -`dsconfig set-group-implementation-prop` {options} - -[#dsconfig-set-group-implementation-prop-description] -==== Description -Modifies Group Implementation properties. - -[#dsconfig-set-group-implementation-prop-options] -==== Options --- -The `dsconfig set-group-implementation-prop` command takes the following options: - -`--implementation-name {name}`:: -The name of the Group Implementation. -+ -[open] -==== -Group Implementation properties depend on the Group Implementation type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Group Implementation types: - -dynamic-group-implementation:: -Default {name}: Dynamic Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-group-implementation-prop-dynamic-group-implementation["Dynamic Group Implementation"] for the properties of this Group Implementation type. - -static-group-implementation:: -Default {name}: Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-group-implementation-prop-static-group-implementation["Static Group Implementation"] for the properties of this Group Implementation type. - -virtual-static-group-implementation:: -Default {name}: Virtual Static Group Implementation - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-group-implementation-prop-virtual-static-group-implementation["Virtual Static Group Implementation"] for the properties of this Group Implementation type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Group Implementation properties depend on the Group Implementation type, which depends on the `--implementation-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Group Implementation properties depend on the Group Implementation type, which depends on the `--implementation-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Group Implementation properties depend on the Group Implementation type, which depends on the `--implementation-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Group Implementation properties depend on the Group Implementation type, which depends on the `--implementation-name {name}` option. - --- - -[#dsconfig-set-group-implementation-prop-dynamic-group-implementation] -==== Dynamic Group Implementation -Group Implementations of type dynamic-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Dynamic Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.DynamicGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-group-implementation-prop-static-group-implementation] -==== Static Group Implementation -Group Implementations of type static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.StaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-group-implementation-prop-virtual-static-group-implementation] -==== Virtual Static Group Implementation -Group Implementations of type virtual-static-group-implementation have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Group Implementation is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Virtual Static Group Implementation implementation. - -Default Value:: -org.opends.server.extensions.VirtualStaticGroup - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.Group - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Group Implementation must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-http-authorization-mechanism-prop] -=== dsconfig set-http-authorization-mechanism-prop — Modifies HTTP Authorization Mechanism properties - -==== Synopsis -`dsconfig set-http-authorization-mechanism-prop` {options} - -[#dsconfig-set-http-authorization-mechanism-prop-description] -==== Description -Modifies HTTP Authorization Mechanism properties. - -[#dsconfig-set-http-authorization-mechanism-prop-options] -==== Options --- -The `dsconfig set-http-authorization-mechanism-prop` command takes the following options: - -`--mechanism-name {name}`:: -The name of the HTTP Authorization Mechanism. -+ -[open] -==== -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: - -http-anonymous-authorization-mechanism:: -Default {name}: HTTP Anonymous Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism["HTTP Anonymous Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-basic-authorization-mechanism:: -Default {name}: HTTP Basic Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-authorization-mechanism-prop-http-basic-authorization-mechanism["HTTP Basic Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-cts-authorization-mechanism:: -Default {name}: HTTP Oauth2 Cts Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism["HTTP Oauth2 Cts Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-file-authorization-mechanism:: -Default {name}: HTTP Oauth2 File Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism["HTTP Oauth2 File Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-openam-authorization-mechanism:: -Default {name}: HTTP Oauth2 Openam Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism["HTTP Oauth2 Openam Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -http-oauth2-token-introspection-authorization-mechanism:: -Default {name}: HTTP Oauth2 Token Introspection Authorization Mechanism - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism["HTTP Oauth2 Token Introspection Authorization Mechanism"] for the properties of this HTTP Authorization Mechanism type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the `--mechanism-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the `--mechanism-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the `--mechanism-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the `--mechanism-name {name}` option. - --- - -[#dsconfig-set-http-authorization-mechanism-prop-http-anonymous-authorization-mechanism] -==== HTTP Anonymous Authorization Mechanism -HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -user-dn:: -[open] -==== - -Description:: -The authorization DN which will be used for performing anonymous operations. - -Default Value:: -By default, operations will be performed using an anonymously bound connection. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-http-authorization-mechanism-prop-http-basic-authorization-mechanism] -==== HTTP Basic Authorization Mechanism -HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties: --- - -alt-authentication-enabled:: -[open] -==== - -Description:: -Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-password-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's password from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -alt-username-header:: -[open] -==== - -Description:: -Alternate HTTP headers to get the user's name from. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-cts-authorization-mechanism] -==== HTTP Oauth2 Cts Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-file-authorization-mechanism] -==== HTTP Oauth2 File Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-directory:: -[open] -==== - -Description:: -Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. - -Default Value:: -oauth2-demo/ - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-openam-authorization-mechanism] -==== HTTP Oauth2 Openam Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism . - -Default Value:: -By default the system key manager(s) will be used. - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-info-url:: -[open] -==== - -Description:: -Defines the OpenAM endpoint URL where the access-token resolution request should be sent. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-http-authorization-mechanism-prop-http-oauth2-token-introspection-authorization-mechanism] -==== HTTP Oauth2 Token Introspection Authorization Mechanism -HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties: --- - -access-token-cache-enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -access-token-cache-expiration:: -[open] -==== - -Description:: -Token cache expiration - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -authzid-json-pointer:: -[open] -==== - -Description:: -Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-id:: -[open] -==== - -Description:: -Client's ID to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -client-secret:: -[open] -==== - -Description:: -Client's secret to use during the HTTP basic authentication against the authorization server. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Authorization Mechanism is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation. - -Default Value:: -org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism . - -Default Value:: -None - -Allowed Values:: -The DN of any Key Manager Provider. The referenced key manager provider must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only for subsequent requests to the authorization server. - -Advanced Property:: -No - -Read-only:: -No - -==== - -required-scope:: -[open] -==== - -Description:: -Scopes required to grant access to the service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -token-introspection-url:: -[open] -==== - -Description:: -Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-http-endpoint-prop] -=== dsconfig set-http-endpoint-prop — Modifies HTTP Endpoint properties - -==== Synopsis -`dsconfig set-http-endpoint-prop` {options} - -[#dsconfig-set-http-endpoint-prop-description] -==== Description -Modifies HTTP Endpoint properties. - -[#dsconfig-set-http-endpoint-prop-options] -==== Options --- -The `dsconfig set-http-endpoint-prop` command takes the following options: - -`--endpoint-name {name}`:: -The name of the HTTP Endpoint. -+ -[open] -==== -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following HTTP Endpoint types: - -admin-endpoint:: -Default {name}: Admin Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-endpoint-prop-admin-endpoint["Admin Endpoint"] for the properties of this HTTP Endpoint type. - -rest2ldap-endpoint:: -Default {name}: Rest2ldap Endpoint - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-http-endpoint-prop-rest2ldap-endpoint["Rest2ldap Endpoint"] for the properties of this HTTP Endpoint type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the `--endpoint-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the `--endpoint-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the `--endpoint-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the `--endpoint-name {name}` option. - --- - -[#dsconfig-set-http-endpoint-prop-admin-endpoint] -==== Admin Endpoint -HTTP Endpoints of type admin-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Admin Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.AdminEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-http-endpoint-prop-rest2ldap-endpoint] -==== Rest2ldap Endpoint -HTTP Endpoints of type rest2ldap-endpoint have the following properties: --- - -authorization-mechanism:: -[open] -==== - -Description:: -The HTTP authorization mechanisms supported by this HTTP Endpoint. - -Default Value:: -None - -Allowed Values:: -The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-path:: -[open] -==== - -Description:: -All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -config-directory:: -[open] -==== - -Description:: -The directory containing the Rest2Ldap configuration file(s) for this specific endpoint. The directory must be readable by the server and may contain multiple configuration files, one for each supported version of the REST endpoint. If a relative path is used then it will be resolved against the server's instance directory. - -Default Value:: -None - -Allowed Values:: -A directory that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the HTTP Endpoint is enabled. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Rest2ldap Endpoint implementation. - -Default Value:: -org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-identity-mapper-prop] -=== dsconfig set-identity-mapper-prop — Modifies Identity Mapper properties - -==== Synopsis -`dsconfig set-identity-mapper-prop` {options} - -[#dsconfig-set-identity-mapper-prop-description] -==== Description -Modifies Identity Mapper properties. - -[#dsconfig-set-identity-mapper-prop-options] -==== Options --- -The `dsconfig set-identity-mapper-prop` command takes the following options: - -`--mapper-name {name}`:: -The name of the Identity Mapper. -+ -[open] -==== -Identity Mapper properties depend on the Identity Mapper type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Identity Mapper types: - -exact-match-identity-mapper:: -Default {name}: Exact Match Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-identity-mapper-prop-exact-match-identity-mapper["Exact Match Identity Mapper"] for the properties of this Identity Mapper type. - -regular-expression-identity-mapper:: -Default {name}: Regular Expression Identity Mapper - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-identity-mapper-prop-regular-expression-identity-mapper["Regular Expression Identity Mapper"] for the properties of this Identity Mapper type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Identity Mapper properties depend on the Identity Mapper type, which depends on the `--mapper-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Identity Mapper properties depend on the Identity Mapper type, which depends on the `--mapper-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Identity Mapper properties depend on the Identity Mapper type, which depends on the `--mapper-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Identity Mapper properties depend on the Identity Mapper type, which depends on the `--mapper-name {name}` option. - --- - -[#dsconfig-set-identity-mapper-prop-exact-match-identity-mapper] -==== Exact Match Identity Mapper -Identity Mappers of type exact-match-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.ExactMatchIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-identity-mapper-prop-regular-expression-identity-mapper] -==== Regular Expression Identity Mapper -Identity Mappers of type regular-expression-identity-mapper have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Identity Mapper is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation. - -Default Value:: -org.opends.server.extensions.RegularExpressionIdentityMapper - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. - -Default Value:: -uid - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-base-dn:: -[open] -==== - -Description:: -Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. - -Default Value:: -The server searches below all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -match-pattern:: -[open] -==== - -Description:: -Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. - -Default Value:: -None - -Allowed Values:: -Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replace-pattern:: -[open] -==== - -Description:: -Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. - -Default Value:: -The replace pattern will be the empty string. - -Allowed Values:: -Any valid replacement string that is allowed by the javax.util.regex.Matcher class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-key-manager-provider-prop] -=== dsconfig set-key-manager-provider-prop — Modifies Key Manager Provider properties - -==== Synopsis -`dsconfig set-key-manager-provider-prop` {options} - -[#dsconfig-set-key-manager-provider-prop-description] -==== Description -Modifies Key Manager Provider properties. - -[#dsconfig-set-key-manager-provider-prop-options] -==== Options --- -The `dsconfig set-key-manager-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Key Manager Provider. -+ -[open] -==== -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Key Manager Provider types: - -file-based-key-manager-provider:: -Default {name}: File Based Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-key-manager-provider-prop-file-based-key-manager-provider["File Based Key Manager Provider"] for the properties of this Key Manager Provider type. - -pkcs11-key-manager-provider:: -Default {name}: PKCS11 Key Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-key-manager-provider-prop-pkcs11-key-manager-provider["PKCS11 Key Manager Provider"] for the properties of this Key Manager Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the `--provider-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the `--provider-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the `--provider-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Key Manager Provider properties depend on the Key Manager Provider type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-set-key-manager-provider-prop-file-based-key-manager-provider] -==== File Based Key Manager Provider -Key Manager Providers of type file-based-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedKeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-key-manager-provider-prop-pkcs11-key-manager-provider] -==== PKCS11 Key Manager Provider -Key Manager Providers of type pkcs11-key-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Key Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.PKCS11KeyManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . - -Default Value:: -None - -Allowed Values:: -The name of a defined Java property. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-log-publisher-prop] -=== dsconfig set-log-publisher-prop — Modifies Log Publisher properties - -==== Synopsis -`dsconfig set-log-publisher-prop` {options} - -[#dsconfig-set-log-publisher-prop-description] -==== Description -Modifies Log Publisher properties. - -[#dsconfig-set-log-publisher-prop-options] -==== Options --- -The `dsconfig set-log-publisher-prop` command takes the following options: - -`--publisher-name {name}`:: -The name of the Log Publisher. -+ -[open] -==== -Log Publisher properties depend on the Log Publisher type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Publisher types: - -csv-file-access-log-publisher:: -Default {name}: Csv File Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-csv-file-access-log-publisher["Csv File Access Log Publisher"] for the properties of this Log Publisher type. - -csv-file-http-access-log-publisher:: -Default {name}: Csv File HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-csv-file-http-access-log-publisher["Csv File HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -external-access-log-publisher:: -Default {name}: External Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-external-access-log-publisher["External Access Log Publisher"] for the properties of this Log Publisher type. - -external-http-access-log-publisher:: -Default {name}: External HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-external-http-access-log-publisher["External HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-access-log-publisher:: -Default {name}: File Based Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-file-based-access-log-publisher["File Based Access Log Publisher"] for the properties of this Log Publisher type. - -file-based-audit-log-publisher:: -Default {name}: File Based Audit Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-file-based-audit-log-publisher["File Based Audit Log Publisher"] for the properties of this Log Publisher type. - -file-based-debug-log-publisher:: -Default {name}: File Based Debug Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-file-based-debug-log-publisher["File Based Debug Log Publisher"] for the properties of this Log Publisher type. - -file-based-error-log-publisher:: -Default {name}: File Based Error Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-file-based-error-log-publisher["File Based Error Log Publisher"] for the properties of this Log Publisher type. - -file-based-http-access-log-publisher:: -Default {name}: File Based HTTP Access Log Publisher - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-log-publisher-prop-file-based-http-access-log-publisher["File Based HTTP Access Log Publisher"] for the properties of this Log Publisher type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Log Publisher properties depend on the Log Publisher type, which depends on the `--publisher-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Log Publisher properties depend on the Log Publisher type, which depends on the `--publisher-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Log Publisher properties depend on the Log Publisher type, which depends on the `--publisher-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Log Publisher properties depend on the Log Publisher type, which depends on the `--publisher-name {name}` option. - --- - -[#dsconfig-set-log-publisher-prop-csv-file-access-log-publisher] -==== Csv File Access Log Publisher -Log Publishers of type csv-file-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writting in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CsvFileAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when the tamper-evident option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-csv-file-http-access-log-publisher] -==== Csv File HTTP Access Log Publisher -Log Publishers of type csv-file-http-access-log-publisher have the following properties: --- - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the Csv File HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-delimiter-char:: -[open] -==== - -Description:: -The delimiter character to use when writing in CSV format. - -Default Value:: -, - -Allowed Values:: -The delimiter character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -csv-eol-symbols:: -[open] -==== - -Description:: -The string that marks the end of a line. - -Default Value:: -Use the platform specific end of line character sequence. - -Allowed Values:: -The string that marks the end of a line. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -csv-quote-char:: -[open] -==== - -Description:: -The character to append and prepend to a CSV field when writing in CSV format. - -Default Value:: -" - -Allowed Values:: -The quote character to use when writing in CSV format. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Csv File HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -key-store-file:: -[open] -==== - -Description:: -Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -key-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File HTTP Access Log Publisher . - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the Csv File HTTP Access Log Publisher is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-directory:: -[open] -==== - -Description:: -The directory to use for the log files generated by the Csv File HTTP Access Log Publisher. The path to the directory is relative to the server root. - -Default Value:: -logs - -Allowed Values:: -A path to an existing directory that is readable and writable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -signature-time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to sign the log file when secure option is enabled. - -Default Value:: -3s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -tamper-evident:: -[open] -==== - -Description:: -Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-external-access-log-publisher] -==== External Access Log Publisher -Log Publishers of type external-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.ExternalAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-external-http-access-log-publisher] -==== External HTTP Access Log Publisher -Log Publishers of type external-http-access-log-publisher have the following properties: --- - -config-file:: -[open] -==== - -Description:: -The JSON configuration file that defines the External HTTP Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the External HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-file-based-access-log-publisher] -==== File Based Access Log Publisher -Log Publishers of type file-based-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-control-oids:: -[open] -==== - -Description:: -Specifies whether control OIDs will be included in operation log records. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the access log. - -Default Value:: -multi-line - -Allowed Values:: -[open] -====== - -combined:: -Combine log records for operation requests and responses into a single record. This format should be used when log records are to be filtered based on response criteria (e.g. result code). - -multi-line:: -Outputs separate log records for operation requests and responses. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-file-based-audit-log-publisher] -==== File Based Audit Log Publisher -Log Publishers of type file-based-audit-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Audit Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filtering-policy:: -[open] -==== - -Description:: -Specifies how filtering criteria should be applied to log records. - -Default Value:: -no-filtering - -Allowed Values:: -[open] -====== - -exclusive:: -Records must not match any of the filtering criteria in order to be logged. - -inclusive:: -Records must match at least one of the filtering criteria in order to be logged. - -no-filtering:: -No filtering will be performed, and all records will be logged. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Audit Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextAuditLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Audit Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -suppress-internal-operations:: -[open] -==== - -Description:: -Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -suppress-synchronization-operations:: -[open] -==== - -Description:: -Indicates whether access messages that are generated by synchronization operations should be suppressed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-file-based-debug-log-publisher] -==== File Based Debug Log Publisher -Log Publishers of type file-based-debug-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Debug Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-debug-exceptions-only:: -[open] -==== - -Description:: -Indicates whether only logs with exception should be logged. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-include-throwable-cause:: -[open] -==== - -Description:: -Indicates whether to include the cause of exceptions in exception thrown and caught messages logged by default. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-entry-arguments:: -[open] -==== - -Description:: -Indicates whether to include method arguments in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-omit-method-return-value:: -[open] -==== - -Description:: -Indicates whether to include the return value in debug messages logged by default. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-throwable-stack-frames:: -[open] -==== - -Description:: -Indicates the number of stack frames to include in the stack trace for method entry and exception thrown messages. - -Default Value:: -2147483647 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Debug Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextDebugLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Debug Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Debug Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Debug Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Debug Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-file-based-error-log-publisher] -==== File Based Error Log Publisher -Log Publishers of type file-based-error-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based Error Log Publisher will publish records asynchronously. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer will be flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -default-severity:: -[open] -==== - -Description:: -Specifies the default severity levels for the logger. - -Default Value:: -error - -+ -warning - -Allowed Values:: -[open] -====== - -all:: -Messages of all severity levels are logged. - -debug:: -The error log severity that is used for messages that provide debugging information triggered during processing. - -error:: -The error log severity that is used for messages that provide information about errors which may force the server to shut down or operate in a significantly degraded state. - -info:: -The error log severity that is used for messages that provide information about significant events within the server that are not warnings or errors. - -none:: -No messages of any severity are logged by default. This value is intended to be used in conjunction with the override-severity property to define an error logger that will publish no error message beside the errors of a given category. - -notice:: -The error log severity that is used for the most important informational messages (i.e., information that should almost always be logged but is not associated with a warning or error condition). - -warning:: -The error log severity that is used for messages that provide information about warnings triggered during processing. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Error Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextErrorLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based Error Log Publisher . The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based Error Log Publisher . - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -override-severity:: -[open] -==== - -Description:: -Specifies the override severity levels for the logger based on the category of the messages. Each override severity level should include the category and the severity levels to log for that category, for example, core=error,info,warning. Valid categories are: core, extensions, protocol, config, log, util, schema, plugin, jeb, backend, tools, task, access-control, admin, sync, version, quicksetup, admin-tool, dsconfig, user-defined. Valid severities are: all, error, info, warning, notice, debug. - -Default Value:: -All messages with the default severity levels are logged. - -Allowed Values:: -A string in the form category=severity1,severity2... - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based Error Log Publisher . When multiple policies are used, log files will be cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files will never be cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based Error Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-publisher-prop-file-based-http-access-log-publisher] -==== File Based HTTP Access Log Publisher -Log Publishers of type file-based-http-access-log-publisher have the following properties: --- - -append:: -[open] -==== - -Description:: -Specifies whether to append to existing log files. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -asynchronous:: -[open] -==== - -Description:: -Indicates whether the File Based HTTP Access Log Publisher will publish records asynchronously. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -auto-flush:: -[open] -==== - -Description:: -Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -buffer-size:: -[open] -==== - -Description:: -Specifies the log file buffer size. - -Default Value:: -64kb - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Log Publisher is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based HTTP Access Log Publisher implementation. - -Default Value:: -org.opends.server.loggers.TextHTTPAccessLogPublisher - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -The file name to use for the log files generated by the File Based HTTP Access Log Publisher. The path to the file is relative to the server root. - -Default Value:: -None - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Log Publisher must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-file-permissions:: -[open] -==== - -Description:: -The UNIX permissions of the log files created by this File Based HTTP Access Log Publisher. - -Default Value:: -640 - -Allowed Values:: -A valid UNIX mode string. The mode string must contain three digits between zero and seven. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-format:: -[open] -==== - -Description:: -Specifies how log records should be formatted and written to the HTTP access log. - -Default Value:: -cs-host c-ip cs-username x-datetime cs-method cs-uri-stem cs-uri-query cs-version sc-status cs(User-Agent) x-connection-id x-etime x-transaction-id - -Allowed Values:: -A space separated list of fields describing the extended log format to be used for logging HTTP accesses. Available values are listed on the W3C working draft http://www.w3.org/TR/WD-logfile.html and Microsoft website http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true OpenDJ supports the following standard fields: "c-ip", "c-port", "cs-host", "cs-method", "cs-uri", "cs-uri-stem", "cs-uri-query", "cs(User-Agent)", "cs-username", "cs-version", "s-computername", "s-ip", "s-port", "sc-status". OpenDJ supports the following application specific field extensions: "x-connection-id" displays the internal connection ID assigned to the HTTP client connection, "x-datetime" displays the completion date and time for the logged HTTP request and its ouput is controlled by the "ds-cfg-log-record-time-format" property, "x-etime" displays the total execution time for the logged HTTP request, "x-transaction-id" displays the transaction id associated to a request - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-record-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate log record timestamps. - -Default Value:: -dd/MMM/yyyy:HH:mm:ss Z - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -The maximum number of log records that can be stored in the asynchronous queue. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -retention-policy:: -[open] -==== - -Description:: -The retention policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. - -Default Value:: -No retention policy is used and log files are never cleaned. - -Allowed Values:: -The DN of any Log Retention Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rotation-policy:: -[open] -==== - -Description:: -The rotation policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. - -Default Value:: -No rotation policy is used and log rotation will not occur. - -Allowed Values:: -The DN of any Log Rotation Policy. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -time-interval:: -[open] -==== - -Description:: -Specifies the interval at which to check whether the log files need to be rotated. - -Default Value:: -5s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-log-retention-policy-prop] -=== dsconfig set-log-retention-policy-prop — Modifies Log Retention Policy properties - -==== Synopsis -`dsconfig set-log-retention-policy-prop` {options} - -[#dsconfig-set-log-retention-policy-prop-description] -==== Description -Modifies Log Retention Policy properties. - -[#dsconfig-set-log-retention-policy-prop-options] -==== Options --- -The `dsconfig set-log-retention-policy-prop` command takes the following options: - -`--policy-name {name}`:: -The name of the Log Retention Policy. -+ -[open] -==== -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Retention Policy types: - -file-count-log-retention-policy:: -Default {name}: File Count Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-log-retention-policy-prop-file-count-log-retention-policy["File Count Log Retention Policy"] for the properties of this Log Retention Policy type. - -free-disk-space-log-retention-policy:: -Default {name}: Free Disk Space Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-log-retention-policy-prop-free-disk-space-log-retention-policy["Free Disk Space Log Retention Policy"] for the properties of this Log Retention Policy type. - -size-limit-log-retention-policy:: -Default {name}: Size Limit Log Retention Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-log-retention-policy-prop-size-limit-log-retention-policy["Size Limit Log Retention Policy"] for the properties of this Log Retention Policy type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the `--policy-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the `--policy-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the `--policy-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Log Retention Policy properties depend on the Log Retention Policy type, which depends on the `--policy-name {name}` option. - --- - -[#dsconfig-set-log-retention-policy-prop-file-count-log-retention-policy] -==== File Count Log Retention Policy -Log Retention Policies of type file-count-log-retention-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the File Count Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FileNumberRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -number-of-files:: -[open] -==== - -Description:: -Specifies the number of archived log files to retain before the oldest ones are cleaned. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-retention-policy-prop-free-disk-space-log-retention-policy] -==== Free Disk Space Log Retention Policy -Log Retention Policies of type free-disk-space-log-retention-policy have the following properties: --- - -free-disk-space:: -[open] -==== - -Description:: -Specifies the minimum amount of free disk space that should be available on the file system on which the archived log files are stored. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Free Disk Space Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.FreeDiskSpaceRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-retention-policy-prop-size-limit-log-retention-policy] -==== Size Limit Log Retention Policy -Log Retention Policies of type size-limit-log-retention-policy have the following properties: --- - -disk-space-used:: -[open] -==== - -Description:: -Specifies the maximum total disk space used by the log files. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Retention Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRetentionPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-log-rotation-policy-prop] -=== dsconfig set-log-rotation-policy-prop — Modifies Log Rotation Policy properties - -==== Synopsis -`dsconfig set-log-rotation-policy-prop` {options} - -[#dsconfig-set-log-rotation-policy-prop-description] -==== Description -Modifies Log Rotation Policy properties. - -[#dsconfig-set-log-rotation-policy-prop-options] -==== Options --- -The `dsconfig set-log-rotation-policy-prop` command takes the following options: - -`--policy-name {name}`:: -The name of the Log Rotation Policy. -+ -[open] -==== -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Log Rotation Policy types: - -fixed-time-log-rotation-policy:: -Default {name}: Fixed Time Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-log-rotation-policy-prop-fixed-time-log-rotation-policy["Fixed Time Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -size-limit-log-rotation-policy:: -Default {name}: Size Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-log-rotation-policy-prop-size-limit-log-rotation-policy["Size Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -time-limit-log-rotation-policy:: -Default {name}: Time Limit Log Rotation Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-log-rotation-policy-prop-time-limit-log-rotation-policy["Time Limit Log Rotation Policy"] for the properties of this Log Rotation Policy type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the `--policy-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the `--policy-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the `--policy-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the `--policy-name {name}` option. - --- - -[#dsconfig-set-log-rotation-policy-prop-fixed-time-log-rotation-policy] -==== Fixed Time Log Rotation Policy -Log Rotation Policies of type fixed-time-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Fixed Time Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.FixedTimeRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -time-of-day:: -[open] -==== - -Description:: -Specifies the time of day at which log rotation should occur. - -Default Value:: -None - -Allowed Values:: -24 hour time of day in HHmm format. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-rotation-policy-prop-size-limit-log-rotation-policy] -==== Size Limit Log Rotation Policy -Log Rotation Policies of type size-limit-log-rotation-policy have the following properties: --- - -file-size-limit:: -[open] -==== - -Description:: -Specifies the maximum size that a log file can reach before it is rotated. - -Default Value:: -None - -Allowed Values:: -Lower value is 1. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Size Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.SizeBasedRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-log-rotation-policy-prop-time-limit-log-rotation-policy] -==== Time Limit Log Rotation Policy -Log Rotation Policies of type time-limit-log-rotation-policy have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Time Limit Log Rotation Policy implementation. - -Default Value:: -org.opends.server.loggers.TimeLimitRotationPolicy - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -rotation-interval:: -[open] -==== - -Description:: -Specifies the time interval between rotations. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-matching-rule-prop] -=== dsconfig set-matching-rule-prop — Modifies Matching Rule properties - -==== Synopsis -`dsconfig set-matching-rule-prop` {options} - -[#dsconfig-set-matching-rule-prop-description] -==== Description -Modifies Matching Rule properties. - -[#dsconfig-set-matching-rule-prop-options] -==== Options --- -The `dsconfig set-matching-rule-prop` command takes the following options: - -`--rule-name {name}`:: -The name of the Matching Rule. -+ -[open] -==== -Matching Rule properties depend on the Matching Rule type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Matching Rule types: - -collation-matching-rule:: -Default {name}: Collation Matching Rule - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-matching-rule-prop-collation-matching-rule["Collation Matching Rule"] for the properties of this Matching Rule type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Matching Rule properties depend on the Matching Rule type, which depends on the `--rule-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Matching Rule properties depend on the Matching Rule type, which depends on the `--rule-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Matching Rule properties depend on the Matching Rule type, which depends on the `--rule-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Matching Rule properties depend on the Matching Rule type, which depends on the `--rule-name {name}` option. - --- - -[#dsconfig-set-matching-rule-prop-collation-matching-rule] -==== Collation Matching Rule -Matching Rules of type collation-matching-rule have the following properties: --- - -collation:: -[open] -==== - -Description:: -the set of supported locales Collation must be specified using the syntax: LOCALE:OID - -Default Value:: -None - -Allowed Values:: -A Locale followed by a ":" and an OID. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Matching Rule is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Collation Matching Rule implementation. - -Default Value:: -org.opends.server.schema.CollationMatchingRuleFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MatchingRuleFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -matching-rule-type:: -[open] -==== - -Description:: -the types of matching rules that should be supported for each locale - -Default Value:: -None - -Allowed Values:: -[open] -====== - -equality:: -Specifies if equality type collation matching rule needs to be created for each locale. - -greater-than:: -Specifies if greater-than type collation matching rule needs to be created for each locale. - -greater-than-or-equal-to:: -Specifies if greater-than-or-equal-to type collation matching rule needs to be created for each locale. - -less-than:: -Specifies if less-than type collation matching rule needs to be created for each locale. - -less-than-or-equal-to:: -Specifies if less-than-or-equal-to type collation matching rule needs to be created for each locale. - -substring:: -Specifies if substring type collation matching rule needs to be created for each locale. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-monitor-provider-prop] -=== dsconfig set-monitor-provider-prop — Modifies Monitor Provider properties - -==== Synopsis -`dsconfig set-monitor-provider-prop` {options} - -[#dsconfig-set-monitor-provider-prop-description] -==== Description -Modifies Monitor Provider properties. - -[#dsconfig-set-monitor-provider-prop-options] -==== Options --- -The `dsconfig set-monitor-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Monitor Provider. -+ -[open] -==== -Monitor Provider properties depend on the Monitor Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Monitor Provider types: - -client-connection-monitor-provider:: -Default {name}: Client Connection Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-monitor-provider-prop-client-connection-monitor-provider["Client Connection Monitor Provider"] for the properties of this Monitor Provider type. - -entry-cache-monitor-provider:: -Default {name}: Entry Cache Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-monitor-provider-prop-entry-cache-monitor-provider["Entry Cache Monitor Provider"] for the properties of this Monitor Provider type. - -memory-usage-monitor-provider:: -Default {name}: Memory Usage Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-monitor-provider-prop-memory-usage-monitor-provider["Memory Usage Monitor Provider"] for the properties of this Monitor Provider type. - -stack-trace-monitor-provider:: -Default {name}: Stack Trace Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-monitor-provider-prop-stack-trace-monitor-provider["Stack Trace Monitor Provider"] for the properties of this Monitor Provider type. - -system-info-monitor-provider:: -Default {name}: System Info Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-monitor-provider-prop-system-info-monitor-provider["System Info Monitor Provider"] for the properties of this Monitor Provider type. - -version-monitor-provider:: -Default {name}: Version Monitor Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-monitor-provider-prop-version-monitor-provider["Version Monitor Provider"] for the properties of this Monitor Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Monitor Provider properties depend on the Monitor Provider type, which depends on the `--provider-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Monitor Provider properties depend on the Monitor Provider type, which depends on the `--provider-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Monitor Provider properties depend on the Monitor Provider type, which depends on the `--provider-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Monitor Provider properties depend on the Monitor Provider type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-set-monitor-provider-prop-client-connection-monitor-provider] -==== Client Connection Monitor Provider -Monitor Providers of type client-connection-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Client Connection Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.ClientConnectionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-monitor-provider-prop-entry-cache-monitor-provider] -==== Entry Cache Monitor Provider -Monitor Providers of type entry-cache-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Entry Cache Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.EntryCacheMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-monitor-provider-prop-memory-usage-monitor-provider] -==== Memory Usage Monitor Provider -Monitor Providers of type memory-usage-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Memory Usage Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.MemoryUsageMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-monitor-provider-prop-stack-trace-monitor-provider] -==== Stack Trace Monitor Provider -Monitor Providers of type stack-trace-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Stack Trace Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.StackTraceMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-monitor-provider-prop-system-info-monitor-provider] -==== System Info Monitor Provider -Monitor Providers of type system-info-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the System Info Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.SystemInfoMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-monitor-provider-prop-version-monitor-provider] -==== Version Monitor Provider -Monitor Providers of type version-monitor-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Monitor Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Version Monitor Provider implementation. - -Default Value:: -org.opends.server.monitors.VersionMonitorProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-password-generator-prop] -=== dsconfig set-password-generator-prop — Modifies Password Generator properties - -==== Synopsis -`dsconfig set-password-generator-prop` {options} - -[#dsconfig-set-password-generator-prop-description] -==== Description -Modifies Password Generator properties. - -[#dsconfig-set-password-generator-prop-options] -==== Options --- -The `dsconfig set-password-generator-prop` command takes the following options: - -`--generator-name {name}`:: -The name of the Password Generator. -+ -[open] -==== -Password Generator properties depend on the Password Generator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Generator types: - -random-password-generator:: -Default {name}: Random Password Generator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-generator-prop-random-password-generator["Random Password Generator"] for the properties of this Password Generator type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Password Generator properties depend on the Password Generator type, which depends on the `--generator-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Password Generator properties depend on the Password Generator type, which depends on the `--generator-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Password Generator properties depend on the Password Generator type, which depends on the `--generator-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Password Generator properties depend on the Password Generator type, which depends on the `--generator-name {name}` option. - --- - -[#dsconfig-set-password-generator-prop-random-password-generator] -==== Random Password Generator -Password Generators of type random-password-generator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Generator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Random Password Generator implementation. - -Default Value:: -org.opends.server.extensions.RandomPasswordGenerator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordGenerator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -password-character-set:: -[open] -==== - -Description:: -Specifies one or more named character sets. This is a multi-valued property, with each value defining a different character set. The format of the character set is the name of the set followed by a colon and the characters that are in that set. For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a character set named "alpha" containing all of the lower-case ASCII alphabetic characters. - -Default Value:: -None - -Allowed Values:: -A character set name (consisting of ASCII letters) followed by a colon and the set of characters that are included in that character set. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-format:: -[open] -==== - -Description:: -Specifies the format to use for the generated password. The value is a comma-delimited list of elements in which each of those elements is comprised of the name of a character set defined in the password-character-set property, a colon, and the number of characters to include from that set. For example, a value of "alpha:3,numeric:2,alpha:3" generates an 8-character password in which the first three characters are from the "alpha" set, the next two are from the "numeric" set, and the final three are from the "alpha" set. - -Default Value:: -None - -Allowed Values:: -A comma-delimited list whose elements comprise a valid character set name, a colon, and a positive integer indicating the number of characters from that set to be included. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-password-policy-prop] -=== dsconfig set-password-policy-prop — Modifies Authentication Policy properties - -==== Synopsis -`dsconfig set-password-policy-prop` {options} - -[#dsconfig-set-password-policy-prop-description] -==== Description -Modifies Authentication Policy properties. - -[#dsconfig-set-password-policy-prop-options] -==== Options --- -The `dsconfig set-password-policy-prop` command takes the following options: - -`--policy-name {name}`:: -The name of the Authentication Policy. -+ -[open] -==== -Authentication Policy properties depend on the Authentication Policy type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Authentication Policy types: - -ldap-pass-through-authentication-policy:: -Default {name}: LDAP Pass Through Authentication Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-password-policy-prop-ldap-pass-through-authentication-policy["LDAP Pass Through Authentication Policy"] for the properties of this Authentication Policy type. - -password-policy:: -Default {name}: Password Policy - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-password-policy-prop-password-policy["Password Policy"] for the properties of this Authentication Policy type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Authentication Policy properties depend on the Authentication Policy type, which depends on the `--policy-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Authentication Policy properties depend on the Authentication Policy type, which depends on the `--policy-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Authentication Policy properties depend on the Authentication Policy type, which depends on the `--policy-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Authentication Policy properties depend on the Authentication Policy type, which depends on the `--policy-name {name}` option. - --- - -[#dsconfig-set-password-policy-prop-ldap-pass-through-authentication-policy] -==== LDAP Pass Through Authentication Policy -Authentication Policies of type ldap-pass-through-authentication-policy have the following properties: --- - -cached-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the name of a password storage scheme which should be used for encoding cached passwords. Changing the password storage scheme will cause all existing cached passwords to be discarded. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cached-password-ttl:: -[open] -==== - -Description:: -Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service. This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service. - -Default Value:: -8 hours - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests. If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. - -Default Value:: -3 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation. - -Default Value:: -org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -mapped-attribute:: -[open] -==== - -Description:: -Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-dn:: -[open] -==== - -Description:: -Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -Searches will be performed anonymously. - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password:: -[open] -==== - -Description:: -Specifies the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-environment-variable:: -[open] -==== - -Description:: -Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-file:: -[open] -==== - -Description:: -Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-bind-password-property:: -[open] -==== - -Description:: -Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapped-search-filter-template:: -[open] -==== - -Description:: -If defined, overrides the filter used when searching for the user, substituting %s with the value of the local entry's "mapped-attribute". The filter-template may include ZERO or ONE %s substitutions. If multiple mapped-attributes are configured, multiple renditions of this template will be aggregated into one larger filter using an OR (|) operator. An example use-case for this property would be to use a different attribute type on the mapped search. For example, mapped-attribute could be set to "uid" and filter-template to "(samAccountName=%s)". - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -mapping-policy:: -[open] -==== - -Description:: -Specifies the mapping algorithm for obtaining the bind DN from the user's entry. - -Default Value:: -unmapped - -Allowed Values:: -[open] -====== - -mapped-bind:: -Bind to the remote LDAP directory service using a DN obtained from an attribute in the user's entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used. - -mapped-search:: -Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user's entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). - -unmapped:: -Bind to the remote LDAP directory service using the DN of the user's entry in this directory server. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -primary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -secondary-remote-ldap-server:: -[open] -==== - -Description:: -Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. - -Default Value:: -No secondary LDAP servers. - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -ssl-cipher-suite:: -[open] -==== - -Description:: -Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL cipher suites provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -ssl-protocol:: -[open] -==== - -Description:: -Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections. - -Default Value:: -Uses the default set of SSL protocols provided by the server's JVM. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but will only impact new SSL LDAP connections created after the change. - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-manager-provider:: -[open] -==== - -Description:: -Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers. - -Default Value:: -By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. - -Allowed Values:: -The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations. - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-password-caching:: -[open] -==== - -Description:: -Indicates whether passwords should be cached locally within the user's entry. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-ssl:: -[open] -==== - -Description:: -Indicates whether the LDAP Pass Through Authentication Policy should use SSL. If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - -use-tcp-keep-alive:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -use-tcp-no-delay:: -[open] -==== - -Description:: -Indicates whether LDAP connections should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-policy-prop-password-policy] -==== Password Policy -Authentication Policies of type password-policy have the following properties: --- - -account-status-notification-handler:: -[open] -==== - -Description:: -Specifies the names of the account status notification handlers that are used with the associated password storage scheme. - -Default Value:: -None - -Allowed Values:: -The DN of any Account Status Notification Handler. The referenced account status notification handlers must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-expired-password-changes:: -[open] -==== - -Description:: -Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -allow-multiple-password-values:: -[open] -==== - -Description:: -Indicates whether user entries can have multiple distinct values for the password attribute. This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-pre-encoded-passwords:: -[open] -==== - -Description:: -Indicates whether users can change their passwords by providing a pre-encoded value. This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -allow-user-password-changes:: -[open] -==== - -Description:: -Indicates whether users can change their own passwords. This check is made in addition to access control evaluation. Both must allow the password change for it to occur. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -deprecated-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes that are considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s). - -Default Value:: -None - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -expire-passwords-without-warning:: -[open] -==== - -Description:: -Indicates whether the directory server allows a user's password to expire even if that user has never seen an expiration warning notification. If this property is true, accounts always expire when the expiration time arrives. If this property is false or disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-add:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords upon first authenticating to the directory server after their account has been created. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -force-change-on-reset:: -[open] -==== - -Description:: -Indicates whether users are forced to change their passwords if they are reset by an administrator. For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -grace-login-count:: -[open] -==== - -Description:: -Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. A value of 0 indicates that no grace logins are allowed. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -idle-lockout-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class which provides the Password Policy implementation. - -Default Value:: -org.opends.server.core.PasswordPolicyFactory - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -last-login-time-attribute:: -[open] -==== - -Description:: -Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. This attribute type must be defined in the directory server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string that is used to generate the last login time value for users with the associated password policy. This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-duration:: -[open] -==== - -Description:: -Specifies the length of time that an account is locked after too many authentication failures. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-count:: -[open] -==== - -Description:: -Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. A value of 0 indicates that accounts are never locked out due to failed attempts. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -lockout-failure-expiration-interval:: -[open] -==== - -Description:: -Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -max-password-reset-age:: -[open] -==== - -Description:: -Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-age:: -[open] -==== - -Description:: -Specifies the minimum length of time after a password change before the user is allowed to change the password again. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-attribute:: -[open] -==== - -Description:: -Specifies the attribute type used to hold user passwords. This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-change-requires-current-password:: -[open] -==== - -Description:: -Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-expiration-warning-interval:: -[open] -==== - -Description:: -Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval. - -Default Value:: -5 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-generator:: -[open] -==== - -Description:: -Specifies the name of the password generator that is used with the associated password policy. This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Generator. The referenced password generator must be enabled. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-count:: -[open] -==== - -Description:: -Specifies the maximum number of former passwords to maintain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds). - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-history-duration:: -[open] -==== - -Description:: -Specifies the maximum length of time that passwords remain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero). - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds.Upper limit is 2147483647 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -password-validator:: -[open] -==== - -Description:: -Specifies the names of the password validators that are used with the associated password storage scheme. The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable. - -Default Value:: -None - -Allowed Values:: -The DN of any Password Validator. The referenced password validators must be enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -previous-last-login-time-format:: -[open] -==== - -Description:: -Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class. - -Default Value:: -None - -Allowed Values:: -Any valid format string that can be used with the java.text.SimpleDateFormat class. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-change-by-time:: -[open] -==== - -Description:: -Specifies the time by which all users with the associated password policy must change their passwords. The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset. - -Default Value:: -None - -Allowed Values:: -A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT). - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-authentication:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to authenticate in a secure manner. This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -require-secure-password-changes:: -[open] -==== - -Description:: -Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -skip-validation-for-administrators:: -[open] -==== - -Description:: -Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -state-update-failure-policy:: -[open] -==== - -Description:: -Specifies how the server deals with the inability to update password policy state information during an authentication attempt. In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled). - -Default Value:: -reactive - -Allowed Values:: -[open] -====== - -ignore:: -If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user. - -proactive:: -Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user's password policy state information. - -reactive:: -Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-password-storage-scheme-prop] -=== dsconfig set-password-storage-scheme-prop — Modifies Password Storage Scheme properties - -==== Synopsis -`dsconfig set-password-storage-scheme-prop` {options} - -[#dsconfig-set-password-storage-scheme-prop-description] -==== Description -Modifies Password Storage Scheme properties. - -[#dsconfig-set-password-storage-scheme-prop-options] -==== Options --- -The `dsconfig set-password-storage-scheme-prop` command takes the following options: - -`--scheme-name {name}`:: -The name of the Password Storage Scheme. -+ -[open] -==== -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Storage Scheme types: - -aes-password-storage-scheme:: -Default {name}: AES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-aes-password-storage-scheme["AES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -base64-password-storage-scheme:: -Default {name}: Base64 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-base64-password-storage-scheme["Base64 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -bcrypt-password-storage-scheme:: -Default {name}: Bcrypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-bcrypt-password-storage-scheme["Bcrypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -blowfish-password-storage-scheme:: -Default {name}: Blowfish Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-blowfish-password-storage-scheme["Blowfish Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -clear-password-storage-scheme:: -Default {name}: Clear Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-clear-password-storage-scheme["Clear Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -crypt-password-storage-scheme:: -Default {name}: Crypt Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-crypt-password-storage-scheme["Crypt Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -md5-password-storage-scheme:: -Default {name}: MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-md5-password-storage-scheme["MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pbkdf2-password-storage-scheme:: -Default {name}: PBKDF2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-pbkdf2-password-storage-scheme["PBKDF2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -pkcs5s2-password-storage-scheme:: -Default {name}: PKCS5S2 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-pkcs5s2-password-storage-scheme["PKCS5S2 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -rc4-password-storage-scheme:: -Default {name}: RC4 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-rc4-password-storage-scheme["RC4 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-md5-password-storage-scheme:: -Default {name}: Salted MD5 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-salted-md5-password-storage-scheme["Salted MD5 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha1-password-storage-scheme:: -Default {name}: Salted SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-salted-sha1-password-storage-scheme["Salted SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha256-password-storage-scheme:: -Default {name}: Salted SHA256 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-salted-sha256-password-storage-scheme["Salted SHA256 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha384-password-storage-scheme:: -Default {name}: Salted SHA384 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-salted-sha384-password-storage-scheme["Salted SHA384 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -salted-sha512-password-storage-scheme:: -Default {name}: Salted SHA512 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-salted-sha512-password-storage-scheme["Salted SHA512 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -sha1-password-storage-scheme:: -Default {name}: SHA1 Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-sha1-password-storage-scheme["SHA1 Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -triple-des-password-storage-scheme:: -Default {name}: Triple DES Password Storage Scheme - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-storage-scheme-prop-triple-des-password-storage-scheme["Triple DES Password Storage Scheme"] for the properties of this Password Storage Scheme type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the `--scheme-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the `--scheme-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the `--scheme-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the `--scheme-name {name}` option. - --- - -[#dsconfig-set-password-storage-scheme-prop-aes-password-storage-scheme] -==== AES Password Storage Scheme -Password Storage Schemes of type aes-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the AES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.AESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-base64-password-storage-scheme] -==== Base64 Password Storage Scheme -Password Storage Schemes of type base64-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Base64 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.Base64PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-bcrypt-password-storage-scheme] -==== Bcrypt Password Storage Scheme -Password Storage Schemes of type bcrypt-password-storage-scheme have the following properties: --- - -bcrypt-cost:: -[open] -==== - -Description:: -The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users. - -Default Value:: -12 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 30. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BCryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-blowfish-password-storage-scheme] -==== Blowfish Password Storage Scheme -Password Storage Schemes of type blowfish-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Blowfish Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.BlowfishPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-clear-password-storage-scheme] -==== Clear Password Storage Scheme -Password Storage Schemes of type clear-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Clear Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.ClearPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-crypt-password-storage-scheme] -==== Crypt Password Storage Scheme -Password Storage Schemes of type crypt-password-storage-scheme have the following properties: --- - -crypt-password-storage-encryption-algorithm:: -[open] -==== - -Description:: -Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix. - -Default Value:: -unix - -Allowed Values:: -[open] -====== - -md5:: -New passwords are encrypted with the BSD MD5 algorithm. - -sha256:: -New passwords are encrypted with the Unix crypt SHA256 algorithm. - -sha512:: -New passwords are encrypted with the Unix crypt SHA512 algorithm. - -unix:: -New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.CryptPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-md5-password-storage-scheme] -==== MD5 Password Storage Scheme -Password Storage Schemes of type md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.MD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-pbkdf2-password-storage-scheme] -==== PBKDF2 Password Storage Scheme -Password Storage Schemes of type pbkdf2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PBKDF2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PBKDF2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pbkdf2-iterations:: -[open] -==== - -Description:: -The number of algorithm iterations to make. NIST recommends at least 1000. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-pkcs5s2-password-storage-scheme] -==== PKCS5S2 Password Storage Scheme -Password Storage Schemes of type pkcs5s2-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the PKCS5S2 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.PKCS5S2PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-rc4-password-storage-scheme] -==== RC4 Password Storage Scheme -Password Storage Schemes of type rc4-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the RC4 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.RC4PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-salted-md5-password-storage-scheme] -==== Salted MD5 Password Storage Scheme -Password Storage Schemes of type salted-md5-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted MD5 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedMD5PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-salted-sha1-password-storage-scheme] -==== Salted SHA1 Password Storage Scheme -Password Storage Schemes of type salted-sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-salted-sha256-password-storage-scheme] -==== Salted SHA256 Password Storage Scheme -Password Storage Schemes of type salted-sha256-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA256 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA256PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-salted-sha384-password-storage-scheme] -==== Salted SHA384 Password Storage Scheme -Password Storage Schemes of type salted-sha384-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA384 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA384PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-salted-sha512-password-storage-scheme] -==== Salted SHA512 Password Storage Scheme -Password Storage Schemes of type salted-sha512-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Salted SHA512 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SaltedSHA512PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-sha1-password-storage-scheme] -==== SHA1 Password Storage Scheme -Password Storage Schemes of type sha1-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SHA1 Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.SHA1PasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-storage-scheme-prop-triple-des-password-storage-scheme] -==== Triple DES Password Storage Scheme -Password Storage Schemes of type triple-des-password-storage-scheme have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the Password Storage Scheme is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Triple DES Password Storage Scheme implementation. - -Default Value:: -org.opends.server.extensions.TripleDESPasswordStorageScheme - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-password-validator-prop] -=== dsconfig set-password-validator-prop — Modifies Password Validator properties - -==== Synopsis -`dsconfig set-password-validator-prop` {options} - -[#dsconfig-set-password-validator-prop-description] -==== Description -Modifies Password Validator properties. - -[#dsconfig-set-password-validator-prop-options] -==== Options --- -The `dsconfig set-password-validator-prop` command takes the following options: - -`--validator-name {name}`:: -The name of the Password Validator. -+ -[open] -==== -Password Validator properties depend on the Password Validator type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Password Validator types: - -attribute-value-password-validator:: -Default {name}: Attribute Value Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-attribute-value-password-validator["Attribute Value Password Validator"] for the properties of this Password Validator type. - -character-set-password-validator:: -Default {name}: Character Set Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-character-set-password-validator["Character Set Password Validator"] for the properties of this Password Validator type. - -dictionary-password-validator:: -Default {name}: Dictionary Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-dictionary-password-validator["Dictionary Password Validator"] for the properties of this Password Validator type. - -length-based-password-validator:: -Default {name}: Length Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-length-based-password-validator["Length Based Password Validator"] for the properties of this Password Validator type. - -repeated-characters-password-validator:: -Default {name}: Repeated Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-repeated-characters-password-validator["Repeated Characters Password Validator"] for the properties of this Password Validator type. - -similarity-based-password-validator:: -Default {name}: Similarity Based Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-similarity-based-password-validator["Similarity Based Password Validator"] for the properties of this Password Validator type. - -unique-characters-password-validator:: -Default {name}: Unique Characters Password Validator - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-password-validator-prop-unique-characters-password-validator["Unique Characters Password Validator"] for the properties of this Password Validator type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Password Validator properties depend on the Password Validator type, which depends on the `--validator-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Password Validator properties depend on the Password Validator type, which depends on the `--validator-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Password Validator properties depend on the Password Validator type, which depends on the `--validator-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Password Validator properties depend on the Password Validator type, which depends on the `--validator-name {name}` option. - --- - -[#dsconfig-set-password-validator-prop-attribute-value-password-validator] -==== Attribute Value Password Validator -Password Validators of type attribute-value-password-validator have the following properties: --- - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.AttributeValuePasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -match-attribute:: -[open] -==== - -Description:: -Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry. - -Default Value:: -All attributes in the user entry will be checked. - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-validator-prop-character-set-password-validator] -==== Character Set Password Validator -Password Validators of type character-set-password-validator have the following properties: --- - -allow-unclassified-characters:: -[open] -==== - -Description:: -Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set:: -[open] -==== - -Description:: -Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. - -Default Value:: -If no sets are specified, the validator only uses the defined character ranges. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -character-set-ranges:: -[open] -==== - -Description:: -Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered. - -Default Value:: -If no ranges are specified, the validator only uses the defined character sets. - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.CharacterSetPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-character-sets:: -[open] -==== - -Description:: -Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3. - -Default Value:: -The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges. - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-validator-prop-dictionary-password-validator] -==== Dictionary Password Validator -Password Validators of type dictionary-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-substrings:: -[open] -==== - -Description:: -Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -dictionary-file:: -[open] -==== - -Description:: -Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. - -Default Value:: -For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt - -Allowed Values:: -The path to any text file contained on the system that is readable by the server. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.DictionaryPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-substring-length:: -[open] -==== - -Description:: -Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. - -Default Value:: -5 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -test-reversed-password:: -[open] -==== - -Description:: -Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-validator-prop-length-based-password-validator] -==== Length Based Password Validator -Password Validators of type length-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.LengthBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-password-length:: -[open] -==== - -Description:: -Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -0 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -min-password-length:: -[open] -==== - -Description:: -Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. - -Default Value:: -6 - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-validator-prop-repeated-characters-password-validator] -==== Repeated Characters Password Validator -Password Validators of type repeated-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.RepeatedCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-consecutive-length:: -[open] -==== - -Description:: -Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-validator-prop-similarity-based-password-validator] -==== Similarity Based Password Validator -Password Validators of type similarity-based-password-validator have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.SimilarityBasedPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-password-difference:: -[open] -==== - -Description:: -Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-password-validator-prop-unique-characters-password-validator] -==== Unique Characters Password Validator -Password Validators of type unique-characters-password-validator have the following properties: --- - -case-sensitive-validation:: -[open] -==== - -Description:: -Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the password validator is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the password validator implementation. - -Default Value:: -org.opends.server.extensions.UniqueCharactersPasswordValidator - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Password Validator must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -min-unique-characters:: -[open] -==== - -Description:: -Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-plugin-prop] -=== dsconfig set-plugin-prop — Modifies Plugin properties - -==== Synopsis -`dsconfig set-plugin-prop` {options} - -[#dsconfig-set-plugin-prop-description] -==== Description -Modifies Plugin properties. - -[#dsconfig-set-plugin-prop-options] -==== Options --- -The `dsconfig set-plugin-prop` command takes the following options: - -`--plugin-name {name}`:: -The name of the Plugin. -+ -[open] -==== -Plugin properties depend on the Plugin type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Plugin types: - -attribute-cleanup-plugin:: -Default {name}: Attribute Cleanup Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-attribute-cleanup-plugin["Attribute Cleanup Plugin"] for the properties of this Plugin type. - -change-number-control-plugin:: -Default {name}: Change Number Control Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-change-number-control-plugin["Change Number Control Plugin"] for the properties of this Plugin type. - -entry-uuid-plugin:: -Default {name}: Entry UUID Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-entry-uuid-plugin["Entry UUID Plugin"] for the properties of this Plugin type. - -fractional-ldif-import-plugin:: -Default {name}: Fractional LDIF Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-fractional-ldif-import-plugin["Fractional LDIF Import Plugin"] for the properties of this Plugin type. - -last-mod-plugin:: -Default {name}: Last Mod Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-last-mod-plugin["Last Mod Plugin"] for the properties of this Plugin type. - -ldap-attribute-description-list-plugin:: -Default {name}: LDAP Attribute Description List Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-ldap-attribute-description-list-plugin["LDAP Attribute Description List Plugin"] for the properties of this Plugin type. - -password-policy-import-plugin:: -Default {name}: Password Policy Import Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-password-policy-import-plugin["Password Policy Import Plugin"] for the properties of this Plugin type. - -profiler-plugin:: -Default {name}: Profiler Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-profiler-plugin["Profiler Plugin"] for the properties of this Plugin type. - -referential-integrity-plugin:: -Default {name}: Referential Integrity Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-referential-integrity-plugin["Referential Integrity Plugin"] for the properties of this Plugin type. - -samba-password-plugin:: -Default {name}: Samba Password Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-samba-password-plugin["Samba Password Plugin"] for the properties of this Plugin type. - -seven-bit-clean-plugin:: -Default {name}: Seven Bit Clean Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-seven-bit-clean-plugin["Seven Bit Clean Plugin"] for the properties of this Plugin type. - -unique-attribute-plugin:: -Default {name}: Unique Attribute Plugin - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-plugin-prop-unique-attribute-plugin["Unique Attribute Plugin"] for the properties of this Plugin type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Plugin properties depend on the Plugin type, which depends on the `--plugin-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Plugin properties depend on the Plugin type, which depends on the `--plugin-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Plugin properties depend on the Plugin type, which depends on the `--plugin-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Plugin properties depend on the Plugin type, which depends on the `--plugin-name {name}` option. - --- - -[#dsconfig-set-plugin-prop-attribute-cleanup-plugin] -==== Attribute Cleanup Plugin -Plugins of type attribute-cleanup-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.AttributeCleanupPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparseadd - -+ -preparsemodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -remove-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be removed from incoming add or modify requests. - -Default Value:: -No attributes will be removed - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -rename-inbound-attributes:: -[open] -==== - -Description:: -A list of attributes which should be renamed in incoming add or modify requests. - -Default Value:: -No attributes will be renamed - -Allowed Values:: -An attribute name mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-change-number-control-plugin] -==== Change Number Control Plugin -Plugins of type change-number-control-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ChangeNumberControlPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postOperationAdd - -+ -postOperationDelete - -+ -postOperationModify - -+ -postOperationModifyDN - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-entry-uuid-plugin] -==== Entry UUID Plugin -Plugins of type entry-uuid-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.EntryUUIDPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preoperationadd - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-fractional-ldif-import-plugin] -==== Fractional LDIF Import Plugin -Plugins of type fractional-ldif-import-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -None - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-last-mod-plugin] -==== Last Mod Plugin -Plugins of type last-mod-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LastModPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-ldap-attribute-description-list-plugin] -==== LDAP Attribute Description List Plugin -Plugins of type ldap-attribute-description-list-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.LDAPADListPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preparsesearch - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-password-policy-import-plugin] -==== Password Policy Import Plugin -Plugins of type password-policy-import-plugin have the following properties: --- - -default-auth-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. - -Default Value:: -If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -default-user-password-storage-scheme:: -[open] -==== - -Description:: -Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. - -Default Value:: -If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. - -Allowed Values:: -The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.PasswordPolicyImportPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-profiler-plugin] -==== Profiler Plugin -Plugins of type profiler-plugin have the following properties: --- - -enable-profiling-on-startup:: -[open] -==== - -Description:: -Indicates whether the profiler plug-in is to start collecting data automatically when the directory server is started. This property is read only when the server is started, and any changes take effect on the next restart. This property is typically set to "false" unless startup profiling is required, because otherwise the volume of data that can be collected can cause the server to run out of memory if it is not turned off in a timely manner. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.profiler.ProfilerPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -startup - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -profile-action:: -[open] -==== - -Description:: -Specifies the action that should be taken by the profiler. A value of "start" causes the profiler thread to start collecting data if it is not already active. A value of "stop" causes the profiler thread to stop collecting data and write it to disk, and a value of "cancel" causes the profiler thread to stop collecting data and discard anything that has been captured. These operations occur immediately. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -cancel:: -Stop collecting profile data and discard what has been captured. - -none:: -Do not take any action. - -start:: -Start collecting profile data. - -stop:: -Stop collecting profile data and write what has been captured to a file in the profile directory. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-directory:: -[open] -==== - -Description:: -Specifies the path to the directory where profile information is to be written. This path may be either an absolute path or a path that is relative to the root of the OpenDJ directory server instance. The directory must exist and the directory server must have permission to create new files in it. - -Default Value:: -None - -Allowed Values:: -The path to any directory that exists on the filesystem and that can be read and written by the server user. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -profile-sample-interval:: -[open] -==== - -Description:: -Specifies the sample interval in milliseconds to be used when capturing profiling information in the server. When capturing data, the profiler thread sleeps for this length of time between calls to obtain traces for all threads running in the JVM. - -Default Value:: -None - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds.Upper limit is 2147483647 milliseconds. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -+ -Changes to this configuration attribute take effect the next time the profiler is started. - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-referential-integrity-plugin] -==== Referential Integrity Plugin -Plugins of type referential-integrity-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute types for which referential integrity is to be maintained. At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34). - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN that limits the scope within which referential integrity is maintained. - -Default Value:: -Referential integrity is maintained in all public naming contexts. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references:: -[open] -==== - -Description:: -Specifies whether reference attributes must refer to existing entries. When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-filter-criteria:: -[open] -==== - -Description:: -Specifies additional filter criteria which will be enforced when checking references. If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter. - -Default Value:: -None - -Allowed Values:: -An attribute-filter mapping. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -check-references-scope-criteria:: -[open] -==== - -Description:: -Specifies whether referenced entries must reside within the same naming context as the entry containing the reference. The reference scope will only be enforced when reference checking is enabled. - -Default Value:: -global - -Allowed Values:: -[open] -====== - -global:: -References may refer to existing entries located anywhere in the Directory. - -naming-context:: -References must refer to existing entries located within the same naming context. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.ReferentialIntegrityPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -log-file:: -[open] -==== - -Description:: -Specifies the log file location where the update records are written when the plug-in is in background-mode processing. The default location is the logs directory of the server instance, using the file name "referint". - -Default Value:: -logs/referint - -Allowed Values:: -A path to an existing file that is readable by the server. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -postoperationdelete - -+ -postoperationmodifydn - -+ -subordinatemodifydn - -+ -subordinatedelete - -+ -preoperationadd - -+ -preoperationmodify - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -update-interval:: -[open] -==== - -Description:: -Specifies the interval in seconds when referential integrity updates are made. If this value is 0, then the updates are made synchronously in the foreground. - -Default Value:: -0 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-samba-password-plugin] -==== Samba Password Plugin -Plugins of type samba-password-plugin have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SambaPasswordPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationmodify - -+ -postoperationextended - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -pwd-sync-policy:: -[open] -==== - -Description:: -Specifies which Samba passwords should be kept synchronized. - -Default Value:: -sync-nt-password - -Allowed Values:: -[open] -====== - -sync-lm-password:: -Synchronize the LanMan password attribute "sambaLMPassword" - -sync-nt-password:: -Synchronize the NT password attribute "sambaNTPassword" - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -samba-administrator-dn:: -[open] -==== - -Description:: -Specifies the distinguished name of the user which Samba uses to perform Password Modify extended operations against this directory server in order to synchronize the userPassword attribute after the LanMan or NT passwords have been updated. The user must have the 'password-reset' privilege and should not be a root user. This user name can be used in order to identify Samba connections and avoid double re-synchronization of the same password. If this property is left undefined, then no password updates will be skipped. - -Default Value:: -Synchronize all updates to user passwords - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-seven-bit-clean-plugin] -==== Seven Bit Clean Plugin -Plugins of type seven-bit-clean-plugin have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the name or OID of an attribute type for which values should be checked to ensure that they are 7-bit clean. - -Default Value:: -uid - -+ -mail - -+ -userPassword - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN below which the checking is performed. Any attempt to update a value for one of the configured attributes below this base DN must be 7-bit clean for the operation to be allowed. - -Default Value:: -All entries below all public naming contexts will be checked. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.SevenBitCleanPlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -ldifimport - -+ -preparseadd - -+ -preparsemodify - -+ -preparsemodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-plugin-prop-unique-attribute-plugin] -==== Unique Attribute Plugin -Plugins of type unique-attribute-plugin have the following properties: --- - -base-dn:: -[open] -==== - -Description:: -Specifies a base DN within which the attribute must be unique. - -Default Value:: -The plug-in uses the server's public naming contexts in the searches. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the plug-in is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -invoke-for-internal-operations:: -[open] -==== - -Description:: -Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the plug-in implementation. - -Default Value:: -org.opends.server.plugins.UniqueAttributePlugin - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -plugin-type:: -[open] -==== - -Description:: -Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. - -Default Value:: -preoperationadd - -+ -preoperationmodify - -+ -preoperationmodifydn - -+ -postoperationadd - -+ -postoperationmodify - -+ -postoperationmodifydn - -+ -postsynchronizationadd - -+ -postsynchronizationmodify - -+ -postsynchronizationmodifydn - -Allowed Values:: -[open] -====== - -intermediateresponse:: -Invoked before sending an intermediate repsonse message to the client. - -ldifexport:: -Invoked for each operation to be written during an LDIF export. - -ldifimport:: -Invoked for each entry read during an LDIF import. - -ldifimportbegin:: -Invoked at the beginning of an LDIF import session. - -ldifimportend:: -Invoked at the end of an LDIF import session. - -postconnect:: -Invoked whenever a new connection is established to the server. - -postdisconnect:: -Invoked whenever an existing connection is terminated (by either the client or the server). - -postoperationabandon:: -Invoked after completing the abandon processing. - -postoperationadd:: -Invoked after completing the core add processing but before sending the response to the client. - -postoperationbind:: -Invoked after completing the core bind processing but before sending the response to the client. - -postoperationcompare:: -Invoked after completing the core compare processing but before sending the response to the client. - -postoperationdelete:: -Invoked after completing the core delete processing but before sending the response to the client. - -postoperationextended:: -Invoked after completing the core extended processing but before sending the response to the client. - -postoperationmodify:: -Invoked after completing the core modify processing but before sending the response to the client. - -postoperationmodifydn:: -Invoked after completing the core modify DN processing but before sending the response to the client. - -postoperationsearch:: -Invoked after completing the core search processing but before sending the response to the client. - -postoperationunbind:: -Invoked after completing the unbind processing. - -postresponseadd:: -Invoked after sending the add response to the client. - -postresponsebind:: -Invoked after sending the bind response to the client. - -postresponsecompare:: -Invoked after sending the compare response to the client. - -postresponsedelete:: -Invoked after sending the delete response to the client. - -postresponseextended:: -Invoked after sending the extended response to the client. - -postresponsemodify:: -Invoked after sending the modify response to the client. - -postresponsemodifydn:: -Invoked after sending the modify DN response to the client. - -postresponsesearch:: -Invoked after sending the search result done message to the client. - -postsynchronizationadd:: -Invoked after completing post-synchronization processing for an add operation. - -postsynchronizationdelete:: -Invoked after completing post-synchronization processing for a delete operation. - -postsynchronizationmodify:: -Invoked after completing post-synchronization processing for a modify operation. - -postsynchronizationmodifydn:: -Invoked after completing post-synchronization processing for a modify DN operation. - -preoperationadd:: -Invoked prior to performing the core add processing. - -preoperationbind:: -Invoked prior to performing the core bind processing. - -preoperationcompare:: -Invoked prior to performing the core compare processing. - -preoperationdelete:: -Invoked prior to performing the core delete processing. - -preoperationextended:: -Invoked prior to performing the core extended processing. - -preoperationmodify:: -Invoked prior to performing the core modify processing. - -preoperationmodifydn:: -Invoked prior to performing the core modify DN processing. - -preoperationsearch:: -Invoked prior to performing the core search processing. - -preparseabandon:: -Invoked prior to parsing an abandon request. - -preparseadd:: -Invoked prior to parsing an add request. - -preparsebind:: -Invoked prior to parsing a bind request. - -preparsecompare:: -Invoked prior to parsing a compare request. - -preparsedelete:: -Invoked prior to parsing a delete request. - -preparseextended:: -Invoked prior to parsing an extended request. - -preparsemodify:: -Invoked prior to parsing a modify request. - -preparsemodifydn:: -Invoked prior to parsing a modify DN request. - -preparsesearch:: -Invoked prior to parsing a search request. - -preparseunbind:: -Invoked prior to parsing an unbind request. - -searchresultentry:: -Invoked before sending a search result entry to the client. - -searchresultreference:: -Invoked before sending a search result reference to the client. - -shutdown:: -Invoked during a graceful directory server shutdown. - -startup:: -Invoked during the directory server startup process. - -subordinatedelete:: -Invoked in the course of deleting a subordinate entry of a delete operation. - -subordinatemodifydn:: -Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. - -====== - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -The Plugin must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -type:: -[open] -==== - -Description:: -Specifies the type of attributes to check for value uniqueness. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-plugin-root-prop] -=== dsconfig set-plugin-root-prop — Modifies Plugin Root properties - -==== Synopsis -`dsconfig set-plugin-root-prop` {options} - -[#dsconfig-set-plugin-root-prop-description] -==== Description -Modifies Plugin Root properties. - -[#dsconfig-set-plugin-root-prop-options] -==== Options --- -The `dsconfig set-plugin-root-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Plugin Root properties depend on the Plugin Root type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Plugin Root properties depend on the Plugin Root type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Plugin Root properties depend on the Plugin Root type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Plugin Root properties depend on the Plugin Root type, which depends on the null option. - --- - -[#dsconfig-set-plugin-root-prop-plugin-root] -==== Plugin Root -Plugin Roots of type plugin-root have the following properties: --- - -plugin-order-intermediate-response:: -[open] -==== - -Description:: -Specifies the order in which intermediate response plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which intermediate response plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-export:: -[open] -==== - -Description:: -Specifies the order in which LDIF export plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF export plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-import:: -[open] -==== - -Description:: -Specifies the order in which LDIF import plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF import plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-import-begin:: -[open] -==== - -Description:: -Specifies the order in which LDIF import begin plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF import begin plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-ldif-import-end:: -[open] -==== - -Description:: -Specifies the order in which LDIF import end plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which LDIF import end plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-connect:: -[open] -==== - -Description:: -Specifies the order in which post-connect plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-connect plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-disconnect:: -[open] -==== - -Description:: -Specifies the order in which post-disconnect plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-disconnect plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-abandon:: -[open] -==== - -Description:: -Specifies the order in which post-operation abandon plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation abandon plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-add:: -[open] -==== - -Description:: -Specifies the order in which post-operation add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-bind:: -[open] -==== - -Description:: -Specifies the order in which post-operation bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-compare:: -[open] -==== - -Description:: -Specifies the order in which post-operation compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-delete:: -[open] -==== - -Description:: -Specifies the order in which post-operation delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-extended:: -[open] -==== - -Description:: -Specifies the order in which post-operation extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-modify:: -[open] -==== - -Description:: -Specifies the order in which post-operation modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which post-operation modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-search:: -[open] -==== - -Description:: -Specifies the order in which post-operation search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation search plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-operation-unbind:: -[open] -==== - -Description:: -Specifies the order in which post-operation unbind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-operation unbind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-add:: -[open] -==== - -Description:: -Specifies the order in which post-response add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-bind:: -[open] -==== - -Description:: -Specifies the order in which post-response bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-compare:: -[open] -==== - -Description:: -Specifies the order in which post-response compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-delete:: -[open] -==== - -Description:: -Specifies the order in which post-response delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-extended:: -[open] -==== - -Description:: -Specifies the order in which post-response extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-modify:: -[open] -==== - -Description:: -Specifies the order in which post-response modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which post-response modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-response-search:: -[open] -==== - -Description:: -Specifies the order in which post-response search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-response search plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-add:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-delete:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-modify:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-post-synchronization-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which post-synchronization modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which post-synchronization modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-add:: -[open] -==== - -Description:: -Specifies the order in which pre-operation add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-bind:: -[open] -==== - -Description:: -Specifies the order in which pre-operation bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-compare:: -[open] -==== - -Description:: -Specifies the order in which pre-operation compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-delete:: -[open] -==== - -Description:: -Specifies the order in which pre-operation delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-extended:: -[open] -==== - -Description:: -Specifies the order in which pre-operation extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-modify:: -[open] -==== - -Description:: -Specifies the order in which pre-operation modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which pre-operation modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-operation-search:: -[open] -==== - -Description:: -Specifies the order in which pre-operation search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-operation searc plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-abandon:: -[open] -==== - -Description:: -Specifies the order in which pre-parse abandon plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse abandon plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-add:: -[open] -==== - -Description:: -Specifies the order in which pre-parse add plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse add plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-bind:: -[open] -==== - -Description:: -Specifies the order in which pre-parse bind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse bind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-compare:: -[open] -==== - -Description:: -Specifies the order in which pre-parse compare plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse compare plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-delete:: -[open] -==== - -Description:: -Specifies the order in which pre-parse delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-extended:: -[open] -==== - -Description:: -Specifies the order in which pre-parse extended operation plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse extended operation plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-modify:: -[open] -==== - -Description:: -Specifies the order in which pre-parse modify plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse modify plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which pre-parse modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-search:: -[open] -==== - -Description:: -Specifies the order in which pre-parse search plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse search plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-pre-parse-unbind:: -[open] -==== - -Description:: -Specifies the order in which pre-parse unbind plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which pre-parse unbind plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-search-result-entry:: -[open] -==== - -Description:: -Specifies the order in which search result entry plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which search result entry plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-search-result-reference:: -[open] -==== - -Description:: -Specifies the order in which search result reference plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which search result reference plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-shutdown:: -[open] -==== - -Description:: -Specifies the order in which shutdown plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which shutdown plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-startup:: -[open] -==== - -Description:: -Specifies the order in which startup plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which startup plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-subordinate-delete:: -[open] -==== - -Description:: -Specifies the order in which subordinate delete plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which subordinate delete plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -plugin-order-subordinate-modify-dn:: -[open] -==== - -Description:: -Specifies the order in which subordinate modify DN plug-ins are to be loaded and invoked. The value is a comma-delimited list of plug-in names (where the plug-in name is the RDN value from the plug-in configuration entry DN). The list can include at most one asterisk to indicate the position of any unspecified plug-in (and the relative order of those unspecified plug-ins is undefined). - -Default Value:: -The order in which subordinate modify DN plug-ins are loaded and invoked is undefined. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-replication-domain-prop] -=== dsconfig set-replication-domain-prop — Modifies Replication Domain properties - -==== Synopsis -`dsconfig set-replication-domain-prop` {options} - -[#dsconfig-set-replication-domain-prop-description] -==== Description -Modifies Replication Domain properties. - -[#dsconfig-set-replication-domain-prop-options] -==== Options --- -The `dsconfig set-replication-domain-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--domain-name {name}`:: -The name of the Replication Domain. -+ -[open] -==== -Replication Domain properties depend on the Replication Domain type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Domain types: - -replication-domain:: -Default {name}: Replication Domain - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-replication-domain-prop-replication-domain["Replication Domain"] for the properties of this Replication Domain type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Replication Domain properties depend on the Replication Domain type, which depends on the `--domain-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Replication Domain properties depend on the Replication Domain type, which depends on the `--domain-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Replication Domain properties depend on the Replication Domain type, which depends on the `--domain-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Replication Domain properties depend on the Replication Domain type, which depends on the `--domain-name {name}` option. - --- - -[#dsconfig-set-replication-domain-prop-replication-domain] -==== Replication Domain -Replication Domains of type replication-domain have the following properties: --- - -assured-sd-level:: -[open] -==== - -Description:: -The level of acknowledgment for Safe Data assured sub mode. When assured replication is configured in Safe Data mode, this value defines the number of replication servers (with the same group ID of the local server) that should acknowledge the sent update before the LDAP client call can return. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured replication acknowledgments. Defines the amount of milliseconds the server will wait for assured acknowledgments (in either Safe Data or Safe Read assured replication modes) before returning anyway the LDAP client call. - -Default Value:: -2000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -assured-type:: -[open] -==== - -Description:: -Defines the assured replication mode of the replicated domain. The assured replication can be disabled or enabled. When enabled, two modes are available: Safe Data or Safe Read modes. - -Default Value:: -not-assured - -Allowed Values:: -[open] -====== - -not-assured:: -Assured replication is not enabled. Updates sent for replication (for being replayed on other LDAP servers in the topology) are sent without waiting for any acknowledgment and the LDAP client call returns immediately. - -safe-data:: -Assured replication is enabled in Safe Data mode: updates sent for replication are subject to acknowledgment from the replication servers that have the same group ID as the local server (defined with the group-id property). The number of acknowledgments to expect is defined by the assured-sd-level property. After acknowledgments are received, LDAP client call returns. - -safe-read:: -Assured replication is enabled in Safe Read mode: updates sent for replication are subject to acknowledgments from the LDAP servers in the topology that have the same group ID as the local server (defined with the group-id property). After acknowledgments are received, LDAP client call returns. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DN of the replicated data. - -Default Value:: -None - -Allowed Values:: -A valid DN. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -changetime-heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when sending its local change time to the Replication Server. The directory server sends a regular heart-beat to the Replication within the specified interval. The heart-beat indicates the change time of the directory server to the Replication Server. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -conflicts-historical-purge-delay:: -[open] -==== - -Description:: -This delay indicates the time (in minutes) the domain keeps the historical information necessary to solve conflicts.When a change stored in the historical part of the user entry has a date (from its replication ChangeNumber) older than this delay, it is candidate to be purged. The purge is applied on 2 events: modify of the entry, dedicated purge task. - -Default Value:: -1440m - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 minutes. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-exclude:: -[open] -==== - -Description:: -Allows to exclude some attributes to replicate to this server. If fractional-exclude configuration attribute is used, attributes specified in this attribute will be ignored (not added/modified/deleted) when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-include attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be excluded. The object class may be "*" indicating that the attribute type(s) should be excluded regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -fractional-include:: -[open] -==== - -Description:: -Allows to include some attributes to replicate to this server. If fractional-include configuration attribute is used, only attributes specified in this attribute will be added/modified/deleted when an operation performed from another directory server is being replayed in the local server. Note that the usage of this configuration attribute is mutually exclusive with the usage of the fractional-exclude attribute. - -Default Value:: -None - -Allowed Values:: -The name of one or more attribute types in the named object class to be included. The object class may be "*" indicating that the attribute type(s) should be included regardless of the type of entry they belong to. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group ID associated with this replicated domain. This value defines the group ID of the replicated domain. The replication system will preferably connect and send updates to replicate to a replication server with the same group ID as its own one (the local server group ID). - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -heartbeat-interval:: -[open] -==== - -Description:: -Specifies the heart-beat interval that the directory server will use when communicating with Replication Servers. The directory server expects a regular heart-beat coming from the Replication Server within the specified interval. If a heartbeat is not received within the interval, the Directory Server closes its connection and connects to another Replication Server. - -Default Value:: -10000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 100 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -initialization-window-size:: -[open] -==== - -Description:: -Specifies the window size that this directory server may use when communicating with remote Directory Servers for initialization. - -Default Value:: -100 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -isolation-policy:: -[open] -==== - -Description:: -Specifies the behavior of the directory server if a write operation is attempted on the data within the Replication Domain when none of the configured Replication Servers are available. - -Default Value:: -reject-all-updates - -Allowed Values:: -[open] -====== - -accept-all-updates:: -Indicates that updates should be accepted even though it is not possible to send them to any Replication Server. Best effort is made to re-send those updates to a Replication Servers when one of them is available, however those changes are at risk because they are only available from the historical information. This mode can also introduce high replication latency. - -reject-all-updates:: -Indicates that all updates attempted on this Replication Domain are rejected when no Replication Server is available. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -log-changenumber:: -[open] -==== - -Description:: -Indicates if this server logs the ChangeNumber in access log. This boolean indicates if the domain should log the ChangeNumber of replicated operations in the access log. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -referrals-url:: -[open] -==== - -Description:: -The URLs other LDAP servers should use to refer to the local server. URLs used by peer servers in the topology to refer to the local server through LDAP referrals. If this attribute is not defined, every URLs available to access this server will be used. If defined, only URLs specified here will be used. - -Default Value:: -None - -Allowed Values:: -A LDAP URL compliant with RFC 2255. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of the Replication Servers within the Replication Domain to which the directory server should try to connect at startup time. Addresses must be specified using the syntax: hostname:port - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the directory server within the Replication Domain. Each directory server within the same Replication Domain must have a different server ID. A directory server which is a member of multiple Replication Domains may use the same server ID for each of its Replication Domain configurations. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -solve-conflicts:: -[open] -==== - -Description:: -Indicates if this server solves conflict. This boolean indicates if this domain keeps the historical information necessary to solve conflicts. When set to false the server will not maintain historical information and will therefore not be able to solve conflict. This should therefore be done only if the replication is used in a single master type of deployment. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the directory server will use when communicating with Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-replication-server-prop] -=== dsconfig set-replication-server-prop — Modifies Replication Server properties - -==== Synopsis -`dsconfig set-replication-server-prop` {options} - -[#dsconfig-set-replication-server-prop-description] -==== Description -Modifies Replication Server properties. - -[#dsconfig-set-replication-server-prop-options] -==== Options --- -The `dsconfig set-replication-server-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Replication Synchronization Provider. -+ -[open] -==== -Replication Server properties depend on the Replication Server type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Replication Server types: - -replication-server:: -Default {name}: Replication Server - -+ -Enabled by default: false - -+ -See xref:#dsconfig-set-replication-server-prop-replication-server["Replication Server"] for the properties of this Replication Server type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Replication Server properties depend on the Replication Server type, which depends on the `--provider-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Replication Server properties depend on the Replication Server type, which depends on the `--provider-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Replication Server properties depend on the Replication Server type, which depends on the `--provider-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Replication Server properties depend on the Replication Server type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-set-replication-server-prop-replication-server] -==== Replication Server -Replication Servers of type replication-server have the following properties: --- - -assured-timeout:: -[open] -==== - -Description:: -The timeout value when waiting for assured mode acknowledgments. Defines the number of milliseconds that the replication server will wait for assured acknowledgments (in either Safe Data or Safe Read assured sub modes) before forgetting them and answer to the entity that sent an update and is waiting for acknowledgment. - -Default Value:: -1000ms - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 1 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-key-length:: -[open] -==== - -Description:: -Specifies the key length in bits for the preferred cipher. - -Default Value:: -128 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -cipher-transformation:: -[open] -==== - -Description:: -Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. - -Default Value:: -AES/CBC/PKCS5Padding - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect cryptographic operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -compute-change-number:: -[open] -==== - -Description:: -Whether the replication server will compute change numbers. This boolean tells the replication server to compute change numbers for each replicated change by maintaining a change number index database. Changenumbers are computed according to http://tools.ietf.org/html/draft-good-ldap-changelog-04. Note this functionality has an impact on CPU, disk accesses and storage. If changenumbers are not required, it is advisable to set this value to false. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -confidentiality-enabled:: -[open] -==== - -Description:: -Indicates whether the replication change-log should make records readable only by Directory Server. Throughput and disk space are affected by the more expensive operations taking place. Confidentiality is achieved by encrypting records on all domains managed by this replication server. Encrypting the records prevents unauthorized parties from accessing contents of LDAP operations. For complete protection, consider enabling secure communications between servers. Change number indexing is not affected by the setting. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property take effect immediately but only affect operations performed after the change. - -Advanced Property:: -No - -Read-only:: -No - -==== - -degraded-status-threshold:: -[open] -==== - -Description:: -The number of pending changes as threshold value for putting a directory server in degraded status. This value represents a number of pending changes a replication server has in queue for sending to a directory server. Once this value is crossed, the matching directory server goes in degraded status. When number of pending changes goes back under this value, the directory server is put back in normal status. 0 means status analyzer is disabled and directory servers are never put in degraded status. - -Default Value:: -5000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disk-full-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered and the replication server will disconnect from the rest of the replication topology. When the available free space on the disk used by the replication changelog falls below the value specified, this replication server will stop. Connected Directory Servers will fail over to another RS. The replication server will restart again as soon as free space rises above the low threshold. - -Default Value:: -100 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disk-low-threshold:: -[open] -==== - -Description:: -The free disk space threshold at which point a warning alert notification will be triggered. When the available free space on the disk used by the replication changelog falls below the value specified, a warning is sent and logged. Normal operation will continue but administrators are advised to take action to free some disk space. - -Default Value:: -200 megabytes - -Allowed Values:: - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -group-id:: -[open] -==== - -Description:: -The group id for the replication server. This value defines the group id of the replication server. The replication system of a LDAP server uses the group id of the replicated domain and tries to connect, if possible, to a replication with the same group id. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 127. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -monitoring-period:: -[open] -==== - -Description:: -The period between sending of monitoring messages. Defines the duration that the replication server will wait before sending new monitoring messages to its peers (replication servers and directory servers). Larger values increase the length of time it takes for a directory server to detect and switch to a more suitable replication server, whereas smaller values increase the amount of background network traffic. - -Default Value:: -60s - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -queue-size:: -[open] -==== - -Description:: -Specifies the number of changes that are kept in memory for each directory server in the Replication Domain. - -Default Value:: -10000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -replication-db-directory:: -[open] -==== - -Description:: -The path where the Replication Server stores all persistent information. - -Default Value:: -changelogDb - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -replication-port:: -[open] -==== - -Description:: -The port on which this Replication Server waits for connections from other Replication Servers or Directory Servers. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-purge-delay:: -[open] -==== - -Description:: -The time (in seconds) after which the Replication Server erases all persistent information. - -Default Value:: -3 days - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 seconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server:: -[open] -==== - -Description:: -Specifies the addresses of other Replication Servers to which this Replication Server tries to connect at startup time. Addresses must be specified using the syntax: "hostname:port". If IPv6 addresses are used as the hostname, they must be specified using the syntax "[IPv6Address]:port". - -Default Value:: -None - -Allowed Values:: -A host name followed by a ":" and a port number. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -replication-server-id:: -[open] -==== - -Description:: -Specifies a unique identifier for the Replication Server. Each Replication Server must have a different server ID. - -Default Value:: -None - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -Yes - -==== - -source-address:: -[open] -==== - -Description:: -If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. - -Default Value:: -Let the server decide. - -Allowed Values:: -An IP address - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -weight:: -[open] -==== - -Description:: -The weight of the replication server. The weight affected to the replication server. Each replication server of the topology has a weight. When combined together, the weights of the replication servers of a same group can be translated to a percentage that determines the quantity of directory servers of the topology that should be connected to a replication server. For instance imagine a topology with 3 replication servers (with the same group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that RS1 should have 25% of the directory servers connected in the topology, RS2 25%, and RS3 50%. This may be useful if the replication servers of the topology have a different power and one wants to spread the load between the replication servers according to their power. - -Default Value:: -1 - -Allowed Values:: -An integer value. Lower value is 1. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -window-size:: -[open] -==== - -Description:: -Specifies the window size that the Replication Server uses when communicating with other Replication Servers. This option may be deprecated and removed in future releases. - -Default Value:: -100000 - -Allowed Values:: -An integer value. Lower value is 0. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-root-dn-prop] -=== dsconfig set-root-dn-prop — Modifies Root DN properties - -==== Synopsis -`dsconfig set-root-dn-prop` {options} - -[#dsconfig-set-root-dn-prop-description] -==== Description -Modifies Root DN properties. - -[#dsconfig-set-root-dn-prop-options] -==== Options --- -The `dsconfig set-root-dn-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Root DN properties depend on the Root DN type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Root DN properties depend on the Root DN type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Root DN properties depend on the Root DN type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Root DN properties depend on the Root DN type, which depends on the null option. - --- - -[#dsconfig-set-root-dn-prop-root-dn] -==== Root DN -Root Dns of type root-dn have the following properties: --- - -default-root-privilege-name:: -[open] -==== - -Description:: -Specifies the names of the privileges that root users will be granted by default. - -Default Value:: -bypass-lockdown - -+ -bypass-acl - -+ -modify-acl - -+ -config-read - -+ -config-write - -+ -ldif-import - -+ -ldif-export - -+ -backend-backup - -+ -backend-restore - -+ -server-lockdown - -+ -server-shutdown - -+ -server-restart - -+ -disconnect-client - -+ -cancel-request - -+ -password-reset - -+ -update-schema - -+ -privilege-change - -+ -unindexed-search - -+ -subentry-write - -+ -changelog-read - -Allowed Values:: -[open] -====== - -backend-backup:: -Allows the user to request that the server process backup tasks. - -backend-restore:: -Allows the user to request that the server process restore tasks. - -bypass-acl:: -Allows the associated user to bypass access control checks performed by the server. - -bypass-lockdown:: -Allows the associated user to bypass server lockdown mode. - -cancel-request:: -Allows the user to cancel operations in progress on other client connections. - -changelog-read:: -Allows the user to perform read operations on the changelog - -config-read:: -Allows the associated user to read the server configuration. - -config-write:: -Allows the associated user to update the server configuration. The config-read privilege is also required. - -data-sync:: -Allows the user to participate in data synchronization. - -disconnect-client:: -Allows the user to terminate other client connections. - -jmx-notify:: -Allows the associated user to subscribe to receive JMX notifications. - -jmx-read:: -Allows the associated user to perform JMX read operations. - -jmx-write:: -Allows the associated user to perform JMX write operations. - -ldif-export:: -Allows the user to request that the server process LDIF export tasks. - -ldif-import:: -Allows the user to request that the server process LDIF import tasks. - -modify-acl:: -Allows the associated user to modify the server's access control configuration. - -password-reset:: -Allows the user to reset user passwords. - -privilege-change:: -Allows the user to make changes to the set of defined root privileges, as well as to grant and revoke privileges for users. - -proxied-auth:: -Allows the user to use the proxied authorization control, or to perform a bind that specifies an alternate authorization identity. - -server-lockdown:: -Allows the user to place and bring the server of lockdown mode. - -server-restart:: -Allows the user to request that the server perform an in-core restart. - -server-shutdown:: -Allows the user to request that the server shut down. - -subentry-write:: -Allows the associated user to perform LDAP subentry write operations. - -unindexed-search:: -Allows the user to request that the server process a search that cannot be optimized using server indexes. - -update-schema:: -Allows the user to make changes to the server schema. - -====== - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-root-dse-backend-prop] -=== dsconfig set-root-dse-backend-prop — Modifies Root DSE Backend properties - -==== Synopsis -`dsconfig set-root-dse-backend-prop` {options} - -[#dsconfig-set-root-dse-backend-prop-description] -==== Description -Modifies Root DSE Backend properties. - -[#dsconfig-set-root-dse-backend-prop-options] -==== Options --- -The `dsconfig set-root-dse-backend-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Root DSE Backend properties depend on the Root DSE Backend type, which depends on the null option. - --- - -[#dsconfig-set-root-dse-backend-prop-root-dse-backend] -==== Root DSE Backend -Root DSE Backends of type root-dse-backend have the following properties: --- - -show-all-attributes:: -[open] -==== - -Description:: -Indicates whether all attributes in the root DSE are to be treated like user attributes (and therefore returned to clients by default) regardless of the directory server schema configuration. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -show-subordinate-naming-contexts:: -[open] -==== - -Description:: -Indicates whether subordinate naming contexts should be visible in the namingContexts attribute of the RootDSE. By default only top level naming contexts are visible - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -subordinate-base-dn:: -[open] -==== - -Description:: -Specifies the set of base DNs used for singleLevel, wholeSubtree, and subordinateSubtree searches based at the root DSE. - -Default Value:: -The set of all user-defined suffixes is used. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-sasl-mechanism-handler-prop] -=== dsconfig set-sasl-mechanism-handler-prop — Modifies SASL Mechanism Handler properties - -==== Synopsis -`dsconfig set-sasl-mechanism-handler-prop` {options} - -[#dsconfig-set-sasl-mechanism-handler-prop-description] -==== Description -Modifies SASL Mechanism Handler properties. - -[#dsconfig-set-sasl-mechanism-handler-prop-options] -==== Options --- -The `dsconfig set-sasl-mechanism-handler-prop` command takes the following options: - -`--handler-name {name}`:: -The name of the SASL Mechanism Handler. -+ -[open] -==== -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following SASL Mechanism Handler types: - -anonymous-sasl-mechanism-handler:: -Default {name}: Anonymous SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler["Anonymous SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -cram-md5-sasl-mechanism-handler:: -Default {name}: Cram MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler["Cram MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -digest-md5-sasl-mechanism-handler:: -Default {name}: Digest MD5 SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler["Digest MD5 SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -external-sasl-mechanism-handler:: -Default {name}: External SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-sasl-mechanism-handler-prop-external-sasl-mechanism-handler["External SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -gssapi-sasl-mechanism-handler:: -Default {name}: GSSAPI SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler["GSSAPI SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -plain-sasl-mechanism-handler:: -Default {name}: Plain SASL Mechanism Handler - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler["Plain SASL Mechanism Handler"] for the properties of this SASL Mechanism Handler type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the `--handler-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the `--handler-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the `--handler-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -SASL Mechanism Handler properties depend on the SASL Mechanism Handler type, which depends on the `--handler-name {name}` option. - --- - -[#dsconfig-set-sasl-mechanism-handler-prop-anonymous-sasl-mechanism-handler] -==== Anonymous SASL Mechanism Handler -SASL Mechanism Handlers of type anonymous-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.AnonymousSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-sasl-mechanism-handler-prop-cram-md5-sasl-mechanism-handler] -==== Cram MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type cram-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper used with this SASL mechanism handler to match the authentication ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Cram MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.CRAMMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-sasl-mechanism-handler-prop-digest-md5-sasl-mechanism-handler] -==== Digest MD5 SASL Mechanism Handler -SASL Mechanism Handlers of type digest-md5-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Digest MD5 SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.DigestMD5SASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realms that is to be used by the server for DIGEST-MD5 authentication. If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Default Value:: -If this value is not provided, then the server defaults to use the fully qualified hostname of the machine. - -Allowed Values:: -Any realm string that does not contain a comma. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the server that is used when validating the digest-uri parameter during the authentication process. If this configuration attribute is present, then the server expects that clients use a digest-uri equal to "ldap/" followed by the value of this attribute. For example, if the attribute has a value of "directory.example.com", then the server expects clients to use a digest-uri of "ldap/directory.example.com". If no value is provided, then the server does not attempt to validate the digest-uri provided by the client and accepts any value. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically. - -Allowed Values:: -The fully-qualified address that is expected for clients to use when connecting to the server and authenticating via DIGEST-MD5. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-sasl-mechanism-handler-prop-external-sasl-mechanism-handler] -==== External SASL Mechanism Handler -SASL Mechanism Handlers of type external-sasl-mechanism-handler have the following properties: --- - -certificate-attribute:: -[open] -==== - -Description:: -Specifies the name of the attribute to hold user certificates. This property must specify the name of a valid attribute type defined in the server schema. - -Default Value:: -userCertificate - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-mapper:: -[open] -==== - -Description:: -Specifies the name of the certificate mapper that should be used to match client certificates to user entries. - -Default Value:: -None - -Allowed Values:: -The DN of any Certificate Mapper. The referenced certificate mapper must be enabled when the External SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -certificate-validation-policy:: -[open] -==== - -Description:: -Indicates whether to attempt to validate the peer certificate against a certificate held in the user's entry. - -Default Value:: -None - -Allowed Values:: -[open] -====== - -always:: -Always require the peer certificate to be present in the user's entry. - -ifpresent:: -If the user's entry contains one or more certificates, require that one of them match the peer certificate. - -never:: -Do not look for the peer certificate to be present in the user's entry. - -====== - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.ExternalSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-sasl-mechanism-handler-prop-gssapi-sasl-mechanism-handler] -==== GSSAPI SASL Mechanism Handler -SASL Mechanism Handlers of type gssapi-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the GSSAPI SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.GSSAPISASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -kdc-address:: -[open] -==== - -Description:: -Specifies the address of the KDC that is to be used for Kerberos processing. If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration. - -Default Value:: -The server attempts to determine the KDC address from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -keytab:: -[open] -==== - -Description:: -Specifies the path to the keytab file that should be used for Kerberos processing. If provided, this is either an absolute path or one that is relative to the server instance root. - -Default Value:: -The server attempts to use the system-wide default keytab. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -principal-name:: -[open] -==== - -Description:: -Specifies the principal name. It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/". - -Default Value:: -The server attempts to determine the principal name from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -quality-of-protection:: -[open] -==== - -Description:: -The name of a property that specifies the quality of protection the server will support. - -Default Value:: -none - -Allowed Values:: -[open] -====== - -confidentiality:: -Quality of protection equals authentication with integrity and confidentiality protection. - -integrity:: -Quality of protection equals authentication with integrity protection. - -none:: -QOP equals authentication only. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -realm:: -[open] -==== - -Description:: -Specifies the realm to be used for GSSAPI authentication. - -Default Value:: -The server attempts to determine the realm from the underlying system configuration. - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -server-fqdn:: -[open] -==== - -Description:: -Specifies the DNS-resolvable fully-qualified domain name for the system. - -Default Value:: -The server attempts to determine the fully-qualified domain name dynamically . - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-sasl-mechanism-handler-prop-plain-sasl-mechanism-handler] -==== Plain SASL Mechanism Handler -SASL Mechanism Handlers of type plain-sasl-mechanism-handler have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicates whether the SASL mechanism handler is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -identity-mapper:: -[open] -==== - -Description:: -Specifies the name of the identity mapper that is to be used with this SASL mechanism handler to match the authentication or authorization ID included in the SASL bind request to the corresponding user in the directory. - -Default Value:: -None - -Allowed Values:: -The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Plain SASL Mechanism Handler is enabled. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation. - -Default Value:: -org.opends.server.extensions.PlainSASLMechanismHandler - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SASLMechanismHandler - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The SASL Mechanism Handler must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-schema-provider-prop] -=== dsconfig set-schema-provider-prop — Modifies Schema Provider properties - -==== Synopsis -`dsconfig set-schema-provider-prop` {options} - -[#dsconfig-set-schema-provider-prop-description] -==== Description -Modifies Schema Provider properties. - -[#dsconfig-set-schema-provider-prop-options] -==== Options --- -The `dsconfig set-schema-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Schema Provider. -+ -[open] -==== -Schema Provider properties depend on the Schema Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Schema Provider types: - -core-schema:: -Default {name}: Core Schema - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-schema-provider-prop-core-schema["Core Schema"] for the properties of this Schema Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Schema Provider properties depend on the Schema Provider type, which depends on the `--provider-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Schema Provider properties depend on the Schema Provider type, which depends on the `--provider-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Schema Provider properties depend on the Schema Provider type, which depends on the `--provider-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Schema Provider properties depend on the Schema Provider type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-set-schema-provider-prop-core-schema] -==== Core Schema -Schema Providers of type core-schema have the following properties: --- - -allow-zero-length-values-directory-string:: -[open] -==== - -Description:: -Indicates whether zero-length (that is, an empty string) values are allowed for directory string. This is technically not allowed by the revised LDAPv3 specification, but some environments may require it for backward compatibility with servers that do allow it. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -disabled-matching-rule:: -[open] -==== - -Description:: -The set of disabled matching rules. Matching rules must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled matching rule. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -disabled-syntax:: -[open] -==== - -Description:: -The set of disabled syntaxes. Syntaxes must be specified using the syntax: OID, or use the default value 'NONE' to specify no value. - -Default Value:: -NONE - -Allowed Values:: -The OID of the disabled syntax, or NONE - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Schema Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Core Schema implementation. - -Default Value:: -org.opends.server.schema.CoreSchemaProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.schema.SchemaProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strict-format-country-string:: -[open] -==== - -Description:: -Indicates whether country code values are required to strictly comply with the standard definition for this syntax. When set to false, country codes will not be validated and, as a result any string containing 2 characters will be acceptable. - -Default Value:: -true - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -strip-syntax-min-upper-bound-attribute-type-description:: -[open] -==== - -Description:: -Indicates whether the suggested minimum upper bound appended to an attribute's syntax OID in it's schema definition Attribute Type Description is stripped off. When retrieving the server's schema, some APIs (JNDI) fail in their syntax lookup methods, because they do not parse this value correctly. This configuration option allows the server to be configured to provide schema definitions these APIs can parse correctly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-synchronization-provider-prop] -=== dsconfig set-synchronization-provider-prop — Modifies Synchronization Provider properties - -==== Synopsis -`dsconfig set-synchronization-provider-prop` {options} - -[#dsconfig-set-synchronization-provider-prop-description] -==== Description -Modifies Synchronization Provider properties. - -[#dsconfig-set-synchronization-provider-prop-options] -==== Options --- -The `dsconfig set-synchronization-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Synchronization Provider. -+ -[open] -==== -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Synchronization Provider types: - -replication-synchronization-provider:: -Default {name}: Replication Synchronization Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-synchronization-provider-prop-replication-synchronization-provider["Replication Synchronization Provider"] for the properties of this Synchronization Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the `--provider-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the `--provider-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the `--provider-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Synchronization Provider properties depend on the Synchronization Provider type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-set-synchronization-provider-prop-replication-synchronization-provider] -==== Replication Synchronization Provider -Synchronization Providers of type replication-synchronization-provider have the following properties: --- - -connection-timeout:: -[open] -==== - -Description:: -Specifies the timeout used when connecting to peers and when performing SSL negotiation. - -Default Value:: -5 seconds - -Allowed Values:: -Some property values take a time duration. Durations are expressed as numbers followed by units. For example `1 s` means one second, and `2 w` means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows. - -* `ms`: milliseconds - -* `s`: seconds - -* `m`: minutes - -* `h`: hours - -* `d`: days - -* `w`: weeks - -+ -Lower limit is 0 milliseconds. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Synchronization Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Replication Synchronization Provider implementation. - -Default Value:: -org.opends.server.replication.plugin.MultimasterReplication - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.SynchronizationProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-update-replay-threads:: -[open] -==== - -Description:: -Specifies the number of update replay threads. This value is the number of threads created for replaying every updates received for all the replication domains. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 65535. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-trust-manager-provider-prop] -=== dsconfig set-trust-manager-provider-prop — Modifies Trust Manager Provider properties - -==== Synopsis -`dsconfig set-trust-manager-provider-prop` {options} - -[#dsconfig-set-trust-manager-provider-prop-description] -==== Description -Modifies Trust Manager Provider properties. - -[#dsconfig-set-trust-manager-provider-prop-options] -==== Options --- -The `dsconfig set-trust-manager-provider-prop` command takes the following options: - -`--provider-name {name}`:: -The name of the Trust Manager Provider. -+ -[open] -==== -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Trust Manager Provider types: - -blind-trust-manager-provider:: -Default {name}: Blind Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-trust-manager-provider-prop-blind-trust-manager-provider["Blind Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -file-based-trust-manager-provider:: -Default {name}: File Based Trust Manager Provider - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-trust-manager-provider-prop-file-based-trust-manager-provider["File Based Trust Manager Provider"] for the properties of this Trust Manager Provider type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the `--provider-name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the `--provider-name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the `--provider-name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Trust Manager Provider properties depend on the Trust Manager Provider type, which depends on the `--provider-name {name}` option. - --- - -[#dsconfig-set-trust-manager-provider-prop-blind-trust-manager-provider] -==== Blind Trust Manager Provider -Trust Manager Providers of type blind-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the Blind Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.BlindTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - --- - -[#dsconfig-set-trust-manager-provider-prop-file-based-trust-manager-provider] -==== File Based Trust Manager Provider -Trust Manager Providers of type file-based-trust-manager-provider have the following properties: --- - -enabled:: -[open] -==== - -Description:: -Indicate whether the Trust Manager Provider is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -The fully-qualified name of the Java class that provides the File Based Trust Manager Provider implementation. - -Default Value:: -org.opends.server.extensions.FileBasedTrustManagerProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.TrustManagerProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -trust-store-file:: -[open] -==== - -Description:: -Specifies the path to the file containing the trust information. It can be an absolute path or a path that is relative to the OpenDJ instance root. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -An absolute path or a path that is relative to the OpenDJ directory server instance root. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin:: -[open] -==== - -Description:: -Specifies the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-environment-variable:: -[open] -==== - -Description:: -Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-file:: -[open] -==== - -Description:: -Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-pin-property:: -[open] -==== - -Description:: -Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Trust Manager Provider . - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -+ -Changes to this property will take effect the next time that the File Based Trust Manager Provider is accessed. - -Advanced Property:: -No - -Read-only:: -No - -==== - -trust-store-type:: -[open] -==== - -Description:: -Specifies the format for the data in the trust store file. Valid values always include 'JKS' and 'PKCS12', but different implementations can allow other values as well. If no value is provided, then the JVM default value is used. Changes to this configuration attribute take effect the next time that the trust manager is accessed. - -Default Value:: -None - -Allowed Values:: -Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-virtual-attribute-prop] -=== dsconfig set-virtual-attribute-prop — Modifies Virtual Attribute properties - -==== Synopsis -`dsconfig set-virtual-attribute-prop` {options} - -[#dsconfig-set-virtual-attribute-prop-description] -==== Description -Modifies Virtual Attribute properties. - -[#dsconfig-set-virtual-attribute-prop-options] -==== Options --- -The `dsconfig set-virtual-attribute-prop` command takes the following options: - -`--name {name}`:: -The name of the Virtual Attribute. -+ -[open] -==== -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {name} you provide. - -By default, OpenDJ directory server supports the following Virtual Attribute types: - -collective-attribute-subentries-virtual-attribute:: -Default {name}: Collective Attribute Subentries Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute["Collective Attribute Subentries Virtual Attribute"] for the properties of this Virtual Attribute type. - -entity-tag-virtual-attribute:: -Default {name}: Entity Tag Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-entity-tag-virtual-attribute["Entity Tag Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-dn-virtual-attribute:: -Default {name}: Entry DN Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-entry-dn-virtual-attribute["Entry DN Virtual Attribute"] for the properties of this Virtual Attribute type. - -entry-uuid-virtual-attribute:: -Default {name}: Entry UUID Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-entry-uuid-virtual-attribute["Entry UUID Virtual Attribute"] for the properties of this Virtual Attribute type. - -governing-structure-rule-virtual-attribute:: -Default {name}: Governing Structure Rule Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-governing-structure-rule-virtual-attribute["Governing Structure Rule Virtual Attribute"] for the properties of this Virtual Attribute type. - -has-subordinates-virtual-attribute:: -Default {name}: Has Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-has-subordinates-virtual-attribute["Has Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -is-member-of-virtual-attribute:: -Default {name}: Is Member Of Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-is-member-of-virtual-attribute["Is Member Of Virtual Attribute"] for the properties of this Virtual Attribute type. - -member-virtual-attribute:: -Default {name}: Member Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-member-virtual-attribute["Member Virtual Attribute"] for the properties of this Virtual Attribute type. - -num-subordinates-virtual-attribute:: -Default {name}: Num Subordinates Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-num-subordinates-virtual-attribute["Num Subordinates Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-expiration-time-virtual-attribute:: -Default {name}: Password Expiration Time Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-password-expiration-time-virtual-attribute["Password Expiration Time Virtual Attribute"] for the properties of this Virtual Attribute type. - -password-policy-subentry-virtual-attribute:: -Default {name}: Password Policy Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-password-policy-subentry-virtual-attribute["Password Policy Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -structural-object-class-virtual-attribute:: -Default {name}: Structural Object Class Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-structural-object-class-virtual-attribute["Structural Object Class Virtual Attribute"] for the properties of this Virtual Attribute type. - -subschema-subentry-virtual-attribute:: -Default {name}: Subschema Subentry Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-subschema-subentry-virtual-attribute["Subschema Subentry Virtual Attribute"] for the properties of this Virtual Attribute type. - -user-defined-virtual-attribute:: -Default {name}: User Defined Virtual Attribute - -+ -Enabled by default: true - -+ -See xref:#dsconfig-set-virtual-attribute-prop-user-defined-virtual-attribute["User Defined Virtual Attribute"] for the properties of this Virtual Attribute type. - -==== - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the `--name {name}` option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the `--name {name}` option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the `--name {name}` option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Virtual Attribute properties depend on the Virtual Attribute type, which depends on the `--name {name}` option. - --- - -[#dsconfig-set-virtual-attribute-prop-collective-attribute-subentries-virtual-attribute] -==== Collective Attribute Subentries Virtual Attribute -Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -collectiveAttributeSubentries - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-entity-tag-virtual-attribute] -==== Entity Tag Virtual Attribute -Virtual Attributes of type entity-tag-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -etag - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -checksum-algorithm:: -[open] -==== - -Description:: -The algorithm which should be used for calculating the entity tag checksum value. - -Default Value:: -adler-32 - -Allowed Values:: -[open] -====== - -adler-32:: -The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster. - -crc-32:: -The CRC-32 checksum algorithm. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -excluded-attribute:: -[open] -==== - -Description:: -The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum. - -Default Value:: -ds-sync-hist - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntityTagVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-entry-dn-virtual-attribute] -==== Entry DN Virtual Attribute -Virtual Attributes of type entry-dn-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryDN - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryDNVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-entry-uuid-virtual-attribute] -==== Entry UUID Virtual Attribute -Virtual Attributes of type entry-uuid-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -entryUUID - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.EntryUUIDVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-governing-structure-rule-virtual-attribute] -==== Governing Structure Rule Virtual Attribute -Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -governingStructureRule - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-has-subordinates-virtual-attribute] -==== Has Subordinates Virtual Attribute -Virtual Attributes of type has-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -hasSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-is-member-of-virtual-attribute] -==== Is Member Of Virtual Attribute -Virtual Attributes of type is-member-of-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -isMemberOf - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.IsMemberOfVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-member-virtual-attribute] -==== Member Virtual Attribute -Virtual Attributes of type member-virtual-attribute have the following properties: --- - -allow-retrieving-membership:: -[open] -==== - -Description:: -Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly. - -Default Value:: -false - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.MemberVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-num-subordinates-virtual-attribute] -==== Num Subordinates Virtual Attribute -Virtual Attributes of type num-subordinates-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -numSubordinates - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-password-expiration-time-virtual-attribute] -==== Password Expiration Time Virtual Attribute -Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -ds-pwp-password-expiration-time - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-password-policy-subentry-virtual-attribute] -==== Password Policy Subentry Virtual Attribute -Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -pwdPolicySubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-structural-object-class-virtual-attribute] -==== Structural Object Class Virtual Attribute -Virtual Attributes of type structural-object-class-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -structuralObjectClass - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-subschema-subentry-virtual-attribute] -==== Subschema Subentry Virtual Attribute -Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -subschemaSubentry - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -virtual-overrides-real - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-virtual-attribute-prop-user-defined-virtual-attribute] -==== User Defined Virtual Attribute -Virtual Attributes of type user-defined-virtual-attribute have the following properties: --- - -attribute-type:: -[open] -==== - -Description:: -Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute. - -Default Value:: -None - -Allowed Values:: -The name of an attribute type defined in the server schema. - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -base-dn:: -[open] -==== - -Description:: -Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. - -Default Value:: -The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -conflict-behavior:: -[open] -==== - -Description:: -Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute. - -Default Value:: -real-overrides-virtual - -Allowed Values:: -[open] -====== - -merge-real-and-virtual:: -Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used. - -real-overrides-virtual:: -Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated. - -virtual-overrides-real:: -Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -enabled:: -[open] -==== - -Description:: -Indicates whether the Virtual Attribute is enabled for use. - -Default Value:: -None - -Allowed Values:: -true - -+ -false - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -filter:: -[open] -==== - -Description:: -Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. - -Default Value:: -(objectClass=*) - -Allowed Values:: -Any valid search filter string. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -group-dn:: -[open] -==== - -Description:: -Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. - -Default Value:: -Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. - -Allowed Values:: -A valid DN. - -Multi-valued:: -Yes - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values. - -Default Value:: -org.opends.server.extensions.UserDefinedVirtualAttributeProvider - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -scope:: -[open] -==== - -Description:: -Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute. - -Default Value:: -whole-subtree - -Allowed Values:: -[open] -====== - -base-object:: -Search the base object only. - -single-level:: -Search the immediate children of the base object but do not include any of their descendants or the base object itself. - -subordinate-subtree:: -Search the entire subtree below the base object but do not include the base object itself. - -whole-subtree:: -Search the base object and the entire subtree below the base object. - -====== - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -value:: -[open] -==== - -Description:: -Specifies the values to be included in the virtual attribute. - -Default Value:: -None - -Allowed Values:: -A String - -Multi-valued:: -Yes - -Required:: -Yes - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -''' -[#dsconfig-set-work-queue-prop] -=== dsconfig set-work-queue-prop — Modifies Work Queue properties - -==== Synopsis -`dsconfig set-work-queue-prop` {options} - -[#dsconfig-set-work-queue-prop-description] -==== Description -Modifies Work Queue properties. - -[#dsconfig-set-work-queue-prop-options] -==== Options --- -The `dsconfig set-work-queue-prop` command takes the following options: - -`--set {PROP:VALUE}`:: -Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. - -+ -Work Queue properties depend on the Work Queue type, which depends on the null option. - -`--reset {property}`:: -Resets a property back to its default values where PROP is the name of the property to be reset. - -+ -Work Queue properties depend on the Work Queue type, which depends on the null option. - -`--add {PROP:VALUE}`:: -Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added. - -+ -Work Queue properties depend on the Work Queue type, which depends on the null option. - -`--remove {PROP:VALUE}`:: -Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed. - -+ -Work Queue properties depend on the Work Queue type, which depends on the null option. - --- - -[#dsconfig-set-work-queue-prop-parallel-work-queue] -==== Parallel Work Queue -Work Queues of type parallel-work-queue have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Parallel Work Queue implementation. - -Default Value:: -org.opends.server.extensions.ParallelWorkQueue - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.WorkQueue - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -num-worker-threads:: -[open] -==== - -Description:: -Specifies the number of worker threads to be used for processing operations placed in the queue. If the value is increased, the additional worker threads are created immediately. If the value is reduced, the appropriate number of threads are destroyed as operations complete processing. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - -[#dsconfig-set-work-queue-prop-traditional-work-queue] -==== Traditional Work Queue -Work Queues of type traditional-work-queue have the following properties: --- - -java-class:: -[open] -==== - -Description:: -Specifies the fully-qualified name of the Java class that provides the Traditional Work Queue implementation. - -Default Value:: -org.opends.server.extensions.TraditionalWorkQueue - -Allowed Values:: -A Java class that implements or extends the class(es): org.opends.server.api.WorkQueue - -Multi-valued:: -No - -Required:: -Yes - -Admin Action Required:: -Restart the server - -Advanced Property:: -Yes (Use --advanced in interactive mode.) - -Read-only:: -No - -==== - -max-work-queue-capacity:: -[open] -==== - -Description:: -Specifies the maximum number of queued operations that can be in the work queue at any given time. If the work queue is already full and additional requests are received by the server, then the server front end, and possibly the client, will be blocked until the work queue has available capacity. - -Default Value:: -1000 - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - -num-worker-threads:: -[open] -==== - -Description:: -Specifies the number of worker threads to be used for processing operations placed in the queue. If the value is increased, the additional worker threads are created immediately. If the value is reduced, the appropriate number of threads are destroyed as operations complete processing. - -Default Value:: -Let the server decide. - -Allowed Values:: -An integer value. Lower value is 1. Upper value is 2147483647. - -Multi-valued:: -No - -Required:: -No - -Admin Action Required:: -None - -Advanced Property:: -No - -Read-only:: -No - -==== - --- - - +include::../partials/man-dsconfig-subcommands-ref.adoc[] diff --git a/opendj-doc-generated-ref/src/main/assembly/generated-doc-sources-assembly.xml b/opendj-doc-generated-ref/src/main/assembly/generated-doc-sources-assembly.xml index 53603c949b..87d79a0d06 100644 --- a/opendj-doc-generated-ref/src/main/assembly/generated-doc-sources-assembly.xml +++ b/opendj-doc-generated-ref/src/main/assembly/generated-doc-sources-assembly.xml @@ -27,7 +27,7 @@ - ${project.build.directory}/docbkx-sources/shared + ${project.build.directory}/asciidoc/source/man-pages diff --git a/opendj-doc-generated-ref/src/main/assembly/sdk-tools-man-pages-assembly.xml b/opendj-doc-generated-ref/src/main/assembly/sdk-tools-man-pages-assembly.xml index 3b1566fd38..f6f05df6b6 100644 --- a/opendj-doc-generated-ref/src/main/assembly/sdk-tools-man-pages-assembly.xml +++ b/opendj-doc-generated-ref/src/main/assembly/sdk-tools-man-pages-assembly.xml @@ -24,237 +24,183 @@ - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-addrate.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-authrate.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-base64.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldapcompare.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldapdelete.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldapmodify.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldappasswordmodify.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldapsearch.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldifdiff.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldifmodify.xml - - - - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-ldifsearch.xml - man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-makeldif.xml + ${project.build.directory}/asciidoc/source/man-pages/man-base64.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-modrate.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldapcompare.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-searchrate.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldapdelete.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/addrate-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldapmodify.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/attributes.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldappasswordmodify.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/authrate-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldapsearch.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/base64-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldifdiff.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/description-makeldif.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldifmodify.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/description-psearch-info.xml + ${project.build.directory}/asciidoc/source/man-pages/man-ldifsearch.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/description-rate-tools.xml + ${project.build.directory}/asciidoc/source/man-pages/man-makeldif.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/description-resource-path.xml + ${project.build.directory}/asciidoc/source/man-pages/_attributes.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/exit-codes-0-1.xml + ${project.build.directory}/asciidoc/source/man-pages/_base64-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/exit-codes-0-5-6-other.xml + ${project.build.directory}/asciidoc/source/man-pages/_description-psearch-info.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/exit-codes-0-80-89.xml + ${project.build.directory}/asciidoc/source/man-pages/_exit-codes-0-1.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/exit-codes-0-89.xml + ${project.build.directory}/asciidoc/source/man-pages/_exit-codes-0-5-6-other.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/exit-codes-0-gt0.xml + ${project.build.directory}/asciidoc/source/man-pages/_exit-codes-0-80-89.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/exit-codes-0-ldap-89.xml + ${project.build.directory}/asciidoc/source/man-pages/_exit-codes-0-89.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/files.xml + ${project.build.directory}/asciidoc/source/man-pages/_exit-codes-0-gt0.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/filters.xml + ${project.build.directory}/asciidoc/source/man-pages/_exit-codes-0-ldap-89.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldapcompare-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_files.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldapcompare-exit-codes.xml + ${project.build.directory}/asciidoc/source/man-pages/_filters.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldapdelete-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldapcompare-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldapmodify-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldapcompare-exit-codes.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldappasswordmodify-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldapdelete-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldapsearch-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldapmodify-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldifdiff-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldappasswordmodify-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldifdiff-exit-codes.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldapsearch-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldifmodify-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldifdiff-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/ldifsearch-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldifdiff-exit-codes.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/makeldif-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldifmodify-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/makeldif-see-also.xml + ${project.build.directory}/asciidoc/source/man-pages/_ldifsearch-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/man-makeldif-template.xml + ${project.build.directory}/asciidoc/source/man-pages/_makeldif-examples.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/modrate-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/_makeldif-see-also.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/searchrate-examples.xml + ${project.build.directory}/asciidoc/source/man-pages/man-makeldif-template.adoc man-pages - ${project.build.directory}/docbkx-sources/man-pages/variablelist-ldap-controls.xml + ${project.build.directory}/asciidoc/source/man-pages/_variablelist-ldap-controls.adoc diff --git a/opendj-doc-generated-ref/src/main/assembly/server-tools-man-page-sources-assembly.xml b/opendj-doc-generated-ref/src/main/assembly/server-tools-man-page-sources-assembly.xml index e39ced4c42..8e5e197b4e 100644 --- a/opendj-doc-generated-ref/src/main/assembly/server-tools-man-page-sources-assembly.xml +++ b/opendj-doc-generated-ref/src/main/assembly/server-tools-man-page-sources-assembly.xml @@ -27,7 +27,7 @@ - ${project.build.directory}/docbkx-sources/man-pages + ${project.build.directory}/asciidoc/source/man-pages diff --git a/opendj-doc-generated-ref/src/main/assembly/server-tools-man-pages-assembly.xml b/opendj-doc-generated-ref/src/main/assembly/server-tools-man-pages-assembly.xml index bdefcf6eaa..0f44f49138 100644 --- a/opendj-doc-generated-ref/src/main/assembly/server-tools-man-pages-assembly.xml +++ b/opendj-doc-generated-ref/src/main/assembly/server-tools-man-pages-assembly.xml @@ -27,7 +27,7 @@ - ${project.build.directory}/docbkx/manpages/man-pages + ${project.build.directory}/asciidoc/man-pages diff --git a/opendj-doc-generated-ref/src/main/resources/asciidoc/extensions/nested-open-block.rb b/opendj-doc-generated-ref/src/main/resources/asciidoc/extensions/nested-open-block.rb new file mode 100644 index 0000000000..64908adea2 --- /dev/null +++ b/opendj-doc-generated-ref/src/main/resources/asciidoc/extensions/nested-open-block.rb @@ -0,0 +1,21 @@ +# A custom block that allows open blocks to be nested using the +# example block container with the open block style. +# +# Usage: +# +# [open] +# ==== +# [open] +# ====== +# nested +# ====== +# ==== +Asciidoctor::Extensions.register do + block do + named :open + on_context :example + process do |parent, reader, attrs| + create_open_block parent, attrs + end + end +end \ No newline at end of file diff --git a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateGlobalAcisTableMojo.java b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateGlobalAcisTableMojo.java index 964e32ca9b..35e97cada2 100644 --- a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateGlobalAcisTableMojo.java +++ b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateGlobalAcisTableMojo.java @@ -26,6 +26,7 @@ import org.forgerock.opendj.ldap.DN; import org.forgerock.opendj.ldap.Entry; import org.forgerock.opendj.ldif.LDIFEntryReader; +import org.openidentityplatform.opendj.maven.doc.AsciidocConverterUtils; import java.io.BufferedReader; import java.io.File; @@ -55,7 +56,7 @@ public class GenerateGlobalAcisTableMojo extends AbstractMojo { private File configDotLdif; /** Output directory for source files. */ - @Parameter(defaultValue = "${project.build.directory}/docbkx-sources/shared") + @Parameter(defaultValue = "${project.build.directory}/asciidoc/source/partials") private File outputDirectory; /** Holds documentation for an ACI. */ @@ -81,7 +82,7 @@ public void execute() throws MojoExecutionException, MojoFailureException { throw new MojoFailureException(e.getMessage(), e); } - File table = new File(outputDirectory, "table-global-acis.xml"); + File table = new File(outputDirectory, "table-global-acis.adoc"); try { writeStringToFile(getGlobalAcisTable(), table); } catch (IOException e) { @@ -130,7 +131,7 @@ private void readAcis(Map descriptions) throws IOException { if (descriptions != null) { aci.description = descriptions.get(aci.name); } - aci.definition = attribute; + aci.definition = AsciidocConverterUtils.escapeVerticalLine(attribute); allGlobalAcis.add(aci); } } diff --git a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateMessageFileMojo.java b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateMessageFileMojo.java index aaae5e3790..9b0a4d6a6c 100644 --- a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateMessageFileMojo.java +++ b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateMessageFileMojo.java @@ -317,7 +317,7 @@ public void execute() throws MojoExecutionException, MojoFailureException { } } map.put("categories", categories); - File file = new File(outputDirectory, "log-message-reference.xml"); + File file = new File(outputDirectory, "log-message-reference.adoc"); try { createOutputDirectory(); writeLogRef(file, "log-message-reference.ftl", map); diff --git a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateRefEntriesMojo.java b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateRefEntriesMojo.java index a2168d4634..b5120311c8 100644 --- a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateRefEntriesMojo.java +++ b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateRefEntriesMojo.java @@ -36,6 +36,7 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; import java.util.LinkedList; import java.util.List; import java.util.regex.Matcher; @@ -114,7 +115,7 @@ public void execute() throws MojoExecutionException, MojoFailureException { */ private void generateManPageForTool(final CommandLineTool tool) throws MojoExecutionException, MojoFailureException { - final File manPage = new File(outputDir, "man-" + tool.getName() + ".xml"); + final File manPage = new File(outputDir, "man-" + tool.getName() + ".adoc"); final String toolScript = tool.getName(); final String toolSects = pathsToXIncludes(tool.getTrailingSectionPaths()); final String toolClass = tool.getApplication(); @@ -216,10 +217,11 @@ private String pathsToXIncludes(final List paths) { // Assume xmlns:xinclude="http://www.w3.org/2001/XInclude", // as in the declaration of resources/templates/refEntry.ftl. - final String nameSpace = "xinclude"; final StringBuilder result = new StringBuilder(); for (String path : paths) { - result.append("<").append(nameSpace).append(":include href='").append(path).append("' />"); + result.append("include::./").append(path).append("[]") + .append(System.lineSeparator()) + .append(System.lineSeparator()); } return result.toString(); } @@ -268,7 +270,7 @@ private void splitPage(final File page) throws IOException { if (matcher.find()) { writeToFile(builder.toString(), output); builder.setLength(0); - output = new File(page.getParentFile(), "man-" + matcher.group(1) + ".xml"); + output = new File(page.getParentFile(), "man-" + matcher.group(1) + ".adoc"); getLog().info("Writing man page: " + output.getPath()); } else { builder.append(line).append(System.getProperty("line.separator")); @@ -289,7 +291,7 @@ private void splitPage(final File page) throws IOException { * @throws IOException Failed to write the content of the input. */ private void writeToFile(final String input, final File output) throws IOException { - InputStream is = new ByteArrayInputStream(input.getBytes(Charset.forName("UTF-8"))); + InputStream is = new ByteArrayInputStream(input.getBytes(StandardCharsets.UTF_8)); if (getLog().isDebugEnabled()) getLog().debug(input); writeToFile(is, output); diff --git a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateSchemaDocMojo.java b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateSchemaDocMojo.java index d4666e121d..5523d6ecd3 100644 --- a/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateSchemaDocMojo.java +++ b/opendj-doc-maven-plugin/src/main/java/org/forgerock/opendj/maven/doc/GenerateSchemaDocMojo.java @@ -47,7 +47,7 @@ public class GenerateSchemaDocMojo extends AbstractMojo { private String locale; /** Output directory for source files. */ - @Parameter(defaultValue = "${project.build.directory}/docbkx-sources/shared") + @Parameter(defaultValue = "${project.build.directory}/asciidoc/source/partials") private File outputDirectory; /** @@ -59,7 +59,7 @@ public class GenerateSchemaDocMojo extends AbstractMojo { public void execute() throws MojoExecutionException, MojoFailureException { final Locale currentLocale = Locale.forLanguageTag(locale); final String localeReference = getLocalesAndSubTypesDocumentation(currentLocale); - final File localeReferenceFile = new File(outputDirectory, "sec-locales-subtypes.xml"); + final File localeReferenceFile = new File(outputDirectory, "sec-locales-subtypes.adoc"); try { writeStringToFile(localeReference, localeReferenceFile); } catch (IOException e) { diff --git a/opendj-doc-maven-plugin/src/main/java/org/openidentityplatform/opendj/maven/doc/AsciidocConverterUtils.java b/opendj-doc-maven-plugin/src/main/java/org/openidentityplatform/opendj/maven/doc/AsciidocConverterUtils.java new file mode 100644 index 0000000000..7e7ecabfa7 --- /dev/null +++ b/opendj-doc-maven-plugin/src/main/java/org/openidentityplatform/opendj/maven/doc/AsciidocConverterUtils.java @@ -0,0 +1,7 @@ +package org.openidentityplatform.opendj.maven.doc; + +public class AsciidocConverterUtils { + public static String escapeVerticalLine(String text) { + return text.replace("|", "\\|"); + } +} diff --git a/opendj-doc-maven-plugin/src/main/resources/org/forgerock/opendj/maven/doc/docs.properties b/opendj-doc-maven-plugin/src/main/resources/org/forgerock/opendj/maven/doc/docs.properties index ed3d442261..5b43544c72 100644 --- a/opendj-doc-maven-plugin/src/main/resources/org/forgerock/opendj/maven/doc/docs.properties +++ b/opendj-doc-maven-plugin/src/main/resources/org/forgerock/opendj/maven/doc/docs.properties @@ -52,15 +52,10 @@ ERROR_SEVERITY_PRINTABLE=ERROR LOG_REF_TITLE=Log Message Reference LOG_REF_INDEXTERM=Logs -LOG_REF_INTRO= describes logs. \ - Access and audit logs concern client operations \ - rather than OpenDJ directory server and tools, \ - and so are not listed here. \ - Instead, this appendix covers severe and fatal error messages \ - for the directory server and its tools, \ - such as those logged in \ - /path/to/opendj/logs/errors, and \ - /path/to/opendj/logs/replication. +LOG_REF_INTRO=xref:../admin-guide/chap-monitoring.adoc#logging["Server Logs"] in the __Administration Guide__ describes \ + logs. Access and audit logs concern client operations rather than OpenDJ directory server and tools, and so are not \ + listed here. Instead, this appendix covers severe and fatal error messages for the directory server and its tools, \ + such as those logged in `/path/to/opendj/logs/errors`, and `/path/to/opendj/logs/replication`. DOC_GLOBAL_ACIS_TABLE_TITLE=Default Global ACIs DOC_GLOBAL_ACIS_TABLE_SUMMARY=OpenDJ directory server defines \ diff --git a/opendj-doc-maven-plugin/src/main/resources/templates/appendix-ldap-result-codes.ftl b/opendj-doc-maven-plugin/src/main/resources/templates/appendix-ldap-result-codes.ftl index 158c532cf7..90bcefa87d 100644 --- a/opendj-doc-maven-plugin/src/main/resources/templates/appendix-ldap-result-codes.ftl +++ b/opendj-doc-maven-plugin/src/main/resources/templates/appendix-ldap-result-codes.ftl @@ -1,5 +1,4 @@ - - -<#-- Comment text comes from the Javadoc, so the language is English. --> - - LDAP Result Codes + Copyright 2017 ForgeRock AS. + Portions Copyright ${year} 3A Systems LLC. +//// - - ${classComment} - +[appendix] +[#appendix-ldap-result-codes] +== LDAP Result Codes - - LDAP - Result codes - +${classComment} - - OpenDJ LDAP Result Codes - - - - +.OpenDJ LDAP Result Codes +[cols="16%,33%,51%"] +|=== +|Result Code |Name |Description - - - Result Code - Name - Description - - +<#list resultCodes as resultCode> +a|${resultCode.intValue} +a|${resultCode.name} +a|${resultCode.comment} - - <#list resultCodes as resultCode> - - - - ${resultCode.intValue} - - - - - ${resultCode.name} - - - - - ${resultCode.comment} - - - - - + +|=== - -
- diff --git a/opendj-doc-maven-plugin/src/main/resources/templates/log-message-reference.ftl b/opendj-doc-maven-plugin/src/main/resources/templates/log-message-reference.ftl index 8bdf55d2e0..c21b02d1fb 100644 --- a/opendj-doc-maven-plugin/src/main/resources/templates/log-message-reference.ftl +++ b/opendj-doc-maven-plugin/src/main/resources/templates/log-message-reference.ftl @@ -1,5 +1,4 @@ - - - + Copyright 2017 ForgeRock AS. + Portions Copyright ${year} 3A Systems LLC. +//// - ${title} +[appendix] +[#appendix-log-messages] +== ${title} - - ${indexterm} - +${intro} - - ${intro} - +<#list categories as section> +[#${section.id}] +=== ${section.category} - <#list categories as section> -
- ${section.category} - - +-- <#list section.entries as entry> - - ${entry.id} - - - ${entry.severity} - - - - ${entry.message?ensure_ends_with(".")} - - - +[#log-ref-${entry.xmlId}] +${entry.id}:: + +${entry.severity} ++ +${entry.message?ensure_ends_with(".")} + - -
- - +-- + + + diff --git a/opendj-doc-maven-plugin/src/main/resources/templates/sec-locales-subtypes.ftl b/opendj-doc-maven-plugin/src/main/resources/templates/sec-locales-subtypes.ftl index 1e3bf2522b..32e938d4f3 100644 --- a/opendj-doc-maven-plugin/src/main/resources/templates/sec-locales-subtypes.ftl +++ b/opendj-doc-maven-plugin/src/main/resources/templates/sec-locales-subtypes.ftl @@ -1,5 +1,4 @@ - - -
- - ${title} - - - ${info} - - - - ${locales.title} - ${locales.indexTerm} - - <#list locales.locales as locale> - - ${locale.language} - - - ${locale.tag} - - - - ${locale.oid} - - - - - - - - - ${subtypes.title} - ${subtypes.indexTerm} - - <#list subtypes.locales?sort_by("language") as subtype> - - ${subtype.language}, ${subtype.tag} - - - - - -
+ Copyright 2017 ForgeRock AS. + Portions Copyright ${year} 3A Systems LLC. +//// + +[#sec-locales-subtypes] +=== ${title} + +${info} + +[#supported-locales] +.${locales.title} + +<#list locales.locales as locale> +${locale.language}:: +${locale.tag} ++ +${locale.oid} + + + +[#supported-language-subtypes] +.${subtypes.title} + +<#list subtypes.locales?sort_by("language") as subtype> +* ${subtype.language}, ${subtype.tag} + + + diff --git a/opendj-doc-maven-plugin/src/main/resources/templates/table-global-acis.ftl b/opendj-doc-maven-plugin/src/main/resources/templates/table-global-acis.ftl index 95c540df98..97acddbd5d 100644 --- a/opendj-doc-maven-plugin/src/main/resources/templates/table-global-acis.ftl +++ b/opendj-doc-maven-plugin/src/main/resources/templates/table-global-acis.ftl @@ -1,5 +1,4 @@ - - - - ${title} + Copyright 2017 ForgeRock AS. + Portions Copyright ${year} 3A Systems LLC. +//// - - - ${summary} - - +[#table-global-acis] +.${title} +[cols="20%,40%,40%"] +|=== +|${nameTitle} |${descTitle} |${defTitle} - - - - +<#list acis?sort_by("name") as aci> +a|${aci.name} +a|${aci.description} +a|`${aci.definition}` + - - - ${nameTitle} - ${descTitle} - ${defTitle} - - - - - <#list acis?sort_by("name") as aci> - - - ${aci.name} - - - ${aci.description} - - - ${aci.definition} - - - - - -
+|=== diff --git a/opendj-ldap-toolkit/src/main/resources/com/forgerock/opendj/ldap/tools/tools.properties b/opendj-ldap-toolkit/src/main/resources/com/forgerock/opendj/ldap/tools/tools.properties index a47046120d..76810bb4ac 100644 --- a/opendj-ldap-toolkit/src/main/resources/com/forgerock/opendj/ldap/tools/tools.properties +++ b/opendj-ldap-toolkit/src/main/resources/com/forgerock/opendj/ldap/tools/tools.properties @@ -393,7 +393,7 @@ REF_SHORT_DESC_MODRATE=measure modification throughput and response time REF_SHORT_DESC_SEARCHRATE=measure search throughput and response time # Supplements to descriptions for generated reference documentation. -SUPPLEMENT_DESCRIPTION_RATE_TOOLS= -SUPPLEMENT_DESCRIPTION_MAKELDIF= -SUPPLEMENT_DESCRIPTION_RESOURCE_PATH= -SUPPLEMENT_DESCRIPTION_PSEARCH_INFO= +SUPPLEMENT_DESCRIPTION_RATE_TOOLS=include::./_description-rate-tools.adoc[] +SUPPLEMENT_DESCRIPTION_MAKELDIF= +SUPPLEMENT_DESCRIPTION_RESOURCE_PATH= +SUPPLEMENT_DESCRIPTION_PSEARCH_INFO=include::./_description-psearch-info.adoc[] diff --git a/pom.xml b/pom.xml index 5df76e11e4..6e849aa2ab 100644 --- a/pom.xml +++ b/pom.xml @@ -35,7 +35,7 @@ ca_ES,es,de,fr,ja,ko,pl,zh_CN,zh_TW UTF-8 i18n - 2.2.1 + 2.2.2-SNAPSHOT 2.3.31 2.3.35 3.1.2